Professional Documents
Culture Documents
Guide
http://www.3com.com/
1 CONFIGURATION COMMANDS
Basic Configuration Commands 11
5 NETWORK PROTOCOL
IP Address Configuration Commands 413
ARP Configuration Commands 417
Static Domain Name Resolution 421
DNS Client Configuration Commands 422
DHCP Public Configuration Commands 426
DHCP Server Configuration Commands 428
DHCP Client Configuration Commands 456
DHCP Relay Configuration Commands 458
IP Performance Configuration Commands 463
IP Unicast Policy Routing Configuration Commands 490
IP Multicast Policy Routing Configuration Commands 498
IPX Configuration Commands 503
DLSw Configuration Commands 531
6 ROUTING PROTOCOL
Display Commands of the Routing Table 559
Static Route Configuration Commands 569
RIP Configuration Commands 571
OSPF Configuration Commands 587
BGP Configuration Commands 626
MBGP Configuration Commands 665
IP Routing Policy Configuration Commands 668
Route Capacity Configuration Commands 682
7 MULTICAST COMMON CONFIGURATION COMMANDS
Multicast Common Configuration Commands 687
IGMP Configuration Commands 697
PIM Configuration Commands 708
MSDP Configuration Commands 725
MBGP Multicast Extension Configuration Commands 740
Multicast Static Route Configuration Commands 753
9 SECURITY
AAA Configuration Commands 813
Ethernet Type-Code Values 832
ASPF Configuration Commands 844
Firewall Configuration Commands 853
IPSec Configuration Commands 858
IKE Configuration Commands 933
PKI Configuration Commands 962
HWTACACS Configuration Commands 980
This guide describes the 3Com® Router 5000 Family of routers and how to install
hardware, configure and boot software, and maintain software and hardware.
This guide also provides troubleshooting and support information for your router.
This guide is intended for the system or network administrator who is responsible
for installing, configuring, using, and managing the routers. It assumes a working
knowledge of wide area network (WAN) operations and familiarity with
communication protocols that are used to interconnect WANs.
Always download the Release Notes for your product from the 3Com World Wide
Web site for the latest updates to product documentation:
http://www.3com.com
Conventions and Table 2: list conventions that are used throughout this guide.
Information Information
note that
describes
important
features or
instructions.
Caution Information
that alerts
you to
potential
loss of data
or potential
damage to
an applica-
tion, sys-
tem, or
device.
8 CHAPTER : ABOUT THIS GUIDE
Warning Information
that alerts
you to
potential
personal
injury.
Convention Description
Convention Description
Convention Description
Words in Boldface
bold type is used
to highlight
command
names in
text. For
example,
“Use the
display
user-inter-
face com-
mand to...
Related The following manuals offer additional information necessary for managing your
Documentation Router 5000:
http://www.3com.com/
CONFIGURATION COMMANDS
1
This chapter describes how to use the following commands:
Basic Configuration
Commands
View
User view
12 CHAPTER 1: CONFIGURATION COMMANDS
Parameter
zone_name: Name of the summer time, which is a character string of 1 to 32
characters.
recurring: Sets the summer time of every year starting from some year.
Description
Using the clock summer-time command, you can set the name, and the starting
and ending time of the summer time. Using the undo clock summer-time
command, you can remove the configuration of the summer time.
After the configuration takes effect, it can be verified by using the display clock
command. Beside the time of the log or debug information will be the local time
on which the adjustment of the time zone and summer time has been made.
Example
Add one hour to the clock for the summer time z2 that starts at 06:00:00 on
2002/06/08 and ends at 06:00:00 on 2002/09/01.
# Add one hour to the clock each year starting from 2002 for the summer time z2
that starts at 06:00:00 on 08/06 and ends at 06:00:00 on 01/09.
View
User view
Parameter
HH:MM:SS: Time (hour/minute/second).
YYYY/MM/DD: Date (year/month/day) in the range of 1993 to 2035.
Description
Using the clock datetime command, you can set the date and time.
Basic Configuration Commands 13
After the configuration takes effect, it can be verified by executing the display
clock command. The time applied to the log and debug information has been
adjusted.
Example
Set the current system time to 10:20:55 2003/04/05.
<3Com> clock datetime 10:20:55 2003/04/05
View
User view
Parameter
zone_name: Timezone name, which is a string of 1 to 32 characters.
add: Adds the time on the basis of Universal Time Coordinated (UTC) timezone.
minus: Reduces the time on the basis of UTC timezone.
HH:MM:SS: Time (hour/minute/second).
Description
Using the clock timezone command, you can set the information for the local
timezone. Using the undo clock timezone command, you can restore the local
timezone to the default UTC timezone.
After the configuration takes effect, you can view it by executing the display
clock command. The time applied to the log and debug information has been
adjusted according to the involved timezone and summer time.
Example
Set the local timezone name to Z5 and set Z5 to be five hours faster than UTC
time.
<3Com> clock timezone z5 add 05:00:00
command-privilege Syntax
command-privilege level level view view command-key
undo command-privilege view view command-key
View
System view
Parameter
level level: Command priority ranging from 0 to 3.
view view: View. The command line provides the following views:
14 CHAPTER 1: CONFIGURATION COMMANDS
Refer to "Command Line Views" section in the Operation Manual for more
details.
Description
Using the command-privilege command, you can set the command level in the
specified view. Using the undo command-privilege view command, you can
remove current settings.
Command priority falls into 4 levels, access, monitor, configure and manage, that
are identified with 0 to 3. The administrator can grant certain rights to a user on
their demand so that the user can operate in the related view. When the user logs
in, the system can set the command operation rights, either, according to the
rights corresponding to the user name, or based on the rights of the
user-interface. If the two sets of rights conflict, the minimum rights will be
adopted.
By default, the command level of the ping, tracert and telnet commands is
access (level 0), the command level of the display and debugging commands is
monitor (level 1), that of configuration commands is system (level 2), and the
commands for user key setting, FTP, XMODEM, TFTP and file system operation fit
into commands of manage-level (level 3).
Example
Set the priority of the “interface” command to 0.
[3Com] command-privilege level 0 view system interface
View
Any view
Basic Configuration Commands 15
Parameter
None
Description
Using the display clipboard command, you can display the contents of clipboard.
Example
Display the contents of clipboard.
<3Com> display clipboard
-----------------clipboard -----------------
ip route 10.1.0.0 255.0.0.0 eth 0
View
Any view
Parameter
None
Description
Using the display clock command, you can display the clock status and the
configuration information.
Example
View
Any view
Parameter
configuration: Displays the configuration about CPU usage statistics, such as
whether CPU usage statistics is enabled, statistic period, and CPU usage alarm
thresholds.
number: Number of CPU usage statistics queries.
offset: Offset of the starting entry to be displayed to the last statistic entry.
16 CHAPTER 1: CONFIGURATION COMMANDS
Description
Using the display cpu-usage command, you can view statistics about CPU usage.
The commands display cpu-usage and dispaly cpu-usage 1 0 verbose function the
same to display detailed information on the last CPU usage measurement.
Example
Display detailed information on CPU usage statistics.
[Router] display cpu-usage
===== Current CPU usage info =====
CPU Usage Stat. Cycle: 1 (Second)
CPU Usage : 1%
CPU Usage Stat. Time : 2004-09-15 15:51:48
CPU Usage Stat. Tick : 0x27(CPU Tick High) 0x88cf18e4(CPU Tick Low)
Actual Stat. Cycle : 0x0(CPU Tick High) 0x2264cc2(CPU Tick Low)
display Syntax
history-command display history-command
View
Any view
Parameter
None
Basic Configuration Commands 17
Description
Using the display history-command command, you can browse the history
commands.
The terminal will automatically save the history commands typed by the user, that
is, completely record the user's input (via keyboard) separated by "Enter".
Example
View
Any view
Parameter
None
Description
Using the display version command, you can browse system version information.
Through viewing system version information, you will learn about the software
version in use, rack type, and the information related to the main processing board
and interface cards.
Example
Display system version information of a 3Com R1760 router.
<3Com> display version
3Com Versatile Routing Platform Software
VRP(tm) software, Version 3.30
Copyright (c) 2000-2002 3Com Corporation.
3Com Serial Router R1760
System has kept running 0weeks, 0days, 0hours, 15minutes
CPU type Powerpc8241 166Mhz
64M bytes SDRAM
8M bytes Flash Memory
Pcb Version:001
Logic Version:001
BootROM Version:0.0
Slot0: WAN (pcb)001 (software)000 (logic)001
18 CHAPTER 1: CONFIGURATION COMMANDS
header3Com Syntax
header [ shell | incoming | login ] text
View
System view
Parameter
Description
Using the header command, you can set the greeting information that will be
displayed. Using the undo header command, you can remove the preset greeting
information.
When a user is logging on to a router via a terminal line, the router prompts
related information by setting the title attribute. After activating the terminal
connection, the router sends the login title to the terminal. If the user logs on to
the router successfully, the shell greeting information will be displayed.
Text takes the first English character as the start and end characters. After the end
character is input, the system will quit the interactive process automatically.
If you do not want to start the interactive process, make sure that the first and last
characters of the text are the same English character and press <Enter> directly.
Example
Configure a session creation title.
[3Com] header shell %
Enter TEXT message. End with the character '%'.
SHELL : Hello! Welcome use 3Com R1760.%
# Test the configuration.
[3Com] quit
<3Com> quit
Press RETURN to get started
SHELL : Hello! Welcome use 3Com R1760.
<3Com>
hotkey Syntax
hotkey [ CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U ] command_text
View
System view
Parameter
Description
Using the hotkey command, you can correlate a command line with a hotkey.
Using the undo hotkey command, you can recover the default value of the
system.
You can change the definitions on your demand. The default values for the other
hotkeys are null.
Example
Correlate the display tcp status command with the hotkey CTRL_T.
[3Com] hotkey ctrl_t display tcp status
[3Com] display hotkey
----------------- HOTKEY -----------------
=Defined hotkeys=
Hotkeys Command
CTRL_G display current-configuration
CTRL_L display ip routing-table
CTRL_O undo debug all
CTRL_T display tcp status
=Undefined hotkeys=
Hotkeys Command
CTRL_U NULL
=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the current line.
CTRL_B Move the cursor one character left.
CTRL_C Stop current command function.
CTRL_D Erase current character.
CTRL_E Move the cursor to the end of the current line.
CTRL_F Move the cursor one character right.
20 CHAPTER 1: CONFIGURATION COMMANDS
language-mode Syntax
language-mode { chinese | english }
View
User view
Parameter
None
Description
Using the language-mode command, you can switch between different
language modes of command line interface.
The command line interface of the system also supports Chinese mode for
domestic users in China.
Example
Switch from English mode to Chinese mode.
<3Com> language-mode Chinese
Change language mode, confirm? [Y/N]y
% Switch to Chinese mode.
lock Syntax
lock
View
User view
Basic Configuration Commands 21
Parameter
None
Description
Using the lock command, you can lock the active user interface to prevent an
unauthorized user from operating the interface.
A user interface includes CON port, AUX port and VTY, etc.
After inputting the lock command, the user is prompted to enter the screensaver's
password and confirm the password. If the two passwords are the same, the
interface will be successfully locked. To enter the system once again, you must
press <Enter> first, and enter the preset password following the prompt.
Example
Log in from the CON port and lock the active user interface.
<3Com> lock
Password:
Again:
quit Syntax
quit
View
Any view
Parameter
None
Description
Using the quit command, you can quit from the active view to a lower-level view
(if the active view is user view, you will exit the system).
Example
Switch from Ethernet1/0/0 interface view to system view, and then to user view.
[3Com-Ethernet1/0/0] quit
[3Com] quit
<3Com>
22 CHAPTER 1: CONFIGURATION COMMANDS
Reboot Syntax
reboot
View
User view
Parameter
None
Description
Using the reboot command, you can reboot the device.
This command produces the same effect as the power being turned on and then
off, but provides the user with a convenient method of rebooting the device from
a remote site.
The operation of this command will render the network unusable for a short
period of time, so it should be used with caution. Before rebooting the Router,
remember to save the configuration file if necessary,
Example
Reboot the device.
<3Com> reboot
System will reboot! Continue?[Y/N]
return Syntax
return
View
Parameter
None
Description
Using the return command, you can return to user view from any other view. The
combination key <Ctrl+Z> performs the same function as the return command.
Example
Return to user view from system view.
[3Com] return
<3Com>
super Syntax
super [ level ]
Basic Configuration Commands 23
View
User view
Parameter
Description
Using the super command, you can switch from current user level to a specified
level.
User level refers to the class of a login user. There are 4 user levels corresponding
to 4 command levels. After a user of certain level logs in, it can only use the
commands of the same or lower level.
There are 4 command levels access, monitor, configure and manage, as follows:
To prevent unauthorized users from intruding on the system, you must pass the
authentication when you are trying to switch from current user to a higher-level
user. This means that you must enter the password of the higher-level user (if the
super password [ level user-level ] { simple | cipher } line command is
configured). For the sake of security, your entered password is not directly
displayed on the screen. If you enter the correct password, you will be able to
switch to the higher-level user, or you will stay at current level. Authentication
allows three trys to switch to a higher-level user.
Example
<3Com> super 3
Password:
User privilege changes to 3 level, just equal or less this level's
commands can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
24 CHAPTER 1: CONFIGURATION COMMANDS
View
System view
Parameter
Description
Using the super password command, you can set the password needed to
switch from a lower-level user to a higher-level user. Using the undo super
password command, you can remove the current setting.
Example
Execute the following command in system view:
[3Com] super password level 3 simple zbr
sysname Syntax
sysname sysname
View
System view
Parameter
Description
Using the sysname command, you can set the name of a router.
Modification to a router's name will affect the prompt of the command line
interface. For example, if the router's name is "3Com", the prompt of user view
will be "<3Com>".
Basic Configuration Commands 25
Example
Set the name of the router to R1760.
[3Com] sysname R1760
[R1760]
system-view Syntax
system-view
View
User view
Parameter
None
Description
Using the system-view command, you can enter system view from current user
view.
Example
<3Com> system-view
Enter system view , return user view with Ctrl+Z.
[3Com]
vrbd Syntax
vrbd
View
Any view
Parameter
None
Description
Using the vrbd command, you can view software version details, including product
software version and the matched platform software version.
Example
Display the internal version information.
[Router] vrbd
Debugging Syntax
debugging { all | module-name [ debug-option1 ] [ debug-option2 ] …}
View
User view
Parameter
Description
Using the debug command, you can enable system debugging. Using the undo
debug command, you can disable system debugging.
The router system provides a variety of debugging functions mainly for the
support technicians and senior maintenance engineers to perform network fault
diagnosis.
Example
View
Any view
Parameter
Description
Using the display debugging command, you can display the enabled debugging
switches.
By default, no parameters have been defined and all the enabled debugging
switches are displayed.
Example
display Syntax
diagnostic-information
display diagnostic-information
View
Any view
Parameter
None
Description
In case failures occurs to the system, lots of information needs to be collected for
the convenience of isolating the problems. However, it is rather difficult for you to
collect all the information at one time because there are many display commands
involved. In this case, you can use the display diagnostic-information command
to collect the operating information of all the active modules in the system.
Debugging 29
Example
ping Syntax
ping [ -a X.X.X.X | -c count | -d | -h ttl_value | -i { interface-type interface-number } | ip | -n
| - p pattern | -q | -r | -s packetsize | -t timeout | -v | vpn-instance vpn-instance-name ] *
host
View
Any view
Parameter
-a X.X.X.X: Sets the source IP address where ICMP ECHO-REQUEST packets can be
sent.
Debugging 31
-c count: Times that ICMP ECHO-REQUEST packets are sent. It is ranging from 1 to
4294967295.
-n: Directly uses the host parameter as IP address without domain name
resolution.
-v: Displays the received ICMP packets other than ECHO-RESPONSE packets.
Description
Using the ping command, you can check the IP network connection and whether
the host is reachable.
If the above parameters have not been specified, the following default settings will
be used:
Example
reboot Syntax
reboot
View
User view
Debugging 33
Parameter
None
Description
This command produces the same effect as the power being turned off and then
on, but provides the user with a convenient method of rebooting the device from
a remote site.
The operation of this command will render the network unusable for a short
period of time. So it should be used with caution. Before rebooting the Router,
remember to save the configuration file if necessary,.
Example
<3Com> reboot
System will reboot! Continue?[Y/N]
tracert Syntax
tracert [ -a X.X.X.X | -f first_TTL | -m max_TTL | -p port | -q nqueries | vpn-instance
vpn-instance-name | -w timeout ] * host
View
Any view
Parameter
-a: Specifies source IP address of the tracert packets, which is in the format of
X.X.X.X and must be the address of a local interface.
-f: Tests the correctness of the –f switch with first_TTL specifying an initial TTL in
the range of 0 to the maximum TTL.
-m: Tests the correctness of the –m switch with max_TTL specifying a maximum
TTL which can be any TTL larger than the initial TTL.
-p: Tests the correctness of the –p switch with port being an integer specifying the
port of the destination host. There is no need to change this option in normal
circumstances.
-q: Tests the correctness of the –q switch with nqueries specifying the number of
the query packets sent each time. It can be any integer larger than 0.
-w timeout: Tests the correctness of the –w switch with timeout specifying the
timeout time of IP packets. It is in seconds and can be any integer larger than 0.
34 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Description
Using the tracert command, you can test the gateways that a packet sent by the
host will pass by in order to reach the destination for the purpose of testing the
reachability of a network connection and locating the position where faults occur
on the network.
first_TTL is 1;
max_TTL is 30;
port is 33434;
nqueries is 3;
timeout is 5s.
The tracert command is executed following this procedure: The system first sends
a packet with TTL as 1 and the first hop returns an ICMP error message indicating
that the packet cannot be transmitted due to TTL timeout. and then the system
transmits the packet again with TTL being set to 2 and the second hop returns TTL
timeout message similarly. This process continues until the packet reaches its
destination. The purpose of such a process is to record the source addresses where
these ICMP TTL timeout messages are sent so as to outline the path along which
the IP packet can reach the destination.
When a network fault is detected by using the ping command, tracert can be
used to locate the failure on the network.
The output information of the command tracert includes IP addresses of all the
GWs along the path to the destination. If some GW times out, “***” will be
output.
Example
<3Com> tracert 18.26.0.115
tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
HWPing Commands 35
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms
HWPing Commands
View
HWPing test group view
Parameter
times: Number of transmitted test packets, which is in the range 1 to 15 and
defaults to 1.
Description
Using the count command, you can configure the number of packets sent for
each test. Using the undo count command, you can restore the default setting.
A test timer is started when the system sends the first test packet. In the event that
the argument times is set greater than 1, the system will continue to send the
second one upon the receipt of the acknowledgement to the first one. If receiving
no acknowledgement upon the expiration of the timer, the system will send the
second test packet and the rest of the packets all the same as required.
For the related command, see frequency.
Example
Send ten packets for each test.
[Router-administrator-icmp] count 10
datafill Syntax
datafill string
undo datafill
View
HWPing test group view
Parameter
string: Data used for stuffing test datagrams. This argument can be a string of less
than 1024 characters in length. By default, datagrams are stuffed with characters
between 0 and 255 cyclically.
36 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Description
Using the datafill command, you can configure the data used for stuffing test
datagrams. Using the undo datafill command, you can restore the default setting.
You can stuff HWPing test datagrams with any character strings. If the size of a
test datagram is smaller than that of the configured stuffing string, only a portion
of the string will be used for stuffing. If the size of the test datagrams is larger, the
string will be used cyclically for stuffing. Suppose a stuffing string, “abcd” is
configured. If the test datagram size is 3, only “abc” will be used for stuffing; if it
is 6, the string “abcdab" will be used.
Example
Configure a datagram stuffing string “abcd”.
[Router-administrator-icmp] datafill abcd
datasize Syntax
datasize size
undo datasize
View
HWPing test group view
Parameter
size: Test datagram size, which is in the range 20 to 65535 and defaults to 100.
Description
Using the datasize command, you can configure size of the datagrams for the test
purpose. Using the undo datasize command, you can restore the default datagram
size.
Example
Set the size of test datagrams to 50.
[Router-administrator-icmp] datasize 50
description Syntax
description string
undo description
View
HWPing test group view
Parameter
string: Brief description of a test operation. By default, no description information
is configured.
Description
Using the description command, you can make a brief description on a test
operation. Using the undo description command, you can delete the configured
description.
HWPing Commands 37
Example
Describe a test group as “icmp-test”.
[Router-administrator-icmp] description icmp-test
destination-ip Syntax
destination-ip ip-address
undo destination-ip
View
HWPing test group view
Parameter
ip-address: Destination IP address in a test.
Description
Using the destination-ip command, you can configure the destination IP address
for a test. Using the undo destination-ip command, you can remove the configure
destination IP address.
By default, no destination IP address is configured for any test.
For the related command, see destination-port.
Example
Set the destination IP address for a test to 169.254.10.3.
[Router-administrator-icmp] destination-ip 169.254.10.3
destination-port Syntax
destination-port port-number
undo destination-port
View
HWPing test group view
Parameter
port-number: Destination port number in a test, which is in the range 1 to 65535
and defaults to 0.
Description
Using the destination-port command, you can configure the destination port for a
test. Using the undo destination-port command, you can remove the destination
port configuration.
By default, no destination port is configured for any test.
This command is configured only for DHCP, DLSw, FTP, HTTP, Jitter, TCP-private, or
UDP-private test.
Example
Set the destination port to 9000 for a test.
[Router-administrator-icmp] destination-port 9000
View
Any view
Parameter
result: Displays the latest test result.
history: Displays the test history information.
jitter: Displays the jitter test information.
administrator-name: Name of the administrator creating a test.
operation-tag: Test operations tag.
Description
Using the display hwping command, you can display test result(s).
If you have specified a test group by specifying the arguments administrator-name
and test-operation-tag, the system will display only the test result of the group; if
not, it will display the test results of all the test groups.
For the related command, see test-enable.
Example
Display the test result of the test group whose administrator name is
“administrator” and operation tag is “jitter”.
[Router] display hwping result administrator jitter
HWPing entry(admin administrator, tag jitter) test result:
Destion ip address: 169.254.10.3
Send operation times: 50
Receive respondse times: 50
Min Round Rip Time: 2
Max Round Rip Time: 10
Average Round Rip Time: 3
Square-Sum of Round Rip Time: 651
Last complete test time: 2003-10-19 17:18:39.1
Extend result:
Disconnect operation number: 0
Operation timeout number: 0
System busy operation number: 0
Dorp operation number: 0
Operation sequence errors: 0
Operation statics errors: 0
Jitter result:
RTT Number : 50
Min Positive SD : 1
Max Positive SD : 2
HWPing Commands 39
Positive SD Number : 9
Positive SD Sum : 12
Positive SD Square Sum : 18
Min Negative SD : 1
Max Negative SD : 2
Negative SD Number: 10
Negative SD Sum: 13
Negative SD Square Sum : 19
Min Positive DS : 7
Max Positive DS: 7
Positive DS Number :1
Positive DS Sum : 7
Positive DS Square Sum :49
Min Negative DS :7
Max Negative DS : 7
Negative DS Number:1
Negative DS Sum: 7
Negative DS Square Sum : 4
filename Syntax
filename file-name
undo filename
View
HWPing test group view
Parameter
file-name: Name of the file to be gotten from or put onto an FTP server.
Description
Using the filename command, you can configure name of the file to be gotten
from or put onto an FTP server. Using the undo filename command, you can
remove the configuration of the file name.
By default, no file name is configured.
Example
Specify the file to be gotten from or put onto an FTP server by specifying its name
“config.txt".
[Router-administrator-ftp] filename config.txt
frequency Syntax
frequency interval
undo frequency
View
HWPing test group view
40 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Parameter
interval: Automatic test interval, which is in the range 0 to 65535 seconds and
defaults to 0, i.e., no automatic test.
Description
Using the frequency command, you can configure an automatic test interval.
Using the undo frequency command, you can disable automatic test.
The system automatically performs a test at intervals specified by this command,
given the argument interval is greater than 0.
For the related command, see count.
Example
Set the automatic test interval to ten seconds.
[Router-administrator-icmp] frequency 10
ftp-operation Syntax
ftp-operation { get | put }
View
HWPing test group view
Parameter
get: Gets a file from an FTP server.
put: Sends a file to an FTP server.
Description
Using the ftp-operation command, you can configure the FTP operation done by
the system.
FTP operations include get and put, with the former being performed to obtain
files from an FTP server and the latter to send files to the FTP server.
By default, the operation of get is done.
Example
Perform FTP getting operation.
[Router-administrator-ftp] ftp-operation get
history-records Syntax
history-records number
undo history-records
View
HWPing test group view
HWPing Commands 41
Parameter
number: Number of test results allowed to be retained, which is in the range 0 to
50 and defaults to 50.
Description
Using the history-records command, you can configure the number of test results
that the system can retain. Using the undo history-records command, you can
restore the default number of retained test results.
Example
Set the number of retained history records concerning the test group whose
administrator name is “administrator" and operation tag is “icmp” to 10.
[Router-administrator-icmp] history-records 10
http-operation Syntax
http-operation { get | post }
View
HWPing test group view
Parameter
get: Obtains data from an HTTP server.
post: Sends data to an HTTP server.
Description
Using the http-operation command, you can configure an HTTP operation type.
HTTP operations are divided into two types: get and post. Operations of the
former type is performed to obtain data from an HTTP server and operations of
the latter type to send data to the HTTP server.
By default, the operation of get is done.
Example
Perform get operations in HTTP tests.
[Router-administrator-http] http-operation get
http-string Syntax
http-string url-string
undo http-string
View
HWPing test group view
42 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Parameter
url-string: Uniform Resource Locator string used in HTTP. It is used by the WWW
service program to identify the location of information on the Internet. By default,
no URL is configured.
Description
Using the http-string command, you can configure an URL for an HTTP test. Using
the undo http-string command, you can delete the configured URL information.
Example
Configure the URL “/index.htm http/1.1”.
[Router-administrator-http] http-string /index.htm http/1.1
hwping Syntax
hwping administrator-name operation-tag
undo hwping administrator-name operation-tag
View
System view
Parameter
administrator-name: Specifies name of the administrator creating an HWPing test
group.
operation-tag: Test operation tag.
Description
Using the hwping command, you can create an HWPing test group.
Executing this command will allow the system to access HWPing test group view.
Example
Create an HWPing test group, given the administrator name is “administrator”
and the test operation tag is “icmp”.
[Router] hwping administrator icmp
View
System view
Parameter
None
HWPing Commands 43
Description
Using the hwping-agent enable command, you can enable the HWPing client
function. Using the undo hwping-agent enable command, you can disable the
HWPing client function.
Before you perform the test operations of any type, you must enable the HWPing
client function.
For the related command, see hwping-server enable.
Example
Enable HWPing Client.
[Router] hwping-agent enable
hwping-agent Syntax
max-requests hwping-agent max-requests max-number
undo hwping-agent max-requests
View
System view
Parameter
max-number: The allowed maximum number of concurrent tests, which is in the
range 0 to 4294967295 and defaults to 10.
Description
Using the hwping-agent max-requests command, you can set the allowed
maximum number of concurrent tests. Using the undo hwping-agent
max-requests command, you can restore the default maximum number of
concurrent tests.
Example
Set the maximum number of concurrent tests to 20.
[Router] hwping-agent max-requests 20
jitter-interval Syntax
jitter-interval interval
undo jitter-interval
View
HWPing test group view
Parameter
interval: Packet sending interval in a jitter test, which is in the range 10 to 1000
milliseconds and defaults to 20 milliseconds.
44 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Description
Using the jitter-interval command, you can set a packet sending interval for a jitter
test. Using the undo jitter-interval command, you can restore the default test
packet sending interval.
Example
Send packets at intervals of 30 milliseconds in a jitter test.
[Router-administrator-icmp] jitter-interval 30
jitter-packetnum Syntax
jitter-packetnum number
undo jitter-packetnum
View
HWPing test group view
Parameter
number: Number of packets to be sent in a jitter test, which is in the range of 10
to 100 and defaults to 20.
Description
Using the jitter-packetnum command, you can configure the number of packets to
be sent for a jitter test. Using the undo jitter-packetnum command, you can
restore the number of packets to be sent for a jitter test to its default value.
Example
Send 30 packets for a test.
[Router-administrator-icmp] jitter-packetnum 30
password Syntax
password password
undo password
View
HWPing test group view
Parameter
password: Password required for accessing an FTP server.
HWPing Commands 45
Description
Using the password command, you can configure the password required for the
login to an FTP server. Using the undo password command, you can remove the
configured password.
By default, no password is configured for the login to an FTP server.
Example
Set the login password for accessing an FTP server to “hwping”.
[Router-administrator-ftp] password hwping
probe-failtimes Syntax
probe-failtimes times
undo probe-failtimes
View
HWPing test group view
Parameter
times: Number of consecutive probe failures. It is in the range 1 to 65535 and
defaults to 1.
Description
Using the probe-failtimes command, you can configure the number of consecutive
probe failures allowed in a HWPing test before a trap is sent to the NMS. Using the
undo probe-failtimes command, you can restore the default.
Example
Send a trap to the NMS after three consecutive probe failures for a HWPing test.
[Router] probe-failtimes 3
send-trap Syntax
send-trap { all | probefailure | testcomplete | testfailure }
undo send-trap { all | probefailure | testcomplete | testfailure }
View
HWPing test group view
Parameter
probefailure: Sends traps upon test packet transmission failures.
testcomplete: Sends traps upon the completion of test.
testfailure: Sends traps upon test failures.
all: Sends traps for all the events described above.
46 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Description
Using the send-trap command, you can configure the type of events that may
trigger trap sending. Using the undo send-trap command, you can remove the
configuration of the event type.
By default, no traps are sent.
Example
Send traps upon the completion of tests.
[Router-administrator-icmp] send-trap testcomplete
View
HWPing test group view
Parameter
None
Description
Using the sendpacket passroute command, you can enable routing table bypass.
Using the undo sendpacket passroute command, you can disable routing table
bypass.
By default, routing table bypass is disabled.
With routing table bypass, a remote host can bypass the normal routing tables and
send ICMP packets directly to a host on an attached network. If the host is not on
a directly-attached network, an error is returned. You can use this function when
pinging a local host on an interface that has no route defined.
Example
Bypass routing table when sending ICMP packets.
[Router] sendpacket passroute
source-interface Syntax
source-interface interface-type interface-number
undo source-interface
View
HWPing test group view
Parameter
interface-type: Interface type.
interface-number: Interface number.
HWPing Commands 47
Description
Using the source-interface command, you can configure a source interface for test
packet transmission. Using the undo source-interface command, you can remove
the source interface configuration.
By default, no source interface is configured for test packet transmission.
Example
Specify Ethernet 1 as the source interface for test packet transmission.
[Router-administrator-dhcp] source-interface ethernet 1
source-ip Syntax
source-ip ip-address
undo source-ip
View
HWPing test group view
Parameter
ip-address: Source IP address used in a test.
Description
Using the source-ip command, you can configure a source IP address for this test.
Using the undo source-ip command, you can remove the source address
configuration.
By default, IP address of the interface where test packets are to be sent is used as
the source IP address.
Example
Set the source IP address for this test to 169.254.10.2.
[Router-administrator-icmp] source-ip 169.254.10.2
source-port Syntax
source-port port-number
undo source-port
View
HWPing test group view
Parameter
port-number: Source port number used in a test. By default, it is 0.
Description
Using the source-port command, you can configure a source port number for this
test. Using the undo source-port command, you can remove the configuration of
source port number.
48 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Example
Set the source port number to 8000 for this test.
[Router-administrator-icmp] source-port 8000
test-type Syntax
test-type type
View
HWPing test group view
Parameter
test-type: Test type, which can be one of the following keywords:
dhcp: DHCP test.
dlsw: DLSw test.
ftp: FTP connection test.
http: HTTP connection test.
icmp-echo: ICMP test.
jitter: Jitter test, performed for analyzing the delay variations in
UDP packet transmission.
snmpquery: SNMP test.
tcp-private: Tests the TCP connection of a specified port (an unknown
port).
tcp-public: Tests the TCP connection of port 7.
udp-private: Tests the UDP connection of a specified port (an unknown
port).
udp-public: Tests the UDP connection of port 7.
By default, test type is set to icmp-echo.
Description
Using the test-type command, you can configure a test type.
HWPing tests include DHCP, DLSw, FTP, HTTP, ICMP, Jitter, SNMP, TCP, and UDP
tests.
Example
Set test type to ICMP test.
[Router-administrator-icmp] test-type icmp-echo
test-enable Syntax
test-enable
View
HWPing test group view
Parameter
None
Description
Using the test-enable command, you can enable an HWPing test.
HWPing Commands 49
After you execute the test-enable command, the system does not display the test
result. You may view the test result information by executing the display hwping
command.
For the related command, see display hwping.
Example
Execute the HWPing test defined by the test group “wgw-testicmp”.
[Router-hwping-wgw-testicmp] test-enable
test-failtimes Syntax
test-failtimes times
undo test-failtimes
View
HWPing test group view
Parameter
times: Number of consecutive test failures. It is in the range 1 to 65535 and
defaults to 1.
Description
Using the test-failtimes command, you can configure the number of consecutive
test failures allowed before a trap is sent to the NMS. Using the undo test-failtimes
command, you can restore the default.
Example
Send a trap to the NMS after three consecutive test failures.
[Router] test-failtimes 3
timeout Syntax
timeout time
undo timeout
View
HWPing test group view
Parameter
time: Timeout time, which is in the range 1 to 60 and defaults to 3 seconds.
Description
Using the timeout command, you can configure a timeout time for a test. Using
the undo timeout command, you can restore the default timeout time.
Example
Set the timeout time to ten seconds.
[Router-administrator-icmp] timeout 10
50 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
tos Syntax
tos value
undo tos
View
HWPing test group view
Parameter
value: ToS field in the header of HWPing test packets, which is in the range 0 to
255. By default, ToS field is not set.
Description
Using the tos command, you can assign a value to the ToS field in the header of
HWPing test packets. Using the undo tos command, you can remove the ToS value
configuration.
In a ping command, service type is set by using the argument “-o”.
Example
Set the ToS field in the header of HWPing packets to one.
[Router-administrator-ftp] tos 1
ttl Syntax
ttl number
undo ttl
View
HWPing test group view
Parameter
number: Time to Live (TTL) value or lifetime of HWPing ICMP test packets, which is
in the range 1 to 255 and defaults to 255.
Description
Using the ttl command, you can configure TTL of ICMP test packets. Using the
undo ttl command, you can restore the default TTL of ICMP test packets.
TTL is actually a hop count limit on how far a test packet can travel on a network.
In a ping command, it is defined by the argument “-i”.
Example
Set the TTL of HWPing ICMP test packets to 16.
[Router-administrator-icmp] ttl 16
username Syntax
username name
undo username
HWPing Server Commands 51
View
HWPing test group view
Parameter
name: Name of the user allowed to access an FTP server.
Description
Using the username command, you can configure name used for logging into an
FTP server. Using the undo username command, you can remove the username
configuration.
By default, no username is configured for accessing an FTP server.
Example
Use "administrator" as the username for the login to an FTP server.
[Router-administrator-ftp] username administrator
vpninstance Syntax
vpninstance name
undo vpninstance
View
HWPing test group view
Parameter
name: VPN instance name, a string of 1 to 19 characters.
Description
Using the vpninstance command, you can configure VPN instance information for
ICMP. Using the undo vpninstance command, you can remove the VPN instance
information of ICMP.
By default, no VPN instance information is configured for ICMP.
Example
Set the VPN instance name of ICMP to vpn1.
[Router] vpninstance vpn1
HWPing Server
Commands
View
System view
Parameter
None
Description
Using the hwping-server enable command, you can enable HWPing Server. Using
the undo hwping-server enable command, you can disable HWPing Server.
By default, HWPing Server is disabled.
By far, jitter test and UDP/TCP tests of a specified port are only available for
Huawei’s devices. Before performing one of the tests, you must enable HWPing
Server on the device to be tested.
You must enable the function of HWPing Server on a device in order to provide
HWPing server services.
For the related commands, see hwping-agent enable, hwping-server tcpconnet,
and hwping-server udpconnet.
Example
Enable HWPing Server.
[Router] hwping-server enable
hwping-server Syntax
tcpconnect hwping-server tcpconnect ip-address port-number
undo hwping-server tcpconnect ip-address port-number
View
System view
Parameter
ip-address: IP address where HWPing Server provides the TCP listening service.
port-number: Port where HWPing Server provides the TCP listening service.
Description
Using the hwping-server tcpconnect command, you can create a TCP listening
service. Using the undo hwping-server tcpconnect command, you can delete the
established TCP listening service.
If you want to use Huawei’s router as the server in an HWPing test on the TCP
connection of a specified port, you must create the TCP listening service on the
server.
For the related command, see hwping-server enable.
Example
Create a TCP listening service, setting IP address to 169.254.10.2 and port number
to 9000.
[Router] hwping-server tcpconnect 169.254.10.2 9000
Information Processing Commands 53
View
System view
Parameter
ip-address: IP address where HWPing server implements the UDP listening service.
port-number: Port where HWPing Server provides the UDP listening service.
Description
Using the hwping-server udpecho command, you can create a UDP listening
service. Using the undo hwping-server udpecho command, you can delete the
established UDP listening service.
If you want to use Huawei’s router as the server in an HWPing test on the UDP
connection of a specified port, you must create the UDP listening service on the
server.
For the related command, see hwping-server enable.
Example
Create a UDP listening service, setting IP address to 169.254.10.2 and port
number to 9000.
[Router] hwping-server udpecho 169.254.10.2 9000
Information
Processing Commands
View
Any view.
Parameter
Information
channel
Channel name number
channel6 6
channel7 7
54 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Information
channel
Channel name number
channel8 8
channel9 9
console 0
logbuffer 4
loghost 2
monitor 1
snmpagent 5
trapbuffer 3
Description
Using the display channel command, you can display the contents of an
information channel.
This command displays the setting states of all channels when executed without
any parameter.
Example
View
Any view
Parameter
None
Description
Using the display info-center command, you can display all the information
recorded in the info-center.
Example
View
Any view
Parameter
begin: Displays the information beginning with the specified characters (string).
Description
Using the display logbuffer command, you can display the information recorded
in the logbuffer.
56 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
By default, executing display logbuffer without any parameter displays all the
information in the logbuffer.
If the number of information entries in the current logging buffer is smaller than
the specified size-value, logging information of the actual entries will be displayed.
Example
View
Any view
Parameter
Description
Using the display trapbuffer command, you can display the information
recorded in the trapbuffer.
By default, executing the command without any parameter displays all the
information in the trapbuffer.
If the number of information entries in the current trapbuffer is smaller than the
specified sizeval, the actual number of traps will be displayed.
Information Processing Commands 57
Example
View
System view
Parameter
channel-number: The channel number, with the value ranging from 0 to 9. That is,
the system has 10 channels.
Description
Using the rename channel command, you can rename the information channel
numbered channel-number as channel-name.
When naming the information channels, please note that no duplicated channel
name is allowed.
Example
View
System view
Parameter
Description
Using the info-center console channel command, you can enable outputting
information to the console and set the information output channel. Using the
undo info-center console channel command, you can disable the current
settings.
This command will not become valid unless the syslog function has been enabled.
Example
Enable outputting information to the console and set the output channel.
View
System view
Parameter
None
Description
Using the info-center enable command, you can enable the info-center. Using
the undo info-center enable command, you can disable the info-center.
Information Processing Commands 59
Only when the info-center has been enabled will the system output information
go to the loghost and the console.
Example
View
System view
Parameter
Description
Using the info-center logbuffer command, you can enable the logbuffer and set
the channel number for logging information output as well as the size of the
logging buffer. Using the undo info-center logbuffer command, you can cancel
the current settings.
Only when the info-center has been enabled will this command become effective.
By setting channel number after enabling logbuffer, you can specify information’s
outbound direction.
Example
Enable the router to send information to the logbuffer and set the logbuffer size
to 50.
View
System view
Parameter
Description
Using the info-center loghost command, you can enable the router to output
information to the loghost. Using the undo info-center loghost command, you
can cancel the current configuration.
If not specified, the information channel for the loghost defaults to channel2 that
is named loghost, the loghost recording tool local-number to local7, and the
language to english.
Only when the information center has been enabled will this command become
effective.
By setting the IP address of loghost, you can specify the information outbound
direction. You can set up to 4 loghosts.
Example
View
System view
Parameter
Description
The info-center loghost source command is used to specify the source address
for sending packets to the logging host while the undo info-center loghost
source command is used to cancel the current configuration. Undo info-center
loghost source is for the canceling of the current configuration.
When a logging message is sent out from a router, the default source address is
the IP address of the interface which has sent the logging message. If the user
wants to change the source address, he can use this command to achieve it. You
can judge which router has sent out the message by setting different source
addresses for different routers, accordingly you can also search among the
received messages.
Example
Set the IP address of Loopback0 as the source address of the logging message
packets.
View
System view
62 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Parameter
Description
Using the info-center monitor channel command, you can enable the router to
output information to the user terminal and set the output channel. Using the
undo info-center monitor channel command, you can cancel the current
configuration.
Only when the info-center has been enabled will this command become effective.
Example
Enable the router to output information to the user terminal and set the output
channel.
View
System view
Parameter
Description
Using the info-center snmp channel command, you can set the information
channel for snmp. Using the undo info-center snmp channel command, you
can cancel the current configuration.
Example
View
System view
Parameter
level: Sets information level to disable the output of the information at a level
higher than the specified severity.
*: Indicate multiple choices can be selected. At least one choice must be selected
and all the choices can be selected at most.
Description
Using the info-center source command, you can add records to an information
channel. Using the undo info-center source command, you can remove the
records from the information channel.
The state of logging information output is on and the allowed information level is
informational.
The state of trapping information output is on and the allowed information level is
informational.
So far, the system allocates one information channel for each output direction.
They are:
Console 0 console
Loghost 2 loghost
Trapbuffer 3 trapbuffer
Logbuffer 4 logbuffer
snmp 5snmpagent
In addition, each information channel has a default record for which the module
name and number are default and 0xffff0000. But for different channels, the
record may have different default settings for logging information, trapping
information, and debugging information. If a module has no explicit configuration
record in the channel, the default configuration record will be used.
Example
Enable the output of log information of the IP module in the snmp channel and
the allowed highest level of the output information is emergence.
View
System view
Parameter
boot: Post booting time that the system experiences. It is in the format of
xxxxxx.yyyyyy, with xxxxxx being the 32 high bits and yyyyyy the 32 low bits of the
passed milliseconds.
Description
Using the info-center timestamp command, you can set the time stamp format
for the output debugging/trapping/logging information. Using the undo
info-center timestamp command, you can cancel the current configuration.
Example
View
System view
Parameter
Description
Using the info-center trapbuffer command, you can enable the trapbuffer and
set the output channel number and trapbuffer size. Using the undo info-center
trapbuffer command, you can cancel the current configuration.
Only when the info-center has been enabled will this command become effective.
By setting a trapbuffer size, you can make the router output information to the
trapbuffer.
Example
Enable the router to send information to the trapbuffer, given the trapbuffer size is
30.
reset logbuffer
View
User view
Parameter
None
Description
Using the reset logbuffer command, you can clear information in the logbuffer.
Example
<3Com> reset logbuffer
reset trapbuffer
Information Processing Commands 67
View
System view
Parameter
None
Description
Using the reset trapbuffer command, you can clear information in the trapbuffer.
Example
<3Com> reset trapbuffer
View
System view
Parameter
None
Description
Using the service modem-callback command, you can enable user callback.
Using the undo service modem-callback command, you can disable user
callback.
Example
View
User view
Parameter
None
68 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Description
Using the terminal debugging command you can enable the terminal
debugging display function. Using the undo terminal debugging command you
can disable the function.
Example
View
User view
Parameter
None
Description
Using the terminal logging command, you can enable the log display function of
terminals. Using the undo terminal logging command, you can disable log
display function of terminals.
Example
View
User view
Parameter
None
Information Processing Commands 69
Description
Using the terminal monitor command, you can enable terminals to display the
debugging /logging/trapping information sent by the info-center. Using the undo
terminal monitor command, you can disable terminals to display the
debugging/logging/trapping information.
By default, the display function of console users is enabled but the display function
of terminal users is disabled.
The command only affects the current terminal that inputs it. The undo terminal
monitor command is equivalent to the execution of undo terminal debugging,
undo terminal logging, and undo terminal trapping commands, that is, all
the debugging/logging/trapping information will not be displayed at the current
terminal. In the event that terminal monitor has been enabled, the terminal
debugging/undo terminal debugging, terminal logging/undo terminal
logging, and terminal trapping/undo terminal trapping commands can be
used to enable/disable the debugging/logging/trapping information.
Example
View
User view
Parameter
None
Description
Using the terminal trapping command, you can enable the function of trap
information display at terminals. Using the undo terminal trapping command,
you can disable the function of trap information display at terminals.
Example
System Operating
Management
Commands
View
System view
Parameter
Description
Using the boot bootldr command, you can specify the system booting file.
Example
Specify the file ibox.bin stored in the flash as the default system booting file.
View
Any view
Parameter
Description
Using the display alarm urgent command, you can display the stored alarms in a
specified way.
Executing the command defined without any parameter will display all the alarms.
Example
2 10 00/04/01 23:55:18 1 24
0 12 00/04/04 10:00:14 0 1
display bootvar
View
Any view
Parameter
None
Description
Using the display bootvar command, you can display file name of the boot
software package stored in the flash on RPU.
Example
display environment
View
Any view
Parameter
None
Description
Using the display environment command, you can display the current values
and the threshold values of the hardware system environment.
Example
View
Any view
Parameter
slot-number: Slot number.
Description
Using the display device command, you can display the system hardware
configuration information, including the in-position states of MPU, NPU, interface
card, power module, and fan module, the operating state of interface card, power
module, and fan module, as well as the offline information of MPU and NPU.
Executing the command defined without parameters will display the essential
information of all the devices in position. Executing the command defined with
the parameter slot-number will display only the details on the defined slot,
including reset times and history records of the reset causes.
Example
View
Any view
Parameter
None
Description
Using the display schedule reboot command, you can check the configuration
of related parameters of the router schedule reboot terminal service.
For the related command, see reboot, schedule reboot at, schedule reboot
delay, undo schedule reboot.
System Operating Management Commands 73
Example
View
User view
Parameter
Description
Using the remove slot command, you can run pre-processing before removing an
interface card. You can also cancel a misoperation with the undo remove slot
command if you change your mind to remove the card after executing the
remove slot command. The undo remove slot command is unnecessary when
you remove a card, but insert it immediately.
For the related command, see reboot, schedule reboot at, schedule reboot
delay, undo schedule reboot.
Example
<3Com>remove slot 3
View
User view
Parameter
None
Description
Using the reset alarm urgent command, you can clear all the stored alarms.
74 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Example
View
User view
Parameter
Description
Using the reset slot command, you can reset the device in a specified slot.
Example
View
User view
Parameter
hh:mm: Reboot time of the router, in the format of "hour: minute" The hh ranges
from 0 to 23, and the mm ranges from 0 to 59.
Description
Using the schedule reboot at command, you can enable the timing reboot
function of the router and set the specific reboot time and date.
If no specified date parameters are configured, two cases are involved; if the
configured time is after the current time, then the router will be restarted at the
time point of that day, or if the configured time is before the current time, the
router will be restarted at the time point of the next day.
It should be noted that the configured date should not exceed the current date
more than 30 days. In addition, after the command is configured, the system will
prompt you to input confirmation information. Only after the "Y" or the "y" is
entered can the configuration be valid. If there is related configuration before, it
will be covered directly.
Moreover, after the schedule reboot at command is configured and the system
time is adjusted by the clock command, the former configured schedule reboot at
parameter will go invalid.
For the related command, see reboot, schedule reboot delay, undo schedule
reboot, display schedule reboot.
Example
Set the router to be restarted at 22:00 that night (the current time is 15:50).
View
User view
Parameter
hhh:mm: Waiting time for rebooting a router, in the format of "hour: minute" The
hhh ranges from 0 to 720, and the mm ranges from 0 to 59.
mmm: Waiting delay for rebooting a router, in the format of "absolute minutes" .
Ranging from 0 to 43200,
Description
Using the schedule reboot delay command, you can enable the timing reboot
router function and set the waiting time.
Two formats can be used to set the waiting delay of timing reboot router, the
format of "hour: minute" and the format of "absolute minutes". But the total
minutes should be no more than 30×24×60 minutes, or 30 days.
After this command is configured, the system will prompt you to input
confirmation information. Only after the "Y" or the "y" is entered can the
76 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Moreover, after the schedule reboot at command is configured, and the system
time is adjusted by the clock command, the original schedule reboot at parameter
will become invalid.
For the related command, see reboot, schedule reboot at, undo schedule
reboot, display schedule reboot.
Example
Configure the router to be restarted after 88 minutes (the current time is 21:32).
upgrade Syntax
View
System view
Parameter
Description
Using the upgrade command, you can upgrade the BootRom program,
pico-code or the logic.
Example
Upgrade the pico-code on line, given the file name of the upgrade software
package is filename.
View
User view
Lock-Down Commands 77
Parameter
None
Description
Using the undo schedule reboot command, you can cancel the parameter
configuration of the schedule reboot terminal service.
For the related command, see reboot, schedule reboot at, schedule reboot
delay, display schedule reboot.
Example
Lock-Down
Commands
View
Any view
Parameter
None
Description
Using the display configure-user command, you can view information about the
user who is currently authorized to configure the equipment.
Users can configure the same equipment through the Console port, the AUX port,
the VTY interface (in cases such as Telnet and SSH) and others. If configurations by
these various means are permitted to be conducted simultaneously, the
configuration of one user is liable to overwrite others' configuration. For this
reason, the VRP requires that only one user should have right to modify
configurations of the equipment at a time. In other words, once a user is
performing configurations on the equipment, other users, including those with
higher priorities, are not permitted to configure the equipment at that very
moment, but rather wait till the user currently conducting the configurations
quitting or timed out of the system.
Example
Display information about the user who is currently authorized to configure the
equipment.
If the adopted authentication does not require a username, the actual display shall
be:
If the login authentication otherwise requires a username, the actual display shall
be:
File Management
Commands
cd directory
View
User view
Parameter
Description
Using the cd command, you can modify the current operating path of the router
to the specified directory.
By default, the flash memory is the operating path set when the router starts.
Example
<3Com> cd test
<3Com> pwd
flash:/test
clear Syntax
clear filename
View
User view
File Management Commands 79
Parameter
Description
Using the clear command, you can delete all files from the recycle bin.
The wildcard “*” is available here. Using the delete command, you can only
move the target files into the recycle bin. If you want to remove them from the
recycle bin, you must use the clear command.
Example
copy Syntax
copy filename_source filename_dest
View
User view
Parameter
Description
If the name of the destination file is the same with an existing directory name, the
target file will be copied to the directory. If the name of the destination file is the
same with an existing file name, the user will be prompted whether the existing
file should be overwritten.
Example
<3Com>pwd
Slave#flash:
<3Com> dir
Directory of flash:/
-rwxrwxrwx 1 noone nogroup 4316742 Oct 10 2002 10:10:10 system
drwxrwxrwx 1 noone nogroup - Jan 01 2001 10:47:14 buckup
-rwxrwxrwx 1 noone nogroup 16 Jan 02 2001 08:53:52 private-data.t
-rwxrwxrwx 1 noone nogroup 625 Jan 02 2001 08:54:01 vrpcfg.txt
-rwxrwxrwx 1 noone nogroup 375 Jan 02 2001 08:53:13 config
-rwxrwxrwx 1 noone nogroup 524288 Jan 02 2001 11:47:39 bootromfull
7672832 bytes total (2295808 bytes free)
delete Syntax
View
User view
Parameter
unreserved: Deletes the specified file unreservedly, and the deleted file can never
be restored.
Description
Using the delete command, you can move the specified file, which can be
restored with the undelete command, to the recycle bin. If you want to delete it
from the recycle bin, you can use the reset recycle-bin filename command.
If you delete two files are in different directories but with the same filename, only
the last one will be stored in the recycle bin.
If the unreserved parameter is seleted using the delete command, the target file
cannot be restored.
The dir command does not display the information of deleted files. However, by
using the dir /all command, the information of all files under the directory,
including deleted files, will be displayed.
Example
dir Syntax
dir [ /all | /h ] [ filename ]
View
User view
File Management Commands 81
Parameter
/h: Displays the information about the private files. This parameter is unavailable if
there is no storage device on the router.
Description
Using the dir command, you can display the information about the specified file
or directory in the router storage device.
By default, this command displays the file information under the current directory.
The dir /all command can be used to display the information about all the files,
including the deleted files. The names of the deleted files are denoted with "[]",
for instance, [temp.cfg]. Such deleted files can be restored via the undelete
command. The reset recycle-bin command can be used to delete the file from
the recycle bin permanently.
The dir /h command can be used to display the information about the private file
under the current path. The attribute of the private file is represented by “---h”.
Example
execute Syntax
execute filename
View
System view
Parameter
filename: Name of the batch file, ranging from 1 to 256, with a suffix of “.bat”.
82 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Description
Using the execute command, you can execute the specified batch file.
The batch command executes the command lines in the batch file one by one.
There should be no invisible character in the batch file. If invisible characters are
found, the batch command will quit the current execution without back off
operation. The batch command does not guarantee the execution of each
command, nor does it perform hot backup itself. The forms and contents of the
commands are not restricted in the batch file.
Example
View
System view
Parameter
quiet: No prompt on the condition that data loss or destruction may happen due
to user operation (e.g., deleting a file.).
Description
Using the file prompt command, you can modify the prompt mode of file
operation of the router.
When the prompting mode of file operation is set to quiet, for the possible data
loss due to user operation (e.g., deleting a file), the system will have no prompt.
Example
format Syntax
format device-name
File Management Commands 83
View
User view
Parameter
Description
Using the format command, you can format the storage device.
Formatting will result in loss of all files on a specified storage device and these files
cannot be restored.
Example
Format flash.
mkdir Syntax
mkdir directory
View
User view
Parameter
Description
Using the mkdir command, you can create a directory under the specified
directory in the specified storage device.
The name of the directory to be created cannot be the same with the names of
other directories or files under the specified directory.
Example
<3Com> mkdir dd
Created dir flash:/dd.
more Syntax
more filename
84 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
View
User view
Parameter
Description
Using the more command, you can display content of a specified file.
By default, the file system displays the file in the form of text, that is, the contents
of the file.
Example
move Syntax
move filename_source filename_dest
View
User view
Parameter
Description
If the name of the target file has the same name as an existing directory, the target
file will be moved into the directory, with the same file name. If the name of the
destination file is the same with an existing file name, the user will be prompted
whether the existing file should be overwritten.
Example
<3Com> dir
Directory of *
0 -rw- 2145123 Jul 12 2001 12:28:08 ne80.bin
1 -rw- 595 Jul 12 2001 10:47:50 vrpcfg.txt
File Management Commands 85
pwd Syntax
pwd
View
User view
Parameter
None
Description
Using the pwd command, you can display the current path.
If the current path has not been set, the operation will fail.
Example
<3Com> pwd
flash:/test
rename Syntax
View
User view
86 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Parameter
Description
If the name of the destination file is the same with the name of an existing
directory, the execution will fail. If the name of the destination file is the same with
an existing file, the operation will fail.
Example
<3Com> dir
Directory of *
0 -rw- 2145123 Jul 12 2001 12:28:08 ne.bin
1 -rw- 595 Jul 12 2001 10:47:50 vrpcfg.txt
2 drw- - Jul 12 2001 19:41:20 test
3 -rw- 50 Jul 12 2001 20:26:48 sample.txt
6477 KBytes total (2144 KBytes free)
View
User view
Parameter
Description
Using the reset recycle-bin command, you can delete a file from the recycle bin
permanently.
This command supports "*" wildcard. The delete command only deletes a file to
the recycle bin directory. To delete a file permanently, use the reset recycle-bin
command.
File Management Commands 87
Example
rmdir Syntax
rmdir directory
View
User view
Parameter
Description
Example
<3Com>dir
Directory of *
0 drw- - Jul 12 2001 20:23:37 subdir
1 -rw- 595 Jul 12 2001 20:13:19 vrpcfg.txt
6477 KBytes total (2144 KBytes free)
# Display how to delete the directory subdir.
<3Com> rmdir subdir
Rmdir subdir?[Y/N]:y
% Removed directory subdir
<3Com> dir
Directory of *
0 -rw- 595 Jul 12 2001 20:13:19 vrpcfg.txt
6477 KBytes total (5944 KBytes free)
undelete Syntax
undelete filename
View
User view
Parameter
Description
If the name of the file to be restored is the same as the name of an existing
directory, the execution will fail. If the name of this file is the same as that of an
existing file, the user will be prompted whether the existing file should be
overwritten.
Example
<3Com> dir /all
Directory of *
0 -rw- 595 Jul 12 2001 20:13:19 vrpcfg.txt
1 -rw- 50 Jul 12 2001 20:09:23 [sample.bak]
6477 KBytes total (2144 KBytes free)
# Restore the deleted file sample.bak.
<3Com> undelete sample.bak
Undelete flash:/test/sample.bak ?[Y/N]:y
% Undeleted file flash:/test/sample.bak
<3Com> dir /all
Directory of *
0 -rw- 50 Jul 12 2001 20:34:19 sample.bak
1 -rw- 595 Jul 12 2001 20:13:19 vrpcfg.txt
6477 KBytes total (2144 KBytes free)
FTP Server
Configuration
Commands
display ftp-server
View
Any view
Parameter
None
Description
Using the display ftp-server command, you can display the parameters of the
current FTP server.
After the FTP parameters are configured, this command can be used to display the
configuration results.
Example
The information shown above indicates that the FTP server has started and can
support up to 5 log-on users simultaneously and now there are two log-on users
and the timeout of an FTP user is 30 minutes.
View
Any view
Parameter
None
Description
Using the display ftp-user command, you can display the parameters of the
current FTP user.
Example
The information shown above indicates that a connection between an FTP user
named 3Com and the FTP server has been established. the IP address of the
remote host is 10.110.3.5 and the remote port number is 1074. the authorization
directory is flash:/3Com and so far the user has not sent any service request to the
FTP server for 2 minutes.
View
System view
Parameter
None
Description
Using the ftp server enable command, you can enable the FTP server and allow
the login of FTP users. Using the undo ftp server command, you can disable the
FTP server and the login of FTP users.
Example
View
System view
Parameter
Description
Using the ftp timeout command, you can set the connection timeout. Using the
undo ftp timeout command, you can restore the default connection timeout.
Once the user logs on the FTP server, he establishes a connection with the FTP
server. If an abnormal disconnection occurs or the user abnormally disrupts the
connection, FTP server is not notified and thus the connection is still on. To avoid
such a problem, the connection timeout should be set. If no command interaction
is conducted during this period, FTP will regard the connection failed and disrupt
the connection.
Example
View
System view
Parameter
Description
Using the ftp update command, you can set the upgrading mode. Using the
undo ftp update command, you can restore the default upgrading mode.
The FTP server updates the data of files in its flash memory in two modes, normal
and fast. When receiving files transfered by the user using the FTP command PUT.
Each of the two modes is demonstrated respectively as follows:
Fast mode: The FTP server writes the data to the flash memory after the
completion of the file transfer. This can safeguard that the files in the flash
memory of the Router will not be damaged even on abnormal occasions such as
power failure.
Normal mode: The FTP server writes the data to the flash memory during the file
transfer. This means that the occurence of some abnormal conditions such as
power failure might cause the damage of the files in the flash memory of the
Router. But the normal updating mode consumes fewer memmory.
Example
ascii Syntax
ascii
View
Parameter
None
Description
Using the ascii command, you can set the transmission data type to ASCII.
Example
[ftp] ascii
200 Type set to A.
92 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
binary Syntax
binary
View
Parameter
None
Description
Using the binary command, you can set file type to support binary files
transmission.
Example
[ftp] binary
200 Type set to B.
bye Syntax
bye
View
Parameter
None
Description
Using the bye command, you can disconnect with remote FTP server and exit to
user view.
Example
Terminate the connection with remote FTP server and exit to user view.
[ftp] bye
<3Com>
cd Syntax
cd pathname
View
Parameter
Description
Using the cd command, you can change the operating path on remote FTP server.
Example
[ftp] cd d:/temp
cdup Syntax
cdup
View
Parameter
None
Description
Using the cdup command, you can change the operating path to the upper
directory.
This command is used to exit current directory and return to an upper directory.
Example
[ftp] cdup
close Syntax
close
View
Parameter
None
Description
Using the close command, you can terminate the connection with remote FTP
server, but remain in FTP client view.
94 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
This command will terminate both control connection and data connection with
the remote FTP server simultaneously.
Example
Terminate the connection with the remote FTP server and still keep in FTP client
view.
[ftp] close
[ftp]
debugging Syntax
debugging
undo debugging
View
Parameter
None
Description
Using the debugging command, you can enable the debugging. Using the undo
debugging command, you can disable the debugging.
Example
[ftp] debugging
delete Syntax
delete remotefile
View
Parameter
Description
Example
Delete temp.c.
FTP client module commands 95
dir Syntax
dir [ filename ] [ localfile ]
View
Parameter
Description
This command displays all the files under the directory or the file queried.
Example
disconnect Syntax
disconnect
View
Parameter
None
Description
Using the disconnect command, you can terminate the connection with the
remote FTP server and still keep in FTP client view.
This command will terminate both control connection and data connection with
the remote FTP server.
Example
Terminate the connection with the remote FTP server and still keep in FTP client
view.
[ftp] disconnect
[ftp]
96 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
ftp Syntax
ftp [host [ port ] ]
View
User view
Parameter
Description
Using the ftp command, you can establish control connection with the remote FTP
server and enter FTP client view.
Example
get Syntax
get remotefile [ localfile ]
View
Parameter
Description
Using the get command, you can download remote files and save them locally.
By default, if the local file name is not specified, this command will consider that it
is the same with that of the file on the remote FTP server.
Example
lcd Syntax
lcd
FTP client module commands 97
View
Parameter
None
Description
Using the lcd command, you can get the local operating path of FTP client.
Example
[ftp] lcd
% Local directory now flash:
ls Syntax
ls [ remotefile ] [ localfile ]
View
Parameter
Description
Example
Query temp.c.
[ftp] ls temp.c
mkdir Syntax
mkdir pathname
View
Parameter
Description
Using the mkdir command, you can establish a directory at the remote FTP server.
Example
open Syntax
open ipaddr [ port ]
View
Parameter
Description
Using the open command, you can establish control connection with the remote
FTP server.
Example
Establish FTP connection with the FTP server of the host 10.110.3.1.
passive Syntax
passive
undo passive
View
Parameter
None
Description
Using the passive command, you can set data transmission mode to passive
mode. Using the undo passive command, you can set data transmission mode to
active mode.
Example
[ftp] passive
put Syntax
put localfile [ remotefile ]
View
Parameter
Description
Using the put command, you can upload a local file to the remote FTP server.
If no file name on the remote server is specified, this command will consider that it
is the same with that of the local file.
Example
Upload local file temp.c to the remote FTP server and save it as temp1.c.
pwd Syntax
pwd
View
Parameter
None
Description
Using the pwd command, you can display the working directory on the remote
FTP server.
Example
[ftp] pwd
"d:/temp" is current directory.
100 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
quit Syntax
quit
View
Parameter
None
Description
Using the quit command, you can terminate the connection with the remote FTP
server and exit to user view.
Example
Terminate the connection with the remote FTP server and exit to user view.
[ftp] quit
<3Com>
remotehelp Syntax
remotehelp [ protocol-command ]
View
Parameter
Description
Using the remotehelp command, you can display the help of FTP command.
Example
rmdir Syntax
rmdir pathname
View
Parameter
Description
Using the rmdir command, you can delete a specified directory on FTP server.
Example
user Syntax
user username [ password ]
View
Parameter
Description
Example
Log on FTP server with the user name tom and the password bjhw.
verbose Syntax
verbose
undo verbose
View
Parameter
None
Description
Using the verbose command, you can enable the verbose function to view
information from FTP server. Using the undo verbose command, you can disable
the verbose function.
102 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
By default, it is disabled.
Example
[ftp] verbose
TFTP Configuration
Commands
tftp Syntax
tftp ip_address { get | put } source-filename [ destination-filename ]
View
User view
Parameter
Description
Using the tftp command, you can upload files to a TFTP server or downloads files
to the local.
Example
Download the file vrpcfg.txt in the root directory of the TFTP server at 1.1.254.2
to the local hardware and save it as vrpcfg.bak.
Upload the file vrpcfg.txt stored in the root directory of the flash onto the default
directory on the TFTP server at 1.1.254.2 and save the file on the server as
vrpcfg.bak.
View
System view
Parameter
Description
Using the tftp-server acl command, you can set the number of ACL permitting
the access to a TFTP server.
Example
Set the number of ACL permitting the access to the TFTP Server to 1.
Configuration Files
Management
Commands
display Syntax
current-configuration
display current-configuration [ controller | interface interface-type [ interface-number ]
| configuration [ rip | ospf | bgp | post-config | system | user-interface ] ] [ | [begin |
include | exclude ] string ]
View
Any view
Parameter
begin: Displays the configurations beginning with the specified characters (string).
Description
Using the display current-configuration command, you can display the current
configurations of router.
The current configuration parameters that take the default values will not be
displayed.
After finishing a set of configurations, the user can execute the display
current-configuration command to view the currently effective parameters for
the purpose of verifying the correctness of the configurations. Some parameters
that the user has configured will not be displayed if their functions have not
become valid yet. For example, the user can configure PPP parameters on an
interface encapsulated with X.25 at the link layer, but he will not be able to see
the PPP configuration information on the interface after executing the display
current-configuration command.
Example
#
#
ospf 2 router-id 1.1.1.1
#
rip
#
user-interface con 0
set authentication password simple 123456
history-command max-size 30
user-interface aux 0
user-interface vty 0 4
#
return
display Syntax
saved-configuration
display saved-configuration
View
Any view
Parameter
None
Description
Using the display saved-configuration command, you can display the saved
router configurations, that is, the configurations that the router will apply the next
time it is booted.
Example
interface NULL0
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
View
Any view
Parameter
None
Description
Using the display this command, you can display the current configurations
under this view.
Example
reset Syntax
saved-configuration
reset saved-configuration
View
User view
Parameter
None
Description
Using the reset saved-configuration command, you can erase the saved router
configuration.
You are recommended to use this command only when necessary and under the
guidance of the support technician.
Configuration Files Management Commands 107
Example
save Syntax
save[file-name ]
View
User view
Parameter
Description
Using the save command, you can save the current configuration information into
the storage device.
After you finish a set of configurations and make their functions valid, you should
save the current configuration file into the storage device.
Example
<3Com> save
upgrade Syntax
upgrade bootrom [ full ]
View
User view
108 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Parameter
Description
Using the upgrade command, you can upgrade the bootrom program.
3Com Routers support online BootROM upgrade. You can upgrade the BootROM
online by extracting the BootROM program from the upgrade software package
and writing it into the BootROM.
When executing this command, you should make sure that the upgrade software
package (named bootromfull) has existed in the root directory of the flash.
Example
Upgrade the BootROM program of R1760 Router, given that the upgrade
software package has been stored in the root directory of the flash and the file
name is “bootromfull”.
User Interface
Configuration
Commands
acl Syntax
acl acl-number { inbound | outbound }
View
Parameter
Description
Using the acl command, you can reference an ACL to restrict the rights of VTY
(Telnet or SSH) and other types of user interfaces in placing incoming and
outgoing calls. Using the undo acl command, you can remove the current
settings.
Example
authentication-mode Syntax
authentication-mode { local | password | scheme { list | default } }
authentication-mode none
View
Parameter
Description
Using the authentication-mode command, you can set the mode that a user
interface uses to authenticate the login users. Using the authentication-mode
none command, you can set the authentication mode to none, that is, the login
users need not undergo authentication before they access the user interface.
By default, the authentication mode is set to password for the VTY user interface
and none for other user interfaces.
Example
View
Parameter
Description
You should be aware of the following constraints before using the auto-execute
command command:
When a user logs on, some command configured using auto-execute command
on the terminal will automatically be executed. The user connection will be
disconnected automatically once the execution of the command is finished.
You should use this command with caution because it will probably make you
unable to make the regular system configurations via this user interface.
Example
Execute the telnet 10.110.100.1 command automatically after the user logs on
from the AUX interface.
databits Syntax
databits { 5 | 6 | 7 | 8 }
undo databits
View
Parameter
Description
Using the databits command, you can set user interface data bit. Using the undo
databits command, you can restore the default data bit setting.
The configuration can take effect only when the serial interface works in the
asynchronous flow mode.
Example
[3Com-ui-aux0] databits 5
View
User view
Parameter
Description
Using the debugging vty command, you can enable the debugging of the VTY.
Using the undo debugging vty command you can disable the debugging of the
VTY protocol.
Example
View
Any view
Parameter
Description
Using the display user-interface command, you can display the details of user
interface.
Example
View
Any view
Parameter
Description
Using the display users command, you can display the login information of the
users on each user interface.
Example
* 1 VTY 000:00:0910.110.101.39dd
Where,
UI: The first number and the second number are respectively the absolute number
and relative number of user interface.
Username: Display the name of the user using this user-interface, namely the
username that the user uses for accessing. As AAA authentication is unavailable
yet, this item is null so far.
Delay: In minutes, it is the interval since the last input made by the user.
flow-control Syntax
flow-control { hardware | software | none }
undo flow-control
View
Parameter
Description
Using the flow-control command, you can configure flow control mode. Using
the undo flow-control command, you can restore the default flow control mode.
The configuration can become effective only when the involved serial interface
works in the asynchronous flow mode.
When system is outputting, pressing <Ctrl+s> will stop the screen output, and
<Ctrl+q> will resume the screen output.
Example
View
User view
Parameter
Description
Using the free user-interface number command, you can clear the user
interface with the number defined by the parameter number. Using the free
user-interface type-name number command, you can clear the user interface
with the number defined by number in the user interfaces of the type defined by
type-name.
Example
Clear user-interface 0.
history-command Syntax
max-size
history-command max-size size-value
View
Parameter
size-value: History buffer size, which is in the range of 0 to 256 and defaults to 10,
that is, up to ten history commands can be stored.
Description
Using the history-command max-size command, you can set the history
command buffer size. Using the undo history-command max-size command,
you can restore the default history command buffer size.
Example
idle-timeout Syntax
idle-timeout minutes [ seconds ]
undo idle-timeout
View
Parameter
Description
Using the idle-timeout command, you can set time interval for timed
disconnection. Using the undo idle-timeout command, you can restore the
default time value of timed disconnection.
Setting the time value to 0 will disable the timed disconnection, in which case a
connection will not be cut off upon the expiration of preset time interval..
Example
Set the time interval for timed disconnection to one minute and 30 seconds.
[3Com-ui-console0] idle-timeout 1 30
modem Syntax
modem [ call-in | both ]
View
Parameter
Description
Using the modem command, you can set the incoming/outgoing call attributes
with Modem. Using the undo modem command, you can disable incoming and
outgoing calls.
When executed without any parameters, the modem command enables both
incoming and outgoing calls.
When executed without any parameters, the undo modem command disables
both incoming and outgoing calls.
This command is only available for the AUX interface and other asynchronous
interface, but not for Console port.
Example
[3Com-ui-tty] modem
View
Parameter
None
Description
Using the modem auto-answer command, you can set the answering mode to
auto-answer. Using the undo modem auto-answer command, you can set the
answering mode to manual answer.
This command is valid for the AUX interface and other asynchronous interfaces
but not for the console interface.
When taking the modem dial-up connection approach, the user should first set
the modem parameters on the involved user interface.
Example
View
Parameter
Description
Using the modem timer answer command, you can set the timeout time waiting
for the carrier signal after the off-hook action for setting up an inbound
connection. Using the undo modem timer answer command, you can restore
the default waiting timeout time.
This command is valid for the AUX interface and other asynchronous interfaces
but not for the console interface.
Example
None
parity Syntax
parity { none | even | odd | mark | space }
undo parity
View
Parameter
Description
Using the parity command, you can set the check bit of a user interface. Using
the undo parity command, you can restore the check mode of user interface to
none.
The configuration can become effective only when the involved serial interface
works in the asynchronous flow mode.
118 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Example
redirect Syntax
redirect
undo redirect
View
Parameter
None
Description
Using the redirect command, you can set the redirection function, which is only
valid for the AUX and TTY user interfaces, on an asynchronous port. Using the
undo redirect command, you can disable the rediction function on the involved
port.
This command is only valid for the AUX and the TTY user interfaces. For example,
executing the redirect command on a TTY user interface will enable the
redirection function of the user interface.
Example
[3Com-ui-tty7] redirect
screen-length Syntax
screen-length screen-length
undo screen-length
View
Parameter
Description
Using the screen-length command, you can set the number of rows displayed in
one screen at the terminal. Using the undo screen-length command, you can
restore the number of rows in a terminal screen to 24.
Example
Set the number of rows in one screen of the terminal to 30.
[3Com-ui-console0] screen-length 30
send Syntax
send [ number | all | type-name number ]
View
User view
Parameter
all: Sends messages to all user interfaces.
Description
Using the send command, you can transfer messages between user interfaces.
Using the send all command, you can send messages to all user-interfaces.
Using the send number command, you can send messages to the user interface
defined by specifying its number.
Using the send type-name number command, you can send messages to the
user interface of type-name with specified number.
Example
View
Parameter
Description
Using the set authentication password command, you can set a local
authentication password. Using the undo set authentication password
command, you can remove the local authentication password.
Regardless of whether the password format is set to plain text or ciphertext, a user
must input plain text password during the authentication.
When configuring a password, you must specify its format to simple or cipher. If
the former has been specified, the password saved in the configuration file will be
in plain text. If the latter is specified, however, the password will be displayed in
ciphertext regardless of whether the password you enter is a simple password of 1
to 16 bytes or an encrypted password of 24 bytes.
Example
Set the local authentication password for the user interfaces vtys 0 to 4 to
"3Com".
shell Syntax
shell
undo shell
User Interface Configuration Commands 121
View
Parameter
None
Description
Using the shell command, you can enable terminal services on a user interface.
Using the undo shell command, you can remove the current setting.
By default, the terminal services are enabled on all the user interfaces.
Some constraints are put on the undo shell command. First, CON does not
support this command. Second, if there is only AUX but no CON on a router (AUX
and CON shares the same port), the AUX will not support this command as well.
These constraints do not apply to other types of user interfaces.
Example
speed Syntax
speed speed-value
undo speed
View
Parameter
Description
Using the speed command, you can set the transmission rate of a user interface.
Using the undo speed command, you can restore the default transmission rate of
the user interface.
Only when the serial interface works in asynchronous flow mode will the
configuration be effective.
■ 300bps
■ 600bps
■ 1200bps
■ 4800bps
■ 9600bps
■ 19200bps
■ 38400bps
■ 57600bps
■ 115200bps
Example
stopbits Syntax
stopbits { 1.5 | 1 | 2 }
undo stopbits
View
Parameter
Description
Using the stopbits command, you can set the stop bit of a user interface. Using
the undo stopbits command, you can restore the default stop bit of the user
interface.
Only when the serial interface works in asynchronous flow mode will the
configuration be effective.
Example
View
Parameter
Description
Using the user privilege command, you can configure the command accessing
level commensurate with the users accessing the system from the current user
interface. Using the undo user privilege command, you can disable the current
setting.
By default, the default command accessing levels of CON user interface and other
user interfaces have been set to 3 and 0.
If the command accessing level assigned to a user interface conflicts with the
precedence level assigned to the used username in the granted rights, the rights
commensurate with the username will be preferred. For example, the precedence
of the user 007 allows 007 to access level-3 commands and the privilege level
assigned to the user interface VTY 0 only allows the login users to access level-2
commands. If 007 accesses the system from VTY0 in this case, it will be able to
access the commands of level-3 and lower levels.
Example
Assign the users accessing the system from the user interface with the privilege
allowing them to access level-2 commands.
After the user accesses the router from vty 0 via Telnet, the terminal will display:
<3Com>
user-interface Syntax
user-interface [ type-keyword ] user-interface-number [ ending-user-interface-number ]
View
System view
Parameter
Description
Using the user-interface command, you can enter the single-user interface view
or multi-user interface view.
Example
The following example configures one console user interface and three VTY user
interfaces, which may be right for the case where the router does not provide the
AUX interface.
[3Com] user-interface 0 3
[3Com-ui0-3]
debugging Syntax
ntp-service
debugging ntp-service { access | adjustment | authentication | event | filter | packet |
parameter | refclock | selection | synchronization | validity | all }
View
User view
Parameter
Description
Using the debugging ntp-service command, you can enable debugging of all
types of NTP service information. Using the undo debugging ntp-service
command, you can disable NTP service debugging.
Example
View
Any view
Parameter
Description
Using the display ntp-service sessions command, you can display the status of
all the sessions maintained by the local device ntp.
By default, the status of all the sessions maintained by the local device NTP is
displayed.
The command without parameter verbose will display the brief information of all
the sessions maintained by the local device NTP.
126 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
The command with parameter verbose will display the detailed information of all
the sessions maintained by the local device NTP.
Example
Display the brief information of all the sessions maintained by the local device NTP
View
Any view
Parameter
None
Description
Using the display ntp-service status command, you can display the state
information of the NTP service.
Example
<3Com> display ntp-service status
clock status: unsynchronized
clock stratum: 16
reference clock ID: none
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
View
Any view
Parameter
X.X.X.X: The IP address of the NTP server functioning as the reference clock
source.
Description
Using the display ntp-service trace command, you can display the summary
information of each NTP time server from the local device tracing to the reference
clock source.
This command is used to trace to the reference clock source from the local device
along the time synchronous NTP server chain and display the summary
information of each NTP server.
Example
<3Com> display ntp-service trace
server4: stratum 4, offset 0.0019529, synch distance 0.144135
server3: stratum 3, offset 0.0124263, synch distance 0.115784
server2: stratum 2, offset 0.0019298, synch distance 0.011993
server1: stratum 1, offset 0.0019298, synch distance 0.011993 refid 'GPS Reciever'
The above information displays the synchronous chain of server4. It indicates that
server 4 can be synchronized to server 3, server 3 to server 2 and server 2 to server
1. Server 1 is synchronized from the reference clock source GPS Receiver.
View
System view
Parameter
Description
Using the ntp-service access command, you can set the access control authority
of the local device services. Using the undo ntp-service access command, you
can remove the access control authority that has been set.
This command is used to set the access authority of the NTP service of the local
device. A security approach of minimum authority is provided in this manual. The
more secure approach is to perform ID authentication. When there is an access
request, this command can be used to make the matches in sequence from
minimum access authority to the maximum authority. All matches are based on
the first match. The match order is peer, server, synchronization, query.
Example
Enable the peer in No.76 access list to perform time request, query control and
time synchronization on the local device.
Enable the peer in No.28 access list to perform time request, query control on the
local device.
ntp-service Syntax
authentication enable
ntp-service authentication enable
View
System view
debugging ntp-service 129
Parameter
None
Description
Using the ntp-service authentication enable command, you can set NTP-service
ID authentication. Using the undo ntp-service authentication enable
command, you can remove NTP-service ID authentication.
Example
ntp-service Syntax
authentication-keyid
ntp-service authentication-keyid number authentication-mode md5 value
View
System view
Parameter
Description
This command is used to set NTP authentication key, which only supports MD5
authentication.
Example
Set MD5 ID authentication key. The key ID number is 10 and the key is BetterKey.
ntp-service Syntax
broadcast-client
ntp-service broadcast-client
View
Interface view
Parameter
None
Description
Using the ntp-service broadcast-client command, you can configure the NTP
broadcast client mode. Using the undo ntp-service broadcast-client command,
you can remove the NTP broadcast client mode.
This command is used to specify the local interface on the local device to receive
the NTP broadcast packets. The local device is run in client mode. It first listens
discreetly to the broadcast packets from the server. When the first broadcast
packet is received, the local device enables a short client/server mode to exchange
messages with the remote server in order to estimate network delay. Then it enters
the client mode to listen discreetly to the broadcast packets and synchronize the
local clock according to the coming broadcast packets.
Example
ntp-service Syntax
broadcast-server
ntp-service broadcast-server [ authentication-keyid keyid | version number ] *
View
Interface view
Parameter
Description
This command is used to specify an interface on the local device to transmit NTP
broadcast packets. The local device is run in broadcast-server mode, which acts as
the broadcast server to transmit broadcast messages periodically to the broadcast
clients.
Example
Enable Ethernet 1/0/0 to transmit NTP broadcast packets. No.4 key is used for
encryption and NTP version number is set to 3.
ntp-service Syntax
max-dynamic-sessions
ntp-service max-dynamic-sessions number
View
System view
Parameter
Description
Example
ntp-service Syntax
multicast-client
ntp-service multicast-client [ X.X.X.X ]
View
Interface view
Parameter
Description
Using the ntp-service multicast-client command, you can configure the NTP
multicast client mode. Using the undo ntp-service multicast-client command,
you can remove the NTP multicast client mode.
This command is used to specify an interface on the local device to receive the NTP
multicast packets. The local device is run in client mode. It first listens discreetly to
the multicast packets from the server. When the first multicast packet is received,
the local device enables a short client/server mode to exchange messages with the
remote server in order to estimate network delay. Then it enters the client
(multicast-client) mode to listen discreetly to the multicast packets and synchronize
the local clock according to the coming multicast packets.
Example
Configure Ethernet 1/0/0 to receive NTP multicast packets. The multicast address
corresponding to the multicast packets is 244.0.1.1.
ntp-service Syntax
multicast-server
ntp-service multicast-server [ X.X.X.X ] [ authentication-keyid keyid | ttl ttl-number |
version number ] *
View
Interface view
Parameter
keyid: ID number used when transmitting messages to the multicast clients in the
range of 1 to 4294967295.
Description
Using the ntp-service multicast-server command, you can configure the NTP
multicast server mode. Using the undo ntp-service multicast-server command,
you can remove the NTP multicast server mode.
This command is used to specify an interface on the local device to transmit NTP
multicast packets. The local device is run in server (multicast-server) mode, which
acts as the multicast server to transmit multicast messages periodically to the
multicast clients.
Example
ntp-service Syntax
refclock-master
ntp-service refclock-master [ X.X.X.X ] [ layers-number ]
View
System view
Parameter
layers-number: Specifies the stratum of the local clock, which is in the range of 1
to 15.
Description
Using the ntp-service refclock-master command, you can set the external
reference clock or the local clock to be the NTP master clock. Using the undo
ntp-service refclock-master command, you can remove the setting of the NTP
master clock.
Setting the external reference clock or the local clock to be the NTP master clock
provides other devices with synchronous time. The X.X.X.X is the IP address
127.127.t.u of the reference clock. When no IP address is specified, the local clock
134 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
is the NTP master clock by default. This command can be used to specify the
stratum of the NTP master clock.
Example
Set the local device to be the NTP master clock to provide synchronous time for
other peers. The stratum is set to 3.
View
System view
Parameter
Description
Example
ntp-service Syntax
source-interface
ntp-service source-interface {interface-type interface-number }
View
System view
debugging ntp-service 135
Parameter
Description
Using the ntp-service source-interface command, you can specify the interface
for the local end to transmit NTP messages. Using the undo ntp-service
source-interface command, you can delete the interface for the local end to
transmit NTP messages.
The source IP address is the specified one when specifying the local to transmit all
the NTP messages. The IP address is obtained from the specified interface. If the
user does not want the IP addresses on other interfaces to become the destination
address responding to the messages, this command can be used to specify one
interface to send all the NTP packets.
Example
Specify the source IP address of all the NTP output packets to use the IP address
on the interface Ethernet 1/0/0.
View
System view
Parameter
Description
Using the ntp-service unicast-peer command, you can configure the NTP peer
mode. Using the undo ntp-service unicast-peer command, you can remove the
NTP peer mode.
This command is used to set the remote server specified by the X.X.X.X as the peer
of the local device. The local device is run in symmetric active mode. The X.X.X.X is
a host address and cannot be the address of the broadcast, multicast, or reference
clock. In this configuration, the local device can be synchronized to the remote
server and the remote server can also be synchronized to the local server.
Example
Display the configuration that the peer 128.108.22.44 provides the synchronous
time for the local and the local peer can provide synchronous time for the peer.
The version number is 3. The IP address of the NTP packets is obtained from
Ethernet 1/0/0.
ntp-service Syntax
unicast-server
ntp-service unicast-server X.X.X.X [ version number | authentication-keyid keyid |
source-interface {interface-type interface-number } | priority ] *
View
System view
Parameter
Description
Using the ntp-service unicast-server command, you can configure the NTP
server mode. Using the undo ntp-service unicast-server command, you can
remove the NTP server mode.
This command is used to set the remote server specified by the X.X.X.X as the
local time server. The X.X.X.X is a host address and cannot be the IP address of the
broadcast, multicast or reference clock. In this configuration, the local client device
can be synchronized to the remote server and the remote server cannot be
synchronized to the local client device.
Example
Configure the local device to be provided with the synchronous time by the server
128.108.22.44. The version number is 3.
SNMP Configuration
Commands
View
User view
Parameter
Description
Using the debugging snmp-agent command, you can enable the SNMP Agent
debugging and specify the debugging information of SNMP module. Using the
undo debugging snmp-agent command, you can remove the current settings.
Example
View
Any view
Parameter
None
Description
Using the display snmp-agent command, you can display the SNMP engine ID of
local or remote device.
The SNMP engine is the only identification of the SNMP management, and it
uniquely identifies a SNMP entity in one management domain. The SNMP engine
is an important component of the SNMP entity, completing the functions of SNMP
messages such as message dispatching, message processing, security
authentication and access control.
Example
View
Any view
SNMP Configuration Commands 139
Parameter
read: Displays the community name information with the read-only authority.
write: Displays the community name information with the authority of read and
write.
Description
Using the display snmp-agent community command, you can display the
currently configured community name of SNMPv1 or SNMPv2.
Example
View
Any view
Parameter
Description
Using the display snmp-agent group command, you can display the group
information based on USM. Without parameters, the command displays the group
information corresponding to all the specified group names, including group
name, security mode, storage types on the router etc.
Example
The corresponding fields displayed above are described in the following table:
Table 4 Description of display snmp-agent group fields
Content Description
Groupname Name of SNMP group corresponding to the user
Readview Name of read-only MIB view corresponding to the group
Writeview Name of writable MIB view corresponding to the group
Notifyview Name of notifying MIB view corresponding to the group
Storage-type the type of storage type
View
Any view
Parameter
exclude: Specifies to exclude the SNMP MIB view attributes displayed and set.
include: Specifies to include the SNMP MIB view attributes displayed and set.
Description
Using the display snmp-agent mib-view command, you can display the
currently configured MIB view.
Example
MIB Subtree:snmpModules.18
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
Content Description
View name View name
MIB Subtree MIB subtree
Storage-type Storage type
ViewType: Included/excluded Indicate whether to enable or disable the access to a MIB
object
Active Indicate the state of lines in the list
CAUTION: When the SNMP Agent is disabled, "Snmp Agent disabled" will be
displayed for all the above display commands.
View
Any view
Parameter
None
Description
Using the diplay snmp-agent statistics command, you can display the state and
statistics of SNMP.
Example
Content Description
Messages delivered to the SNMP entity Total number of input SNMP packets
Messages which were for an unsupported Number of packets with version errors
version
Messages which used an unknown Number of packets with community name
community name errors
Messages which represented an illegal Number of packets with authority errors
operation for the community supplied corresponding to community name
ASN.1 or BER errors in the process of Number of SNMP packets with encoding errors
decoding
MIB objects retrieved successfully Number of variables requested by NMS
MIB objects altered successfully Number of variables set by NMS
Get-request PDUs accepted and Number of get-request packets accepted and
processed processed (PDU: Protocol Data Unit)
Get-next PDUs accepted and processed Number of received packets that get next
requests
Set-request PDUs accepted and processed Number of received packets that set requests
Messages passed from the SNMP entity Total number of output SNMP packets
SNMP PDUs which had a tooBig error Number of SNMP packets with Too_big errors
(Maximum packet size 1500) Maximum SNMP packet size is 1500.
SNMP PDUs which had a noSuchName Number of packets with requests of
error non-existing MIB object
SNMP PDUs which had a badValue error Number of SNMP packets with Bad_values
errors
SNMP PDUs which had a general error Number of SNMP packets with General_errors
Response PDUs accepted and processed Number of response packets accepted and
processed
Trap PDUs accepted and processed Number of Trap packets accepted and
processed
View
Any view
Parameter
Description
Using the display snmp-agent sys-info command, you can display the system
information of the local SNMP device.
Example
View
Any view
Parameter
engineid: Displays the SNMPv3 user information of the specified engine ID.
group: Displays the user information belonging to the related SNMP group.
Description
Using the display snmp-agent usm-user command, you can display the
information about SNMP users.
An SNMP user is the remote user who executes SNMP management operation.
The snmp-agent usm-user command is used to specify the SNMP user.
Example
Content Description
authuser Modify display information
User name Character string used to identify the SNMP user
Engine ID Character string used to identify the SNMP device
Active Indicate the state of SNMP USER
snmp-agent Syntax
snmp-agent
undo snmp-agent
View
System view
Parameter
None
Description
Using the snmp-agent command, you can enable the SNMP Agent and specify
the SNMP configuration information. Using the undo snmp-agent command,
you can disable SNMP Agent.
The snmp-agent command can be used to enable SNMP Agent, and any
configuration command of snmp-agent can also enable SNMP Agent. However,
the undo form of the corresponding command does not have the functions. It will
be invalid configuring the undo form of the command when the SNMP Agent is
not enabled.
The undo snmp-agent command is used to disable the SNMP Agent on the
condition that SNMP Agent has been enabled.
Example
View
System view
Parameter
read: Indicates that the community name has the read-only authority in the
specified view.
write: Indicates that the community name has the read and write authority in the
specified view.
Description
Using the snmp-agent community command, you can set the community access
name of SNMPV1 and SNMPV2C and MIB views and ACLs available for the
community name. Using the undo snmp-agent community command, you can
remove the setting.
Example
Set the community name to comaccess and allow read-only access with this
community name.
Set the community name to mgr and enable reading and writing access.
View
System view
Parameter
write-view: Name of the reading and writing view, in the range of 1 to 32 bytes.
Description
Using the snmp-agent group command, you can configure a new SNMP group,
i.e., to map the SNMP user to the SNMP view. Using the undo snmp-agent
group command, you can delete a specified SNMP group.
Example
snmp-agent Syntax
local-engineid
snmp-agent local-engineid engineid
View
System view
Parameter
Description
Example
View
System view
Parameter
oid-tree: OID MIB subtree for the Mib object subtree, which can be a character
string of the variable OID or a character string of variable name. For example, it
can be character strings such as 1.4.5.3.1 and system character strings or use "*"
as wildcard, for example, 1.4.5.*.*.1.
Description
Using the snmp-agent mib-view command, you can create or update the
information about a view. Using the undo snmp-agent mib-view command,
you can delete the view information.
148 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Currently, this command supports not only the input of the character string of the
variable OID as a parameter but also the input of the node name as a parameter.
Example
View
System view
Parameter
byte-count: The maximum length of the SNMP packets that Agent can
receive/send, in the range of 484 to 17940 bytes. The default value is 1500 bytes.
Description
Using the snmp-agent packet max-size command, you can set the maximum
length of the SNMP message packets that Agent can receive/forward. Using the
undo snmp-agent packet max-size command, you can remove the current
setting.
Example
Set the maximum length of the SNMP packet that Agent can receive/forward to
1042 bytes.
View
System view
Parameter
*: Indicates selecting one to three items from the three options of v1, v2c and v3.
Description
Using the snmp-agent sys-info command, you can set the system information,
including the system maintenance information, physical location information of
the device and the SNMP version number used. Using the undo snmp-agent
sys-info command, you can remove the current setting.
By default,
Example
View
System view
Parameter
address: Specifies the address of the destination host where the SNMP message
transmits.
port-number: Specifies the port number that receives the trap packet.
params: Specifies the information of the logging host that generates SNMP
messages.
v1: SNMPV1.
v2c: SNMPv2c.
v3: SNMPV3.
Description
Using the snmp-agent target-host command, you can set the destination that
receives the SNMP notification. Using the undo snmp-agent target-host
command, you can remove the host that receives the SNMP notification.
For the related command, see snmp-agent trap enable, snmp-agent trap
source, snmp-agent trap life.
Example
Enable to send SNMP Trap packets to 10.1.1.1, using the community name of
comaccess.
Send SNMP Trap packets to 10.1.1.1, using the community name of public.
View
System view
Parameter
Description
Using the snmp-agent trap enable command, you can enable the device to send
Trap packets and set the trap or notification parameters. Using the undo
snmp-agent trap enable command, you can remove the current setting.
The snmp-agent trap enable command indicates to allow sending all types of
SNMP Trap packets of all the modules, when there is no parameter.
The snmp-agent trap enable command should be used in cooperation with the
snmp-agent target-host command. The snmp-agent target-host command is
used to specify the hosts to which the Trap information will be sent. To send Trap
information, the user should configure at least one snmp-agent target-host
command.
The module trap-type forwarding the Trap packets can be snmp, bgp and vrrp
(VRRP Trap packets).
Types of packets that SNMP modules can send include authentication, coldstart,
linkdown, linkup and warmstart.
Example
Allow sending the Trap packets, which fail to perform SNMP authentication, to
10.1.1.1. The trap packets are in the form of V2C with the community name of
public.
Enable to send all types of BGP Trap packets to 10.1.1.1. The trap packets are in
the form of V3 with the community name of super. The packets are authenticated
but not encrypted.
View
System view
Parameter
seconds: Timeout in seconds, ranging 1 to 2592000 with the default value as 120
seconds.
Description
Using the snmp-agent trap life command, you can set the conservation time of
the Trap packet and the Trap packets exceeding the time will be dropped. Using
the undo snmp-agent trap life command, you can remove the current setting.
If the conservation time for the Trap packets the system has configured is seconds.
The Trap packets over the conservation time will be discarded without being sent
or conserved.
Example
View
System view
SNMP Configuration Commands 153
Parameter
Description
Using the snmp-agent trap queue-size command, you can set the length of the
message queue of the Trap packet sent to the destination host. Using the undo
snmp-agent trap queue-size command, you can cancel the setting.
Example
Set the length of the message queue of the host forwarding the Trap packet to
200.
View
System view
Parameter
Description
Using the snmp-agent trap source command, you can specify the source
address from which Trap will be sent. Using the undo snmp-agent trap source
command, you can remove the Trap source address.
There is always a Trap address when the SNMP Trap message is being sent from a
server, no matter from which interface it is sent. This command can be used to
trace a special event.
Example
Specify the IP address of the Ethernet interface 1/0/0 as the source address of Trap
packet.
View
System view
Parameter
Description
Using the snmp-agent usm-user command, you can add a new user to a SNMP
group. Using the undo snmp-agent usm-user command, you can delete a
SNMP group user.
When the user configures a remote user for a certain Agent, the engine ID is
needed during authentication. If the engine ID changes after the user has been
configured, the user corresponding to the original engine ID will be ineffective.
For SNMPV1 and SNMPV2C, this command adds a new community name. For
SNMPV3, it adds a new user to a SNMP group.
Example
Add a user named "John" to the SNMP group named "Johngroup", with the
security level being "auth", the authentication protocol being HMAC-MD5-96
and the password being "hello".
Terminal Service
Commands
Terminal Service of
Telnet
View
User view
Parameter
None
Description
Using the debugging telnet command, you can enable the debugging for Telnet
connection. Using the undo debugging telnet command, you can disable the
debugging for Telnet connection.
Example
<3Com> debugging telnet
View
Any view
Parameter
None
Description
Using the display tcp status command, you can display all TCP connections
currently established with the router.
This command is used to display all TCP connections currently established with the
router. Compared with display users, the display tcp status command can display
more information about Telnet clients and servers.
The information that this command can display includes: the local address of TCP
connection, local port number, external address, external port number, and
connection state.
Example
<3Com> display tcp status
TCPCB Local Address Foreign Address State
129.102.100.142 23 129.102.001.092 ESTABLISHED
028ca414 0.0.0.0.23 0.0.0.0.0 LISTEN
The above shown information indicates: one TCP connection has been set up. the
local IP address of the TCP connection is 129.102.100.142 with the local port
number as 23, and the remote IP address is 129.102.001.92, and there is also a
local server process monitoring the No. 23 port.
telnet Syntax
telnet [ vpn-instance vpn-instance-name ] host-ip-address [ service-port ]
View
User view
Parameter
service-port: TCP port number for the remote router to provide Telnet service, in
the range of 0 to 65535.
Description
Using the telnet command, you can log on another device from the current
router.
By default, if the service-port is not specified, the Telnet port number is 23.
By executing the telnet command, the user can conveniently log on another
device from a router to achieve remote management.
Example
Log on another router 3Com2 (the IP address is 129.102.0.1) from the current
router 3Com1.
<3Com>telnet 129.102.0.1
Trying 129.102.0.1...
Service port is 23
Connected to 129.102.0.1
<3Com2>
SSH Configuration
Commands
View
User view
Parameter
None
Description
Using the debugging rsa command, you can send the detailed information about
each process and packet structure of RSA algorithm to the information center in
debugging form and to debug certain user-interface separately. Using the undo
debugging rsa command, you can disable the debugging.
For the related command, see rsa local-key-pair create, rsa local-key-pair
destroy.
Example
View
User view
Parameter
index: Debugged SSH channel. In default, its value ranges from 0 to 4 and is
limited by VTY number.
Description
Using the debugging ssh server command, you can send the information about
negotiation process regulated by SSH1.5 protocol to information center as
debugging formation and to debug certain user-interface separately. Using the
undo debugging ssh server command, you can disable the debugging.
For the related command, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.
Example
View
Any view
Parameter
None
Description
Using the display rsa local-key-pair public command, you can display the public
key of host key pair of server and server key pair. If no key is generated, the system
will prompt that no key is found, e.g., RSA keys not found.
Example
<3Com> display rsa local-key-pair public
% Key pair was generated at: 12:26:33 UTC 2002/4/4
Key name: rtvrp_Host
Usage: Encryption Key
Key Data:
30470240 AF7DB1D0 DA78944F 53B7B59B 40D425D0 DC9C57D2 A60916C2 1F165807
08B84DDB 5F4DB8E7 A115B74E 2D41D96C AC61D276 AA027E41 DD48DE64 696E0934
EB872805 02030100 01
% Key pair was generated at: 12:26:45 UTC 2002/4/4
Key name: rtvrp_Server
Usage: Encryption Key
Key Data:
30670260 C05280D9 BA0D56C8 7BE43379 8634CDE7 83ABA9A2 3F36280E 25995487
4FF6AD7A 0E57871C 761E6D92 9914D8C5 CC577388 5B580B94 C2172C8F 36039EED
160A0478 651DED3A 9CCF1AAD D800AAF2 DF7FBEC4 A13ADA59 9E738319 AF366B8B
519D39F5 02030100 01
View
Any view
Parameter
brief: Displays the brief information of all the remote public key.
Description
Using the display rsa peer-public-key command, you can display the specified
RSA public key. If there is no public key specified, all public keys will be displayed.
Example
<3Com> display rsa peer-public-key
Address Bits Name
1023 abcd
1024 hq
1024 wn1
1024 hq_all
[3Com] display rsa peer-public-key name abcd
Key name:abcd
Key address:
Data:
30818602 8180739A 291ABDA7 04F5D93D C8FDF84C 42746319 91C164B0 DF178C55
FA833591 C7D47D53 81D09CE8 2913D7ED F9C08511 D83CA4ED 2B30B809 808EB0D1
F52D045D E40861B7 4A0E1355 23CCD74C AC61F8E5 8C452B2F 3F2DA0DC C48E3306
367FE187 BDD94401 8B3B69F3 CBB0A573 202C16BB 2FC1ACF3 EC8F828D 55A36F1C
DDC4BB45 504F0201 25
View
Any view
Parameter
Description
Using the display ssh server command, you can display the SSH status or
session.
For the related command, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.
Example
View
Parameter
None
Description
Using the peer-public-key end command, you can return to the system view
from the public key view.
For the related command, see rsa peer-public-key and public-key-code begin.
Example
View
Any view
Parameter
Description
Using the display ssh user-information command, you can display the
information about current SSH user including user name, corresponding key name
and user authentication mode. If you specify the username parameter, then the
information about the specified user will be displayed.
For the related command, see ssh user username assign rsa-key, ssh user
username authentication-type.
Example
4000 hq_rsaall
hanqi_rsa hq_rsa rsa
hanqi_all hq_all all
View
Parameter
Description
Using the protocol inbound command, you can specify the protocols supported
by the current user interface.
By default, the system supports all the protocols, that is, Telnet and SSH.
When the command is used to specify the protocols supported by the current user
interface and SSH is enabled, SSH is still unavailable if the rsa key of the local
router is not configured. The configuration result will take effect at the next login
request.
If SSH is configured as the protocols supported by the current user interface, you
should configure the corresponding authentication method as
authentication-mode local or authentication-mode scheme default (using AAA) to
ensure the successful login. If the authentication method is configured as
authentication-mode password and authentication-mode none, the configuration
of protocol inbound ssh will fail.
Example
Disable the Telnet function of vty0 to vty4 and only support the SSH function.
View
Parameter
None
Description
Using the public-key-code begin command, you can enter the edit view of
public key.
Before using this command, you must use the rsa peer-public-key command to
specify one key name. After the public-key-code begin command is input, the
system enters the edit view of public key and you can input the key data. When
the key data are input, the space can exist between characters and you can press
enter key to continue the data input. The public key configured must be the hex
character ring coded according to public key format. The public key is generated
in stochastic mode by the client software supporting SSH.
Example
View
Parameter
None
Description
Using the public-key-code end command, you can quit public key edit view to
public key view and to save the public key configured by the user. In addition, to
quit public key view to public key chain view.
164 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
After this command is executed, the edit process of public key will be ended.
Before saving the public key, the system will check the validity of key. If there are
illegal characters in the public key character string configured by the user, the
system will display relevant prompt information that illegal characters are input.
The public key configured by the user will be discarded so this configuration fails.
If the public key configured is valid, it will be saved in public key chain table of
client.
Example
View
System view
Parameter
None
Description
Using the rsa local-key-pair create command, you can generate the local RSA
host key pair and server key pair.
When this command is used to configure, the system will give alarm and prompt
that former key will be replaced if RSA key has existed. The view of generated key
pair is router name+ server and router name+ host, e.g., 3Com_host and
3Com_server. This command will not be stored in configuration file.
After this command is input, the system will prompt you to enter the digit of host
key. The digit of server key pair should differ from that of host key pair in 128
digits at least. The minimum length of server key pair and host key pair is 512
digits and the maximum length is 2048 digits. If there has been key pair, the user
should confirm whether to change it.
The primary operation to accomplish SSH login is to configure and generate local
RSA key pair. Before performing other SSH configurations, you must accomplish
the configuration of the rsa local-key-pair create command to generate local
key pair. It is necessary to execute this command only once and it is unnecessary to
execute again after the router restarts.
Example
Configure and generate local host key pair and server key pair.
View
System view
Parameter
None
Description
Using the rsa local-key-pair destroy command, you can remove all RSA keys of
server (including host key pair and server key pair).
After this command is input, you should confirm whether to remove all RSA keys
of server. This command is not stored in configuration file.
Example
View
System view
166 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
Parameter
None
Description
Using the rsa peer-public-key command, you can enter the view of public key
view.
After the command is input, the system will enter the view of public key view. This
command can be used to configure the public key of client with the
public-key-code begin command together. The public key of client is generated
in stochastic mode by the client software. Please use the client software
supporting SSH1.5.
Example
View
System view
Parameter
Description
Using the ssh server authentication-retries command, you can set the SSH
connection authentication re-try times to enable it in next login. Using the undo
ssh server authentication-retries command, you can restore the default value
of SSH connection authentication retry times.
Example
View
System view
Parameter
hours: Updates period. It ranges from 1 to 24 in hour. 0 cannot be input for this
parameter.
Description
Using the ssh server rekey-interval command, you can set the update times of
server key. Using the undo ssh server rekey-interval command, you can cancel
the current settings.
Example
View
System view
Parameter
seconds: Specifies the login time-out time. It ranges from 1 to 120 seconds.
Description
Using the ssh server timeout command, you can set the time-out time of SSH
connection authentication to make it valid in next login. Using the undo ssh
server timeout command, you can restore the default value of time-out time of
SSH connection authentication.
Example
View
System view
Parameter
Description
Using the ssh user assign command, you can assign one existing public key
(keyname) for the user (username). Using the undo ssh user assign command,
you can delete the relationship between the user and its public key.
When the system assigns public key for the user, the system will regard the public
key assigned last if the user has been assign a public key.
AAA module takes charge of the creation and deletion of local system users.
When AAA module creates one user of SSH type, it will notice SSH and SSH will
add the user into user set maintained by it. When AAA module deletes any one
user, it will notice SSH and SSH will match the user in its user name set. SSH will
delete the user from the user set if it finds the match of the user in user name set.
The new configured user public key will be valid in next login.
Example
View
System view
Parameter
all: Specifies the authentication mode of the user as either password or RSA.
Description
Using the ssh user authentication-type command, you can specify the
authentication method for a special user. Using the undo ssh user
authentication-type command, you can restore the default mode that login is
always denied.
The authentication mode must be specified for the new user, or the user will not
be able to login. The new configured authentication mode will take effect in next
login.
Example
Interface
Management
Commands
View
User view
Parameter
Description
Using the debugging physical command, you can enable alarming for a
specified interface. Using the undo debugging physical command, you can
disable alarming for a specified interface.
Example
None
description Syntax
description interface-description
undo description
View
Interface view
172 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
Parameter
Description
Using the description command, you can set the interface description. Using the
undo description command, you can restore the default interface description.
Example
Change the description of the Ethernet interface Ethernet 0/0/0 to “3Com Router
Ethernet interface”.
View
Any view
Parameter
type: Interface type which is used along with number to identify an interface.
number: Interface number which is used along with type for identifying an
interface.
Description
Using the display interface command, you can display the current running state
and other information of an interface.
Example
View the running state and the relevant information of Serial 0/0/0.
Field Description
Serial0 is up Physical layer state of the interface
line protocol is up Link layer state of the interface
5 minutes input rate The input rate of the interface within the last five
minutes
5 minutes output rate The output rate of the interface within the last five
minutes
FIFO queueing: FIFO Type of the output queue on the interface
51 packets input, 640 bytes, 0 Packets and bytes received by the interface and the
no buffers packets discarded due to the unavailability of
receive-buffer.
55 packets output, 700 bytes, 0 Packets and bytes sent by the interface and the packets
no buffers discarded due to the unavailability of send-buffer.
input errors:0, CRC:0, frame The received packets that contain errors, including CRC
errors:0 errors and frame errors.
DCD=UP DTR=UP DSR=UP States of the physical electric signals DCD, DTR, DSR,
RTS=UP CTS=UP RTS, and CTS
interface Syntax
interface type number [ .sub-number ]
View
System view
174 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
Parameter
type: Interface type. The following table lists the interfaces that VRP supports so
far.
Description
Using the interface command, you can enter the specified interface view or
create a logical interface or subinterface. Using the undo interface command,
you can delete a specified logical interface or subinterface.
Table 2 Interfaces supported by VRP
To simplify input, the type portion of the interface name can be shortened to
several leading letters, given that these letters do not conflict with other interface
types. Therefore, you can input e0/0/0 for Ethernet 0/0/0 and s0/0/0.1 for Serial
0/0/0.1.
You can enter the view of the desired physical interface and creating logical
interfaces or subinterfaces as needed by executing the interface command.
Interface Management Commands 175
Note that executing the undo interface command also deletes the defined logical
interfaces (such as dialer, tunnel, and virtual-template interfaces) and
subinterfaces.
Example
[3com-Ethernet0/0/0]interface serial0/0/0.1
[3com-Serial0/0/0.1]
View
User view
Parameter
type: Interface type which is used along with number for identifying an interface.
number: Interface number which is used along with type for identifying an
interface.
Description
Using the reset counters interface command, you can clear the statistics of the
transmitted and received packets on an interface.
If no interface has been specified, the statistics about the transmitted and received
packets on all the interfaces are cleared.
To count the traffic size on an interface within a specific period, you must clear the
existing statistics about the transmitted and received packets on the interface
before taking a new count.
Example
Clear the statistics about the transmitted and received packets on Serial 0/0/0.
shutdown Syntax
shutdown
undo shutdown
View
Interface view
Parameter
None
Description
Using the shutdown command, you can shut down an interface. Using the undo
shutdown command, you can enable an interface.
This command takes effect not only on physical interfaces but also on tunnel and
MFR interfaces.
In some circumstances, such as when you are modifying the operating parameters
of an interface, the modification do not take effect immediately. Rather, you must
shut down the interface and re-enable it.
Example
[3com-Ethernet0/0/0]shutdown
% Interface Ethernet0/0/0 is down
% Interface Ethernet0/0/0 changed state to DOWN
% Line protocol ip on interface Ethernet0/0/0, changed state to DOWN
Fundamental Ethernet
Interface
Configuration
Commands
View
Any view
Parameter
Description
Using the display interface ethernet command, you can view the configuration
parameters, current running state, and some other information of an Ethernet
interface.
Example
duplex Syntax
duplex { full | half | negotiation }
undo duplex
View
Parameter
Description
Using the duplex command, you can set the operating mode of the 100Base-TX
FE interface. Using the undo duplex command, you can restore the default
operating mode of the Ethernet interface.
178 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
Before setting the FE interface to work in auto-negotiation mode, you must make
sure that the connected remote end has been working in auto-negotiation mode.
If this cannot be guaranteed, the two parties should use the forced setting for the
consistency in operating mode.
Example
loopback Syntax
loopback
undo loopback
View
Parameter
None
Description
Using the loopback command, you can enable an Ethernet interface to perform
loopback. Using the undo loopback command, you can disable loopback.
You must enable the Ethernet interface to perform loopback only for the purpose
of testing some special functions.
Example
[3com-Ethernet0/0/0]loopback
mtu Syntax
mtu size
undo mtu
Fundamental Ethernet Interface Configuration Commands 179
View
Parameter
size: MTU size on the Ethernet interface, which is in bytes. It is in the range of 46
to 1500 if the adopted frame format is Ethernet_II.
Description
Using the mtu command, you can set the maximum transmission unit (MTU) of
the Ethernet interface. Using the undo mtu command, you can restore the
default configuration.
The MTU setting of an Ethernet interface can affect the assembly and
fragmentation of IP packets on the interface.
Example
[3com-Ethernet0/0/0]mtu 1492
speed Syntax
speed { 10 | 100 | negotiation }
undo speed
View
Parameter
Description
Using the speed command, you can set the operating speed of the FE interface.
Using the undo speed command, you can restore the default operating speed of
the FE interface.
Before setting the FE interface to work in auto-negotiation mode, you must make
sure that the connected remote end has been working in auto-negotiation mode.
180 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
If this cannot be guaranteed, the two parties should use the forced setting for
operating consistency.
Example
[3com-Ethernet0/0/0]speed 10
Fundamental WAN
Interface
Configuration
Commands
View
Parameter
protocol: Protocol mode, with which the local end directly adopts the configured
link layer protocol parameters to set up a link with the remote end after setting up
a physical link.
flow: Flow mode, which is also known as interactive mode. With this approach,
the two ends set up a link by interacting with each other upon the setup of a
physical link. Specifically, the calling party sends the configuration commands to
the called party (it is equal to the operation of manually inputting configuration
commands at the remote end), sets the link layer protocol operating parameters of
the called party, and then sets up the link. This approach is normally adopted in
the event of man-machine interaction.
Description
Using the async mode command, you can set the operating mode of an
asynchronous serial interface.
By default, the asynchronous serial interface is working in protocol mode and the
AUX interface in flow mode.
Example
baudrate Syntax
baudrate baudrate
View
Parameter
baudrate: Baud rate of serial interface in bps. It is in the range of 300 to 115200
for an asynchronous serial interface and 1200 to 2048000 for a synchronous serial
interface.
Description
Using the baudrate command, you can set the baud rate for a serial interface.
By default, the baud rate is 9600 bps on the asynchronous serial interface and
64000 bps on a synchronous serial interface.
Following are the baud rates available for the asynchronous serial interface.
■ 300 bps, 600 bps, 1200 bps, 2400 bps, 4800 bps, 9600 bps, 19200 bps,
38400 bps, 57600 bps, 115200 bps.
Following are the baud rates available for the synchronous serial interface.
■ 1200 bps, 2400 bps, 4800 bps, 9600 bps, 19200 bps, 38400 bps, 57600
bps, 64000 bps, 72000 bps, 115200 bps, 128000 bps, 384000 bps,
2048000 bps.
The baud rate range available for the synchronous serial interface depends on the
applied physical electric specifications.
When setting baud rate for a serial interface, you should take into consideration
the elements, such as operating mode (synchronous/asynchronous mode) and the
electric specifications of the connected external cable. In addition, you should note
that the baud rate of asynchronous serial interface is only significant for the
connection between router and modem. If two modems are concerned, they will
negotiate the baud rate between them. Therefore, different baud rate settings can
be set on the routers at the two ends of a connection, if the routers are working in
asynchronous mode. In synchronous mode, however, the router working as DCE
will determine the baud rate for the line transmission. Therefore, you must set
baud rate at the DCE side.
182 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
Example
[3com-Serial0/0/0]baudrate 115200
clock Syntax
clock { dceclk | dteclk1 | dteclk2 | dteclk3 | dteclk4 }
View
Parameter
dteclk1: Sets the interface clock selection mode to DTE clock option 1.
dteclk2: Sets the interface clock selection mode to DTE clock option 2.
dteclk3: Sets the interface clock selection mode to DTE clock option 3.
dteclk4: Sets the interface clock selection mode to DTE clock option 4.
Description
Using the clock command, you can set the clock selection mode for a
synchronous serial interface.
By default, dceclk (providing clock to the DTE device) and dteclk3 are selected for
the synchronous serial interfaces at the DCE side and the DTE side.
Different operating clocks are selected for the synchronous serial interfaces
working as DTE and DCE, as shown in the following figure.
TxClk
In the figure, “TxClk” represents transmitting clock and “RxClk” receiving clock.
As a DCE device is required to provide clock for the remote DTE device, you must
select DCEclk as the operating clock for the synchronous serial interface working
as DCE.
Working as DTE, the synchronous serial interface must accept the clock provided
by the remote DCE. As transmitting and receiving clocks of synchronization
devices are independent, the receiving clock of a DTE device can be either the
Fundamental WAN Interface Configuration Commands 183
Clock selection
option Description
DTEclk1 TxClk = TxClk, RxClk = RxClk
DTEclk2 TxClk = TxClk, RxClk = TxClk
DTEclk3 TxClk = RxClk, RxClk = TxClk
DTEclk4 TxClk = RxClk, RxClk = RxClk
In the table, the clock ahead of “=” is the DTE clock and the one after is the DCE
clock.
Example
Set the synchronous serial interface working as DTE to use the clock selection
option DTEclk2.
[3com-Serial0/0/0]clock dteclk2
undo code
View
Parameter
None
Description
Using the code nrzi command, you can set the digital signal coding format to
None-Return-to-Zero-Inverse (NRZI) for a synchronous serial interface. Using the
undo code command, you can restore the digital coding format of the
synchronous serial interface to NRZ.
The digital signal coding format defaults to NRZ on the synchronous serial
interface.
Example
Set the digital signal coding format to NRZI on the synchronous serial interface.
[3com-Serial0/0/0]code nrzi
184 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
detect Syntax
1 Asynchronous serial interface
detect dsr-dtr
View
Parameter
dcd: Detects the DCD signal of the DSU/CSU on the serial interface.
Description
Using the detect command, you can enable data carrier detection as well as level
detection on a serial interface. Using the undo detect command, you can disable
data carrier detection as well as level detection on the serial interface.
By default, serial interfaces are enabled to make data carrier and level detection.
If this function has been disabled on a serial interface, the system will not detect
the DCD and DSR/DTR signals when determining the state (UP or DOWN) of the
serial interface.
Example
idle-mark Syntax
idle-mark
undo idle-mark
View
Parameter
None
Fundamental WAN Interface Configuration Commands 185
Description
Using the idle-mark command, you can set the line idle-mark of the synchronous
serial interface to “FF”. Using the undo idle-mark command, you can restore the
line idle-mark of the synchronous serial interface to “7E”.
In normal circumstances, the synchronous serial interface uses the code “7E” to
identify the idle state of the line. However, there are still some devices that use
“FF” (that is, the high level of all “1s”) to make the identification. For the sake of
compatibility in this case, it is necessary to configure the line idle-mark of the
synchronous serial interface.
Example
[3com-Serial0/0/0]idle-mark
View
Parameter
None
Description
Using the invert transmit-clock command, you can enable the inverting of the
transmit-clock signal of the synchronous serial interface at the DTE side. Using the
undo invert transmit-clock command, you can disable inverting the signal.
In some special cases, for the purpose of eliminating the half-period delay of the
clock on the line, you may make the configuration to make the system invert the
transmit-clock signal of the synchronous serial interface at the DTE side. This
command can take effect only on some specific DCE devices. Clock inversion is
unnecessary for general applications.
Example
[3com-Serial0/0/0]invert transmit-clock
186 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
loopback Syntax
loopback
undo loopback
View
Parameter
None
Description
Using the loopback command, you can enable a serial interface to perform
loopback. Using the undo loopback command, you can disable the serial
interface to perform loopback.
It is necessary for you to enable the serial interface to perform loopback only for
the purpose of testing some special functions.
Example
[3com-Serial0/0/0]loopback
mtu Syntax
mtu size
undo mtu
View
Parameter
size: MTU size on the serial interface, which is in the range of 128 to 1500 bytes
and defaults to 1500.
Description
Using the mtu command, you can set the MTU of a serial interface. Using the
undo mtu command, you can restore the default setting.
The MTU setting of a serial interface can affect the assembly and fragmentation of
IP packets on the interface.
Example
[3com-Serial0/0/0]mtu 1200
physical-mode Syntax
physical-mode { sync | async }
View
Parameter
Description
Using the physical-mode command, you can set the operating mode of a
synchronous/asynchronous serial interface.
Example
[3com-Serial0/0/0]physical-mode async
Fundamental CE1/PRI
Interface
Configuration
Commands
channel-set Syntax
channel-set set-number timeslot-list range
View
Parameter
set-number: The number of the channel set formed by bundling the timeslots on
the interface, which is in the range of 0 to 30.
range: The number of the timeslots that are bundled, which is in the range of 1 to
31. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
188 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
Description
Using the channel-set command, you can bundle some timeslots of a CE1/PRI
interface into a channel-set. Using the undo channel-set command, you can
remove the specified timeslot bundle.
In actual applications, all the timeslots except timeslot 0 can be bundled into
multiple channel-sets and the system will automatically create a serial interface for
each set. This serial interface has the same logic features of synchronous serial
interface.
Only one timeslot bundling mode can be supported on one CE1/PRI interface
during a time period. In other words, this command cannot be used together with
the pri-set command.
Example
Make the same configuration on the CE1/PRI interface on the remote router.
clock Syntax
clock { master | slave }
undo clock
View
Parameter
Description
Using the clock command, you can set the clock mode on a CE1/PRI interface.
Using the undo clock command, you can restore the default clock mode on the
interface.
By default, the CE1/PRI interface adopts the line clock mode (slave).
When a CE1/PRI interface is working as DCE, chose the internal clock for it, that is,
master clock mode. When it is working as DTE, chose the line clock, that is, slave
clock mode for it.
Example
Set the clock mode of the CE1/PRI interface to internal clock (master) mode.
code Syntax
code { ami | hdb3 }
undo code
View
Parameter
hdb3: Adopts High Density Bipolar 3 (HDB3) line code format. This parameter is
only significant for a CE1/PRI interface.
Description
Using the code command, you can set the line code format for a CE1/PRI
interface. Using the undo code command, you can restore the default line code
format of the interface.
You should keep the line code format of the interface in consistency with that
used by the remote device.
Example
controller e1 Syntax
controller e1 number
190 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
View
System view
Parameter
Description
Using the controller e1 command, you can enter a CE1/PRI interface view.
Example
[3com]controller E1 3/0/0
[3com-E1 3/0/0]
View
Any view
Parameter
Description
Using the display controller e1 command, you can display the information
related to a CE1/PRI interface.
Example
frame-format Syntax
frame-format { crc4 | no-crc4 }
undo frame-format
View
Parameter
Description
Using the frame-format command, you can set the frame format of CE1
interface. Using the undo frame-format command, you can restore the default
frame format of the interface.
A CE1/PRI interface working in CE1 mode supports both crc4 and no-crc4 frame
formats. Among them, crc4 supports the 4-bit Cyclic Redundancy Check (CRC) on
physical frames whereas no-crc4 does not.
Example
loopback Syntax
loopback { local | remote }
undo loopback
View
Parameter
Description
Using the loopback command, you can enable a CE1/PRI interface to perform
loopback. Using the undo loopback command, you can disable the CE1/PRI
interface to perform loopback.
Loopback is used to check the condition of interface or cable. This function should
be disabled when they are in normal operation.
Example
pri-set Syntax
pri-set timeslot-list [ range ]
undo pri-set
View
Parameter
range: The number of the timeslots that are bundled, which is in the range of 1 to
31. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.
Description
Using the pri-set command, you can bundle the timeslots of a CE1/PRI interface
into a pri-set. Using the undo pri-set command, you can remove the timeslot
bundle.
When perform pri-set bundling on a CE1/PRI interface, you should note that you
are not allowed to bundle only timeslot 16, as it will be used as the D channel for
transmitting signals. Attempts to bundle only timeslot 16 will fail.
The system will automatically create a serial interface after the operation of
timeslot bundling on the interface. This serial interface has the same logic features
Fundamental CE1/PRI Interface Configuration Commands 193
of ISDN PRI interface. The serial interface is numbered in the form of serial
number:15. Where, number is the maximum serial interface number plus 1.
Only one timeslot bundling mode can be supported on one CE1/PRI interface
during a time period. In other words, this command cannot be used together with
the channel-set command.
Example
Bundle the timeslots 1, 2, and 8-12 of the CE1/PRI interface into a pri-set.
using Syntax
using { ce1 | e1 }
undo using
View
Parameter
e1: In E1 mode
Description
Using the using command, you can configure the operating mode for a CE1/PRI
interface. Using the undo using command, you can restore the default operating
mode.
After the CE1/PRI interface is enabled to work in E1 mode by using the using e1
command, the system will automatically create a serial interface numbered serial
interface-number:0. The interface-number starts from the maximum serial
interface number plus 1t.
194 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
Example
[3com-E1 3/0/0]using e1
Fundamental CT1/PRI
Interface
Configuration
Commands
cable Syntax
cable { long { 0db | -7.5db | -15db | -22.5db } | short { 133ft | 266ft | 399ft | 533ft | 655ft } }
undo cable
View
Parameter
long: Matches a 655-feet and longer transmission line. The options for this
parameter include 0db, -7.5db, -15db and -22.5db. The attenuation parameter is
selected depending on the signal quality received at the receiving end. In this case,
no external CSU is needed.
short: Matches a transmission cable under 655 feet. The options for this
parameter include 133ft, 266ft, 399ft, 533ft and 655ft. The length parameter is
selected depending on the actual length of the transmission line.
Description
Using the cable command, you can set cable attenuation and length on a CT1/PRI
interface to match the distance of the transmission line. Using the undo cable
command, you can restore the default value
The transmission cable attenuation that the CT1/PRI interface matches defaults to
long 0db.
This command is mainly used to configure the signal waveform for transmission to
satisfy various transmitting needs. In practice, the signal quality received by the
receiving end determines whether this command will be used. If the signal quality
is relatively good, use the default setting. In this case, the CT1/PRI interface does
not need an external CSU device.
Example
Set the length of the transmission cable that the CT1/PRI interface matches to 133
feet.
channel-set Syntax
channel-set set-number timeslot-list range [ speed { 56k | 64k } ]
View
Parameter
range: The number of the timeslots that are bundled, which is in the range of 1 to
24. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.
speed { 56k | 64k }: The speed of the timeslot bundle, which is in Kbps. If 56k is
selected, the timeslots will be bundled into N x 56 Kbps bundles, and if 64k is
selected, the timeslots will be bundled into N x 64 Kbps bundles. By default, the
system uses 64k.
Description
Using the channel-set command, you can bundle some timeslots of a CT1/PRI
interface into a channel-set. Using the undo channel-set command, you can
remove the specified channel-set.
Only one timeslot bundling mode can be supported on one CT1/PRI interface
during a time period. In other words, this command cannot be used together with
the pri-set command.
Example
clock Syntax
clock { master | slave }
undo clock
View
Parameter
Description
Using the clock command, you can set the clock mode on a CT1/PRI interface.
Using the undo clock command, you can restore the default clock mode on the
interface.
By default, the CE1/PRI interface adopts the line clock mode (slave).
When a CT1/PRI interface is working as DCE, chose the internal clock for it, that is,
master clock mode. When it is working as DTE, chose the line clock, that is, the
slave clock mode for it.
Example
Set the clock mode of the CT1/PRI interface to internal clock (master) mode.
code Syntax
code { ami | b8zs }
undo code
View
Parameter
b8zs: Adopts the Bipolar with 8-Zero Substitution (b8zs) line code format.
Description
Using the code command, you can set the line code format for a CT1/PRI
interface. Using the undo code command, you can restore the default line code
format of the interface.
You should keep the line code format of the interface consistent with the one
used by the remote device.
Example
controller t1 Syntax
controller t1 number
View
System view
Parameter
Description
Using the controller t1 command, you can enter a CT1/PRI interface view.
Example
[3com]controller t1 1/0/0
[3com-T1 1/0/0]
View
Any view
Parameter
Description
Using the display controller t1 command, you can display the information
related to a CT1/PRI interface. All T1 interfaces will be displayed if no parameter is
selected.
Example
frame-format Syntax
frame-format { sf | esf }
undo frame-format
View
Parameter
sf: Sets the frame format of CT1/PRI interface to Super Frame (SF).
esf: Sets the frame format of CT1/PRI interface to Extended Super Frame (ESF).
Description
Using the frame-format command, you can set the frame format on a CT1/PRI
interface. Using the undo frame-format command, you can restore to the
default frame format on the interface.
A CT1/PRI interface supports two frame formats, that is, SF and ESF. In SF format,
multiple frames can share the same FSC and signaling information, so that more
significant bits can be used for transmitting user data. In practice, a system should
be tested often. The application of ESF makes it possible for the system to provide
the services while it is being tested.
Example
[3com-T1 1/0/0]frame-format sf
loopback Syntax
loopback { local | remote }
undo loopback
View
Parameter
Description
Using the loopback command, you can enable a CT1/PRI interface to perform
loopback. Using the undo loopback command, you can disable the CT1/PRI
interface to perform loopback.
Loopback is used to check the condition of interface or cable. This function should
be disabled when they are in normal operation.
Example
pri-set Syntax
pri-set [ timeslot-list range ]
undo pri-set
View
Parameter
range: The number of the timeslots that are bundled, which is in the range of 1 to
24. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.
Description
Using the pri-set command, you can bundle the timeslots of a CT1/PRI interface
into a pri-set. Using the undo pri-set command, you can remove the timeslot
bundle.
When performing pri-set bundling on a CT1/PRI interface, you should note that
you are not allowed to bundle only timeslot 24, because it is the D channel for
transmitting signals. Attempts to bundle only timeslot 24 will fail.
channel, timeslot 24 is automatically bundled). The logic features of this pri-set will
be the same as those of an ISDN PRI interface. If no timeslots are specified for
bundling, all the timeslots will be bundled into an interface similar to an ISDN PRI
interface in the form of 23B+D.
The system will automatically create a serial interface after the operation of
timeslot bundling on the interface. This serial interface has the same logic features
as an ISDN PRI interface. The serial interface is numbered in the form of serial
number:23, in which number starts from the maximum serial interface number
plus 1.
Only one timeslot bundling mode can be supported on one CE1/PRI interface
during a time period. In other words, this command cannot be used together with
the channel-set command.
Example
Bundle the timeslots 1, 2, and 8-12 of the CT1/PRI interface into a pri-set.
E1-F Interface
Configuration
Commands
View
Any view
Parameter
Description
Using the display fe1 serial command, you can view the configuration and state
of E1-F interface.
If the specified interface is a serial interface rather than an E1-F interface, the
system will display the error prompt “The serial is not a factional interface”.
Example
Item Description
Framing Frame format (crc4/no-crc4)
Line Code line code format (ami/hdb3)
Clock Clock mode (master/slave)
Alarm State Alarm information
View
Parameter
Description
Using the fe1 clock command, you can configure clock used by an E1-F interface.
Using the undo fe1 clock command, you can restore the default clock of the
interface.
For an E1-F interface used as DCE, master clock should be used. If the interface is
used as DTE, however, the slave clock should be used.
Example
View
Parameter
Description
Using the fe1 code command, you can configure line code format for an E1-F
interface. Using the undo fe1 code command, you can restore the default line
code format of interface.
The line code of an interface should be set consistent with that of the peer.
Example
View
Parameter
crc4: Adopts CRC4 as the framing format for the E1-F interface.
no-crc4: Adopts no-CRC4 as the framing format for the E1-F interface..
Description
Using the fe1 frame-format command, you can configure the framing format for
an E1-F interface. Using the undo fe1 frame-format command, you can restore
the default framing format of the interface.
Example
View
Parameter
Description
Using the fe1 loopback command, you can configure an E1-F interface in local or
remote loopback. Using the undo fe1 loopback command, you can disable the
local and remote loopback on the interface.
Local loopback and remote loopback are used for testing the state of interface or
cable itself. These functions should be disabled in normal cases. On an interface,
using this command, but with different arguments, can enable local loopback and
remote loopback, but these two functions cannot be enabled at the same time.
Example
View
Parameter
all: Binds all the time slots on an interface, the interface rate will become 31 X
64kbps (that is, 1984kbps) after binding.
Description
Using the fe1 timeslot-list command, you can configure the time slots that will
participate in the binding operation on an E1-F interface. Using the undo fe1
timeslot-list command, you can restore the default setting of time slot binding.
204 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
By default, all the time slots on an E1-F interface are bound. That is, the E1-F
interface rate defaults to 1984kbps.
Example
Bind the time slots 1, 2, 5, 10 through 15, and 18 on the E1-F interface.
View
Parameter
None
Description
Using the fe1 unframed command, you can configure an E1-F interface to work
in unframed mode. Using the undo fe1 unframed command, you can configure
the E1-F interface to work in framed mode.
When it works in framed mode, however, it is physically divided into 32 time slots
numbered in the range of 0 to 31, and time slot 0 is used for transmitting
synchronization information.
Example
T1-F Interface
Configuration
Commands
View
Parameter
long decibel: Matches the transmission line longer than 655 feet. The argument
decibel can take 0db, -7.5db, -15db, or -22.5db, depending on the signal quality
at the receiving end. In this case, no external CSU is required.
short length: Matches transmission line shorter than 655 feet. The argument
length can take 133ft, 266ft, 399ft, 533ft, and 655ft, depending on the length of
transmission line.
Description
Using the ft1 cable command, you can configure attenuation or length of the
transmission line matched a T1-F interface. Using the undo ft1cable command,
you can restore the default setting.
By default, the transmission line attenuation matched T1-F interfaces is long 0db.
This command is mainly used for configuring the signal waveform required for
different types of transmission. In practice, you can decide whether to use this
command according to the signal quality at the receiving end. If the signal quality
is acceptable, the default setting can be used.
Example
Set the length of the transmission line matched the T1-F interface to 133 feet.
View
Any view
Parameter
Description
Using the display ft1 serial command, you can view the configuration and state
of T1-F interface.
If the specified interface is a serial interface rather than a T1-F interface, the
system will display the error prompt “The serial is not a factional interface”.
Example
Item Description
Framing Frame format (crc4/no-crc4)
Line Code line code format (ami/hdb3)
Clock Clock mode (master/slave)
Alarm State Alarm information
View
Parameter
Description
Using the ft1 clock command, you can configure the clock used by an E1-F or
T1-F interface. Using the undo ft1 clock command, you can restore the default
clock of the interface.
For a T1-F interface used as DCE, master clock should be used. If the interface is
used as DTE, however, the slave clock should be used.
Example
View
Parameter
Description
Using the ft1 code command, you can configure the line code format for a T1-F
interface. Using the undo ft1 code command, you can restore the default line
code format of interface.
The line code of an interface should be set in consistency with that of the peer.
Example
View
Parameter
esf: Adopts ESF as the framing format for the T1-F interface.
Description
Using the ft1 frame-format command, you can configure the framing format for
a T1-F interface. Using the undo ft1 frame-format command, you can restore
the default framing format of the interface.
T1-F interfaces support SF and ESF. In SF, multiple frames can share the same frame
synchronization and signaling information, so that more significant bits can be
used for transmitting user data. In practice, the system test is often required. The
application of ESF technology can ensure normal service when system test is being
carried out.
Example
View
Parameter
Description
Using the ft1 loopback command, you can configure a T1-F interface in local or
remote loopback. Using the undo ft1 loopback command, you can disable the
local and remote loopback on the interface.
Local loopback and remote loopback are used for testing the state of interface or
cable itself. These functions should be disabled in normal cases. On an interface,
using this command but with different arguments can respectively enable local
loopback and remote loopback, but these two functions cannot be enabled at the
same time.
Example
Parameter
all: Binds all the time slots on an interface. The interface rate will become 24 X
64kbps (that is, 1536kbps) after binding.
speed { 56 | 64 }: Speed in kbps, which is used for time slot binding. If the
argument 56 is used, timeslots will be bound into N X 56kbps. If the argument 64
is used, timeslots will be bound into N X 64kbps.
Description
Using the ft1 timeslot-list command, you can configure the time slots that will
participate in the binding operation on a T1-F interface. Using the undo ft1
timeslot-list command, you can restore the default setting of time slot binding.
By default, all the time slots on a T1-F interface are bound. That is, the T1-F
interface rate defaults to 1536kbps.
When performing time slot binding on a T1-F interface, the speed assigned to a
time slot defaults to 64kbps.
The time slot binding operation on a T1-F interface results in a change of interface
rate. For example, after the user binds the time slots 1 through 10, the interface
rate becomes 10 X 64kbps (or 10 X 56 kbps).
Example
Bind the time slots 1, 2, 5, 10 through 15, and 18 on the T1-F interface.
Fundamental CE3
Interface
Configuration
Commands
clock Syntax
clock { master | slave }
undo clock
View
Parameter
Description
Using the clock command, you can set the clock mode on a CE3 interface. Using
the undo clock command, you can restore the default clock mode on the
interface.
By default, the CE3 interface adopts the line clock mode (slave).
If the CE3 interfaces on the two routers are directly connected, one router should
use the internal clock whereas the other router uses the line clock.
Example
controller e3 Syntax
controller e3 interface-number
View
System view
Parameter
Description
Using the controller e3 command, you can enter the CE3 interface view.
Example
[3com]controller e3 1/0/0
[3com-E3 1/0/0]
View
Any view
Fundamental CE3 Interface Configuration Commands 211
Parameter
Description
Using the display controller e3 command, you can view the state information of
a CE3 interface.
In addition to the state information of the CE3 interface, the command can display
the information of each E1 line on the CE3 interface if the interface is working in
CE3 mode.
Example
e1 channel-set Syntax
e1 line-number channel-set set-number timeslot-list range
View
Parameter
range: The number of the timeslots that are bundled, which is in the range of 1 to
31. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.
Description
Using the e1 channel-set command, you can bundle the timeslots of an E1 line.
Using the undo e1 channel-set command, you can remove the timeslot bundle.
A CE3 interface can be channelized into 64Kbps lines and the timeslots of each E1
line can be bundled up to 31 channels.
When an E1 line operates at framed (CE1) mode, you can bundle the timeslots on
it. The system will automatically create a serial interface numbered serial number /
line-number:set-number. For example, the serial interface created by the
channel-set 0 of the first e1 line on E3 7/0 will be numbered 7/0/1:0. This interface
can operate at N x 64 Kbps and has the same logic features of a synchronous serial
interface on which you make other configurations.
Example
Bundle a 128Kbps serial interface on the first E1 line on the interface E3 1/0/0.
View
Parameter
Description
Using the e1 set clock command, you can set the clock mode for an E1 line on a
CE3 interface. Using the undo e1 clock command, you can restore the default
setting.
The E1 lines on a CE3 interface working in channelized mode are allowed to use
separate clocks.
Example
Configure the first E1 line on the E3 interface to adopt line clock mode.
View
Parameter
Description
Using the e1 set frame-format command, you can configure the frame format
for an E1 line. Using the undo e1 set frame-format command, you can restore
the default setting.
Only if an E1 line is working in framed format (which can be set by using the undo
e1 unframed command) can this command be configured.
Example
Configure the first E1 line on the E3 interface to adopt the frame format crc4.
View
Parameter
Description
Using the e1 set loopback command, you can set the loopback mode of an E1
line on an E3 interface. Using the undo e1 set loopback command, you can
disable the E1 line to loop back.
If an E1 line encapsulated with PPP has been set to perform loopback, it is normal
for the state of the link layer protocol to be reported as DOWN.
Example
Set the loopback mode of the first E1 line on the E3 interface to local.
e1 shutdown Syntax
e1 line-number shutdown
View
Parameter
Description
Using the e1 shutdown command, you can shut down an E1 line on the CE3
interface. Using the undo e1 shutdown command, you can enable the E1 line.
This command will affect not only the specified E1 line but also the serial
interfaces formed by bundling the timeslots of the E1 line. Executing the e1
shutdown command on the specified E1 line will shut down all these serial
interfaces and the data transmission and receiving will be stopped as a result.
Likewise, executing the undo e1 shutdown command will re-enable all these
serial interfaces.
Example
e1 unframed Syntax
e1 line-number unframed
View
Parameter
Description
Using the e1 unframed command, you can set an E1 line on a CE3 interface to
work in unframed mode (E1 mode). Using the undo e1 unframed command, you
can set the E1 line on the CE3 interface to work in framed mode (CE1 mode).
An E1 line in unframed mode does not contain the frame control information and
cannot be divided into timeslots. Naturally, no timeslot bundling can be performed
on it. In this case, the system automatically creates a serial interface numbered
serial number / line-number:0 for it. This interface operates at 2048 Kbps and has
the same logic features of a synchronous serial interface on which you can make
other configurations.
Example
loopback Syntax
loopback { local | payload | remote }
undo loopback
View
Parameter
payload: Places the CE3 interface in an remote payload loopback. Data passes the
framer in this case and will be looped back after payload is generated.
remote: Enables the CE3 interface to perform remote loopback. Data does not go
through the framer in this case and will be looped back before the payload has
been generated.
Description
Using the loopback command, you can configure the loopback mode of a CE3
interface. Using the undo loopback command, you can disable the CE3 interface
to perform loopback.
It is necessary for you to enable the CE3 interface to perform loopback only for the
purpose of testing some special functions.
If a CE3 interface encapsulated with PPP has been set to perform loopback, it is
normal for the state of the link layer protocol to be reported as DOWN.
Example
national-bit Syntax
national-bit { 0 | 1 }
undo national-bit
View
Parameter
Description
Using the national-bit command, you can configure national bit for a CE3
interface. Using the undo national-bit command, you can restore the default
setting.
Example
using Syntax
using { e3 | ce3 }
undo using
View
Parameter
Description
Using the using command, you can configure the operating mode of a CE3
interface. Using the undo using command, you can restore the default setting.
Only when the CE3 interface is working in channelized mode can you configure
the E1 lines on it.
Example
[3com-E3 1/0/0]using e3
218 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
Fundamental CT3
Interface
Configuration
Commands
cable Syntax
cable feet
undo cable
View
Parameter
Description
Using the cable command, you can configure the length of the cable with which a
CT3 interface is connected. Using the undo cable command, you can restore the
default length of the cable with which the CT3 interface is connected.
The length of the cable for CT3 interface connection refers to the distance
between the router and the cable distribution rack.
Example
[3com-T3 1/0/0]cable 50
clock Syntax
clock { master | slave }
undo clock
View
Parameter
Description
Using the clock command, you can set the clock mode on a CT3 interface. Using
the undo clock command, you can restore the default clock mode on the
interface.
By default, the CT3 interface adopts the line clock mode (slave).
If the CT3 interfaces on the two routers are directly connected, one router should
use the internal clock whereas the other router uses the line clock.
Example
controller t3 Syntax
controller t3 interface-number
View
System view
Parameter
Description
Using the controller t3 command, you can enter the CT3 interface view.
Example
[3com]controller t3 1/0/0
[3com-T3 1/0/0]
crc Syntax
crc { 16 | 32 | no-crc}
undo crc
View
Parameter
Description
Using the crc command, you can configure CRC mode of the serial interface
formed by CT3. Using the undo crc command, you can restore the default setting.
Example
Apply 32-bit CRC to the serial interface formed by the interface T3 1/0/0 in
unchannelized mode.
[3com-Serial1/0/0:0] crc 32
frame-format Syntax
frame-format { c-bit | m23 }
undo frame-format
View
Parameter
Description
Using the frame-format command, you can configure the frame format used by
a CT3 interface. Using the undo frame-format command, you can restore the
default frame format used by the CT3 interface.
Example
loopback Syntax
loopback { local | payload | remote }
Fundamental CT3 Interface Configuration Commands 221
undo loopback
View
Parameter
payload: Places the CT3 interface in an external payload loop. Data passes the
framer in this case and will be looped back after payload is generated.
remote: Enables the CT3 interface to perform remote loopback. Data does not go
through the framer in this case and will be looped back before the payload has
been generated.
Description
Using the loopback command, you can configure the loopback mode of a CT3
interface. Using the undo loopback command, you can disable the CT3 interface
to perform loopback.
Loopback is usually used for some special detection. It should not be enabled in
normal working condition.
If a CT3 interface encapsulated with PPP has been set to perform loopback, it is
normal for the state of its link layer protocol to be reported as DOWN.
Example
t1 channel-set Syntax
t1 line-number channel-set set-number timeslot-list range [ speed { 56k | 64k } ]
View
Parameter
range: The number of the timeslots that are bundled, which is in the range of 1 to
24. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
222 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
speed: Timeslot bundling mode. If 56k is selected, the timeslots will be bundled
into N x 56Kbps. If 64k is selected, the timeslots will be bundled into N x 64 Kbps.
Speed defaults to 64k.
Description
Using the t1 channel-set command, you can bundle the timeslots of a T1 line.
Using the undo t1 channel-set command, you can remove the timeslot bundle.
When a T1 line operates at framed (CT1) mode, you can bundle the timeslots on
it. The system will automatically create a serial interface numbered serial number /
line-number:set-number for the channel-set. This interface operates at N x 64
Kbps (or N x 56 Kbps) and has the same logic features of a synchronous serial
interface on which you can make other configurations.
Example
Bundle a 128Kbps serial interface on the first T1 line on the interface T3 1/0/0.
View
Parameter
Description
Using the t1 set clock command, you can set the clock mode for a T1 line on a
CT3 interface. Using the undo e1 clock command, you can restore the default
setting.
The E1 lines on a CE3 interface working in channelized mode are allowed to use
separate clocks.
Fundamental CT3 Interface Configuration Commands 223
Example
View
Parameter
esf: Set the T1 line to use the Extended Super Frame (ESF) format.
sf: Set the T1 line to use the Super Frame (SF) format.
Description
Using the t1 set frame-format command, you can configure the frame format of
T1 line. Using the undo t1 set frame-format command, you can restore the
default setting.
Only if a T1 line is working in framed format (which can be set by using the undo
t1 unframed command) can this command be configured.
Example
Adopt the frame format SF for the first T1 line on the T3 interface.
View
Parameter
Description
Using the t1 set loopback command, you can set the loopback mode of a T1 line
on a T3 interface. Using the undo t1 set loopback command, you can disable the
T1 line to loop back.
If a T1 line encapsulated with PPP has been set to perform loopback, it is normal
for the state of its link layer protocol to be reported as DOWN.
Loopback is usually used for some special tests. It should not be enabled in normal
working condition.
Example
Set the loopback mode on the first T1 line on the T3 interface to local.
t1 shutdown Syntax
t1 line-number shutdown
View
Parameter
Description
Using the t1 shutdown command, you can shut down a T1 line on the CT3
interface. Using the undo t1 shutdown command, you can enable the T1 line.
This command will affect not only the specified T1 line but also the serial
interfaces formed by bundling the timeslots of the T1 line. Executing the t1
shutdown command on the specified T1 line will shut down all these serial
interfaces and the data transmission and receiving will be stopped as a result.
Likewise, executing the undo t1 shutdown command will re-enable all these
serial interfaces.
Example
t1 unframed Syntax
t1 line-number unframed [ speed { 56k | 64k } ]
View
Parameter
speed: Timeslot bundling mode. If 56k is selected, the timeslots will be bundled
into N x 56Kbps. If 64k is selected, the timeslots will be bundled into N x 64 Kbps.
Speed defaults to 64k.
Description
Using the t1 unframed command, you can set a T1 line on a CT3 interface to
work in unframed mode (T1 mode). Using the undo t1 unframed command, you
can set the T1 line on the CT3 interface to work in framed mode (CT1 mode).
A T1 line in unframed mode does not contain the frame control information and
cannot be divided into timeslots. Naturally, no timeslot bundling can be performed
on it. In this case, the system automatically creates a serial interface numbered
serial number / line-number:0 for it. This interface operates at 1544 Kbps and has
the same logic features of a synchronous serial interface on which you can make
other configurations.
Example
using Syntax
using { t3 | ct3 }
View
Parameter
Description
Using the using command, you can configure the operating mode of a CT3
interface. Using the undo using command, you can restore the default setting.
Only when the CT3 interface is working in channelized mode can you configure
the T1 lines on it.
Example
[3com-T3 1/0/0]using t3
View
Any view
Parameter
Description
Using the display controller t3 command, you can view the state information of
a CT3 interface.
In addition to the state information of the CT3 interface, the command can display
the information of each T1 line on the CT3 interface if the interface is working in
CT3 mode.
Example
cable Syntax
cable { long | short }
undo cable
View
Parameter
long: Long distance mode. Cable length ranges from 151 to 500 meters.
short: Short distance mode. Cable length ranges from 0 to 150 meters.
Description
Using the cable command, you can configure the cable mode of the ATM T3
cable, to set the distance between the router and the cable distribution frame.
Using the undo cable command, you can restore the default setting.
Example
<3com> system-view
[3com] interface atm 1/0/0
[3com-Atm1/0/0] cable long
clock Syntax
clock { master | slave }
undo clock
View
Parameter
Description
Using the clock command, you can set the clock mode of ATM E3/T3 interface.
Using the undo clock command, you can restore the default setting.
228 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
Example
<3com> system-view
[3com] interface atm 2/0/0
[3com-Atm2/0/0] clock master
View
Any view
Parameter
Description
Using the display interface atm command, you can view the configuration and
status of ATM E3/T3 interface. If no interface-number is specified, the system will
display the configuration and status of all ATM interfaces.
Example
frame-format Syntax
frame-format { g832-adm | g751-adm | g751-plcp }
undo frame-format
View
Parameter
Description
Using the frame-format command, you can configure frame format of ATM
E3/T3 interface. Using the undo frame-format command, you can restore the
default configuration.
By default, frame format g751-plcp is used for ATM E3 and cbit-plcp used for ATM
T3.
Example
<3com> system-view
[3com] interface atm 1/0/0
[3com-Atm1/0/0] frame-format g832-adm
loopback Syntax
loopback { cell | local | payload | remote }
undo loopback
View
Parameter
Description
Using the loopback command, you can enable the loopback function of the
interface. Using the undo loopback command, you can disable the loopback
function.
Example
<3com> system-view
[3com] interface atm 2/0/0
230 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
scramble Syntax
scramble
undo scramble
View
Parameter
None
Description
Using the scramble command, you can enable scrambling function of ATM E3/T3
interface. Using the undo scramble command, you can disable the scrambling
function.
The scramble command is used to enable the scramble and descramble function
on payload, with no influence on the cell header.
Example
<3com> system-view
[3com] interface atm 2/0/0
[3com-Atm2/0/0] undo scramble
ATM OC-3c/STM-1
Interface
Configuration
Commands
clock Syntax
clock { master | slave }
undo clock
View
Parameter
Description
Using the clock command, you can set the clock mode on an ATM interface.
Using the undo clock command, you can restore the default clock mode on the
interface.
When an ATM interface is working as DCE, choose the master clock mode. When
it is working as DTE, choose the slave clock mode for it. When ATM interfaces of
two routers are directly connected by fiber, one end should be configured with the
master clock mode and the other with the slave clock mode.
Example
<3com> system-view
[3com] interface atm 4/0/0
[3com-Atm4/0/0] clock master
View
Any view
Parameter
Description
Using the display interface atm command, you can view the configuration and
state information of ATM OC-3c/STM-1 interface(s).
Example
View the configuration and state information of the ATM interface 4/0/0.
frame-format Syntax
frame-format { sdh | sonet }
undo frame-format
View
Parameter
Description
Using the frame-format command, you can set the frame format of ATM
OC-3c/STM-1 interface. Using the undo frame-format command, you can
restore the default setting.
Example
loopback Syntax
loopback { cell | local | remote }
undo loopback
View
Parameter
Description
Using the loopback command, you can enable the loopback function on an ATM
OC-3c/STM-1 interface. Using the undo loopback command, you can disable the
loopback function.
It is necessary for you to enable the interface to perform loopback only for the
purpose of testing some special functions. You should not enable the loopback
function when the interface is providing normal services.
Example
scramble Syntax
scramble
undo scramble
View
Parameter
None
Description
Using the scramble command, you can enable an undo scramble to scramble the
payload on ATM OC-3c/STM-1 interface. Using the undo scramble command,
you can disable the scrambling function.
Example
ADSL Interface
Configuration
Commands
activate Syntax
activate
undo activate
View
Parameter
None
Description
Using the activate command, you can activate an ADSL interface. Using the undo
activate command, you can deactivate an ADSL interface.
Before an ADSL port can operate services, you must activate it. “ACTIVATE” in this
particular context refers to the training conducted between an ADSL central office
and a remote ATU-R. The activation procedure will be specified in compliance with
the ADSL standard, channel mode, uplink and downlink speeds, and the noise
tolerance specified in the line configuration template. It will test the line distance
and state, make the central office and the remote device make negotiation, and
confirm whether the normal operation is allowed in the these conditions. If the
training succeeds, the central office and the remote device can set up a
communication connection for transporting services between them. This process is
also called port activation. This connection will disappear upon the deactivation of
the ADSL port. To transport new services, you must re-activate the port.
You should note that ADSL is always online, which is different from DCC.
Therefore, after the device is booted, the ADSL interface will automatically enable
the activation task and enter the active state. It will stay active as long as the line is
in good condition. The router tests the line performance at a regular interval and
will automatically deactivate the line and perform a new training and re-activation
once it finds out that the line performance has deteriorated.
Example
[3com-Atm1/0]undo activate
View
Parameter
Description
Using the adsl standard command, you can set the standard applied to an ADSL
interface. Using the undo adsl standard command, you can restore the default
standard used by the ADSL interface.
ADSL Interface Configuration Commands 235
You should note that this configuration does not take effect unless you activate
the interface again. If you want to make it take effect immediately, you can
execute the shutdown/undo shutdown command or the activate/undo
activate command.
Example
View
Parameter
Description
Using the adsl tx_attenuation command, you can set attenuation value for ADSL
transmit power. Using the undo adsl tx_attenuation command, you can restore
the default value.
Example
[3com-Atm1/0/0] adsl tx_attenuation 10
View
Any view
Parameter
Description
Using the display dsl configuration command, you can display the actual ADSL
configuration information.
Example
Field Description
Line Params Set by Line parameters at ATU-R end, for example, standard, DMT
User mode, framing, trellis coding or not. You can only modify the
standard for special testing or diagnosis, but not the others.
The following Actual Config
information appears
after the link is
activated.
Actual operating Rate(kbps)
parameters after the
link is activated
Negotiated rate, AS0 Latency
(DS) downlink and LS0
(US) uplink, in units of
kbps
Delay mode and the
options include fast
and interleave.
View
Any view
Parameter
Description
Using the display dsl status command, you can display the DSL state
information.
Example
Field Description
State of driver/chipsets Interface state and transceiver state
Phy Interface state and options include
activating, active, startup, deactivated and
test mode
Xcvr Transceiver state and options include idle,
data mode, handshaking and training.
The following information appears after the Active Params
link is activated.
Link parameters, which include SNR margin, Adsl Count
attenuation, Tx Bin Number etc. The Present
rate(kbps) is consistent with the result of the
display dsl configuration command.
Error and correction statistics form the Adsl Defects
chipset. For their types, refer to ITU-T G. 992
and ANSI T1.413-1998.
It shows the current link situation. When the
link has deteriorated, non-zero value may
appear. While it turns to normal or is
activated again, those existing statistics are
cleared. The Overall failures value is a
aggregate value, but others are not.
View
Any view
Parameter
Description
Using the display dsl version command, you can display the DSL version
information and the supported capabilities.
Example
Fundamental Logical This chapter only discusses basic configuration of logical interfaces. For
Interface configuration of link-layer and network-layer protocols, refer to corresponding
Configuration sections in this guide.
Commands
Sub-Interface
Configuration
Commands
interface Syntax
interface interface-type interface-number.subinterface-number [ p2mp | p2p ]
View
System view
240 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
Parameter
Description
Using the interface command, you can create sub-interface of point to multipoint
or point to point types. Using the undo interface command, you can delete
specified sub-interface.
Example
<3com> system-view
[3com-Atm2/0/0.1]
View
System view
Parameter
Description
Using the interface ethernet command, you can create Ethernet sub-interface.
Using the undo interface ethernet command, you can delete specified Ethernet
sub-interface.
Example
Logic-Channel
Interface
View
System view
Parameter
Description
Example
Configuration
Command of Virtual
Template and Virtual
Access Interface
View
Parameter
number: Maximum link number that the virtual template supports for sending
multicast or broadcast packets, ranging from 0 to 128. The default value is 30.
Description
Using the broadcast-limit link command, you can configure the maximum link
number that virtual template supports for sending multicast or broadcast packets.
Using the undo broadcast-limit link command, you can restore the default
configuration.
When there are many links on a virtual template, sending multicast or broadcast
packets from each link may influence the function of the system. In this case, the
broadcast-limit link command can be used as a limitation, so that multicast or
broadcast packets are discarded if the link number exceeds the limitation.
Example
View
Any view
Parameter
number: Number of virtual template, ranging from 0 to 1023. The state of all
virtual template will be displayed, if this parameter is not specified.
Configuration Command of Virtual Template and Virtual Access Interface 243
Description
Using the display interface virtual-template command, you can view the status
information of virtual template.
Example
View
Any view
Parameter
Description
Using the display virtual-access command, you can view the state information
of virtual access interface.
Example
interface Syntax
virtual-template
interface virtual-template number
View
System view
244 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
Parameter
Description
Using the interface virtual-template command, you can create virtual template
or enter existing virtual template view. Using the undo interface
virtual-template command, you can delete specified virtual template.
In deleting the virtual template, make sure that all its derived virtual access
interfaces have been removed and this virtual template is not in use any more.
Example
MP-group Interface
Configuration
Command
View
Any view
Parameter
Description
Using the display interface mp-group command, you can view the status of
MP-group interface.
Example
View
System view
Parameter
Description
Using the interface mp-group command, you can create a MP-group interface.
Using the undo interface mp-group command, you can delete specified
MP-group interface.
This command is used in concert with the ppp mp mp-group command. Either
MP-group interface or interface added in MP group can be configured first.
Example
View
Interface view
Parameter
Description
Using the ppp mp mp-group command, you can add the current interface to a
specified MP group. Using the undo ppp mp mp-group command, you can
remove the current interface from a specified MP group.
This command is used with the interface mp-group command. Either MP-group
interface or interface added in MP group can be configured first.
Example
Virtual Ethernet
Interface
Configuration
Command
View
Any view
Parameter
Description
Using the display interface virtual-ethernet command, you can view status of a
virtual Ethernet interface.
Example
interface Syntax
virtual-ethernet
interface virtual-ethernet number
View
System view
Parameter
Description
Using the interface virtual-ethernet command, you can create a virtual Ethernet
interface. Using the undo interface virtual-ethernet command, you can delete
the specified virtual Ethernet interface.
Example
mac-address Syntax
mac-address H-H-H
undo mac-address
View
Parameter
H-H-H: Mac address of virtual Ethernet interface, in the form of hex character
string.
Description
Using the mac-address command, you can configure the Mac address of a virtual
Ethernet interface. Using the undo mac-address command, you can restore the
default configuration.
By default, for a virtual Ethernet interface created on VIU, its MAC address is the
same as the MAC address of Ethernet interface carried by VIU itself.
For a virtual Ethernet interface created on RSU, its MAC address is 0 by default.
Example
Configuration
Command of
Loopback Interface
and Null Interface
View
Any view
Parameter
Description
Using the display interface loopback command, you can view status of the
loopback interface.
Example
View
Any view
Parameter
Description
Using the display interface null command, you can view status of Null interface.
Example
View
System view
Parameter
Description
Using the interface loopback command, you can create a Loopback interface or
enter Loopback interface view. Using the undo interface loopback command,
you can delete a specified Loopback interface.
After a Loopback interface is created, it always keeps up state, and bears loopback
feature, so it is often used to improve the reliability of configuration.
Example
View
System view
250 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS
Parameter
none
Description
Using the interface null command, you can enter the Null interface view.
There is only one Null interface, fixed as null0, which is fixed, and cannot be
deactivated or deleted.
Example
PPP and MP
Configuration
Commands
View
Any view
Parameter
Description
Using the display ppp mp command, you can view all the interface information
and statistics of MP.
For the related commands, see link-protocol ppp and ppp mp.
Example
Field Description
Template is Virtual-Template1 Virtual-template interface
Bundle quid0 Bundle name
1 member The number of bound channels
slot 3 Bundled in slot 3
Master link is Virtual-Template1:0 Master link
0 lost fragments Lost fragments
0 reordered Reordered packet number
0 unassigned Unassigned fragments
252 CHAPTER 4: LINK LAYER PROTOCOL
Field Description
sequence 0/0 rcvd/sent Received sequence number/sent
sequence number
The bundled son channels are: The following displays all the bundled
son channels at this logical channel
The part in boldface is the relative information of PPP, including the current status
of LCP and IPCP. Users can diagnose some faults according to the information.
View
Interface view
Parameter
None
Description
Using the ip tcp vjcompress command, you can enable a PPP interface to
compress the VJ TCP header. Using the undo ip tcp vjcompress command, you
can disable the PPP interface to compress the VJ TCP header.
If the VJ TCP header is permitted to compress at the PPP interface, the interface at
the opposite end shall also permit to compress the VJ TCP header. This command
is only used in the centralized environment.
Example
View
Parameter
None
PPP and MP Configuration Commands 253
Description
Using the link-protocol ppp command, you can configure the link-layer protocol
encapsulated on the interface as PPP.
Example
mp binding-mode Syntax
ppp mp binding-mode { authentication | both | descriptor }
View
System view
Parameter
both: Performs the MP binding based on both the authentication user name of
PPP and the terminal identifier.
Description
Using the ppp mp binding-mode command, you can set the MP binding
condition. Using the undo ppp mp binding-mode command, you can restore
the default value of the MP binding condition.
User name is the peer one received by the PPP link performing the PAP or CHAP
authentication, while the terminal identifier, as a unique flag of a Router, is the
peer one received in performing the LCP negotiation. The system can perform the
MP binding base on the received user name and terminal identifier, and then the
254 CHAPTER 4: LINK LAYER PROTOCOL
interfaces with the identical user name or the same terminal identifier is bound
together.
Example
Perform the MP binding only based on the user name of the PPP authentication.
View
Interface view
Parameter
scheme -name: Accounting method list, indicating that which method list is
adopted for accounting.
Description
Using the ppp accounting scheme command, you can set accounting for PPP
user. Using the undo ppp accounting command, you can disable the accounting
.
After PPP authentication succeeds, AAA will begin to charge the peer user. The
command is used to configure the accounting method list. Please refer to “AAA
Configuration” for the detailed method list configuration.
Example
Configure to adopt the default accounting method list for accounting on Serial
0/0/0.
ppp Syntax
authentication-mode
ppp authentication-mode { chap | pap } [ call-in ] [ scheme { default | scheme -name } ]
View
Interface view
Parameter
call-in: Authenticates the peer only when the remote user calls in.
Description
Using the ppp authentication-mode command, you can set the local PPP
authentication algorithm for the peer router. Using the undo ppp
authentication-mode command, you can cancel the configuration, i.e. no
authentication.
For the related commands, see local-user, ppp chap user, ppp pap local-user,
aaa authentication-scheme ppp, ppp pap password, and ppp chap
password.
Example
View
Interface view
256 CHAPTER 4: LINK LAYER PROTOCOL
Parameter
password: Password.
Description
Using the ppp chap password command, you can configure the default CHAP
password while performing CHAP authentication. Using the undo ppp chap
password command, you can cancel the configuration.
While configuring CHAP authentication, you should configure the local password
to be the same as the user password at the other end.
For the related commands, see ppp authentication-mode chap and local-user.
Example
Set the user password as 3Com in plain text when the local router perform the
authentication via CHAP.
View
Interface view
Parameter
username: User name of CHAP authentication, which is the one sent to the peer
equipment to be authenticated.
Description
Using the ppp chap user command, you can configure the user name when
performing the CHAP authentication. Using the undo ppp chap user command,
you can delete the existing configuration.
Example
Configure the local user name as Root when CHAP authentication is performed on
interface Serial0/0/0.
View
Interface view
Parameter
Description
Using the ppp compression iphc command, you can enable the iphc.
Example
None
View
Interface view
Parameter
None
Description
Using the ppp compression stac-lzs command, you can set the PPP protocol to
use the Stac compression algorithm. Using the undo ppp compression stac-lzs
command, you can disable the compression at the relevant interface.
When stac-lzs compression is configured on the interface, the data frame size can
be reduced through data compression without losing the data. However, this
configuration will add load to the router. It is recommended that this function be
disabled when the router has already been overloaded. In addition, only when
stac-lzs is configured at both ends of a point-to-point link, will this link support the
stac-lzs compression.
Example
View
Interface view
Parameter
Description
Using the ppp dns command, you can enable the Router to provide the DNS
address for the peer. Using the undo ppp dns command, you can disable this
process.
By default, the Router does not provide the DNS address for the peer.
When other devices are connected with the Router (e.g. PC is connected to the
Router by dialing up) via the PPP protocol, the Router can assign the DNS address
to the peer equipment after the negotiation. Thus, the peer equipment can
directly access the network via the domain name.
If you connect the Router with your PC, you can use the command winipcfg or
ipconfig /all on your PC to view the DNS address provided by the Router.
For the related commands, see ppp authentication–mode pap and local-user.
Example
Configure the primary DNS address of the local Router as 100.1.1.1, and the
secondary DNS address as 100.1.1.2.
PPP and MP Configuration Commands 259
ppp mp Syntax
ppp mp
undo ppp mp
View
Interface view
Parameter
None
Description
Using the ppp mp command, you can enable the interface encapsulated with PPP
to operate in the MP mode. Using the undo ppp mp command, you can enable
the interface to operate in the Single PPP mode.
By default, the interface encapsulated with PPP operates in the Single PPP mode.
To increase the bandwidth, multiple PPP links can be bound to form a logical MP
interface. For this purpose, it is necessary to specify a virtual-template in system
view. MP can be configured and used only at the physical interfaces which can
encapsulate PPP. To enable MP, you must configure the ppp mp command and the
PAP or CHAP authentication at the physical interface.
For the related commands, see link-protocol ppp, ppp mp user, and interface
virtual-template.
Example
[3Com-Serial1/0/0] ppp mp
View
Parameter
Description
Using the ppp mp lfi command, you can configure the link fragmentation and
interleaving features. Using the undo ppp mp lfi command, you can restore the
default configuration.
Example
View
Parameter
Description
Using the ppp mp max-bind command, you can configure maximum number of
bound links of MP. Using the undo ppp mp max-bind command, you can restore
the default configuration.
If a VIU board reports failure in MP removing links, it is possible that the maximum
binding number is smaller than the actually configured one. Make sure that the
maximum binding number should be larger than the actual one.
Example
View
Parameter
size: Minimum packet size for MP outgoing packet fragmentating. When the MP
outgoing packet is smaller than this value, fragmentating is avoided. When the MP
packet is larger than this value, fragment is involved. It is in byte in the range from
128 to 1500.
Description
Using the ppp mp min-fragment command, you can set the minimum packet
size when MP outgoing packets begin to be fragmented in multiple-link binding.
Using the undo ppp mp min-fragment command, you can restore the default
setting.
By default, it is 128.
If the small packet fragmentating is not expected, this command can be used to
set larger packet size value of the MP packet fragment.
Example
View
System view
Parameter
Description
Using the ppp mp user command, you can configure MP binds based on the
username. Using the undo ppp mp user command, you can cancel MP binds.
262 CHAPTER 4: LINK LAYER PROTOCOL
■ Local IP address and the IP address (or IP address pool) assigned to the peer
PPP
Example
Specify the corresponding virtual-template as 1 for the username 3Com, and configure the IP
address of the virtual-template as 202.38.60.1.
[3Com] ppp mp user 3Com bind virtual-template 1
[3Com] interface virtual-template 1
[3Com-virtual-template1] ip address 202.38.60.1 255.255.255.0
undo ppp mp
View
Interface view
Parameter
Description
Using the ppp mp virtual-template command, you can configure the virtual
template number to be bound by the interface. Using the undo ppp mp
command, you can disable the MP binding of the interface.
By default, the MP binding of the interface is disabled, and the interface works in
ordinary PPP mode.
This command specifies the virtual template number to be bound on the interface.
The interface using this command to perform the MP binding needs not
configuring PAP or CHAP authentication. Two or more interfaces with the same
virtual template number is bound directly together. Moreover, this command is
mutually exclusive with the ppp mp command. That is, only one of the two
commands can be configured on a same interface.
Example
View
Interface view
Parameter
Description
Using the ppp pap local-user command, you can configure the username and
password sent by the local router when it is authenticated by the peer router via
the PAP method. Using the undo ppp pap local-user command, you can disable
the configuration.
By default, when the local router is authenticated by the peer router via the PAP
method, both the username and the password sent by the local router are empty.
When the local router is authenticated via the PAP method by the peer router, the
username and password sent by the local router must be the same as the user and
password of the peer router.
For the related commands, see ppp authentication pap-mode and local-user.
Example
Set the username of the local router authenticated by the peer end via the PAP
method as 3Com and the password as 3Com.
View
Parameter
seconds: Time interval for the interface to send keepalive packet in second. The
value ranges from 0 to 32767 and defaults to 10.
Description
Using the ppp timer hold command, you can set the timer to send keepalive
packet, while using the undo ppp timer hold command, you can restore the
default value.
For the very slow data links, the seconds parameter must not be set too small.
Because the long datagram can only be transferred totally after a long time, the
transfer of keepalive datagram is delayed. The data link would be regarded to be
broken if the interface has not received the keepalive packet from the other end
for many keepalive periods. So if the keepalive time is set for a very long time, the
datalink would be considered to be broken by the other end, and then be closed.
The keepalive time must be set same at the two end of a ppp link.
Example
View
Interface view
Parameter
Description
Using the ppp timer negotiate command, you can set the PPP negotiation
timeout, while using the undo ppp timer negotiate command, you can restore
the default value.
Example
PPPoE Server
Configuration
Commands
View
Any view
Parameter
Description
Using the display pppoe-server session command, you can view the status and
statistics of PPPoE session.
For the related commands, see link-protocol ppp and pppoe-server bind.
Example
Field Description
SID Session Identifier
Intf The corresponding Virtual-Template interface
State State of sessions
OIntf corresponding Ethernet interface
RemMAC Remote MAC, MAC address of the other end.
LocMAC Local MAC
266 CHAPTER 4: LINK LAYER PROTOCOL
Field Description
InP In Packets, Packages received
InO In Octets, Bytes received
InD In Discards, Received and then discarded packages
OutP Out Packets, Packages sent
OutO Out Octets, Bytes sent
OutD Out Discard, Discarded packages that might be sent.
View
Interface view
Parameter
number: Number of the virtual-template for access to PPPoE, and its value ranges
from 0 to 1023.
Description
Example
pppoe-server Syntax
max-sessions local-mac
pppoe-server max-sessions local-mac number
View
System view
PPPoE Server Configuration Commands 267
Parameter
Description
Using the pppoe-server max-sessions local-mac command, you can set the
maximum number of PPPoE sessions that can be established at a local MAC
address. Using the undo pppoe-server max-sessions local-mac command, you
can restore the default configuration.
Example
Set the maximum number of PPPoE sessions that can be established at a local
MAC address to 50.
pppoe-server Syntax
max-sessions
pppoe-server max-sessions remote-mac number
remote-mac
undo pppoe-server max-sessions remote-mac
View
System view
Parameter
Description
Using the pppoe-server max-sessions remote-mac command, you can set the
maximum number of PPPoE sessions that can be established at a peer MAC
address. Using the undo pppoe-server max-sessions remote-mac command,
you can restore the default configuration.
Example
Display how to set the maximum number of PPPoE sessions that can be
established at a remote MAC address to 50.
268 CHAPTER 4: LINK LAYER PROTOCOL
pppoe-server Syntax
max-sessions total
pppoe-server max-sessions total number
View
System view
Parameter
number: maximum number of PPPoE sessions that the system can establish,
which ranges from 1 to 65535.
Description
Using the pppoe-server max-sessions total command, you can set the
maximum number of PPPoE sessions that the system can establish. Using the
undo pppoe-server max-sessions total command, you can restore the default
configuration.
Example
Set the maximum number of PPPoE sessions established by the system to 3000.
PPPoE Client
Configuration
Commands
View
Parameter
option: PPPoE Client debugging switch type, see the following table for more
details.
PPPoE Client Configuration Commands 269
interface type number: Interface type and number, used to enable the debugging
switch of the specified interface. If no interface is specified, the system will enable
the debugging switch of all interfaces.
Table 4 PPPoE Client debugging switch type and explanation
Debugging switch
type Explanation
all Enable all PPPoE Client debugging switches
data Enable the PPPoE Session phase data packet debugging switch
error Enable PPPoE Client error information debugging switch
event Enable PPPoE Client event debugging switch
packet Enable PPPoE Discovery phase negotiation packet debugging
switch
verbose Display the verbose contents of PPPoE data
Description
Example
None
View
Any view
Parameter
Description
The command display pppoe-client session is used to display the status and
statistics of PPPoE session.
Example
For more details of the display information, see the following table.
Table 5 Explanation of display pppoe-client session summary
Field Explanation
ID Session ID, PPPoE session ID
Server-MAC Server MAC, server MAC address
Client-MAC Client MAC, client MAC address
Dialer Corresponding Dialer interface of PPPoE session
Bundle Dialer Bundle containing PPPoE session
Intf Ethernet interface containing PPPoE session
State State of PPPoE session
For more details of the display information, see the following table.
Table 6 Explanation of the information displayed by pppoe-client session packet
Field Explanation
SID Session ID, PPPoE session ID
InP In Packets: number of received packets
InO In Octets: number of received octets
InD In Discards: number of received illegal and discarded packets
OutP Out Packets: number of sent packets
OutO Out Octets: number of sent octets
OutD Out Discard: number of sent and discarded illegal packets
pppoe-client Syntax
pppoe-client dial-bundle-number number [ no-hostuniq ] [ idle-timeout seconds [
queue-length packets ] ]
View
Parameter
no-hostuniq: The call originated from PPPoE Client does not carry the Host-Uniq
field. By default, no no-hostuniq parameter is configured, i.e. PPPoE session works
in permanent online mode by default.
idle-timeout seconds: Idle time of PPPoE session in seconds, and its value ranges
from 1 to 65535. If the parameter is not configured, PPPoE session will work in
permanent online mode. Otherwise, it will works in packet trigger mode.
queue-length packets: packet number cached in the system before PPPoE session
is established, its value ranges from 1 to 100.Only after idle-timeout is configured
will the parameter be enabled. By default, packets is 10.
Description
Using the pppoe-client command, you can establish a PPPoE session and specify
the Dialer Bundle corresponding to the session. Using the undo pppoe-client
command, you can delete a PPPoE session.
Multiple PPPoE sessions can be configured at one Ethernet interface, i.e. one
Ethernet interface might simultaneously belong to multiple Dialer Bundles.
However, one Dialer Bundle only has one Ethernet interface. PPPoE session and
Dialer Bundle are one-to-one. If the Dialer Bundle at a certain Dialer has had one
Ethernet interface used by PPPoE, any other interfaces cannot be added to this
Dialer Bundle. Likewise, if Dialer Bundle has had interfaces other than the PPPoE
Ethernet interface, this Dialer Bundle can also not be added to the Ethernet
interface used by PPPoE Client.
When PPPoE session works in permanent online mode, and the physical lines go
UP, the Router will immediately initiate PPPoE call to establish PPPoE session. This
PPPoE connection will exist constantly unless users use the command undo
pppoe-client to delete PPPoE session. When PPPoE session works in packet
trigger mode, the Router will not initiate PPPoE call to establish PPPoE session
unless it has data to transmit. If there is no data transmission on the PPPoE link
within seconds, the Router will automatically terminate PPPoE session. Only after it
has new data to transmit, PPPoE session will be re-established.
Example
[3Com-Ethernet0/0/0]pppoe-client dial-bundle-number 1
View
User view
Parameter
Description
Using the reset pppoe-client command, you can terminate PPPoE session and
re-initiate the connection later.
Example
VLAN Configuration
Commands
View
Any view
Parameter
Description
Using the display vlan interface command, you can view VLAN configuration
information on a certain interface (only supporting sub-interface).
VLAN Configuration Commands 273
Example
View
Any view
Parameter
Description
Using the display vlan max-packet-process command, you can view the
maximum number of processed packets configured on a certain VLAN per second.
Example
Display the maximum number of processed packets configured on the VLAN 10.
View
Any view
Parameter
Description
Using the display vlan statistics interface command, you can view the packet
statistics on a certain VLAN.
Example
View
Any view
Parameter
Description
Using the display vlan statistics vid command, you can view the packet statistics
on a certain VLAN, e.g. the received packet number and the sent packet number.
Example
max-packet-process Syntax
max-packet-process count vid
View
System view
Parameter
Description
Using the max-packet-process command, you can set the maximum number of
processed packets per second on a certain VLAN. Using the undo
max-packet-process command, you can restore it to the default setting.
VLAN Configuration Commands 275
After setting the maximum number of processed packets per second on a certain
VLAN, and the received packet number belonging to this VLAN reaches the
limitation, the subsequently received packets belonging to the VLAN will be
discarded. Through this command, you can perform flow control.
Example
Set the maximum number of processed packets per second on the VLAN 10 as
200000.
View
User view
Parameter
Description
Using the reset vlan statistics interface command, you can clear VLAN statistics
on a certain interface.
Example
View
User view
Parameter
Description
Using the reset vlan statistics vid command, you can clear the VLAN statistics.
Example
View
Interface view
Parameter
vid: VLAN ID, used to identify a VLAN, its value ranges from 1 to 4094.
Description
Using the vlan-type dot1q command, you can set the encapsulation types on the
sub-interface.
Example
Set the Ethernet sub-interface 2/0/0.1 to be related to VLAN ID 60, and its
encapsulation format is dot1q.
ISDN Configuration
Commands
View
User view
ISDN Configuration Commands 277
Parameter
spid: Enables SPID debugging for the BRI interfaces running the NI protocol.
interface type number: Interface type and number. You can enable ISDN signaling
debugging on an interface by specifying its type and number. If no interface has
been specified, the system will enable ISDN signaling debugging on all the ISDN
interfaces.
Description
Using the debugging isdn command, you can enable ISDN debugging. Using the
undo debugging isdn command, you can disable ISDN debugging.
You must enable terminal debugging first before ISDN debugging can take effect.
Example
Enable CC debugging.
Disable CC debugging.
View
Any view
Parameter
Description
Using the display isdn active-channel command, you can view the active call
information on ISDN interfaces. If no interface has been specified, the system will
display the active call information on all the ISDN interfaces.
The displayed information can help you with ISDN call troubleshooting.
Example
Bri0/0/0 :
-------------------------------------------------------------
Channel Call Call Calling Calling Called Called
Info Property Type Number Subaddress Number Subaddress
B1 Digital Out 8810124
B2 Analog In 8810118 380 8810150 2201
-------------------------------------------------------------
View
Any view
Parameter
Description
Using the display isdn call-info command, you can view the current states of
ISDN interfaces. If no interface has been specified, the system will display the
current states of all the ISDN interfaces.
Executing this command will output the state of each layer of the ISDN protocol
on one or all interfaces, including the information of Q.921, Q.931 and CC
modules. You may make troubleshooting based on the output information.
Example
Item Description
Bri0/0/0 The interface Bri0/0/0 runs ISDN.
Link Layer: TEI = 0, Displays the parameters related to the link layer protocol Q.921
State = of ISDN on the interface.
MULTIPLE_FRAME_EST
ABLISHED
Network Layer: 1 There is only one network layer connection on the interface
connection(s) currently.
ISDN Configuration Commands 279
Item Description
CCIndex Call index
State Call state
Channel Channel map
Calling_Num[:Sub] Calling number: calling sub-address
Called_Num[:Sub] Called number: called sub-address
Disabling an interface will clear all the statistic data related to the interface and
new counting will be started.
View
Any view
Parameter
interface type number: Displays only the call history of the specified interface.
Description
Using the display isdn call-record command, you can view the information of
ISDN call history.
Executing this command will display information of the calls activated in the last
15 minutes, but the number of retained entries is limited to 100.
Example
View
Any view
280 CHAPTER 4: LINK LAYER PROTOCOL
Parameter
protocol: ISDN protocol type, which can be DSS1, NTT, NI, ETSI, ANSI or AT&T.
Description
Using the display isdn parameters command, you can view the system
parameters at layers 2 and 3 of the ISDN protocol, such as the durations of system
timers and frame size.
If only ISDN protocol is specified, the system will display the default system
parameters of ISDN.
Example
Item Description
T200(sec) Retransmit-timer (in seconds) of the L2 protocol of ISDN
T202(sec) Retransmit-timer (in seconds) for the TEI request messages of the
ISDN L2 protocol
T203(sec) The maximum link idle time (in seconds) of the ISDN L2 protocol
N200 The maximum retransmission times
K(Bri) The maximum number of unacknowledged frames (slide window
size) on the ISDN BRI port.
K(Pri) The maximum number of unacknowledged frames (slide window
size) on the ISDN PRI port.
Timer-Number ISDN L3 timer
ISDN Configuration Commands 281
Item Description
Value(sec) Duration (in seconds) of each ISDN L3 timer
View
Any view
Parameter
Description
Using the display isdn spid command, you can view the related information of
SPID on the BRI interface running the NI protocol.
You may execute this command to view the SPID type, SPID value and some other
information when ISDN is running. Executing this command without specifying an
interface, you may view the related information of SPI on all the SPID-supported
BRI interfaces. Alternatively, you may view the information only on one interface
by specifying its type and number.
Example
Display the related information of SPID on the NI-supported interface bri 0/0/0.
Item Description
SPID Type SPID Type, which can be NIT, STATIC (having only the L3
initialization process), or AUTO (including both the negotiation
and the L3 initialization)
SPID B1 SPID value of the BRI interface B1 channel. It can be a static
configuration or the result of a dynamic negotiation, all
depending on the specified SPID Type.
SPID Num SPID value of the BRI interface.It can be a static configuration or
the result of a dynamic negotiation, all depending on the
specified SPID Type.
282 CHAPTER 4: LINK LAYER PROTOCOL
Item Description
Neg State Negotiation state of the SPID, which can be SPID_UNASSIGNED,
ASSIGN_AWAITING_SPID, SPID_ASSIGNED,
ASSIGN_AWAITING_CALL_CLEAR.
Init State Initialization state of the SPID, which can be INIT_NULL, INIT_IND,
INIT_PROCEEDING, INIT_END, INIT_AWAITING_CALL_CLEAR.
SPID B2 SPID value of the BRI interface B2 channel. It can be a static
configuration or the result of a dynamic negotiation, all
depending on the specified SPID Type.
SPID timer Duration of the timer TSPID
SPID resend SPID message retransmission times
View
Parameter
None
Description
Using the isdn bch-local-manage command, you can enable local ISDN B
channel management. Using the undo isdn bch-local-manage command, you
can disable the setting.
It is very important to put appropriate control on the B channels used for calls in
process, especially in the PRI mode. Proper channel management can improve call
efficiency and reduce call loss. Normally, the centralized B channel management
provided by exchanges can work well. For this reason, you are recommended to
adopt the management function provided by exchanges in most cases, despite the
ISDN module can provide the channel management function as well.
Example
View
Parameter
Description
Using the isdn bch-select-way command, you can set a B channel selection
method.
Example
View
Parameter
caller-number: Caller number that an incoming ISDN call can carry, which is a
character string of 1 to 24 characters.
Description
Using the isdn caller-number command, you can configure the range of the
numbers that the router can receive. Using the undo isdn caller-number
command, you can delete the configured caller number.
Example
Configure the router to receive only the incoming calls from the caller numbers
with 400.
View
Parameter
Description
Using the isdn calling command, you can have the messages from a calling party
to a called party carry the calling number. Using the undo isdn calling command,
you can delete calling number in the messages that a calling party transmitted.
This command mainly applies on BRI interfaces. If a calling party has configured
this command on its BRI interface, the call party will be able to see the calling
number by viewing the call history information.
Example
Configure the message from a calling party to a called party on interface Bri0/0/0
to carry calling number.
isdn Syntax
check-called-number
isdn check-called-number check-index called-party-number [ : subaddress ]
View
Parameter
Description
Using the isdn check-called-number command, you can configure the called
number or subaddress that the system should verify when receiving a digital call.
Using the undo isdn check-called-number command, you can remove the
configuration.
By default, the system does not check the called number or subaddress carried by
incoming digital calls.
This command is used for setting the examined item when a digital call is received.
If a subaddress is specified, the system will deny an incoming digital call if the
calling party sends a wrong subaddress or does not send at all.
ISDN Configuration Commands 285
Example
Check whether the called number carried by incoming digital calls is 66668888 on
the interface Bri 0/0/0.
View
Parameter
call-reference-length: ISDN call reference length, which can be one or two bytes.
Description
Using the isdn crlength command, you can set length of the call reference used
when a call is placed on an ISDN interface. Using the undo isdn crlength
command, you can restore the default ISDN call reference length on the interface.
Call reference is equal to the sequence number that the protocol assigns to each
call. It is one or two bytes in length and can be used cyclically.
When the router receives a call from a remote device, it can automatically identify
the length of the call reference. However, some devices on the network do not
have such capability. In the event that the router is required to place calls to such a
device connected to it, you must configure the router to use the same call
reference length configured on the connected device.
By default, the call reference length is two bytes for E1 PRI and T1 PRI interfaces
and one byte for BRI interfaces.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
Example
Set the call reference length carried by the ISDN messages on the PRI interface
serial0/0/0:15 to 1 byte.
View
Parameter
None
Description
Using the isdn ignore connect-ack command, you can configure the router to
switch the ISDN protocol state to ACTIVE to start the data and voice service
communications after sending a CONNECT message without having to wait for a
CONNECT ACK message. Using the undo isdn ignore connect-ack command,
you can restore the default setting.
By default, in the event that the router is communicating with an exchange, the
ISDN protocol must wait for the CONNECT ACK message in response to the
CONNECT message before it can switch to the ACTIVE state to start data and
voice service communications.
In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
Example
Set the call process on the BRI interface 0/0/0 to proceed to the ACTIVE state
without waiting for CONNECT ACK messages.
View
Parameter
None
ISDN Configuration Commands 287
Description
Using the isdn ignore hlc command, you can disable ISDN to carry the higher
layer compatibility (HLC) information element in the SETUP messages sent when
placing voice calls. Using the undo isdn ignore hlc command, you can configure
ISDN to carry the HLC information element in SETUP messages.
In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
Example
Configure ISDN to carry the HLC information element in the SETUP messages for
the voice calls placed on the Bri interface 0/0/0.
View
Parameter
None
Description
Using the isdn ignore llc command, you can disable ISDN to carry the Lower
Layer Compatibility (LLC) information element in the SETUP messages sent when
placing voice calls. Using the undo isdn ignore llc command, you can configure
ISDN to carry the LLC information element in SETUP messages.
In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
288 CHAPTER 4: LINK LAYER PROTOCOL
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
Example
Disable ISDN to carry the LLC information element in the SETUP messages for the
voice calls placed on the interface Bri 0/0/0.
View
Parameter
Description
Using the isdn ignore sending-complete command, you can configure the ISDN
protocol to ignore the processing on the Sending Complete Information Element.
Using the undo isdn ignore sending-complete command, you can restore the
default setting.
By default, in the event that the router is communicating with an exchange, the
ISDN protocol checks whether the received SETUP messages carry the Sending
Complete Information Element with respect to incoming calls and carries the
Sending Complete Information Element in SETUP messages with respect to
outgoing calls.
In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
You can configure this command on an interface only when the ISDN protocol
running on the interface is DSS1 or ETSI.
ISDN Configuration Commands 289
Example
View
Parameter
time-interval: Timer duration, which can take on one of the values listed in the
following table.
Value range
timer-name (in units) Default (in units)
t301 30 ~ 1200 240
t302 5 ~ 60 15
t303 2 ~ 10 4
t304 10 ~ 60 30
t305 4 ~ 30 30
t308 2 ~ 10 4
t309 10 ~ 180 90
t310 10 ~ 180 40
t313 2 ~ 10 4
t316 2 ~ 180 120
t322 2 ~ 10 4
Description
Using the isdn L3-timer command, you can configure the duration of an ISDN L3
timer. Using the undo isdn L3-timer command, you can restore the default
duration of the ISDN L3 timer on the interface.
290 CHAPTER 4: LINK LAYER PROTOCOL
You can view the default durations of the L3 timers in the ISDN protocol by
executing the display isdn parameters command.
Example
Set the duration of the L3 timer T301 on the interface Bri 0/0/0 to 160 seconds.
View
Parameter
number-property: Type and number scheme of ISDN numbers. The argument takes
on a hex value in the range of 0 to FF. When it is expressed in 8 bits, bits 1 through
4 represent the code scheme, bits 5 through 7 represent the code type, and bit 8 is
reserved. The following table lists the possible number type and code schemes. For
more information, see the related protocol for reference.
ISDN Configuration Commands 291
The undefined bits in all the protocols are reserved for other purposes.
Table 11
Field (Bit)
Protocol value Definition
Type Code scheme
8 7
6 5 4
3 2 1
ANSI 0
0 0
User-specified 0
1 0
Unknown
0 0 1
International
number
0 1 0
National
number
1 0 0
Subscriber
number
0 0 0
0 Unknown
292 CHAPTER 4: LINK LAYER PROTOCOL
Table 11
Field (Bit)
Protocol value Definition
0 0 0
1 ISDN/telephony
numbering loan
(
Recommendatio
n E.164/E.163)
1 0 0
1 Private DSS1
numbering plan
0 0
0
Unknown
0 0
1
International number
0 1
0
National number
0 1
1
Network specific number
1 0
0
Subscriber number
1 1
0
Abbreviated number
1 1
1
Reserved for extension
0 0
0 0 Unknown
0 0
0 1 ISDN/telephony numbering
plan( Recommendation
E.164)
0 0
1 1 Data numbering plan(
Recommendation X.121)
ISDN Configuration Commands 293
Table 11
Field (Bit)
Protocol value Definition
0 1
0 0 Telex numbering plan(
Recommendation F.69)
1 0
0 0 National standard
numbering plan
1 0
0 1 Private numbering plan
1 1
1 1 Reserved for extension
ETSI 0
0 0
Unknown 0
0 1
International number 0
1 0
National number 0
1 1
Subscriber number 1
1 0
Abbreviated number 1
1 1
Table 11
Field (Bit)
Protocol value Definition
ISDN/telephony numbering plan(
Recommendation E.164)
0
0 1 1
Data numbering plan( Recommendation
X.121)
0
1 0 0
Telex numbering plan( Recommendation
F.69)
1
0 0 0
National standard numbering plan
1
0 0 1
Private numbering plan
1
1 1 1
Reserved for extension NI
0 0 0
0 0 0
0 Unknown
number in
Unknown
numbering plan
0 0 1
0 0 0
1 International
number in ISDN
numbering plan
(Rec. E.164)
0 1 0
0 0 0
1 National
number in ISDN
numbering plan
(Rec. E.164)
0 1 1
1 0 0
1 Network specific
number in
private
numbering plan
1 0 0
0 0 0
ISDN Configuration Commands 295
Table 11
Field (Bit)
Protocol value Definition
1 Local (directory)
number in ISDN
numbering plan
(Rec. E.164)
1 1 0
1 0 0
1 Abbreviated NTT
number in
private
numbering plan
0 0
0
Unknown
0 1
0
National number
0 1
1
Network specific number
1 0
0
Subscriber number
0 0
0 0 Unknown
0 0
0 1 ISDN/telephony numbering
plan( Recommendation
E.164)
1 0
0 1 Private numbering plan
Types and code schemes of ISDN numbers
Description
Using the isdn number-property command, you can set type and code scheme
of ISDN calling numbers or called numbers. Using the undo isdn
number-property command, you can restore the default type and code scheme
of ISDN calling numbers or called numbers.
296 CHAPTER 4: LINK LAYER PROTOCOL
By default, the number type and code scheme are respectively unknown and ISDN
for both ISDN calling numbers and called numbers, and the number-property
representing them is 01 in hex format.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
Example
Set both number type and code scheme of ISDN calling numbers on the interface
Bri 0/0/0 to unknown.
View
Parameter
digits: The number of the digits, which is sent each time in overlap-sending mode
and is in the range of 1 to 15.By default, digits are 10.
Description
Using the isdn overlap-sending command, you can set the system to send the
called number information in the overlap mode on the ISDN interface. Using the
undo isdn overlap-sending command, you can set the system to send the called
information in full mode.
In "full-sending" mode, all the digits of each called number will be collected and
sent at a time.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
ISDN Configuration Commands 297
Overlap-sending is only suitable for four ISDN protocols: ANSI, DSS1, ETSI, and NI.
Example
Apply the overlap-sending function on the interface Bri0/0/0 and set the number
of digits allowed to be sent each time to 12 digits.
View
Interface view
Parameter
window-size: Slide window size in the range of 5 to 14. By default, the slide
window size on PRI interfaces is 7.
Description
Using the isdn pri-slipwnd-size command, you can set the slide window size on
a PRI interface. Using the isdn pri-slipwnd-size default command, you can
restore the default slide window size on the PRI interface.
Example
View
Parameter
protocol: ISDN protocol, which can be DSS1, NTT, NI, ETSI, ANSI, or AT&T.
Description
Using the isdn protocol-type command, you can set the ISDN protocol to be run
on an ISDN interface.
By default, both BRI and PRI interfaces run the ISDN protocol DSS1.
298 CHAPTER 4: LINK LAYER PROTOCOL
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
Example
View
System view
Parameter
None
Description
Using the isdn send-restart command, you can set restart mark in a distributed
system (6000/3000 DSL Family routers), so that the MPU will control the PRI
interface to send RESTART message after re-establishing a link. Using the undo
isdn send-restart command, you can remove the restart mark.
This command is invalid for the MCU in a centralized system, 6000/3000 DSL
Family Routers for example.
Example
View
Parameter
None
Description
Using the isdn spid auto_trigger command, you can enable SPID
auto-negotiation once on the BRI interface running the NI protocol.
On a BRI interface compliant with the North American ISDN protocol, the router
can place a call only after SPID negotiation or initialization. SPID information can
be obtained via static configuration or dynamic negotiation. You may manually
trigger a new SPID negotiation request by executing this command if the SPID
negotiation in dynamic negotiation fails or just for the purpose of testing.
By default, a BRI interface does not originate a SPID negotiation request unless
triggered by a call.
This command applies only on the BRI interface running the NI protocol.
Example
View
Parameter
None
300 CHAPTER 4: LINK LAYER PROTOCOL
Description
Using the isdn spid nit command, you can set the SPID processing mode to NIT
(Not Initial Terminal) on an NI-compliant BRI interface. Using the undo isdn spid
nit command, you can disable the NIT mode on the BRI interface.
By default, NIT mode does not apply on BRI interfaces. Instead, static SPID or
dynamic SPID negotiation is applied.
On an NI-compliant BRI interface, calls can be placed only after the SPID
negotiation or initialization is finished. When the router is communicating with an
NI-compliant exchange that does not support SPID negotiation, you can use this
command to set the SPID processing mode on the router to NIT and the ISDN will
ignore ISPID negotiation and initialization.
Example
Ignore SPID negotiation and initialization on the interface bri0/0/0, i.e., adopting
the NIT mode.
View
Parameter
seconds: Duration of the SPID timer, which is in the range of 1 to 255 seconds,
and defaults to 30 seconds.
Description
Using the isdn spid timer command, you can set the duration of the timer TSPID
for an NI-compliant BRI interface to timer_length. Using the undo isdn spid
timer command, you can restore the default duration of the timer TSPID for the
NI-compliant BRI interface.
On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. SPID information
can be obtained via static configuration or dynamic negotiation. The timer TSPID is
started when the terminal originates a negotiation or initialization request by
sending the INFORMATION message. You can use this command to modify the
duration of TSPID.
Example
View
Parameter
Description
Using the isdn spid service command, you can configure the service types that
must be supported in SPI negotiation on the BRI interface adopting NI protocol.
Using the undo isdn spid service command, you can delete he service types that
must be supported in SPI negotiation on the BRI interface adopting NI protocol.
There are three types of services, you can select any one of them or none. None
means all services are supported. By default, SPID needs to support data and voice
service simultaneously.
Generally, as for the BRI interface adopting North America ISDN protocol, you
need to negotiate or initialize SPID before originate a call. During negotiation,
SPCS may send multiple SPIDs and carry the service types supported by the SPID,
therefore, the router needs to choose a proper SPID according to the local service
type.
This command can only be applied on the BRI interface adopting NI protocol.
Example
Set the service type supported by BRI interface to data and voice.
View
Parameter
Description
Using the isdn spid resend command, you can set the number of INFORMATION
message retransmission attempts for SPID negotiation or initialization on an
NI-compliant BRI interface. Using the undo isdn spid resend command, you can
restore the default number of INFORMATION message retransmission attempts on
the interface.
On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. The timer TSPID
is started when the terminal originates a negotiation or initialization request by
sending the INFORMATION message. If the terminal does not receive any response
upon the expiration of TSPID, it will retransmit the INFORMAITON message. You
can use this command to modify the number of INFORMATION message
retransmission attempts.
Example
View
Parameter
Description
Using the isdn spid1 command, you can configure SPID information for the B1
channel on an NI-compliant BRI interface. Using the undo isdn spid1 command,
you can remove the SPID information of the B1 channel on the interface.
On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. SPID information
can be obtained via static configuration or dynamic negotiation. Only after SPID
ISDN Configuration Commands 303
information is configured for the B1 channel on the BRI interface can the system
makes the L3 initialization to place calls normally.
Example
View
Parameter
Description
Using the isdn spid2 command, you can configure SPID information for the B1
channel on an NI-compliant BRI interface. Using the undo isdn spid2 command,
you can remove the SPID information of the B1 channel on the interface.
On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. SPID information
can be obtained via static configuration or dynamic negotiation. Only after SPID
information is configured for the B2 channel on the BRI interface can the system
makes the L3 initialization to place calls normally.
Example
View
Parameter
Description
Using the isdn statistics command, you can have the system make statistics on
the information received and transmitted at an ISDN interface.
You can input the isdn statistics start command in the view of an interface to
start making statistics on the messages received and transmitted at the interface,
isdn statistics display command to view the statistic information, isdn statistics
continue to continue the effort in making statistics, isdn statistics display flow to
view the statistics in the form of flow, and isdn statistics stop to stop making
statistics.
Example
SLIP Configuration
Commands
View
User view
HDLC Configuration Commands 305
Parameter
Description
Using the debugging slip command, you can enable the debugging switch of the
SLIP protocol.
Example
None
View
Interface view
Parameter
None
Description
Using the link-protocol slip command, you can set the link layer protocol of the
interface as SLIP.
P2P link can use simpler link layer protocol SLIP(Serial Line IP), which is mainly used
to run TCP/IP on the P2P serial port. SLIP is only used for the asynchronous link.
SLIP only defines the start and end identifiers of frame, so as to intercept IP packet
on the serial line. Compared with PPP, SLIP has no address concept, negotiation
process, differentiation of packet types (so only one network protocol can be
supported at the same time) and error correction function.
The link layer protocol of the interface shall be consistent with that of the peer
interface.
Example
HDLC Configuration
Commands
View
Interface view
Parameter
None
Description
Using the link-protocol hdlc command, you can configure the interface
encapsulation as HDLC. HDLC is a link layer protocol and can bear network layer
protocols, such as IP and IPX.
For the related commands, see timer hold and display interface.
Example
View
Interface view
Parameter
seconds: Value of the polling interval. The value is in the range from 0 to 32767 in
seconds. 0 indicates that the link detection function is disabled.
Description
Using the timer hold command, you can set the polling interval. Using the undo
timer hold command, you can restore the default value of the polling interval.
The polling interval should be set to equal at the two ends of the data link. A zero
polling interval set in both ends will close the polling operation of the data link.
Example
Frame Relay
Configuration
Commands
debugging fr Syntax
debugging fr { all | inarp | compress | congestion | de | event | fragment | lmi | mfr control
| packet | transmit-rate } [ interface interface-type interface-number [ dlci dlci-number ] ]
undo debugging fr { all | inarp | compress | congestion | de | event | fragment | ipc | lmi |
mfr control | packet | transmit-rate } [ interface interface-type interface-number [ dlci
dlci-number ] ]
View
User view
Parameter
arp: Information debugging of frame relay address resolution protocol. When this
parameter is in use, DLCI can be specified.
mfr control: Information debugging of multilink frame relay bundle and bundle
link.
Description
Using the debugging fr command, you can enable frame relay information
debugging. Using the undo debugging fr command, you can disable frame relay
information debugging.
For multilink frame relay, if the information debugging of multilink frame relay
bundle and bundle link (mfr control) are enabled, the sent/received bundle link
controlling information and status change of bundle link will be displayed.
If FRTS function is enabled, the change of frame relay sending rate can be seen
after the transmit rate information debugging (transmit-rate) is enabled.
Example
Enable debugging of the bundle interface MFR1/0/0, supposing several links have
been bundle on it.
View
Any view.
Parameter
Description
Using the display fr compress command, you can view the statistics information
of the frame relay compression. If no interface is specified, the DLCI statistics
information of all the interfaces will be displayed.
Example
View the frame relay compression statistics information of MFR interface 4/0/0.
View
Any view
Parameter
The specified interface can only be main interface. Information of all interfaces will
be displayed without specifying interface.
Description
Using the display fr dlci-switch command, you can view the information of the
configured FR switching to check if the frame relay switching of a user is correctly
configured.
Example
Item Description
Status The status of FR switching function
Interface(Dlci) < -- > Interface(Dlci) Input interface and its DLCI, output interface and its
DLCI
View
Any view
Parameter
Description
Using the display fr inarp-info command, you can view the packet statistics of
the FR inverse address resolution protocol.
The packets of FR inverse ARP include the address resolution request packet and
address resolution reply packet. According to the output information via this
command, you can diagnose if the inverse ARP operates normally.
Example
Item Description
interface Current interface
dlci DLCI number
type Fragment type
size Fragment size
Frame Relay Configuration Commands 311
Item Description
in/out/drop Received/transmitted/dropped fragments
View
Any view
Parameter
Description
Using the display fr interface command, you can view the FR status, which is
helpful for you to perform fault diagnosis.
Example
This command displays the protocol status of each interface encapsulated with FR.
The above information indicates that: Frame Relay interface type of Serial1/0/0 is
DTE. Physical layer protocol and link layer protocol of Serial1/0/0 are activated.
View
Any view
Parameter
Description
Using the display fr lmi-info command, you can view the statistics of LMI
protocol frame.
The LMI protocol is used to maintain the current frame relay link, including the
status enquiry packet and status packet. The displayed information helps you to
diagnose the faults.
Example
For example, the Frame Relay interface type of Serial1/0/0 is DTE. LMI protocol
type is Cisco-compatible protocol. T391 parameter on DTE side is 10. N391
parameter on DTE side is 6. N392 parameter on DTE side is 3. N393 parameter on
DTE side is 4. The number Status Enquiry packets sent through Serial1/0/0 is 96.
Received Status Enquiry packets are 85. Timeout packets are 3. Discarded packets
are 3.
View
Any view
Parameter
Description
Using the display fr map-info command, you can view the FR address mapping
table.
Frame Relay Configuration Commands 313
The displayed information via the command indicates whether the static mapping
configured by a user is correct and whether the dynamic address mapping
operates normally.
Example
The above indicates the information of each MAP configured with Frame Relay
protocol.
For example, as for the first address mapping, the mapping indicates that PVC
(DLCI=100) on Serial1/0/2 establishes the address mapping with the peer end (IP
address is 100.100.1.1) through Inverse ARP. The time of creating the mapping is
2002/10/21 14:48:44, and its status is active. Encapsulation format is IETF, and
broadcast packet is available.
View
Any view
Parameter
Description
Using the display fr pvc-info command, you can view the FR PVC table.
This command displays the statistics of the FR PVC status and receiving/sending
data on this VC.
Example
The information listed above shows various information about the FR PVC.
The above information indicates that: The PVC (DLCI=100) is the one (UNUSED)
obtained through negotiating with the peer end via LMI. It is configured on
Serial1/0/0. Establishing time is 2000/04/01 23:55:39. PVC status is active. The
packets received of Forward Explicit Congestion Notifications (FECN) and
Backward Explicit Congestion Notifications (BECN) are both 0. Received/sent
frames are 0. Received/sent bytes are 0.
View
Any view
Parameter
Description
Using the display fr statistics command, you can view the current Frame Relay
statistics about receiving and sending packets.
The output information of this command can help the user to perform FR traffic
statistics and fault diagnosis.
Example
Display the Frame Relay statistics about receiving and sending packets.
The above information displays Frame Relay statistics about receiving and sending
packets.
For instance, it is known from the above information that the Frame Relay
interface type of Serial1/0/0 is DTE. Received packets are 84. Received bytes are
1333. Sent packets are 92. Sent bytes are 1217. Discarded packets in received
ones are 13. Discarded packets in sent ones are 0.
View
Any view
Parameter
Description
Example
View
Any view
Parameter
Description
Using the display mfr command, you can view configuration and statistics
information of multilink frame relay bundle and bundle link. If no bundle or
bundle link is specified, information of all bundles and bundle links will be
displayed.
For the related command, see link-protocol fr mfr and interface mfr.
Example
View configuration and state information of all frame relay bundles and frame
relay bundle links.
<3Com-Serial4/1/2>display mfr
Bundle interface:MFR4/1/0, Bundle state = down, Bundle class = A,
fragment disabled
Bundle BID = MFR4/1/0
Number of bundle links = 0, Peer's bundle-id =
Bundle links:
Bundle interface:MFR4/1/1, Bundle state = down, Bundle class = A,
fragment disabled
Bundle BID = MFR4/1/1
Number of bundle links = 1, Peer's bundle-id =
Bundle links:
Serial4/1/1, PHY state = up, link state : add sent,
LID : Serial4/1/1
Item Description
Bundle interface Bundle
Bundle state Running state of bundle interface
Bundle class Class A indicates if there is one bundle link is in up state, the
bundle is flagged as up. Moreover, all bundle links should be
flagged as down before the bundle is down.
fragment disabled Disable fragmentation function
Bundle BID Bundle identifier
Number of bundle Number of bundle links
links
Peer's bundle-id Bundle identifier of the peer
Bundle links Physical interface information of each bundle link
PHY state Running state of physical interface
Link state Running state of bundle link line protocol
LID Bundle link identifier
Bundle Link statistics: Packet statistics information of bundle link
Add_link Number of “Add_link” packets sent and received
The “Add_link” packet Add_link_ack
is used to notify the
peer that the local
node has prepared for
processing frames.
Number of “Add_link” The “Add_link_ack” packet is used to notify the peer that an
acknowledgment “Add_link” packet has been received.
packets sent and
received
Add_link_rej Number of “Add_link” reject packets sent and received
The “Add_link_rej” Remove_link
packet is used to notify
the peer that an
“Add_link” packet has
been rejected.
Number of “Remove_link” The “Remove_link” packet is used to notify the peer that the local
packets sent and received node is removing a bundle link from the bundle.
318 CHAPTER 4: LINK LAYER PROTOCOL
Item Description
Remove_link_ack Number of “Remove_link” acknowledgement packets sent and
received
The Hello
“Remove_link_ack”
packet is used to notify
the peer that a
“Remove_link” packet
has been received.
Number of “Hello” The “Hello” packet is used to maintain link state.
packets sent and
received.
Hello_ack Number of “Hello” acknowledgment packets sent and received.
The “Hello_ack” outgoing pak dropped
packet is used to notify
the peer that a “Hello”
packet has been
received.
Number of discarded incoming pak dropped
packets that are sent
Number of discarded Cause code
packets that are
received
The reason for bundle inconsistent bundle: The peer has associated the bundle with another bundle,
link to be in the thus making inconsistent BID.
current state, possibly
being the following
values:
none: The link is in normal bundle link idle: The peer bundle link is idle, which generally occurs when the
state. peer bundle interface is disabled.
ack timer expiry: The loopback detected: Loopback is enabled on the physical line of local bundle
current link state is caused link.
by the timeout of the local
T-ack timer.
other: Other reasons, such unexpected Add_link: The “add_link” message is received when
as LID error. the bundle link is in up state. This case may occur when the line
protocol is ready for being enabled and will disappear once the
connection is created.
Ack timer The time of resending hello message before bundle link receives
acknowledgment message or of waiting for hello
acknowledgment message before resending an “add_link”
message used for initial synchronization.
Hello timer Interval for bundle link to send hello message
Max retry count Maximum retry times for bundle link to resend hello message or
resend “Add_link” that is used for initial synchronization before
the bundle link waits for hello acknowledgement message.
Current count Current retry times
Peer LID Bundle link identifier of the peer link
Frame Relay Configuration Commands 319
undo fr compression
View
Parameter
None
Description
Using the fr compression frf9 command, you can enable frame relay
compression function. Using the undo fr compression command, you can
disable frame relay compression function.
This command is only valid for point-to-point interfaces. In other words, it is used
for frame relay sub-interfaces of point-to-point type.
Only when the frame relay packets type of the interface is IETF, can frame relay
compression take effect. When this command is configured, the system will
automatically change the packet type of the interface into IETF if the frame relay
packets type of an interface is not IETF.
Example
View
Parameter
None
320 CHAPTER 4: LINK LAYER PROTOCOL
Description
Using the fr compression iphc command, you can enable the IP header
compression. Using the undo fr compression iphc command, you can disable
the function.
Example
Configure the Frame Relay interface Serial 4/1/0 to adopt IP header compression.
fr dlci Syntax
fr dlci dlci
View
Interface view
Parameter
dlci: Virtual circuit number allocated for Frame Relay interface. The range of the
number is 16 to 1007. 0 to 15 and 1008 to 1023 are reserved by the protocol for
special purpose.
Description
Using the fr dlci command, you can configure the virtual circuit for Frame Relay
interface. Using the undo fr dlci command, you can cancel the configuration.
When the Frame Relay interface type is DCE or NNI, it is necessary to manually
configure virtual circuit for interface (either main interface or sub-interface). When
the Frame Relay interface type is DTE, if the interface is main interface, the system
will automatically configure the virtual circuit according to the peer device.
Example
Assign a virtual circuit with DLCI 100 to Frame Relay sub-interface Serial1/0/0.1.
fr dlci-switch Syntax
fr dlci-switch in-dlci interface interface-type interface-number dlci out-dlci
View
Parameter
out-dlci: DLCI of the specified interface where the packet is forwarded, ranging
from 16 to 1007.
Description
Using the fr dlci-switch command, you can configure a static route for frame
relay PVC switching. Using the undo fr dlci-switch command, you can delete a
static route for frame relay PVC switching.
Before the static route of frame relay PVC is configured, it is necessary to enable
the frame relay PVC switching first by using the command fr switching.
The type of the interface for forwarding packets can be either a frame relay
interface or an MFR interface. If Tunnel interface is specified as the forwarding
interface, the frame relay packets over IP can be realized.
Example
Configure a static route that allows packets on the link with DLCI of 100 on
Seiral1/0/0 to be forwarded via the link with DLCI of 200 on interface Serial2/0/0.
Configure a static route that allows packets on the link with DLCI of 200 on
Seiral4/1/2 to be forwarded via the link with DLCI of 300 on Tunnel interface
Serial4/0/0.
fr inarp Syntax
fr inarp [ ip ] [ dlci ]
View
Interface view
322 CHAPTER 4: LINK LAYER PROTOCOL
Parameter
Ip: Indicates that the inverse address resolution is performed on the ip network
protocol.
dlci: Data link connection identifier number, i.e., virtual circuit number, indicating
that the inverse address resolution is performed for this DLCI number only.
Description
Using the fr inarp command, you can enable the inverse address resolution of
Frame Relay. Using the undo fr inarp command, you can disable this function.
By default, system permits enabling the Frame Relay inverse address resolution.
When the Frame Relay sends data over the interface, it is necessary to map the
network address to the DLCI numbers. Such a map can be specified manually or
can be completed via the function of automatic inverse address resolution.
Automatic inverse address resolution can be started by using the command.
If it is expected to enable the inverse address resolution function of all PVCs, the
command without any parameters is adopted.
For the related commands, see fr map, reset fr inarp, and display fr map-info.
Example
Enable the inverse address resolution at all PVCs of the Frame Relay interface
Serial1/0/0.
[3Com-Serial1/0/0] fr inarp
fr interface-type Syntax
fr interface-type { dce | dte | nni }
undo fr interface-type
View
Interface view
Parameter
Description
Using the fr interface-type command, you can set the Frame Relay interface
type. Using the undo fr interface-type command, you can restore the default
Frame Relay interface type.
In Frame Relay, there are two communicating parties, the user side and network
side. The user side is called Data Terminal Equipment (DTE), and the network side
is called Data Communications Equipment (DCE). In a Frame Relay network, the
interface between the Frame Relay switches is Network-to-Network Interface
(NNI), and the corresponding interface adopts the NNI operating view. If the device
is used as Frame Relay switching, the Frame Relay interface should operate in the
NNI view or DCE mode. NE16E/08E/05 routers support the three modes.
In NE16E/08E/05 routers, while configuring the Frame Relay interface type as DCE
or NNI, it is unnecessary to perform the fr switching command in the System
view. Please notice that this is different from Cisco.
Example
fr iphc Syntax
fr iphc { nonstandard | rtp-connections number1 | tcp-connections number2 | tcp-include
}
View
Parameter
Description
Using the fr iphc command, you can enable IP header compression function,
including RTP/TCP header compression. Using the undo fr iphc command, you
can disable this function.
Example
Configure the number of RTP compression connections as 200 on the frame relay
Serial1/0/0.
View
Interface view
Parameter
Description
Using the fr lmi n391dte command, you can configure N391 parameter at the
DTE side. Using the undo fr lmi n391dte command, you can restore the default
value.
The DTE sends a Status-Enquiry packet at regular interval set by T391 to the DCE.
There are two types of Status-Enquiry packets: link integrity authentication packet
and link status enquiry packet. The N391 parameter defines the ratio of sending
the two types of packets, that is, link integrity authentication packets: link status
enquiry packets = (N391 - 1): 1.
Example
Set DTE as the operating mode of Frame Relay interface Serial1/0/0, and the
counter value of the PVC status to 10.
[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] fr lmi n391dte 10
View
Interface view
Frame Relay Configuration Commands 325
Parameter
Description
Using the fr lmi n392dce command, you can set N392 parameter at the DCE side.
Using the undo fr lmi n392dce command, you can restore the default
configuration.
The DCE requires the DTE to send a Status-Enquiry packet at regular interval (set
by T392). If the DCE does not receive the Status-Enquiry packet within a period of
time, it will record the error by adding 1 to the error count. If the errors exceed the
threshold, the DCE would consider the physical channels and all the DLCIs to be
unavailable.
N392 and N393 together define the “error threshold”. N393 defines the event
number observed and N392 defines the error threshold of that number (N393).
That is, if number of errors that occurred to the DCE reaches N392 in N393 events,
DCE will consider the errors have reached the threshold and declare the physical
channels and all DLCIs to be unavailable.
Example
Set the operation of frame relay interface Serial1/0/0 as DCE mode and sets N392
to 5 and N393 to 6.
View
Interface view
Parameter
Description
Using the fr lmi n392dte command, you can set N392 parameter at the DTE side.
Using the undo fr lmi n392dte command, you can restore the default
configuration.
The DTE sends a Status-Enquiry packet at a regular interval to the DCE to inquire
the link status. On receiving this packet, the DCE will immediately send a
Status-Response packet. If the DTE does not receive the response packet in the
specified time, it will record the error by adding 1 to the error count. If the errors
exceed the threshold, the DTE will consider that the physical channels and all the
DLCIs to be unavailable.
N392 and N393 together define the “error threshold”. N393 indicates the event
number observed and N392 indicates the error threshold of that number (N393).
That is, if N392 errors occurred in N393 Status-Enquiry packets in the DTE, the DTE
would consider that the error has exceeded the threshold and declare the physical
channels and all DLCIs to be unavailable.
Example
Set the operation of frame relay interface Serial1/0/0 as the DTE mode and sets
N392 to 5 and N393 to 6.
[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] fr lmi n392dte 5
[3Com-Serial1/0/0] fr lmi n393dte 6
View
Interface view
Parameter
Description
Using the fr lmi n393dce command, you can set the N393 parameter at the DCE
side. Using the undo fr lmi n393dce command, you can restore the default
configuration.
The DCE requires the DTE to send a Status-Enquiry packet at a regular interval (set
by T392). If the DCE does not receive the Status-Enquiry packet, it will record the
error by adding 1 to the error count. If the errors exceed the threshold, the DCE
would consider the physical channels and all the DLCIs to be unavailable.
N392 and N393 together define the “error threshold”. N393 defines the event
number observed and N392 defines the error threshold of that number (N393).
That is, if the number of errors that occurred to the DCE reach N392 in N393
events, DCE will consider the errors have reached the threshold and declare the
physical channels and all DLCIs to be unavailable.
Example
Set the operation of frame relay interface Serial1/0/0 as DCE mode and sets N392
to 5 and N393 to 6.
View
Interface view
Parameter
Description
Using the fr lmi n393dte command, you can set N393 parameter at the DTE side.
Using the undo fr lmi n393dte command, you can restore the default
configuration.
The DTE sends a Status-Enquiry packet at a regular interval to the DCE to inquire
the link status. On receiving this packet, the DCE will immediately send a
Status-Response packet. If the DTE does not receive the response packet in the
specified time, it will record the error by adding 1 to the error count. If the errors
exceed the threshold, the DTE will consider that the physical channels and all the
DLCIs to be unavailable.
328 CHAPTER 4: LINK LAYER PROTOCOL
N392 and N393 together define the “error threshold”. N393 indicates the event
number observed and N392 indicates the error threshold of that number (N393).
That is, if N392 errors occurred in N393 Status-Enquiry packets in the DTE, the DTE
would consider that the error count has exceeded the threshold and declare the
physical channels and all DLCIs to be unavailable.
Example
Set the operation of frame relay interface Serial1/0/0 as the DTE mode and sets
N392 to 5 and N393 to 6.
[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] fr lmi n392dte 5
[3Com-Serial1/0/0] fr lmi n393dte 6
View
Interface view
Parameter
t392-value: Value of the polling timer. The range of the value is 5 to 30, in
seconds.
Description
Using the fr lmi t392dce command, you can set T392 parameter at the DCE side.
Using the undo fr lmi t392dce command, you can restore the default
configuration.
This parameter defines the maximum time for DCE waiting for a Status-Enquiry.
Example
Set the frame relay interface Serial1/0/0 to operate in DCE mode and set T392 to
10s.
View
Interface view
Parameter
Description
Using the fr lmi type command, you can configure the Frame Relay LMI protocol
type. Using the undo fr lmi type command, you can restore to the default value
of LMI protocol type.
The NE16E/08E/05 routers usually support three LMI protocols, namely, Q.933
Appendix A, ANSI T1.617 Appendix D and Nonstandard compatible LMI protocol.
Example
fr map ip Syntax
fr map ip { protocol-address [ ip-mask ] | default } dlci [ broadcast ] [ nonstandard | ietf ]
View
Interface view
Parameter
dlci: local virtual circuit number, and the range of the value is 16 to 1007.
330 CHAPTER 4: LINK LAYER PROTOCOL
Description
Using the fr map ip command, you can add a FR address mapping. Using the
undo fr map ip command, you can cancel the configuration.
The mapping can be manually established or can be completed via the inverse
address resolution protocol. Manually configure the static mapping when there are
a few peer hosts or there is a default route. When the peer router supports inverse
address resolution protocol and the network is rather complex, the dynamic
address mapping is established via the inverse address resolution protocol.
Example
fr switch Syntax
fr switch name [ interface interface-type interface-number dlci dlci1 interface
interface-type interface-number dlci dlci2 ]
View
System view
Parameter
name: Name of PVC used for frame relay switching, consisting of 30 characters at
most.
Description
Using the fr switch command, you can create a PVC used for frame relay
switching and enter frame relay switching view. Using the undo fr switch
command, you can delete a specified PVC.
The interface for forwarding packets can be either a frame relay interface or an
MFR interface. If Tunnel interface is specified as the forwarding interface, frame
relay packets over IP can thus be realized.
If a PVC used for switching has been configured, its interface and DLCI cannot be
changed any longer. To change them, you must delete the defined PVC used for
switching first.
Example
Create a PVC named pvc1 on the DCE serving as the switch, which is from the
DCLI 100 of serial interface 0/0/0 to the DLCI 200 of serial interface 1/0/0.
[3Com] fr switching
[3Com] fr switch pvc1 interface serial 0/0/0 dlci 100 interface serial 1/0/0 dlci 200
[3Com-fr-switching-pvc1]
fr switching Syntax
fr switching
undo fr switching
View
System view
Parameter
None
Description
Using the fr switching command, you can enable frame relay PVC switching.
Using the undo fr switching command, you can disable frame relay PVC
switching.
Example
[3Com] fr switching
View
System view
Parameter
Description
Using the interface mfr command, you can create a multilink frame relay bundle
interface or sub-interface and enter the corresponding interface view. Using the
undo interface mfr command, you can delete a specified multilink frame relay
bundle interface or sub-interface.
Before using the undo interface mfr command to delete an MFR interface, you
must delete all physical interfaces from the MFR interface.
Before an MFR sub-interface is created, the MFR interface must be created first.
For the related commands, see link-protocol fr mfr and mfr bundle-name.
Example
link-protocol fr Syntax
link-protocol fr [ nonstandard | ietf ]
Frame Relay Configuration Commands 333
View
Interface view
Parameter
Description
Using the link-protocol fr command, you can encapsulate interface link layer
protocol as Frame Relay.
By default, the link-layer protocol encapsulated on the interface is PPP, and the
frame relay encapsulation format is IETF.
Example
View
Interface view
Parameter
Description
Using the link-protocol fr mfr command, you can configure the current physical
interface as a multilink frame relay bundle link and bundle it onto a specified MFR
interface.
When this command is configured, the specified MFR interface must exist. A
maximum of 16 physical interfaces can be bundled onto an MFR interface.
334 CHAPTER 4: LINK LAYER PROTOCOL
For the related commands, see interface mfr and mfr link-name.
Example
Configure the current serial interface as a bundle link and add it onto the frame
relay bundle interface mfr4/0/123.
View
Parameter
name: Bundle identification, in the form of character string, with a length ranging
from 1 to 49.
Description
Using the mfr bundle-name command, you can set frame relay bundle
identification (BID). Using the undo mfr bundle-name command, you can
restore the default value.
By default, BID is in the form of “mfr + frame relay bundle number”, such as
mfr4/0/123.
Each multilink frame relay bundle has a BID, which is only significant at the local.
Therefore, the BIDs at both ends of the link can be the same.
When changing the BID of an interface, you must execute the shutdown/undo
shutdown command on the interface to make the new BID valid.
Example
View
Parameter
None
Description
Using the mfr fragment command, you can enable fragmentation of a multilink
frame relay bundle. Using the undo mfr fragment command, you can disable the
function.
For the related commands, see mfr fragment-size and mfr window-size.
Example
View
Parameter
Description
Using the mfr fragment-size command, you can configure the maximum
fragment size allowed on a frame relay bundle link. Using the undo mfr
fragment-size command, you can restore the default setting.
By default, the maximum fragment size allowed on a frame relay bundle link is of
300 bytes.
The priority of the fragment size configured in frame relay interface view is higher
than that of the one configured in MFR interface view.
For the related commands, see mfr fragment and mfr window-size.
Example
Configure the maximum fragment size allowed on the multilink frame relay
bundle link Serial4/1/2 to be 70 bytes.
336 CHAPTER 4: LINK LAYER PROTOCOL
View
Parameter
Description
Using the mfr link-name command, you can set the frame relay bundle link
identification (LID). Using the undo mfr link-name command, you can restore the
default setting.
The peer equipment identifies a frame relay bundle link via LID or associates the
bundle link with a frame relay bundle by using LID. LID is locally valid; therefore,
the LIDs at both ends of a link can be the same.
When changing the bundle LID on an interface, you must execute the
shutdown/undo shutdown command on the interface to make the new bundle
LID valid.
Example
Set the bundle LID of the multilink frame relay bundle link Serial4/1/2 to be bl1.
View
Parameter
number: The maximum times that a bundle link can resend hello messages,
ranging from 1 to 5. By default, it is twice.
Frame Relay Configuration Commands 337
Description
Using the mfr retry command, you can set the maximum times that a frame relay
bundle link can resend hello message when waiting for a hello acknowledgement
message. Using the undo mfr retry command, you can restore the default
setting.
If the times that a bundle link resends hello message reach the maximum without
receiving acknowledgement from the peer, the system will regard the link protocol
on the bundle link to be malfunctioning.
Only after the link-protocol fr mfr command is used to associate a frame relay
bundle link interface with a frame relay bundle, can this command be configured.
For the related commands, see mfr timer ack and mfr timer hello.
Example
Set the bundle link Serial4/1/2 to resend hello message for 3 times at most.
View
Parameter
Description
Using the mfr timer ack command, you can set the time of waiting for hello
acknowledgment message before frame relay bundle link resends hello message.
Using the undo mfr timer ack command, you can restore the default setting.
For the related commands, see mfr timer hello and mfr retry.
Example
Set the frame relay bundle link Serial4/1/2 to wait for 6 seconds before resending
hello message.
View
Parameter
seconds: Interval for a bundle link to send hello message, in seconds, ranging from
1 to 180. By default, it is 10 seconds.
Description
Using the mfr timer hello command, you can set the interval for a frame relay
bundle link to send hello message. Using the undo mfr timer hello command,
you can restore the default setting.
Both ends of a frame relay bundle link periodically send hello message to the peer
end. After the peer receives the hello message, it will response hello
acknowledgement message.
For the related commands, see mfr timer ack and mfr retry.
Example
Set the bundle link Serial4/1/2 to send hello message once every 15 seconds.
View
Parameter
Description
Using the mfr window-size command, you can configure the number of
fragments that can be held by the window used in sliding window algorithm
when multilink frame relay reassembles received fragments.
For the related commands, see interface mfr, mfr fragment, and mfr
fragment-size.
Frame Relay Configuration Commands 339
Example
Set the size of the sliding window of the MFR bundle interface MFR4/0/123 to be
8.
shutdown Syntax
shutdown
undo shutdown
View
Description
Using the shutdown command, you can disable any current switching PVCs.
Using the undo shutdown command, you can enable any current switching
PVCs.
Example
[3Com] fr switch pvc1 interface serial 1/0/0 dlci 100 interface serial 2/0/0 dlci 200
[3Com-fr-switching-pvc1] shutdown
View
User view
Parameter
None
Description
Using the reset fr inarp command, you can clear the address mapping
established by inverse ARP.
In some special cases, for example, when the network architecture changes, the
dynamic address maps originally established will become invalid. hence it is
necessary to establish them again. Users can use this command to clear all the
dynamic address maps.
Example
View
Interface view
Parameter
Description
Using the timer hold command, you can configure the polling timer at the DTE
side. Using the undo timer hold command, you can restore its default value.
Example
Configure that Frame Relay interface serial1/0/0 to work in DTE mode, and set the
value of polling timer to 15 seconds.
[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] timer hold 15
ATM Configuration
Commands
atm-class Syntax
atm-class atm-class-name
View
Parameter
Description
Using the atm-class command, you can apply a set of parameters (which are
defined in ATM-Class) to an ATM interface or a PVC. Using the undo atm-class
command, you can delete the specified ATM-Class.
Example
View
System view
Parameter
Description
Using the atm class command, you can create an ATM-Class and enter the
ATM-Class view. Using the undo atm class command, you can delete the
specified ATM-Class.
Example
clock Syntax
clock { master | slave }
undo clock
342 CHAPTER 4: LINK LAYER PROTOCOL
View
Parameter
master: Specify ATM interface to use the internal transmission clock signal.
Description
Using the clock command, you can specify ATM interface to use internal
transmission clock signal. Using the undo clock command, you can restore the
usage of network clock signal.
By default, ATM interface uses the network clock signal. This clock signal is usually
provided by the device which provides ATM interfaces.
When two network devices are directly connected in the back-to-back method
through the ATM interfaces, this command is used to set the internal transmission
clock at the ATM interface of one device.
Although this command is valid on both ATM main interface and sub-interface, it
can only be used in ATM main interface view and there is not this command in
ATM sub-interface view.
Example
View
User view
Parameter
None
Description
Using the debugging atm all command, you can enable all the debugging
switches of ATM. Using the undo debugging atm all command, you can disable
the debugging.
Because the use of this command can lead to a mass of output information, this
may cause that users cannot control network devices through terminals and the
efficiency of packet transmitting and receiving may be greatly damaged.
For the related commands, see debugging atm error, debugging atm event,
and debugging atm packet.
View
User view
Parameter
interface-name: ATM interface name. For detailed naming rules, please refer to
the “Interface Configuration” chapter in this manual. If it is not specified, all the
error debugging of ATM are enabled (including global debugging, interface-level
debugging and PVC-level debugging).
pvc-name: PVC name, optional. If no PVC name and VPI/VCI pair are specified, all
the error debugging of the PVC will be enabled.
vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
Description” in the pvc command.
Description
Using the debugging atm error command, you can enable the error debugging
of ATM. Using the undo debugging atm error command, you can disable the
debugging.
For the related commands, see display debugging and debugging atm all.
Example
View
User view
Parameter
interface-name: ATM interface name. For detailed naming rules, please refer to
“Interface Configuration” part of this manual. If it is not specified, all the event
debugging of ATM is enabled by default (including global debugging,
interface-level debugging and PVC-level debugging).
pvc-name: PVC name, optional. If no PVC name and no VPI/VCI pair are specified,
all the event debugging of PVC will be enabled.
vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
Description” in the pvc command.
Description
Using the debugging atm event command, you can enable the event debugging
of ATM. Using the undo debugging atm event command, you can disable the
debugging.
This command is used to enable all the debugging of events that happen at the
ATM interface or a PVC, which can be used to trace some essential events of the
system. Such information may be helpful for detecting network faults.
Example
The example is a case to enable the debugging of ATM events and display the
results.
View
User view
Parameter
interface-name: ATM interface name, optional. For detailed naming rules, please
refer to “Interface Configuration” part of this manual. If it is not specified, all the
packet debugging of ATM are enabled by default (including global debugging,
interface-level debugging and PVC-level debugging).
pvc-name: PVC name, optional. If no PVC name and no VPI/VCI pair are specified,
all the packet debugging of PVC will be enabled.
vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
Description” in the pvc command.
Description
Using the debugging atm packet command, you can enable the packet
debugging of ATM. Using the undo debugging atm packet command, you can
disable the debugging.
The received packets will display all the information about received frames , which
can indicate whether the sending side correctly encapsulates these frames. This
will be greatly helpful for the network device detection.
Packet debug information displays the PDU byte information in hex, through
which technical support personnel or engineers can locate some system errors.
346 CHAPTER 4: LINK LAYER PROTOCOL
Since the use of this command can lead to a mass of output information during
each packet receiving and transmitting, this may cause that users cannot control
network devices through their terminals, and thus greatly affect the efficiency of
packet transmitting and receiving.
Example
The example is a case to enable the debugging of ATM packet and display the
results.
……
*515396.229644-atm-8-debug8: Atm1/0/0 pvc 1/32 out ppp pkt, snap, 22
*515396.229710-atm-8-debug8: FE FE 03 CF FF 03 C0 21 01 22 00 0E 01 04 05 DC
*515396.229812-atm-8-debug8: 05 06 00 00 1F 38
*515396.232644-atm-8-debug8: Atm1/0/0 pvc 1/32 out ppp pkt, snap, 22
*515396.232710-atm-8-debug8: FE FE 03 CF FF 03 C0 21 01 23 00 0E 01 04 05 DC
*515396.232812-atm-8-debug8: 05 06 00 00 1F 38
It indicates that PPP packets are being output from PVC 1/32 of Atm1/0/0.
View
Any view
Parameter
Description
Using the display atm class command, you can view the information about
ATM-Class. By default, if no ATM-Class name is specified, the information of all
ATM-Class is displayed.
Example
ATM-Class name is "main", and the following contents are set in the ATM-Class:
the service type is unspecified bit rate and the output peak rate of ATM cells is
8000 and the AAL encapsulation type is SNAP.
View
Any view
Parameter
interface-name: ATM interface name. For detailed naming rules, please refer to
“Interface Configuration” part of this manual. If it is not specified, all the
information about ATM interface will be displayed by default.
Description
Using the display atm interface command, you can locate the problems
efficiently and get detailed information related to ATM configuration.
Example
The maximum number of PVCs on the ATM interface is 1024. The input packets,
bytes and errors of input packets are all 0; output packets are 69, output bytes are
2218 and output packet errors are 8; there are totally 4 PVCs and 4 MAPs at the
interface and the interface status is active (UP).
View
Any view
Parameter
interface-name: ATM interface name. For detailed naming rules, please refer to
“Interface Configuration” part of this manual. If it is not specified, all the
information about the higher layer mapping table of ATM interface will be
displayed by default.
pvc-name: PVC name, optional parameter. If no PVC name and no VPI/VCI pair are
specified, the information of the higher layer protocol mapping table about all
PVCs within specified ATM interface will be displayed by default.
vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
Description” in the pvc command.
Description
Using the display atm map-info command, you can view the information about
the upper layer protocol mapping table of ATM.
For the related commands, see map ip, map ppp, and map bridge.
Example
Display the information about the upper layer protocol mapping table of all ATM
interfaces.
ATM Configuration Commands 349
PVC 1/32 of Atm 1/0/0 interface uses PPPoA mapping, the VT interface numbered
10 is used and the status is activated (UP);
PVC 1/33 of Atm 1/0/0 interface uses IPoA mapping, the configured mapping
static IP address is 100.11.1.1, the address mask is 255.255.0.0, it occupies No.1
vlink and its status is activated (UP);
PVC 2/101 of Atm 1/0/0 interface uses PPPoEoA mapping or IPoEoA mapping, VE
interface numbered 1/1/1 is adopted, the configured MAC address is
00E0.FC01.0203 and its status is activated (UP).
View
Any view
Parameter
pvc-name: PVC name, optional. If no PVC name and no VPI/VCI pair are specified,
the information about all PVC-Groups within the specified ATM interface will be
displayed by default.
vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
description” in the pvc command.
Description
Using the display atm pvc-group command, you can view the information about
PVC-Group.
350 CHAPTER 4: LINK LAYER PROTOCOL
Example
The explanation on the above messages is as follows (Taking the first record as an
example, and the last four records can refer to the following explanation.):
PVC with VPI/VCI pair as 1/32, its has been activated (UP) and the name is
"3Com". The AAL encapsulation type is SNAP. The application type is IPoA. The
interface is ATM main interface: Slot number is 1, adapter number is 1 and the
interface number is 0. The PVC-Group is created based on PVC "1/32".
View
Any view
Parameter
interface-name: ATM interface name. For detailed naming rules, please refer to
“Interface Configuration” part of this manual. If it is not specified, all the
information about PVC of ATM interface will be displayed by default.
pvc-name: PVC name, optional parameter. If no PVC name and no VPI/VCI pair are
specified, the information about all PVCs within the specified ATM interface will
be displayed by default.
ATM Configuration Commands 351
vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
Description” in the pvc command.
Description
Using the display atm pvc-info command, you can view the information about
PVC.
Example
The explanation on the above messages is as follows (Taking the first record as an
example, and the last four records can refer to the following explanation.):
PVC with VPI/VCI pair as 1/32, its has been activated (UP) and the name is
"3Com". The index number is 1. The AAL encapsulation type is SNAP. The
application type is IPoA. The interface is ATM main interface: Slot number is 1,
adapter number is 0 and the interface number is 0.
encapsulation Syntax
encapsulation aal5-encap
undo encapsulation
View
PVC view
Parameter
Description
Using the encapsulation command, you can specify ATM AAL5 encapsulation
type for PVC. Using the undo encapsulation command, you can restore the
default encapsulation.
To change the encapsulation type for PVC to aal5mux or aal5nlpid, InARP must be
deleted first.
Example
The two examples can both specify AAL5 encapsulation type of PVC as aal5snap.
View
System view
Parameter
Interface number: ATM master interface number. For detailed numbering rules,
please refer to “Interface Configuration” part of this manual.
Description
Using the interface atm command, you can create an ATM sub-interface or enter
an ATM interface view. Using the undo interface atm command, you can delete
an ATM sub-interface.
Example
The two examples display how to enter the ATM main interface or create/enter the
ATM sub-interface.
ip-precedence Syntax
ip-precedence{ pvc-name [ vpi/vci ] | vpi/vci } { min [ max ] | default }
View
Parameter
vpi/vci: vpi is ATM Virtual Path Identifier (VPI), which ranges from 0 to 255; vci is
ATM Virtual Channel Identifier (VCI) , which ranges from 0 to 2047. Usually, the
vci values from 0 to 31 are reserved for special usage and cannot be used. PVC
corresponding to vpi/vci must have already been created.
Description
Using the ip-precedence command, you can set the precedence of IP packets
carried over PVC. Using the undo ip-precedence command, you can delete the
precedence configuration of IP packets carried over PVC.
This command can be only used to set the PVC within the PVC-Group. The
specified minimum preference min must be less than or equal to the specified
maximum preference max.
Example
Display how to set an IP packet named "3Com" whose VPI/VCI is 1/32 and the
PVC carrying preference is 0 to 3.
View
PVC view
Parameter
Description
Using the map bridge command, you can establish the IPoEoA mapping or
PPPoEoA mapping on the PVC. Using the undo map bridge command, you can
delete the mapping.
Before using this command, make sure that VE has been created.
As the upper layer of the link layer on the VE interface is Ethernet and the lower
layer is carried by AAL5, the MAC address used by VE is not the actual MAC
address and it cannot be obtained from the hardware and must be configured
manually. Users need to configure the correct MAC address by themselves.
Example
Establish the IPoE mapping using the established VE interface in PVC view.
map ip Syntax
map ip { ip-address [ ip-mask ] | default | inarp [ minutes ] } [ broadcast ]
View
PVC view
Parameter
ip-mask: IP address mask, optional. If a packet cannot find the next hop at the
interface, but the next hop address belongs to the network segment specified by
ip-address and ip-mask, it can be sent over the PVC.
default: A mapping with the default route property is set. If a packet cannot find
a mapping with the same address of next hop at the interface, but one PVC has
the default mapping, the packet can be sent over the PVC.
minutes: Time interval to send InARP packets in minutes, optional. The range of
the value is 1 to 600 and the default value is 15.
Description
Using the map ip command, you can create IPoA mapping for PVC. Using the
undo map ip command, you can delete the mapping.
Example
The two examples are the cases creating IPoA mapping for PVC.
Display how to create a static mapping at PVC 1/32, specify the opposite IP
address to 61.123.30.169 and support pseudobroadcast.
Display how to enable InARP at PVC 1/33 to automatically obtain the opposite
address and send InARP packets every 10 minutes.
View
PVC view
Parameter
Description
Using the map ppp command, you can create PPPoA mapping at PVC in PVC
view. Using the undo map ppp command, you can delete the mapping.
Before this command is used, the VT must have already been created.
Example
mtu Syntax
mtu mtu-number
undo mtu
View
Interface view
Parameter
mtu-number: MTU size of ATM interface in bytes, the range of the value is 128 to
16384.
Description
Using the mtu command, you can set the size of Maximum Transmission Unit
(MTU) of the ATM interface. Using the undo mtu command, you can restore the
default of the value.
MTU of ATM interface only influences the packet assembling and packet
disassembling of IP layer at the ATM interface. Because of the limit of the QoS
queue length (for example, the default length of the FIFO queue is 75), the too
small MTU will lead to too many fragments and will be dropped by the QoS
queue. In this case, the length of the QoS queue can be enlarged appropriately.
FIFO is the queue dispatching mechanism used by PVC by default, and its queue
length can be changed by using the fifo queue-length command in the PVC view.
This command can be used in ATM main interface and sub-interface at the same
time.
Example
View
Parameter
frequency: Time interval to send OAM F5 Loopback cells in seconds, and the
range of the value is 1 to 600.
358 CHAPTER 4: LINK LAYER PROTOCOL
Description
Using the oam frequency command, you can enable the transmission of OAM F5
Loopback cell so as to check the PVC status. You can also enable OAM F5
Loopback retransmission check or modify the related parameters of the
retransmission check. Using the undo oam frequency command, you can disable
the transmission and retransmission check of the cell.
Example
Display how to enable OAM F5 Loopback check at PVC 1/32, with the period of
12 seconds. And set the retransmission check up-count as 4, down-count as 4 and
retransmission period as 1 second.
pvc Syntax
pvc { pvc-name [ vpi/vci ] | vpi/vci }
View
Parameter
vpi/vci: vpi is ATM Virtual Path Identifier (VPI) in the range 0 to 255; vci is ATM
Virtual Channel Identifier (VCI). Its value range depends on interface type. See the
following table for reference. Usually, the vci values from 0 to 31 are reserved for
special usage and cannot be used
Table 15 VCI range for each type of ATM interface
Description
Using the pvc command, you can create a PVC or enter the PVC view at ATM
interface or in PVC-Group view. Using the undo pvc command, you can delete
the specified PVC.
Once pvc-name is specified for one PVC (e.g. "3Com"), it is possible to re-enter
the PVC view by inputting pvc pvc-name (e.g. " pvc 3Com"). The deletion of the
PVC can be done by inputting undo pvc pvc-name (e.g. " undo pvc 3Com") or
through the undo pvc vpi/vci (if the VPI/VCI of this PVC is 1/32, it is " undo pvc
1/32") command.
The VPI/VCI pair of each PVC is unique at an ATM interface (including main
interface and sub-interface).
The actual number of PVCs that can be created is determined by the pvc
max-number command.
For the related commands, see display atm pvc-info and pvc max-number.
Example
pvc-group Syntax
pvc-group { pvc-name [ vpi/vci ] | vpi/vci }
View
Parameter
vpi/vci: vpi is ATM Virtual Path Identifier (VPI) in the range 0 to 255; vci is ATM
Virtual Channel Identifier (VCI). For its value range, refer to VCI range for each
type of ATM interface. Usually, the vci values from 0 to 31 are reserved for special
usage and cannot be used. PVC corresponding to vpi/vci must have already been
created.
Description
Using the pvc-group command, you can create a PVC-Group or enter the
PVC-Group view at ATM interface. Using the undo pvc-group command, you can
delete the specified PVC-Group.
Once pvc-name is specified for some PVC (e.g. "3Com"), it is possible to enter the
PVC-Group view by inputting pvc-group pvc-name (e.g. "pvc-group 3Com"). The
deletion of the PVC-Group can be done by inputting undo pvc-group pvc-name
(e.g. "undo pvc-group 3Com") or through the undo pvc-group vpi/vci (if the
VPI/VCI of this PVC is 1/32, it is " undo pvc-group 1/32") command.
Example
Display how to create a PVC-Group based on the name "3Com" and the PVC
with VPI/VCI as 1/32.
View
Parameter
Table 16 The maximum number of VCs allowed for each type of ATM interface
Description
Using the pvc max-number command, you can set the maximum number of
ATM interface virtual circuits (VC). Using the undo pvc max-number command,
you can restore the default value.
This command is used to set the maximum number of the total available VCs for
ATM main interfaces and sub-interfaces.
Although this command is valid on both ATM main interface and sub-interface, it
can only be used in ATM main interface view and there is not this command in
ATM sub-interface view.
Example
The two examples can both make ATM interface Atm1/0/0 support totally 2048
VCs.
Display how to set ATM interface Atm1/0/0 to totally support maximum 2048
VCs.
Display how to set ATM interface Atm1/0/0 to support the default maximum
number of VCs (2048).
View
Parameter
vpi: Virtual path identifier of ATM network, its value ranges from 0 to 255.
Description
Using the pvp limit command, you can set the parameters for VP policing. Using
the undo pvp limit command, you can delete the VP policing.
When applying VP policing, the parameters of PVC are still valid. Only when the
parameters of PVC and VP policing are satisfied, will the packets be transmitted.
When calculating the traffic, the LLC/SNAP, MUX and NLPID headers are included,
but the ATM cell head is not included.
For the related commands, see pvc, service cbr, service vbr-nrt, and service
vbr-rt, service ubr.
Example
View
PVC view
Parameter
output-pcr: Output peak rate of ATM cell in Kbit/s. Value range of this parameter
depends on interface type, as shown in the following table
Table 18 Value ranges of output-pcr
cdvt_value: cell delay variation tolerance, in ìs, and the range of the value is 0 to
10000ìs.
Description
Using the service cbr command, you can specify PVC service type as constant bit
rate (CBR).
By default, the service type is UBR after creating a PVC. When the value of cdvt is
not specified, it is 500ìs by default.
This command is used to set the PVC service type and parameter. The newly
specified PVC service type will replace the existing service type. It is recommended
that the PVC with larger bandwidth be created first and then the one with smaller
bandwidth. If the creation fails, the cdvt_value can be adjusted larger to create the
PVC once more. The above case will be prompted in the command line, as follows:
The command does not support ATM E1 interface and ATM E3 interface.
For the related commands, see service vbr-nrt, service vbr-rt, and service ubr.
Example
Specify the service type of the PVC as cbr and the peak rate of ATM cell as
50,000Kbits/s.Cell delay variation tolerance is 1000ìs.
View
PVC view
Parameter
output-pcr: Output peak rate of ATM cell in Kbit/s. For the value ranges of this
parameter, see Value ranges of output-pcr.
364 CHAPTER 4: LINK LAYER PROTOCOL
Description
Using the service ubr command, you can specify the service type of PVC as
Unspecified Bit Rate (UBR) and specify the related rate parameters.
This command as well as the service vbr-nrt, service vbr-rt and service cbr
commands can be used to set the service type and service parameters of PVC. The
newly specified PVC service type will supersede the existing service type.
For the related commands, see service vbr-nrt, service vbr-rt, and service cbr.
Example
Display how to specify the service type of the PVC as ubr and the peak cell rate of
ATM cell as 100,000Kbps.
View
PVC view
Parameter
output-pcr: Peak rate of ATM cell output in Kbit/s. For the value ranges of this
parameter, see Value ranges of output-pcr.
output-scr: Sustainable rate of ATM cell output in Kbps. Its value ranges are the
same as those of output-pcr.
output-mbs: Maximum burst size of ATM cell output, i.e., the maximum cache size
of ATM cell output at the interface in cell number.
Description
Using the service vbr-nrt command, you can specify the service type of PVC as
Variable Bit Rate-Non Real Time (VBR-NRT) and specify the related rate
parameters.
This command as well as the service ubr, service vbr-rt and service cbr commands
can be used to set the service type and service parameters of PVC. The newly
specified PVC service type will supercede the existing service type.
For the related commands, see service vbr-rt, service ubr, and service cbr.
ATM Configuration Commands 365
Example
Display how to specify the service type of the PVC as VBR-NRT and set the peak
bit rate of ATM cell to 100,000kbit/s, sustainable bit rate to 50,000Kbps, the
maximum burst size to 320 cells.
View
PVC view
Parameter
output-pcr: Peak cell rate of ATM output in Kbit/s. For the value ranges of this
parameter.
output-scr: Sustainable cell rate of ATM output in Kbps. Its value ranges are the
same as those of output-pcr.
output-mbs: Maximum burst size of ATM cell output, i.e., the maximum cache size
of ATM cell output at the interface in cell number. The range of the value is 1 to
512. When it is used in ATM E3 interface, the range of the parameter is 1 to 512.
Description
Using the service vbr-rt command, you can set the service type of PVC to Variable
Bit Rate - Real Time (VBR-RT) and specify the related rate parameters in the PVC
view.
This command as well as the service ubr, service cbr and service vbr-nrt commands
can be used to set the service type and service parameters of PVC. The newly
specified PVC service type will supercede the existing service type. The command
does not support ATM E1 interface.
For the related commands, see service cbr, service ubr, and service vbr-nrt.
Example
Display how to specify the service type of the PVC as VBR-NRT and set the peak
cell rate of ATM to 100,000kbit/s, sustainable cell rate to 50,000Kbps, the
maximum burst size to 320 cells.
366 CHAPTER 4: LINK LAYER PROTOCOL
channel Syntax
channel { interface serial interface-number | xot ip-address }
View
Parameter
Description
Using the channel command, you can add X.25 interface or XOT channel of one
serial port to the current hunt group. Using the undo channel command, you can
delete the specified interface or XOT channel from the current hunt group.
One interface may belong to six hunt groups at most at the same time.
Example
View
User view
Parameter
Description
Using the debugging pad command, you can enable the debugging switch of
PAD.
Using the undo debugging pad command, you can disable the debugging
switch of PAD.
Example
None
View
User view
Parameter
Description
Using the debugging x25 xot command, you can enable the debugging switch
of XOT
Using the undo debugging x25 xot command, you can disable the debugging
switch of XOT
Example
None
View
Any view
Parameter
Description
Using the display interface command, you can view the LAPB or X.25 interface
information. After configuring PVC of X.25, users can use the command to obtain
the status information on one interface.
Example
Encapsulate Serial0/0/0 with LAPB protocol and view the encapsulated interface
information using the following commands.
<3Com> system-view
[3Com] interface Serial1/0/0
[3Com-Serial0/0/0] linl-protocol lapb
[3Com-Serial0/0/0] display interface serial 0/0/0
Serial0/0/0 current state : UP
Line protocol current state : UP
Description : 3Com, 3Com Series, Serial4/0/0 Interface
The Maximum Transmit Unit is 1500, Holder timer is 10(sec)
Internet protocol processing : disabled
Link-protocol is X.25 DCE Ietf, address is , state R1, modulo 8
input/output: window sizes 7/7, packet sizes 256/256
Channels: Incoming-only 10-20, Two-way 30-40, Outgoing-only 50-60
Timers: T10 60, T11 180, T12 60, T13 60, Idle_Timer 0 (seconds)
New configuration(will be effective after restart): modulo 8
input/output: window sizes 7/7, packet sizes 256/256
Channels: Incoming-only 10-20, Two-way 30-40, Outgoing-only 50-60
Statistic: Restarts 0 (Restart Collisions 0)
Refused Incoming Call 0, Failing Outgoing Call 0
input/output: RESTART 1/1 CALL 9/2 DIAGNOSE 0/0
DATA 119/121 INTERRUPT 0/0 Bytes 2497/2731
RR 6/113 RNR 0/0 REJ 0/0
Invalid Pr: 0 Invalid Ps: 0 Unknown: 0
Link-protocol is LAPB
LAPB DCE, module 8, window-size 7, max-frame 12056, retry 10
Timer: T1 3000, T2 1500, T3 0 (milliseconds), x.25-protocol
state CONNECT, VS 6, VR 3, Remote VR 6
IFRAME 147/254, RR 11/6, RNR 0/0, REJ 0/0
FRMR 0/0, SABM 0/1, DM 0/0, UA 1/0
DISC 0/0, invalid ns 0, invalid nr 0, link resets 0
FIFO queuing: (Outbound queue:Size/Length/Discards)
FIFO 0/75/0
Physical layer is synchronous,
Interface is DTE, Cable type is V24
5 minutes input rate 0.00 bytes/sec, 0.01 packets/sec
5 minutes output rate 0.07 bytes/sec, 0.01 packets/sec
159 packets input, 3338 bytes, 0 no buffers
261 packets output, 4057 bytes, 0 no buffers
0 input errors, 0 CRC, 0 frame errors
0 overrunners, 0 aborted sequences, 0 input no buffers
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
The above information will be displayed after entering the command series, in
which the contents in boldface are those related to X.25 and LAPB protocols. The
main parameters are described as follows:
LAPB and X.25 Configuration Commands 369
View
Any view
Parameter
Description
Using the display x25 alias-policy command, you can view X.25 alias table.
Example
The above information indicates: the interface Serial0/0/0 is set without alias, and
the interface Serial1/0/0 is set with 3 aliases, which are $20112405$ (in strict
LAPB and X.25 Configuration Commands 371
match mode), $20112405 (in left alignment match mode) and 20112405$ (in
right alignment match mode).
View
Any view
Parameter
Description
Using the display x25 hunt-group-info command, you can view the status
information of X.25 hunt group.
You can use this command to learn the hunt group of the Router and the
information about the interfaces and XOT channel inside the hunt group.
Example
The following table introduces the meaning of each field in the displayed
information.
Table 19 Explanation of each field in the command display x25 hunt-group-info
Field Explanation
hg1 Hunt group name
round-robin Hunt group call channel selection policy
member Interfaces or XOT channel contained in hunt group
state The state of the current interface or XOT channel, including:
Last:Last: last used Next: interfaces or XOT channel selected by rotary selection policy
next
Normal: normal state vc-used
Call number on the in-pkts
interface or XOT
channel (including call
success and call failure)
372 CHAPTER 4: LINK LAYER PROTOCOL
Field Explanation
Input flow on the out-pkts
interface or XOT
channel in packets
Output flow on the
interface or XOT
channel in packets
View
Any view
Parameter
None
Description
Using the display x25 map command, you can view the X.25 address mapping
table.
For the related commands, see x25 map, x25 pvc, x25 switch pvc, x25 xot pvc,
and x25 fr pvc.
Example
View
Any view
LAPB and X.25 Configuration Commands 373
Parameter
pad-id: PAD ID, its value ranges from 0 to 255. If it is not specified, all PAD
connection information will be displayed.
Description
Using the display x25 pad command, you can view X.25 PAD connection
information.
For the related commands, see display x25 vc and x25 xot.
Example
View
Any view
Parameter
None
Description
Using the display x25 switch-table pvc command, you can view X.25 switching
virtual circuit table.
For the related commands, see x25 pvc, x25 switch pvc, x25 xot pvc, x25 fr
pvc, and x25 switch svc.
374 CHAPTER 4: LINK LAYER PROTOCOL
Example
View
Any view
Parameter
None
Description
The command display x25 switch-table svc is used to display X.25 switching
routing table.
Example
The following table introduces the meaning of each field in the displayed
information.
Table 20 Explanation of each field in the command display x25 switch-table svc
Field Explanation
Number Sequence number of this route in the routing table
Substitute-src X.121 source address after substitution, if the content is blank,
it means no substitution.
Substitute-dst X.121 destination address after substitution, if the content is
blank, it means no substitution.
LAPB and X.25 Configuration Commands 375
Table 20 Explanation of each field in the command display x25 switch-table svc
Field Explanation
CUD Call User Data
SwitchTo Forwarding address of this route, including interface, XOT
channel and hunt group
View
Any view
Parameter
lci: Logical channel identifier, its value ranges from 1 to 4095. If the logical
channel identifier is not specified, all virtual circuits will be displayed.
Description
Using the display x25 vc command, you can view the information about the X.25
virtual circuit.
For the related commands, see x25 pvc, x25 switch pvc, x25 xot pvc, and x25
fr pvc.
Example
View
Any view
LAPB and X.25 Configuration Commands 377
Parameter
None
Description
Using the display x25 xot command, you can view XOT link information.
You can use the command display x25 xot to view the detailed information
about all XOT links, including peer ip and port, local ip and port, keepalive setting
of socket and come/go interface names.
For the related commands, see x25 switch svc xot and x25 xot pvc.
Example
The above information indicates: there is one established XOT link via SVC, whose
peer IP is 10.1.1.1, peer port is 1998, local IP is 10.1.1.2, local port is 1024,
keepalive period of socket is 5 seconds, keepalive tries are 3, come interface name
is Serial0/0/0-10.1.1.1-1024 (XOT interface), and go interface name is Serial0/0/0.
View
Interface view
Parameter
n1-value: The value of the parameter N1 in bits, and its value ranges from 1096 to
12104.By default, the parameter N1 of LAPB is 12032.
Description
Using the lapb max-frame command, you can configure the LAPB parameter N1.
Using the undo lapb max-frame command, you can restore the default value.
N1 shall indicate the maximum bit of I frame that DCE or DTE wish to receive from
DTE or DCE, and its value is maximum transmission unit (MTU) plus the total bytes
of protocol header times 8, which stipulates the maximum length of transmission
frame.
378 CHAPTER 4: LINK LAYER PROTOCOL
Example
View
Interface view
Parameter
Description
Using the lapb modulo command, you can specify the LAPB frame numbering
view (also called modulo). Using the undo lapb modulo command, you can
restore the default value.
There are two LAPB frame numbering views: modulo 8 and modulo 128. Each
information frame (I frame) is numbered in sequence, ranging from 0 to the
modulo minus 1. In addition, sequential numbers will cycle within the range of
modulo.
Modulo 8 is a basic view, LAPB can implement all the standards via the view. It is
sufficient for most links.
Example
View
Interface view
LAPB and X.25 Configuration Commands 379
Parameter
n2-value: The value of N2, its value ranges from 1 to 255.By default, the
parameter N2 of LAPB is 10.
Description
Using the lapb retry command, you can configure LAPB parameter N2. Using the
undo lapb retry command, you can restore the default value.
The value of N2 indicates the maximum retries that DCE or DTE sends one frame
to DTE or DCE.
Example
View
Interface view
Parameter
t1-value: The value of timer T1 in ms, its value ranges from 1 to 64000ms.The
default value of T1 is 2000ms.
t3-value: Value of the timer T3 in ms, its value ranges from 0 to 255. The default
value of T3 is 0ms.
Description
Using the lapb timer command, you can configure the LAPB timers T1, T2 and
T3..Using the undo lapb timer command, you can restore their default values.
T3 is an idle channel timer, when it expires, the DCE reports to the packet layer
that the channel stays idle for a long time. T3 should be greater than the timer T1
(T3>T1) on a DCE. When T3 is 0, it indicates that it does not function yet.
380 CHAPTER 4: LINK LAYER PROTOCOL
Example
View
Interface view
Parameter
Description
Using the lapb window-size command, you can configure the LAPB window
parameter K. Using the undo lapb window-size command, you can restore the
default value of the LAPB window parameter K.
Example
View
Interface view
Parameter
ip: Indicates that the network layer protocol borne by LAPB is IP.
LAPB and X.25 Configuration Commands 381
Description
Using the link-protocol lapb command, you can specify the link layer protocol of
the interface as LAPB.
By default, DTE is the default LAPB operating mode. IP is the default network layer
protocol.
Example
Configure LAPB as the link layer protocol of the interface Serial 0/0/0, and enable
it to work in DCE mode.
View
Interface view
Parameter
letf: Based on the standard stipulation of the IETF RFC 1356, encapsulate IP or
other network protocols on the X.25 network.
Description
Using the link-protocol x25 command, you can encapsulate X.25 protocol to the
specified interface.
By default, the link-layer protocol for interface is PPP. When the interface uses
X.25 protocol, it works in DTE IETF mode by default.
If the X.25 switching function is not used, and two Routers are directly connected
back to back via the X.25 protocol, one Router shall work in DTE mode, while the
other shall work in DCE mode. When two Routers are connected via the X.25
public packet network, they shall generally work in DTE mode. If the X.25
switching function is used, the Router shall generally work in DCE mode.
382 CHAPTER 4: LINK LAYER PROTOCOL
Example
Specify X.25 as the link layer protocol of the interface Serial 0/0/0 that works in
DTE IETF mode.
pad Syntax
pad x121-address
View
User view
Parameter
Description
Using the pad command, you can establish a PAD connection with the remote
site.
Example
<03Com> pad 2
View
User view
Parameter
Description
For SVC, using the reset xot command, you can initiatively clear an XOT link.
For PVC, using reset xot command, you can initiatively reset an XOT link.
You can initiatively clear or reset the XOT link using the command reset xot.
When you clear or reset the XOT link, you can obtain the required ports using the
commands display x25 xot or display tcp status.
For the related commands, see display x25 vc, x25 switching, display x25 xot,
and display tcp status.
Example
View
Interface view
Parameter
match-type: Match type of the alias. There are 9 optional match types:
Description
Using the x25 alias-policy command, you can configure the alias of an X.121
address. Using the undo x25 alias-policy command, you can delete the alias of
an X.121 address.
When an X.25 call is forwarded between networks, different X.25 networks may
perform some operations on the destination addresses (that is, the called DTE
address) carried by this call packet, for example, regularly adding or deleting the
prefix and suffix. In this case, a user needs to set an interface alias for the router to
adapt this change. Please consult your ISP to learn if the network supports this
function before deciding whether the alias function is enabled or not.
For the details about the X.25 alias matching method, please see the chapter LAPB
and X.25 Configurations in Operation Manual.
For the related commands, see display x25 alias-policy and x25 x121-address.
Example
Configure the link-layer protocol on interface Serial0/0/0 as X.25 and its X.121
address to 20112451, and set two aliases with different match types for it.
With the above configurations, a call whose destination address is 20112451 can
be accepted as long as it can reach the local X.25 interface Serial0/0/0, no matter
whether the network is performing the prefix adding operation or suffix adding
operation.
View
Interface view
Parameter
■ roa-list name: Specifies an ROA list name configured by the command X25
roa-list in system view for the X.25 interface.
■ send-delay value: Specifies the maximum network send delay request while
calling from X.25 interface. You can set this request to any value ranging
from 0 to 65534 ms (including 0 and 65534).
■ threshold in out: Specifies throughput negotiation while calling from X.25
interface. The values of in/out are defined as 75, 150, 300, 600, 1200,
2400, 4800, 9600, 19200, and 48000.
■ window-size input-window-size output-window-size: Specifies the window
size negotiation while calling from X.25 interface. Window size negotiation
is a part of flow control parameter negotiation. It needs two parameters:
reception window size and transmission window size, which must be in the
range of 1 to modulo -1 (including 1 and modulo -1).The default values of
the two parameters are 2.
Description
Using the x25 call-facility command, you can set user options for an X.25
interface. After an option is set, all X.25 calls from the X.25 interface will carry the
relevant information field in call packet. Using the undo x25 call-facility
command, you can delete the set option.
The user facilities set via this command are available for all the calls originating
from this X.25 interface. You can set a user option for an X.25 call from a certain
address mapping through the command x25 map protocol-name protocol-address
x.121-address x.121-address [ option ].
Example
Specify the flow control parameter negotiation with the peer end for the calls
from the X.25 interface serial0/0/0.
View
Interface view
Parameter
Description
Using the x25 cug-service command, you can map the local CUG facility to the
network CUG. When the call with CUG facility meets CUG suppress conditions, it
will be processed. Using the undo x25 cug-service command, you can delete
CUG suppress. The command is used on DCE side, and you can use the command
link-protocol x25 dce to set DCE as the working mode of the interface.
For the related commands, see x25 call-facility and x25 local-cug.
Example
View
Interface view
Parameter
Description
Using the x25 default-protocol command, you can set the default upper-layer
protocol carried over X.25 for the X.25 interface. Using the undo x25
default-protocol command, you can restore the default upper-layer protocol.
During X.25 SVC setup, the called device will check the call user data field of X.25
call request packet. If it is an unidentifiable one, the called device will deny the
setup of the call connection. However, a user can specify a default upper-layer
protocol carried over X.25. When X.25 receives a call with unknown CUD, the call
can be treated based on the default upper-layer protocol specified by a user.
Example
Set the default upper-layer protocol over the X.25 interface Serial0/0/0 as IP.
LAPB and X.25 Configuration Commands 387
View
System view
Parameter
vc-number: Select call channel using the policy of computing available logical
channel.
Description
Using the x25 hunt-group command, you can create or enter an X.25 hunt
group. Using the undo x25 hunt-group command, you can delete the specified
X.25 hunt group.
X.25 hunt group supports two call channel selection policies: round-robin mode
and vc-number mode, and a hunt group only uses one channel selection policy.
The round-robin mode will select next interface or XOT channel inside hunt group
for each call request using cyclic selection method. The vc-number mode will
select the interface with the most idle-logical channels in hunt group for each call
request.
A hunt group can have 10 interfaces or XOT channels at most, and it may
nondistinctively select the available channels between interface and XOT channel.
XOT channel cannot join the hunt group that adopts the vc-number selection
policy.
Example
View
Interface view
Parameter
None
Description
Using the x25 ignore called-address command, you can enable it to ignore the
X.121 address of the called DTE when X.25 initiates calls. Using the undo x25
ignore called-address command, you can disable this function.
According to X.25, the calling request packet must carry the address bits.
However, on some occasions, the X.25 calling request does not have to carry the
called/calling DTE address in a specific network environment or as is required by
the application. This command enables users to specify whether the call request
packet sent by X.25 in the 3Com series routers carries the called DTE address.
For the related commands, see x25 response called-address, x25 response
calling-address, and x25 ignore calling-address.
Example
Specify the call request packet from the X.25 interface Serial0/0/0 not to carry the
called DTE address.
View
Interface view
Parameter
None
Description
Using the x25 ignore calling-address command, you can enable it to ignore the
X.121 address of the calling DTE when X.25 initiates calls. Using the undo x25
ignore calling-address command, you can disable this function.
According to X.25, the calling request packet must carry the address bits.
However, on some occasions, the X.25 calling request does not have to carry the
LAPB and X.25 Configuration Commands 389
For the related commands, see x25 response called-address, x25 response
calling-address, and x25 ignore called-address.
Example
Specify the call request packet from the X.25 interface Serial0/0/0 not to carry the
calling DTE address.
View
Interface view
Parameter
Description
Using the x25 local-cug command, you can define CUG suppress rules. Using the
undo x25 local-cug command, you can delete the rules. CUG suppress rules have
two: suppressing all CUG facilities and suppressing the mapping CUG facility
configured with preferential.
For the related commands, see x25 call-facility and x25 cug-service.
Example
Define the rule on the serial interface Serial0/0/0: the incoming calls with 100
local CUGs or 200 network CUGs are denied.
View
Interface view
Parameter
option: Specifies some attributes or user facilities for the address mapping.
Description
Using the x25 map command, you can set the address mapping between IP
address used by LANs and X.121 address. Using the undo x25 map command,
you can delete one existing mapping.
Since X.25 protocol can multiplex more logical virtual circuits on a physical
interface, you need to manually specify the mapping relation between all network
addresses and X.121 address.
Once you have specified an address mapping, its contents (including protocol
address, X.121 address and all options) cannot be changed. To make
modifications, you can first delete this address mapping via the undo x25 map
command, and then establish one new address mapping.
Two or more address mappings with an identical protocol address shall not exist
on the same X.25 interface.
For the related commands, see display x25 map, x25 reverse-charge-accept,
x25 call-facility, x25 timer idle, and x25 vc-per-map.
Example
Set two address mappings on the X.25 interfaces Serial0/0/0 and Serial1/0/0,
respectively, and the four address mappings have different attributes.
View
Interface view
Parameter
Description
Using the x25 modulo command, you can set the window modulus of an X.25
interface. Using the undo x25 modulo command, you can restore its default
window modulus.
The slip window is the basis for X.25 traffic control, and the key about the slip
window is that the sent packets are numbered cyclically in order and are to be
acknowledged by the peer end. The order in numbering refers to the ascending
order, like “…2, 3, 4, 5, 6…” “Cyclically” means that the numbering starts again
from the beginning when a certain number (called modulus) is reached. For
example, when the modulus is 8, the numbering goes “…4, 5, 6, 7, 0, 1…”.
X.25 defines two numbering modulus: 8 (also called the basic numbering) and
128 (also called extended numbering), and the X.25 of the 3Com series routers
supports both views.
For the related commands, see display interface, x25 call-facility, x25 map,
x25 pvc, x25 switch pvc, x25 xot pvc, x25 fr pvc, and x25 window-size.
Example
undo packet-size
View
Interface view
Parameter
input-packet: Maximum input packet length in bytes, its value ranges from 16 to
1024 (including 16 and 1024) and must be the integer power of 2.By default, the
maximum input packet length of X.25 interface is 128 bytes.
output-packet: Maximum output packet length in bytes, its value ranges from 16
to 1024 (including 16 and 1024) and must be the integer power of 2. By default,
the maximum output packet length of X.25 interface is 128 bytes.
LAPB and X.25 Configuration Commands 393
Description
Using the x25 packet-size command, you can set the maximum input and output
packet lengths of X.25 interface. Using the undo x25 packet-size command, you
can restore their default values.
For the related commands, see x25 call-facility, x25 pvc, x25 switch pvc, x25
xot pvc and x25 fr pvc.
Example
Set the maximum receiving packet length and maximum sending packet length
on X.25 interface Serial0/0/0 to 256 bytes.
View
Interface view
Parameter
pvc-number: PVC number, which must range from 1 to 4095 (including 1 and
4095), and must be in the PVC channel range.
Description
Using the x25 pvc command, you can configure one PVC route encapsulated with
datagram. Using the undo x25 pvc command, you can delete this route.
Before establishing PVCs, users should first enable the PVC channel section. The
section is between 1 and the latest unprohibited channel section PVC number
minus 1 (including 1 and the lowest PVC number minus 1). Naturally, if the lowest
PVC number is 1, the PVC section will be disabled naturally. The following table
shows some typical PVC sections.
Table 21 PVC channel section of some typical configurations
Example
Configure the link layer protocol on the interface Serial0/0/0 to X.25, enable PVC
channel section, and set two VCs.
LAPB and X.25 Configuration Commands 395
View
Interface view
Parameter
Description
Using the x25 queue-length command, you can set the data queue length on
X.25 VC. Using the undo x25 queue-length command, you can restore its
default value.
When the data traffic is too heavy, you can use this command to extend the
receiving queue and sending queue of the X.25 VC to avoid data loss that may
affect transmission performance. It should be noted here that modifying this
parameter would not affect the existing data queue of VC.
Example
Set the VC data queue length of the X.25 interface Serial0/0/0 to 75 datagrams.
View
Interface view
Parameter
count: The number of data packets that can be received before previous
acknowledgement, ranging from 0 to input window size. If it is set to 0 or the
input window size, this function will be disabled. If it is set to 1, X.25 of the 3Com
396 CHAPTER 4: LINK LAYER PROTOCOL
serial routers will send an acknowledgement for each correct packet received. By
default, the number of data packets that can be received on X.25 before previous
acknowledgement is 0.
Description
Using the x25 receive-threshold command, you can set the number of
receivable maximum packets before X.25 sends the acknowledged packet. Using
the undo x25 receive-threshold command, you can restore its default value.
After enabling this function, the 3Com series routers can send acknowledgement
to the peer router upon the receipt of some correct packets, even if the input
window is not yet full. If there is not much data traffic in users' application
environment and users pay more attention to the response speed, they can
appropriately adjust this parameter to meet the requirement.
Example
View
Interface view
Parameter
None
Description
Using the x25 response called-address command, you can enable X.25 to carry
the address information of the called DTE in sending call reception packet. Using
the undo x25 response called-address command, you can disable the above
function.
According to X.25, the call receiving packet of a call may or may not carry an
address code group, depending on the specific network requirements. This
command enables users to easily specify whether the call receiving packet of a call
sent by X.25 of the 3Com series routers carries the called DTE address.
For the related commands, see x25 response calling-address, x25 ignore
called-address, and x25 ignore calling-address.
LAPB and X.25 Configuration Commands 397
Example
Specify that the call receiving packet of a call sent from the X.25 interface
Serial0/0/0 carries the called DTE address.
View
Interface view
Parameter
None
Description
Using the x25 response calling-address command, you can enable X.25 to carry
the address information of the calling DTE in sending call reception packet. Using
the undo x25 response calling-address command, you can disable the above
function.
According to X.25, the call receiving packet of a call may or may not carry an
address code group, depending on the specific network requirements. This
command enables users to easily specify whether the call receiving packet of a call
sent by X.25 of the 3Com series routers carries the calling DTE address.
For the related commands, see x25 response called-address, x25 ignore
called-address, and x25 ignore calling-address.
Example
Specify that the call receiving packet of a call sent from the X.25 interface
Serial0/0/0 carries the calling DTE address.
x25 Syntax
reverse-charge-accept
x25 reverse-charge-accept
View
Interface view
398 CHAPTER 4: LINK LAYER PROTOCOL
Parameter
None
Description
Using the x25 reverse-charge-accept command, you can enable this interface to
accept the call with “reverse charging request”, the information added by some
certain user facilities. Using the undo x25 reverse-charge-accept command, you
can disable this above function.
This function does not affect any call without “reverse charging request”.
If you enable this function on an X.25 interface, all these calls that reach the
interface will be accepted. If you enable this function for a certain address
mapping by the option reverse-charge-accept in the command x25 map, only such
calls that reach the interface and map this address will be accepted, while other
calls (carrying reverse charging request, and not mapping this address) will be
cleared.
Example
Set the “accepting calls with reverse charging request” function on interface
Serial0/0/0.
View
System view
Parameter
id: ID specified for this ROA, and its value ranges from 0 to 9999. You can specify
multiple IDs for the ROA.
Description
Using the x25 roa-list command, you can define ROA list. Using the undo x25
roa-list command, you can delete ROA list items.
You can configure multiple (0 to 20) ROAs, and each ROA can be specified with
multiple(1 to 10) IDs. After configuring ROA, you can cite it by its name in the
commands x25 call-facility or x25 map.
For the related commands, see x25 call-facility and x25 map.
Example
Define two ROA lists, and cite them on the interfaces Serial 0/0/0 and Serial 1/0/0.
View
Interface view
Parameter
pvc-number1: PVC number on the input interface, and its value ranges from 1 to
4095.
pvc-number2: PVC number on the output interface, and its value ranges from 1 to
4095.
Description
Using the x25 switch pvc (packet switching) command, you can configure one
PVC route. Using the undo x25 switch pvc command, you can delete one PVC
route.
Based on the X.25 switching configuration, you can use the 3Com series Routers
as a simple X.25 switch. When PVC switching is configured, the link layer
protocols on the input and output interfaces must be X.25. Moreover, the
specified PVCs on the two interfaces have been presented and enabled. Note that
PVC switching cannot be configured on the X.25 sub-interface.
For the related commands, see display x25 vc and x25 switching.
Example
Perform the packet switching between PVC1 on the Serial0/0/0 and PVC1 on the
Serial1/0/0.
View
System view
Parameter
Description
Using the x25 switch svc hunt-group command, you can add an X.25 switching
route whose forwarding address is a hunt group. Using the undo x25 switch svc
hunt-group command, you can delete the specified X.25 switching route.
After the X.25 switching route whose forwarding address is a hunt group is
configured, the relevant X.25 call request packet will be forwarded to different
interfaces or XOT channels in the specified hunt group, so as to implement the
load sharing under X.25 protocol.
Table 22 X.121 mode matching rules
Matchable
Wildcard characters Matching rules Example character string
* Matching zero fo* fo, foo, fooo
or more
previous
characters
+ Matching zero fo+ fo, foo, fooo
or more
previous
characters
^ Matching the ^hell hell, hello, hellaaa
beginning of the
entered
characters
$ Matching the ar$ ar, car, hear
end of the
entered
characters
\char Matching a b\+ b+
single character
specified by
char.
. Matching l.st last, lbst, lost
arbitrary single
character
.* Matching fo.* fo, foo, fot
arbitrary zero or
more characters.
.+ Matching fo.+ foo, fot, foot
arbitrary one or
more characters.
Example
Add an X.25 switching route, whose destination address is 8888 and forwarding
address is the hunt group hg1, and substitute the destination address with 9999.
402 CHAPTER 4: LINK LAYER PROTOCOL
[3Com] x25 switch svc 111 sub-dest 9999 sub-source 8888 hunt-group hg1
View
System view
Parameter
xot-option: XOT channel parameter option. For the specific configuration, see XOT
channel parameter option.
Description
Using the x25 switch svc xot command, you can add an X.25 switching route
whose forwarding address is XOT channel. Using the undo x25 switch svc xot
command, you can delete the specified X.25 switching route.
After configuring the XOT switching command of X.25 SVC, a user can cross IP
network from the local X.25 network to implement the interconnection with the
remote X.25 network. If a user configures the keepalive attribute, the link
detection for XOT will be supported.
Table 24 XOT channel parameter option
Option Explanation
timer seconds Keepalive timer delay of XOT connection. The timer sends the
keepalive packet upon timeout to detect the connection
availability. Its value ranges from 1 to 3600.
retry times Number of maximum retries of sending keepalive. If the number
exceeds times, the XOT connection will be disconnected. Its value
ranges from 3 to 3600.
source interface-type Interface name of initiating XOT connection
interface-name
LAPB and X.25 Configuration Commands 403
For the related commands, see x25 switch svc interface, display x25
switch-table svc, and x25 switching.
Example
View
System view
Parameter
None
Description
Using the x25 switching command, you can enable the X.25 switching function.
Using the undo x25 switching command, you can disable this function, which
will not affect the established VC switching function.
X.25 packet switching is used to accept packets from an X.25 interface and send
them to a certain interface based on the destination information contained in the
packets. The Router can be used as a small-sized packet switch by the packet layer
switching function.
For the related commands, see x25 pvc, x25 switch pvc, x25 xot pvc, x25 fr
pvc, x25 switch svc, display x25 vc, and display x25 switch-table svc.
Example
View
Interface view
404 CHAPTER 4: LINK LAYER PROTOCOL
Parameter
minutes: Value of delay time in minutes, and its value ranges from 0 to 1000. If
the previous call failed at one destination, the X.25 won’t send calls to such a
destination again within the time set by this command.
Description
Using the x25 timer hold command, you can set the delay to send calls to a
destination with failed calls. Using the undo x25 timer hold command, you can
restore its default value.
Frequently sending call requests to a wrong destination (which does not exist or is
faulty) will deteriorate the operating efficiency of the 3Com series router. The use
of this function can avoid this problem to a certain extent. If this parameter is set
to 0, it is equal to disabling the function. In addition, this function is only effective
to the calls originated from the local. That is to say, this parameter is meaningless
when the X.25 operates in the switching mode.
Example
View
Interface view
Parameter
minutes: Maximum idle time of SVC in minutes, and its value ranges from 0 to
255.By default, this value is 0.
Description
Using the x25 timer idle command, you can set the maximum idle time of the
SVC on the interface. Using the undo x25 timer idle command, you can restore
its default value.
When a SVC stays idle (no data transmission) for a period (the period length is
decided by the parameter), the router will clear this SVC automatically. If this
parameter is set to 0, this SVC will be reserved no matter how long it stays idle.
LAPB and X.25 Configuration Commands 405
The configuration of this parameter will affect all the SVCs on this X.25 interface.
Also users can set the maximum idle time for a SVC attached to this address
mapping through the option in the command x25 map.
For PVC or the established SVC for X.25 switching, the command will be disabled.
Example
Set the maximum idle time of the SVC on the interface Serial 0/0/0 to 10 minutes.
View
Interface view
Parameter
seconds: Delay time for the X.25 restarting timer in seconds. It ranges 0 to 1000.
By default, the delay on the X.25 DTE restarting timer is 180 seconds and that on
the DCE timer is 60 seconds.
Description
Using the x25 timer tx0 command, you can set the restart/retransmission timer
delay for DTE (or DCE). Using the undo x25 timer tx0 command, you can restore
their default values.
According to X.25, a timer should be started when a DTE sends a restart request
(or a DCE sends a restart indication). If no peer acknowledgement is received after
this timer is timeout, the sending end will take some measures to guarantee the
normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.
For the related commands, see x25 timer tx1, x25 timer tx2, and x25 timer
tx3.
Example
Set the restarting timer delay on the X.25 interface Serial0/0/0 to 120 seconds.
View
Interface view
Parameter
Description
Using the x25 timer tx1 command, you can set calling request (indication)
transmission timer delay for DTE (or DCE). Using the undo x25 timer tx1
command, you can restore its default value.
According to X.25, a timer should be started when a DTE sends a call request (or a
DCE sends a call indication). If no peer acknowledgement is received after this
timer is timeout, the sending end will take some measures to guarantee the
normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.
For the related commands, see x25 timer tx0, x25 timer tx2, and x25 timer
tx3.
Example
Set the timer delay on the X.25 interface Serial0/0/0 to 100 seconds.
View
Interface view
Parameter
seconds: Delay time of resetting request (indication) timer in seconds, and its value
ranges from 0 to 1000. By default, the delay time on a DTE reset timer is 180
seconds; that on a DCE reset timer is 60 seconds.
Description
Using the x25 timer tx2 command, you can set resetting request (indication)
transmission timer delay for DTE (or DCE). Using the undo x25 timer tx2
command, you can restore its default value.
According to X.25, a timer should be started when a DTE sends a reset request (or
a DCE sends a reset indication). If no peer acknowledgement is received after this
timer is timeout, the sending end will take some measures to guarantee the
LAPB and X.25 Configuration Commands 407
normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.
For the related commands, see x25 timer tx0, x25 timer tx1, and x25 timer
tx3.
Example
Set the reset timer delay on the X.25 interface Serial0/0/0 to 120 seconds.
View
Interface view
Parameter
Description
Using the x25 timer tx3 command, you can set clearing request (indication)
transmission timer delay for DTE (or DCE). Using the undo x25 timer tx3
command, you can restore its default value.
According to X.25, a timer should be started when a DTE sends a clear request (or
a DCE sends a clear indication). If no peer acknowledgement is received after this
timer is timeout, the sending end will take some measures to guarantee the
normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.
For the related commands, see x25 timer tx0, x25 timer tx1, and x25 timer
tx2.
Example
Set the delay time of clearing timer on the X.25 interface Serial0/0/0 to 100
seconds.
View
Interface view
Parameter
count: Maximum number of VCs, and its value ranges from 1 to 8.By default, its
value is 1.
Description
Using the x25 vc-per-map command, you can set the maximum number of VCs
for connections with the same destination device. Using the undo x25
vc-per-map command, you can restore their default values.
If the parameter is greater than 1, and the sending window and the sending
queue of VC are filled full, the system will create a new VC to the same
destination. If the new VC cannot be created, the datagram will be discarded.
For the related commands, see display interface and x25 map.
Example
Set the maximum value of VCs on the X.25 interface Serial 0/0/0 to 3.
View
Interface view
Parameter
ltc htc: Lowest and highest two-way channels of X.25 VC, and its value ranges
from 0 to 4095. If htc (highest two-way channel) is set to 0, ltc (lowest two-way
channel) must also be set to 0, which indicates that the two-way channel section is
disabled. By default, the htc of X.25 VC is 1024.
lic hic: Lowest and highest incoming-only channels of X.25 VC, and its value
ranges from 0 to 4095.If hic (highest incoming-only channel) is set to 0, lic (lowest
incoming-only channel) must also be set to 0, which indicates that the
incoming-only channel section is disabled. By default, the hic in X.25 VC range is
0.
loc hoc: Lowest and highest outgoing-only channels of X.25 VC, and its value
ranges from 0 to 4095. If hoc (highest outgoing-only channel) is set to 0, loc
(lowest outgoing-only channel) must also be set to 0, which indicates that the
outgoing-only channel section is disabled. By default, the hoc in X.25 VC range is
0.
LAPB and X.25 Configuration Commands 409
Description
Using the x25 vc-range command, you can set highest and lowest values of X.25
VC range. Using the undo x25 vc-range command, you can restore their default
values.
Example
Configure the link layer protocol on the interface Serial 0/0/0 to X.25, enable
incoming-only channel section and two-way channel section and disable outgoing
–only channel section. After executing a series of commands, the three sections
are [1, 7], [8, 1024] and [0, 0], respectively.
View
Interface view
Parameter
Description
Using the x25 window-size command, you can set the sizes of input and output
windows on the interface X.25. Using the undo x25 window-size command,
you can restore their default values.
Please consult users' ISP about the sending and receiving window sizes. Unless
supported by the network, do not set these two parameters to different values.
For the related commands, see display interface, x25 map, x25 pvc, x25
switch pvc, x25 xot pvc, x25 fr pvc, and x25 receive-threshold.
Example
Set the receiving and sending window sizes on the X.25 interface Serial0/0/0 to 5.
View
Interface view
Parameter
Description
Using the x25 x121-address command, you can set the X.121 address of an X.25
interface. Using the undo x25 x121-address command, you can delete the
address.
If the Router is accessed to X.25 public packet network, the ISP must assign a valid
X.121 address to it. If two Routers are only directly connected back to back, a user
can randomly specify the valid X.121 address. If you only wants the Router to
work in switching mode, the X.121 address needs not to be configured.
When you reconfigure an X.121 address for an X.25 interface, you need not
delete the original X.121 address, because the new address will overwrite the old
one. After an X.25 interface is re-configured, the original X.121 address will be
deleted. So the X.121 address must be re-configured to work properly.
Note: For the format of the X.121 address and the dynamic conversion between IP
address and X.121 address, please refer to ITU-T Recommendation X.121 and the
relative RFC document.
Example
Configure the link layer protocol on the interface Serial 0/0/0 as X.25, and X.121
address as 20112451.
View
Interface view
Parameter
pvc-number1: Number of PVC on the local interface, and its value ranges from 1
to 4095.
pvc-number2: Number of PVC on the peer interface, and its value ranges from 1
to 4095.
interface type number: Type and number of interface, and the interface type can
only be Serial.
xot-option: Option of XOT channel parameter. For the specific configuration, see
XOT channel parameter option.
Description
Using the x25 xot pvc command, you can add a PVC route of XOT. Using the
undo x25 pvc command, you can delete the specified PVC route of XOT.
After configuring the XOT switching command of X.25 PVC, a user can cross IP
network from the local X.25 network to implement the interconnection with the
remote X.25 network. If a user configures the keepalive attribute, the link
detection for XOT will be supported.
For the related commands, see display x25 vc and x25 switching.
412 CHAPTER 4: LINK LAYER PROTOCOL
Example
View
System view
Parameter
seconds: Delay time in seconds, and its value ranges from 5 to 2147483. The delay
of waiting for response after inviting PAD clear procedure, its default value is 5.
Description
Using the x29 timer inviteclear-time command, you can set the delay of waiting
for response after inviting PAD clear procedure. After exceeding the time, the
system will forcedly exit from the PAC connection and start x.25 clear procedure.
Example
IP Address
Configuration
Commands
View
Any view
Parameter
Description
Using the display ip interface command, you can display the running condition
of all the interfaces.
Example
3Com<3Com> display ip interface Ethernet6/0/0
The following information is displayed: the current physical link state of Ethernet
6/0/0 is UP, the protocol of link layer is UP, the IP address is 5.5.5.5, the broadcast
address is 0.0.0.0, the maximum transmit unit is 1500 bytes and some other
information about packets receiving/sending via this interface.
ip address Syntax
ip address ip-address net-mask [ sub ]
414 CHAPTER 5: NETWORK PROTOCOL
View
Interface view
Parameter
Description
Using the ip address command, you can set an IP address for an interface. Using
the undo ip address command, you can delete an IP address of the interface.
IP address is classified into five types, and users can select proper IP subnet
according to actual conditions. Moreover, in the case that part of the host address
is composed of 0, or the entire host address is composed of 1, the address has
some special use and can not be used as an ordinary IP address.
Under normal conditions, one interface only needs to be configured with one IP
address. However, to enable one interface of a router to connect to several
subnets, one interface can be configured with several IP addresses. Among them,
one is master IP address, and others are slave IP addresses. The following is the
relationship between the master and slave IP addresses:
The command undo ip address without parameters indicates to delete all the
IP addresses of the interface. The command undo ip address ip-address
net-mask indicates to delete the master IP address, and undo ip address
ip-address net-mask sub indicates to delete the slave address. All the slave
addresses must be deleted before the master IP address can be deleted.
In addition, any two IP addresses configured for all interfaces on a router cannot
be located in the same subnet.
Example
Configure the interface Serial 0/0/0 with the master IP address as 129.102.0.1, the
slave IP address is 202.38.160.1, and the subnet mask of both is 255.255.255.0.
IP Address Configuration Commands 415
ip address Syntax
ppp-negotiate
ip address ppp-negotiate
View
Interface view
Parameter
None
Description
Example
View
Interface view
Parameter
Description
This command is used to enable serial interfaces encapsulated with PPP, HDLC,
Frame Relay, SLIP and Tunnel to borrow the IP addresses from the Ethernet
interface or other interfaces.
Example
Display how to make the serial interface 0/0/0 encapsulated with PPP borrow the
unnumbered IP address from Ethernet interface 0/0/0.
View
Interface view
Parameter
ip-address: IP address.
Description
Using the remote address command, you can configure to assign IP address for
the peer interface. Using the undo remote address command, you can disable
the IP address assigned for the peer interface.
By default, the interface does not assign address for the peer interface.
When an interface is encapsulated with PPP, but not configured with IP address,
perform the following task to configure the negotiable attribute of IP address for
this interface (configuring the ip address ppp-negotiate command on local
router while configuring the remote address command on the peer router), so that
the local interface can accept the IP address originated from PPP negotiation. This
IP address is assigned by the opposite end. This configuration is mainly used to
obtain IP address assigned by ISP when accessing Internet via ISP.
ARP Configuration Commands 417
Example
The serial interface encapsulated with PPP assigns an IP address 10.0.0.1 for the
peer.
ARP Configuration
Commands
View
System view
Parameter
Description
Using the arp static command, you can configure ARP mapping table. And using
the undo arp command, you can delete mapping items corresponding to some
addresses in the ARP mapping table.
By default, the mapping table of the system ARP is empty and the address
mapping can be obtained through dynamic ARP.
For the related commands, see arp static and display arp.
Example
View
System view
Parameter
None
Description
Using the arp check enable command, you can enable ARP entry check to have
the device not learn the ARP entries with broadcast MAC addresses. Using the
undo arp check enable command, you can disable ARP entry check to have the
system learn the ARP entries with broadcast MAC addresses.
By default, ARP entry check is enabled. The device does not learn the ARP entries
with broadcast MAC addresses.
Example
Enable ARP entry check.
[Router] arp check enable
View
User view
Parameter
None
Description
Using the debugging arp packet command, you can enable ARP packets
debugging; and using the undo debugging arp packet command, you can
disable the function.
Example
View
Any view
Parameter
Description
Using the display arp command, you can view the ARP mapping table.
For the related commands, see arp static and reset arp.
Example
View
User view
Parameter
Description
Using the reset arp command, you can clear the ARP entries in the ARP mapping
table.
For the related commands, see arp static and display arp.
Example
The following example shows how to delete the dynamic entries in the ARP
mapping table on Ethernet 0/0/0.
View
Ethernet interface view
Parameter
None
Description
Using the arp-proxy enable command, you can enable proxy ARP on an interface.
Using the undo arp-proxy enable command, you can disable proxy arp on the
interface.
This command is applied on Ethernet interface. As for the hosts in the same hop
but on different physical networks, the proxy ARP function hides the fact that the
physical network are separated, and makes the user feel like he is on the same and
one physical network.
Example
Enable proxy ARP at Ethernet 0/0/0.
[Router-Ethernet0/0/0]arp-proxy enable
Static Domain Name Resolution 421
View
Any view
Parameter
None
Description
Using the display ip host command, you can display all the host names and their
corresponding IP addresses.
Example
ip host Syntax
ip host hostname ip-address
View
System view
Parameter
hostname: The name of a host, a character string with its length from 1 to 20.
Description
Using the ip host command, you can configure the IP address corresponding to a
host name; while using the undo ip host command, you can remove the IP
address corresponding to a host name.
By default, the static domain name table is empty, i.e. there’s no host name and IP
address pair.
422 CHAPTER 5: NETWORK PROTOCOL
Example
DNS Client
Configuration
Commands
View
System view
Parameter
None
Description
Using the dns resolve command, you can enable DNS resolving. Using the undo
dns resolve command, you can disable DNS resolving.
By default, DNS resolving is disabled.
Example
Enable DNS resolving.
[Router] dns resolve
View
System view
DNS Client Configuration Commands 423
Parameter
ip-address: IP address of a DNS server.
Description
Using the dns server command, you can configure IP address of a DNS server.
Using the undo dns server command, you can delete IP address of a DNS server.
Example
Configure IP address of a DNS server.
[Router] dns server 10.110.66.1
Delete IP address of a specified DNS server.
[Router] undo dns server 10.110.66.1
Delete IP addresses of all the DNS servers.
[Router] undo dns server
View
System view
Parameter
domain-name: DNS domain name.
Description
Using the dns domain command, you can configure a DNS domain name. Using
the undo dns domain command, you can delete one or all DNS domain names.
Example
Configure a DNS domain name.
[Router] dns domain huawei-3com.com
Delete a specified DNS domain name.
[Router] undo dns domain huawei-3com.com
Delete all the DNS domain names.
[Router] undo dns domain
View
Any view
Parameter
dynamic: displays DNS domain names that are dynamically obtained through
DHCP or by other means.
Description
Using the display dns domain command, you can view the DNS domain names
that are manually configured. Using the display dns domain dynamic command,
424 CHAPTER 5: NETWORK PROTOCOL
you can view the DNS domain names that are dynamically obtained through DHCP
or other protocols.
Example
Display the DNS domain names that are manually configured.
[Router] display dns domain
No Domain-name
0 3com.com
View
Any view
Parameter
dynamic: displays DNS server addresses that are dynamically obtained through
DHCP or other protocols.
Description
Using the display dns server command, you can view the DNS server addresses
manually configured. Using the display dns server dynamic command, you can
view the DNS server addresses that are dynamically obtained through DHCP or
other protocols.
Example
Display the DNS server addresses that are dynamically obtained.
[Router]display dns server dynamic
Domain-server IpAddress
0 10.72.66.36
View
Any view
Parameter
None
DNS Client Configuration Commands 425
Description
Using the display dns dynamic-host command, you can view the current contents
in the domain name cache of the DNS client.
The DNS client retains the result of each successful domain name resolution in its
cache. If it receives the same resolving request later, it first looks up the cache for a
match. And if no match is found, it sends a domain name resolving request to the
DNS server. You can use this command to view the current contents in the buffer.
Example
Display the current contents in the domain name cache of the DNS client.
[Router]display dns dynamic-host
No Domain-name Ipaddress TTL Alias
0 www.baidu.com 202.108.249.134 63000
1 www.yahoo.akadns.net 66.94.230.39 24
2 www.hotmail.com 207.68.172.239 3585
3 www.eyou.com 61.136.62.70 3591
View
User view
Parameter
None
Description
Using the reset dns dynamic-host command, you can clear the current contents in
the domain name cache of the DNS client.
Example
Clear the current contents in the domain name cache of the DNS client.
[Router]reset dns dynamic-host
View
User view
Parameter
None
Description
Using the debugging dns command, you can enable DNS client debugging. Using
the undo debugging dns command, you can disable DNS client debugging.
By default, DNS client debugging is disabled.
426 CHAPTER 5: NETWORK PROTOCOL
Example
Enable DNS client debugging.
<Router>debugging dns
<Router>undo debugging dns
DHCP Public
Configuration
Commands
View
System view
Parameter
None
Description
Using the dhcp enable command, you can enable DHCP services. Using the undo
dhcp enable command, you can disable DHCP services.
Before you can configure DHCP, you must enable DHCP services. This
configuration is essential to both DHCP server and DHCP relay.
Example
View
Interface view
Parameter
global: The address DHCP client gets is the one selected by the local DHCP server
from a global address pool upon the receipt of the DHCP request from the client.
DHCP Public Configuration Commands 427
interface: The address DHCP client gets is the one selected by the local DHCP
server from an interface address pool upon the receipt of the DHCP request from
the client.
relay: The address DHCP client gets is allocated by an external DHCP server.
Description
Using the dhcp select command in interface view, you can select a method for
disposing the DHCP packets destined to the local device. Using the undo dhcp
select command in interface view, you can restore the default setting.
By default, DHCP packets destined to the local device will be sent to the internal
server and the clients sending them will be allocated with addresses selected from
a global address pool (in global approach).
For the related command, see dhcp select (in system view).
Example
Allocate addresses selected from an interface address pool on the internal DHCP
server to the clients sending DHCP packets destined to the local device.
View
System view
Parameter
global: The address DHCP client gets is the one selected by the local DHCP server
from a global address pool upon the receipt of the DHCP request from the client.
interface: The address DHCP client gets is the one selected by the local DHCP
server from an interface address pool upon the receipt of the DHCP request from
the client.
relay: The address DHCP client gets is allocated by an external DHCP server.
Description
Using the dhcp select command in system view, you can select a method for
multiple interfaces in a specified range to dispose the DHCP packets destined to
428 CHAPTER 5: NETWORK PROTOCOL
the local device. Using the undo dhcp select command in system view, you can
restore the default setting.
By default, DHCP packets destined to the local device will be sent to the internal
server and the clients sending them will be allocated with addresses selected from
a global address pool (in global approach).
For the related command, see dhcp select (in interface view).
Example
View
Interface view
Parameter
None
Description
Using the dhcp server detect command, you can enable pseudo-DHCP-server
detection. Using the undo dhcp server detect command, you can disable the
function.
By default, pseudo-DHCP-server detection is disabled.
Example
Enable pseudo DHCP server detection on the interface Ethernet 2/0/0.
[3Com-Ethernet2/0/0] dhcp server detect
DHCP Server
Configuration
Commands
View
User view
DHCP Server Configuration Commands 429
Parameter
error: Error debugging on the DHCP server, specifically, the debugging on the
errors that occur when the DHCP server processes DHCP packets, allocates
addresses, etc.
events: Event debugging on the DHCP server, specifically, the debugging on the
events such as address allocation, ping detection timeout, etc.
packet: DHCP packet debugging, specifically, the debugging on the packets that
the DHCP server has received and sent and on the ping packets sent for the
purpose of detection and the received response packets.
Description
Using the debugging dhcp server command, you can enable debugging on the
DHCP server. Using the undo debugging dhcp server command, you can
disable debugging.
By default, debugging is disabled on the DHCP server.
Example
Enable event debugging on the DHCP server.
<3Com> debugging dhcp server events
*0.62496500-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: ICMP Timeout
*0.62496583-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Still Need to ICMP detect for 1 times
*0.62497000-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: ICMP Timeout
*0.62497083-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: All Try finished
*0.62497166-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Ack User's Lease
View
Interface view
Parameter
Description
Using the dhcp server dns-list command in interface view, you can configure
DNS IP addresses for an interface configured with a DHCP address pool. Using the
undo dns-list command in interface view, you can delete the configuration.
By default, no DNS address is configured.
By far, only up to eight DNS server addresses can be set in each DHCP address
pool.
For the related commands, see dhcp server dns-list (in system view), dhcp
server ip-pool, and dns-list.
Example
Configure the DNS server address 1.1.1.254 for the DHCP address pool of the
interface Ethernet1/0/0.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server dns-list 1.1.1.254
View
System view
Parameter
all: In the undo form of the command, the first “all” refers to all the Gateway
(GW) addresses and the second, all the interfaces.
Description
Using the dhcp server dns-list command in system view, you can assign DNS IP
addresses to the DHCP address pool of multiple interfaces in a specified range.
Using the undo dns-list command in system view, you can delete the
configuration.
By default, no DNS address is configured.
Only up to eight DNS server addresses, by far, can be set in each DHCP address
pool.
For the related commands, see dhcp server dns-list (in interface view), dhcp
server ip-pool, and dns-list.
Example
Assign the DNS server address 1.1.1.254 to the DHCP address pool of the
interfaces in the range of Ethernet1/0/0.0 to Ethernet2/0/0.5.
[3Com] dhcp server dns-list 1.1.1.254 interface ethernet 2/0/0.0 to ethernet 2/0/0.5
View
Interface view
Parameter
domain-name: Domain name that the DHCP server allocates to clients, which is a
string comprising at least three characters and at most 50 characters.
Description
Using the dhcp server domain-name command in interface view, you can
configure the domain name that the DHCP address pool of the current interface
allocates to clients. Using the undo dhcp server domain-name command in
interface view, you can delete the configured domain name.
By default, no domain name has been allocated to DHCP clients and domain name
is null.
For the related commands, see dhcp server ip-pool, dhcp server domain-name
(in system view), and domain-name.
Example
View
System view
Parameter
domain-name: Domain name that the DHCP server allocates to clients, which is a
string comprising 3 to 50 characters.
Description
Using the dhcp server domain-name command in system view, you can
configure the domain name that the DHCP address pool of the interfaces in a
specified range allocates to DHCP clients. Using the undo dhcp server
domain-name command in system view, you can delete the configured domain
name.
By default, no domain name is configured for clients.
After configuring this command you cannot view the configuration of the
command by executing the display current-configuration command. By
executing the dhcp server domain-name command respectively on the specified
interfaces, you can fulfill the batch configurations of the command.
For the related command, see dhcp server ip-pool.
Example
Configure eth2_1_5.com.cn as the domain name in the interface DHCP address
pool of the interfaces Ethernet2/0/0.1 through Ethernet2/0/0.5.
[3Com] dhcp server domain-name eth1_0_0.com.cn interface ethernet 2/0/0.1 to
ethernet 2/0/0.5
View
Interface view
Parameter
Description
Using the dhcp server expired command in interface view, you can configure a
valid period allowed for leasing IP addresses in the current interface DHCP address
pool. Using the undo dhcp server expired command in interface view, you can
restore the default setting.
By default, the leasing valid period is one day.
For the related commands, see dhcp server ip-pool, dhcp server expired (in
system view), and expired.
Example
Set the valid period for leasing IP addresses in the interface address pool
maintained by Ethernet1/0/0 to unlimited.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server expired unlimited
View
System view
Parameter
Description
Using the dhcp server expired command in system view, you can configure a
valid period allowed for leasing IP addresses in the interface DHCP address pool of
the interfaces in a specified range. Using the undo dhcp server expired
command in system view, you can restore the default setting.
By default, the leasing valid period is one day.
434 CHAPTER 5: NETWORK PROTOCOL
After configuring this command, you cannot view the configuration by executing
the display current-configuration command. By calling the dhcp server
expired command respectively on the specified interfaces, you can fulfill the
batch configurations of the command.
For the related commands, see dhcp server ip-pool, dhcp server expired (in
interface view), and expired.
Example
Set the valid period for leasing IP addresses in the interface address pool of the
interfaces in the range of Ethernet2/0/0.1 to Ethernet2/0/0.5 to unlimited.
[3Com] dhcp server expired unlimited interface ethernet 2/0/0.1 to ethernet 2/0/0.5
View
System view
Parameter
low-ip-address: The low IP address that does not participate in the auto-allocation.
Description
Using the dhcp server forbidden-ip command, you can exclude IP addresses in a
specified range to participate in the auto-allocation. Using the undo dhcp server
forbidden-ip command, you can delete the configuration.
By default, all the IP addresses in address pools participate in the auto-allocation.
You can configure multiple IP address ranges that do not participate in the
auto-allocation. Before using the undo dhcp server forbidden-ip command to
delete the setting, you must make sure that you are using exactly the same
parameters that you have configured. In other words, you cannot delete only
some addresses from the configured range.
For the related commands, see dhcp server ip-pool, network, and static-bind
ip-address.
Example
Reserve the IP addresses in the range of 10.110.1.1 to 10.110.1.63 so that these
addresses will not participate in the address auto-allocation.
[3Com] dhcp server forbidden-ip 10.110.1.1 10.110.1.63
View
System view
Parameter
pool-name: Address pool name uniquely identifying an address pool, which is a
string comprising at least one character and 35 characters at most.
Description
Using the dhcp server ip-pool command, you can create a DHCP address pool
and access the DHCP address pool view. Using the undo dhcp server ip-pool
command, you can delete the specified address pool.
By default, no DHCP address pool is created.
If the specified address pool has existed, executing the dhcp server ip-pool
command will directly access the DHCP address pool view. If the address pool does
not exist, the DHCP server will create it before accessing the DHCP address pool
view. Each DHCP server is allowed to configure multiple address pools, but no
more than 50.
For the related commands, see dhcp enable, expired, and network.
Example
Create DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0]
View
Interface view
Parameter
Description
Using the dhcp server nbns-list command in interface view, you can configure
NetBIOS server addresses in the DHCP address pool of current interface. Using the
undo dns-list command in interface view, you can delete the configuration.
By default, no NetBIOS address is configured.
By far, only up to eight NetBIOS addresses can be configured in each DHCP
address pool.
For the related commands, see dhcp server ip-pool, dhcp server nbns-list (in
system view), nbns-list, and netbios-type.
436 CHAPTER 5: NETWORK PROTOCOL
Example
In the DHCP address pool of Ethernet1/0/0, allocate the NetBIOS server at
10.12.1.99 to the clients.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server nbns-list 10.12.1.99
View
System view
Parameter
all: In the undo form of the command, the first “all” refers to all the NetBIOS
server addresses and the second, all the interfaces.
Description
Using the dhcp server nbns-list command in system view, you can configure
NetBIOS server addresses for the clients that get ip address from the DHCP address
pool of the interfaces in a specified range. Using the undo dhcp server nbns-list
command in system view, you can delete the configuration.
By default, no NetBIOS address is configured.
By far, only up to eight NetBIOS addresses can be configured in each DHCP
address pool.
After configuring this command, you cannot view the configuration by executing
the display current-configuration command. By calling the dhcp server
nbns-list command respectively on the specified interfaces, you can fulfill the
batch configurations of the command.
For the related commands, see dhcp server ip-pool, dhcp server nbns-list (in
interface view), nbns-list, and netbios-type.
Example
In the DHCP address pool of interfaces in the range of Ethernet2/0/0.1 to
Ethernet2/0/0.5, assign the NetBIOS server at 10.12.1.99 to the clients.
[3Com] dhcp server nbns-list 10.12.1.99 interface ethernet 2/0/0.1 to ethernet 2/0/0.5
DHCP Server Configuration Commands 437
View
Interface view
Parameter
m-node: Mixed (m) mode, i.e., the mode of type b nodes running “peer-to-peer”
communications mechanism.
h-node: Hybrid (h) mode, i.e., the mode of type p nodes possessing some of the
broadcast features.
Description
Using the dhcp server netbios-type command in interface view, you can
configure the NetBIOS node type of the DHCP clients of the current interface.
Using the undo dhcp server netbios-type command in interface view, you can
restore the default setting.
By default, clients adopt type h node (h-node).
Hostname-IP maps are required in the event that DHCP clients use the NetBIOS
protocol on a WAN.
For the related commands, see dhcp server ip-pool, netbios-type, dhcp server
netbios-type (in system view), and nbns-list.
Example
In the DHCP address pool of Ethernet1/0/0, set the NetBIOS node type of its clients
to p-node.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server netbios-type p-node
View
System view
Parameter
m-node: Mixed (m) mode, i.e., the mode of type b nodes running “peer-to-peer”
communications mechanism.
h-node: Hybrid (h) mode, i.e., the mode of type p nodes possessing some of the
broadcast features.
Description
Using the dhcp server netbios-type command in system view, you can configure
a NetBIOS node type for the DHCP clients of the interfaces in a specified range.
Using the undo dhcp server netbios-type command in system view, you can
restore the default setting.
By default, clients adopt type h node (h-node).
Hostname-IP maps are required in the event that DHCP clients use the NetBIOS
protocol on a WAN.
After configuring this command, you cannot view the configuration by executing
the display current-configuration command. By calling dhcp server
netbios-type respectively on the specified interfaces, you can fulfill the batch
configurations of the command.
For the related commands, see dhcp server ip-pool, netbios-type, dhcp server
netbios-type, and nbns-list.
Example
In the DHCP address pool of interfaces in the range of Ethernet2/0/0.1 to
Ethernet2/0/0.5, set the NetBIOS node type of clients to p-node.
[3Com] dhcp server netbios-type p-node interface ethernet 2/0/0.1 to ethernet 2/0/0.5
View
Interface view
Parameter
Description
Using the dhcp server option command in interface view, you can configure a
DHCP self-defined option for the DHCP address pool of the current interface.
Using the undo dhcp server option command in interface view, you can delete
the configuration.
For the related commands, see option and dhcp server option (in system
view).
Example
Define the hexadecimal strings of the option code 100 to 0x11 and 0x22 for the
DHCP address pool of the interface Ethernet1/0/0.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server option 100 hex 11 22
View
System view
Parameter
Description
Using the dhcp server option command in system view, you can configure a
DHCP self-defined option for the interfaces in a specified range. Using the undo
dhcp server option command in system view, you can delete the configuration.
After configuring this command, you cannot view the configuration by executing
the display current-configuration command. By calling dhcp server option
respectively on the specified interfaces, you can fulfill the batch configurations of
the command.
For the related commands, see dhcp server option (in interface view) and
option.
440 CHAPTER 5: NETWORK PROTOCOL
Example
Define the hexadecimal strings of the option code 100 to 0x11 and 0x22 for the
interface DHCP address pool of the interfaces in the range of Ethernet2/0/0.1 to
Ethernet2/0/0.5.
[3Com] dhcp server option 100 hex 11 22 interface ethernet 2/0/0.1 to ethernet 2/0/0.5
View
System view
Parameter
packets number: The maximum number of ping packets allowed to be sent, which
is in the range of 0 to 10 and defaults to 2, with 0 indicating that no ping
operation will be performed.
timeout milliseconds: The longest time period that the DHCP server waits for the
response to each ping packet, which is in the range of 0 to 10000 milliseconds
and defaults to 500 milliseconds.
Description
Using the dhcp server ping command, you can configure the maximum number
of ping packets that the DHCP server is allowed to send and the longest time
period that the DHCP server should wait for the response to each ping packet.
Using the undo dhcp server ping command, you can restore the default
settings.
To prevent the address collision resulted from repeated IP address allocation, DHCP
server sends ping packets to detect that an address is available.
Example
Allow the DHCP server to send up to ten ping packets and wait 500 milliseconds
(the default setting) for the response to each packet.
[3Com] dhcp server ping packets 10
View
Interface view
Parameter
Description
Using the dhcp server static-bind command, you can configure a static address
binding in the DHCP address pool of the current interface. Using the undo dhcp
server static-bind command, you can delete the configuration.
By default, static address binding is not configured in any interface address pool.
Example
Statically bind the MAC address 0000-e03f-0305 with the IP address 10.1.1.1.
[3Com-Ethernet1/0/0] dhcp server static-bind 10.1.1.1 0000-e03f-0305
View
Any view
Parameter
Description
Using the display dhcp server conflict command, you can view the DHCP
address conflict statistics, including the information in conflicted IP address,
conflict detection type, conflict time, etc.
If no optional parameter has been specified, the information displayed will depend
on the current view:
■ In Ethernet interface view, the information displayed is concerned with the
address pool of the current interface.
■ In any other views, the information displayed is concerned with all the
address pools.
Example
View the DHCP address conflict statistics.
<3Com> display dhcp server conflict
Address Discover Time
10.110.1.2 Jan 11 2003 11:57: 7 PM
Table 1 Description of the information displayed by executing display dhcp server conflict
View
Any view
Parameter
pool-name: Name of a global address pool. All the global address pools will apply
if no address pool has been specified.
interface-name: Interface address pool. All the interface address pools will apply if
no interface has been specified.
Description
Using the display dhcp server expired command, you can view the expired
address leases in a DHCP address pool. In certain conditions, the addresses of the
expired leases will be allocated to other DHCP clients.
Example
View the expired leases in DHCP address pools.
<3Com> display dhcp server expired all
Global pool:
IP address Hardware address Lease expiration Type
Interface pool:
IP address Hardware address Lease expiration Type
DHCP Server Configuration Commands 443
Table 2 Description of the information displayed by executing display dhcp server expired
View
Any view
Parameter
None
Description
Using the display dhcp server free-ip command, you can view the ranges of
available addresses in DHCP address pools, i.e., information of the IP addresses
that have not been allocated yet.
Example
View the ranges of the available addresses in DHCP address pools.
<3Com> display dhcp server free-ip
IP Range from 1.0.0.0 to 2.2.2.1
IP Range from 2.2.2.3 to 2.255.255.255
IP Range from 4.0.0.0 to 4.255.255.255
IP Range from 5.5.5.0 to 5.5.5.0
IP Range from 5.5.5.2 to 5.5.5.255
View
Any view
Parameter
pool-name: Specifies a global address pool. If no global address pool has been
specified, the bound addresses in all the global address pools will be displayed.
444 CHAPTER 5: NETWORK PROTOCOL
Description
Using the display dhcp server ip-in-use command, you can view the address
binding information of DHCP clients, such as the information in hardware address,
IP address, and address lease expiration.
If no optional parameter has been specified, the information output by executing
the command will be:
■ In Ethernet interface view, the information in the address pool of the
current interface.
■ In any other views, the information in all the address pools.
For the related command, see reset dhcp server ip-in-use.
Example
View the DHCP address binding information.
<3Com> display dhcp server ip-in-use all
Global pool:
IP address Hardware address Lease expiration Type
2.2.2.2 44444-4444-4444 NOT Used Manual
Interface pool:
IP address Hardware address Lease expiration Type
5.5.5.1 0050-ba28-930a Jun 5 2003 10:56: 7 AM Auto:COMMITED
Table 3 Description of the information output by executing display dhcp server ip-in-use
View
Any view
Parameter
None
Description
Using the display dhcp server statistics command, you can view the statistics on
the DHCP server, including such information as number of DHCP address pools,
automatically or manually bound address and expired addresses, number of
unknown packets, number of DHCP request packets, and number of response
packets.
DHCP Server Configuration Commands 445
Example
View the statistic information on the DHCP server.
<3Com> display dhcp server statistics
Global Pool:
Pool Number: 5
Binding
Auto: 0
Manual: 1
Expire: 0
Interface Pool:
Pool Number: 1
Binding
Auto: 1
Manual: 0
Expire: 0
Boot Request: 6
Dhcp Discover: 1
Dhcp Request: 4
Dhcp Decline: 0
Dhcp Release: 1
Dhcp Inform: 0
Boot Reply: 4
Dhcp Offer: 1
Dhcp Ack: 3
Dhcp Nak: 0
Bad Messages: 0
Table 4 Description of the information output by executing display dhcp server statistics
View
Any view
Parameter
pool-name: Name of a global address pool. All the global address pools will apply
if no address pool has been specified.
interface-name: Interface address pool. All the interface address pools will apply if
no interface has been specified.
Description
Using the display dhcp server tree command, you can view the tree-structure
information of DHCP address pools, including the address pool at each node,
option, address lease period, and DNS server information.
If no optional parameter has been specified, the information output by executing
the command will be:
■ In Ethernet interface view, the information displayed is concerned with the
address pool of the current interface.
■ In any other views, the information in all the address pools.
Example
View the tree-structure information of DHCP address pools.
<3Com> display dhcp server tree all
Global pool:
Pool name: 5 network 10.10.1.0 255.255.255.0
Child node:6
Sibling node:7
option 1 ip-address 255.0.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 6 host 10.10.1.2 255.0.0.0
hardware-address 1111.2222.3333 ethernet
Parent node:5
option 1 ip-address 255.255.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 7 network 10.10.1.64 255.255.255.192
PrevSibling node:5
Sibling node:8
option 1 ip-address 255.0.0.0
Pool name: 8 network 20.10.1.1 255.255.255.0
Child node:9
PrevSibling node:7
option 1 ip-address 255.0.0.0
gateway-list 2.2.2.2
DHCP Server Configuration Commands 447
nbns-list 3.3.3.3
netbios-type m-node
expired 2 0 0
option 58 hex 00 01 51 80
option 59 hex 00 00 00 3C
Pool name: 9 network 30.10.1.64 255.255.255.0
Parent node:8
option 1 ip-address 255.0.0.0
gateway-list 2.2.2.2
dns-list 1.1.1.1
domain-name 444444
nbns-list 3.3.3.3
netbios-type m-node
expired 2 0 0
option 58 hex 00 01 51 80
option 59 hex 00 00 00 3C
Interface pool:
Pool name: Ethernet11/2/0
network 5.5.5.0 mask 255.255.255.0
option 1 ip-address 255.255.255.0
gateway-list 5.5.5.5
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Table 5 Description of the information output by executing display dhcp server tree
Table 5 Description of the information output by executing display dhcp server tree
dns-list Syntax
dns-list ip-address [ ip-address ]
undo dns-list { ip-address | all }
View
DHCP address pool view
Parameter
ip-address: IP address of the DNS. You can configure up to eight IP addresses
separated by spaces in a command.
Description
Using the dns-list command, you can configure DNS server IP addresses in a
global DHCP address pool. Using the undo dns-list command, you can delete the
configuration.
By default, no DNS server address is configured.
By far, only up to eight DNS server addresses can be set in each DHCP address
pool.
For the related commands, see dhcp server dns-list interface, dhcp server
dns-list, and dhcp server ip-pool.
Example
Specify 1.1.1.254 as a DNS server address for DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] dns-list 1.1.1.254
domain-name Syntax
domain-name domain-name
undo domain-name domain-name
View
DHCP address pool view
DHCP Server Configuration Commands 449
Parameter
domain-name: Domain name that the DHCP server allocates to clients, which is a
string comprising at least three characters and at most 50 characters.
Description
Using the domain-name command, you can configure the domain name that a
global address pool of the DHCP server allocates to clients. Using the undo
domain-name command, you can delete the configured domain name.
By default, no domain name has been allocated to DHCP clients and domain name
is null.
For the related commands, see dhcp server ip-pool, dhcp server domain-name
interface, and dhcp server domain-name.
Example
Set the domain name of DHCP address pool 0 to mydomain.com.cn.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] domain-name mydomain.com.cn
expired Syntax
expired { day day [ hour hour [ minute minute ] ] | unlimited }
undo expired
View
DHCP address pool view
Parameter
Description
Using the expired command, you can configure a valid period allowed for leasing
IP addresses in a global DHCP address pool. Using the undo expired command,
you can restore the default setting.
By default, the leasing valid period is one day.
For the related commands, see dhcp server ip-pool, dhcp server expired, and
dhcp server expired interface.
Example
Set the IP address lease period of global address pool 0 to three minutes, two
hours, and one day.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] expired 1 2 3
450 CHAPTER 5: NETWORK PROTOCOL
gateway-list Syntax
gateway-list ip-address [ ip-address ]
undo gateway-list { ip-address | all }
View
DHCP address pool view
Parameter
Description
Using the gateway-list command, you can configure IP addresses of the egress
GW routers used by DHCP clients. Using the undo gateway-list command, you
can delete the configuration.
By default, no egress GW router is configured.
For the related commands, see dhcp server ip-pool and network.
Example
Associate the egress GW router at 10.110.1.99 with DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] gateway-list 10.110.1.99
nbns-list Syntax
nbns-list ip-address [ ip-address ]
undo nbns-list { ip-address | all }
View
DHCP address pool view
Parameter
Description
Using the nbns-list command, you can configure NetBIOS server addresses in a
global DHCP address pool for the clients. Using the undo nbns-list command,
you can remove the configured NetBIOS server addresses.
By default, no NetBIOS address is configured.
By far, only up to eight NetBIOS addresses can be configured in each DHCP
address pool.
For the related commands, see dhcp server ip-pool, dhcp server nbns-list,
dhcp server nbns-list interface, and netbios-type.
DHCP Server Configuration Commands 451
Example
In the DHCP address pool 0, allocate the NetBIOS server at 10.12.1.99 to the
clients.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] nbns-list 10.12.1.99
netbios-type Syntax
netbios-type { b-node | h-node | m-node | p-node }
undo netbios-type
View
DHCP address pool view
Parameter
m-node: Mixed (m) mode, i.e., the mode of type b nodes running “peer-to-peer”
communications mechanism.
h-node: Hybrid (h) mode, i.e., the mode of type p nodes possessing some of the
broadcast features.
Description
Using the netbios-type command, you can configure the NetBIOS node type of
the clients of a global DHCP address pool. Using the undo netbios-type
command, you can restore the default setting.
By default, clients adopt type h node (h-node).
For the related commands, see dhcp server ip-pool, dhcp server netbios-type
(in interface view), dhcp server netbios-type (in system view), and
nbns-list.
Example
Specify b-node as the NetBIOS node type of clients of DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] netbios-type b-node
network Syntax
network ip-address [ mask netmask ]
undo network
View
DHCP address pool view
452 CHAPTER 5: NETWORK PROTOCOL
Parameter
ip-address: The subnet address of an IP address pool used for dynamic allocation.
mask netmask: Network mask of the IP address pool. Natural mask will be
adopted if the parameter is not specified.
Description
Using the network command, you can configure an IP address range used for
dynamic allocation. Using the undo network command, you can delete the
configuration.
By default, no IP address range has been configured for dynamic allocation.
Each DHCP address pool can be configured with a network segment and the new
configuration will replace the old one. If the system requires several such address
segments, you should configure them in multiple address pools.
For the related commands, see dhcp server ip-pool and dhcp server
forbidden-ip.
Example
Use 192.168.8.0/24 as the address space for DHCP address pool 0.
[3Com-dhcp-0] network 192.168.8.0 mask 255.255.255.0
option Syntax
option code { ascii ascii-string | hex hex-string | ip-address ip-address }
undo option code
View
DHCP address pool view
Parameter
Description
Using the option command, you can configure the self-defined options for a
DHCP global address pool. Using the undo option command, you can delete the
DHCP self-defined options.
New options are emerging along with the development of DHCP. In order to
accommodate these options, manual option addition is supported so that they can
be added into the attribute list maintained by the DHCP server.
For the related commands, see dhcp server option (in interface view) and
dhcp server option interface (in system view).
DHCP Server Configuration Commands 453
Example
Define the hexadecimal strings of the option code 100 to 0x11 and 0x22.
[3Com-dhcp-0] option 100 hex 11 22
View
User view
Parameter
Description
Using the reset dhcp server conflict command, you can clear the statistics about
DHCP address collision.
In the case that no parameter has been specified when the command is
configured, the scope in which the command takes effect will depend on the view
in which the command is executed:
■ If the command is executed in Ethernet interface view, it will take effect on
the address pool of the current interface.
■ If the command is executed in any other views, it will take effect on all the
address pools.
For the related command, see display dhcp server conflict.
Example
Clear all the address collision statistics.
<3Com> reset dhcp server conflict
View
User view
Parameter
pool-name: Specifies a global address pool. All the global address pools will apply
if no address pool has been specified.
Description
Using the reset dhcp server ip-in-use command, you can clear the DHCP
dynamic address binding information.
In the case that no parameter has been specified when the command is
configured, the scope in which the command takes effect will depend on the view
in which the command is executed:
■ If the command is executed in Ethernet interface view, it will take effect on
the address pool of the current interface.
■ If the command is executed in any other views, it will take effect on all the
address pools.
Example
Clear the binding information of the address 10.110.1.1.
<3Com> reset dhcp server ip-in-use ip 10.110.1.1
View
User view
Parameter
None
Description
Using the reset dhcp server statistics command, you can clear the statistics on
the DHCP server, including such information as number of DHCP address pools,
automatically and manually bound addresses and expired addresses, number of
unknown packets, number of DHCP request packets, and number of response
packets.
For the related command, see display dhcp server statistics.
Example
Clear statistic information of the DHCP server.
<3Com> reset dhcp server statistics
View
DHCP address pool view
Parameter
Description
Using the static-bind ip-address command, you can bind an IP address statically.
Using the undo static-bind ip-address command, you can delete the statically
bound IP address.
By default, no IP address is bound statically.
The commands static-bind ip-address and static-bind mac-address must be
used in pairs so that an IP address and a MAC address can be bound together.
For the related commands, see dhcp server ip-pool, network, and static-bind
mac-address.
Example
Bind the PC at the MAC address 0000-e03f-0305 with the IP address 10.1.1.1
using the mask 255.255.255.0.
[3Com-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
[3Com-dhcp-0] static-bind mac-address 0000-e03f-0305
View
DHCP address pool view
Parameter
mac-address: The host MAC address to be bound, which is in the format of
H-H-H.
Description
Using the static-bind mac-address command, you can bind a MAC address
statically. Using the undo static-bind mac-address command, you can delete the
statically bound MAC address.
By default, no MAC address is bound statically.
The commands static-bind mac-address and static-bind ip-address must be
used in pairs so that a MAC address and an IP address can be bound together.
For the related commands, see dhcp server ip-pool, and static-bind
ip-address.
Example
Bind the PC at the MAC address 0000-e03f-0305 with the IP address 10.1.1.1
using the mask 255.255.255.0.
[3Com-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
[3Com-dhcp-0] static-bind mac-address 0000-e03f-0305
456 CHAPTER 5: NETWORK PROTOCOL
DHCP Client
Configuration
Commands
View
User view
Parameter
event: Protocol events of the DHCP client, which include address allocation and
data updating.
all: Enables debugging of the DHCP client in all the information (event, packet,
and error).
Description
Using the debugging dhcp client command, you can enable debugging on the
DHCP client. Using the undo debugging dhcp client command, you can disable
debugging on the DHCP client. By default, DHCP client debugging is disabled.
Example
Enable event debugging on the DHCP client.
<3Com>debugging dhcp client event
View
Any view
Parameter
verbose: Statistic details of the DHCP client.
Description
Using the display dhcp client command, you can display the statistic information
of the DHCP client. Executing the command attached without the keyword
parameter verbose will display only the brief address allocation information on the
DHCP client.
Example
Display the statistic details of the DHCP client.
[3Com] display dhcp client verbose
DHCP Client Configuration Commands 457
Item Description
Ethernet0/0 Interface where the client is allowed to dynamically obtain an IP
address
Current machine state State of the client state machine
Alloced IP IP address allocated to the client
lease Lease period
T1 Duration of the renewal timer
T2 Duration of the rebinding timer
Lease from….to…. The starting time and the end time of the lease
Server IP The selected DHCP server address
Transaction ID Transaction ID
458 CHAPTER 5: NETWORK PROTOCOL
Item Description
Client ID User ID
Default router GW address
DNS server DNS server address
Domain name Domain name
Requested IP The requested IP address
Offered IP The provided IP address
View
Interface view
Parameter
None
Description
Using the ip address dhcp-alloc command, you can allocate local IP addresses by
making use of DHCP. Using the undo ip address dhcp-alloc command, you can
disable the allocation of local IP addresses via DHCP negotiation. This command
must be configured and executed in Ethernet interface (including subinterface)
view.
By default, DHCP negotiation is not used for the allocation of local IP addresses.
Example
Adopt DHCP negotiation for the allocation of local IP addresses on Ethernet0/0/0.
[3Com-Ethernet0/0/0] ip address dhcp-alloc
DHCP Relay
Configuration
Commands
View
User view
Parameter
None
DHCP Relay Configuration Commands 459
Description
Using the debugging dhcp relay command, you can enable debugging on the
DHCP-relay module. Using the undo debugging dhcp relay command, you can
disable DHCP-relay module debugging.
Example
Enable DHCP-relay module debugging.
<3Com>debugging dhcp relay
View
Interface view
System view
Parameter
mac-address: MAC address of the DHCP client, which is in the format of H-H-H.
Description
Using the dhcp relay release command, you can send an IP address releasing
request to a DHCP server via the DHCP relay.
Given that no IP address of DHCP server has been specified, release packets will be
sent either to all the DHCP servers, if this command is configured in system view,
or to all the relay addresses configured on an interface, if this command is
configured in the interface view.
Example
Send a release packet to the DHCP server at 10.110.91.174, requesting to release
the IP address 192.2.2.25, which was offered to the client whose MAC address is
0050-ba34-2000.
[3Com] dhcp relay release 192.2.2.25 0050-ba34-2000 10.110.91.174
View
Any view
Parameter
Description
Using the display dhcp relay address command, you can view the DHCP relay
address configuration of an interface.
For the related commands, see ip relay address and ip relay address interface.
Example
View the DHCP relay address configurations of all the interfaces.
<3Com> display dhcp relay address all
** Ethernet11/2/0 DHCP Relay Address **
Relay Address [0] : 3.3.3.3
View
Any view
Parameter
None
Description
Using the display dhcp relay statistics command, you can view the statistics of
DHCP relay in packet errors, DHCP packets received from clients, DHCP packets
received from and sent to servers, and DHCP packets sent to clients (including
unicast and broadcast packets).
Example
View DHCP relay statistics.
<3Com> display dhcp relay statistics
Bad Packets recieved: 0
DHCP packets received from clients: 0
DHCP DISCOVER packets received: 0
DHCP REQUEST packets received: 0
DHCP INFORM packets received: 0
DHCP DECLINE packets received: 0
DHCP packets received from servers: 0
DHCP OFFER packets received: 0
DHCP ACK packets received: 0
DHCP NAK packets received: 0
DHCP packets sent to servers: 0
DHCP packets sent to clients: 0
Unicast packets sent to clients: 0
View
Interface view
DHCP Relay Configuration Commands 461
Parameter
ip-address: IP relay address in dot-deliminated decimal format.
Description
Using the ip relay address command, you can specify the exact location of a
DHCP server by configuring an IP relay address for it. Using the undo ip relay
address command, you can delete one or all relay IP addresses used by an
interface.
By default, no relay IP address has been configured.
Executing undo ip relay address without ip-address will delete all the relay IP
addresses configured on the current interface.
As the packets sent by DHCP client machines in some phases of DHCP are
broadcast packets, the interfaces configured with relay IP addresses must support
broadcast. In other words, this command can be used on the broadcast-supported
network interfaces, Ethernet interfaces for example.
Example
Add two relay IP addresses on Ethernet 0/0/0.
[3Com-Ethernet0/0/0] ip relay address 202.38.1.2
[3Com-Ethernet0/0/0] ip relay address 202.38.1.3
View
System view
Parameter
None
Description
Using the ip relay address cycle command, you can adopt the polling approach
to relay packets, ensuring that different clients use different DHCP servers and the
same clients use the same DHCP server so long as it is possible. Using the undo ip
relay address cycle command, you can adopt the broadcast approach to relay
packets to broadcast client requests to all the DHCP servers.
By default, the broadcast approach is adopted.
Suppose that there are three clients, i.e., A, B, and C, and the DHCP server has
been configured with three relay addresses, i.e., S1, S2, and S3. If the polling
approach is adopted to relay packets, A, B, and C will respectively use the relay
addresses S1, S2, and S3. If A is shut down and restarted again, it will continue to
use S1. But if a client other than these three clients started, it will use S1. Thus, the
relay addresses will be used cyclically.
For the related command, see ip relay address.
462 CHAPTER 5: NETWORK PROTOCOL
Example
Adopt the polling approach to relay.
[3Com] ip relay address cycle
View
System view
Parameter
all: In the undo form of the command, the first “all” refers to all the relay
addresses and the second all, the interfaces.
Description
Using the ip relay address interface command, you can configure a relay
address for the Ethernet interfaces in a specified range for the purpose of
transparent forwarding. Using the undo ip relay address interface command,
you can delete the configured relay address.
By default, no relay IP address has been configured on any Ethernet interface.
For the related command, see ip relay address.
Example
Add a relay IP address for the interfaces in the range of Ethernet2/0/0.1 to
Ethernet2/0/0.5.
[3Com] ip relay address 202.38.1.2 interface ethernet 2/0/0.1 to ethernet 2/0/0.5
View
User view
Parameter
None
Description
Using the reset dhcp relay statistics command, you can clear the DHCP relay
statistics.
For the related command, see display dhcp relay statistics.
IP Performance Configuration Commands 463
Example
Clear the DHCP relay statistics.
<3Com> reset dhcp relay statistics
IP Performance
Configuration
Commands
debugging ip Syntax
debugging ip { icmp | packet [ acl { acl-number1 | acl-number2 } ] }
undo debugging ip { icmp | packet }
View
User view
Parameter
acl-number2: ACL in the range of 1 to 199. The ACL in the range of 1 to 99 is the
basic ACL and that in the range of 100 to 199 is the advanced ACL.
Description
Using debugging ip icmp command, you can enable the ICMP debugging. Using
the undo debugging ip icmp command, you can disable the ICMP debugging.
The debugging ip packet command is used to enable the IP packet debugging.
The filtration to the debugging information can be accomplished by filtering the IP
packets via acl. Using the undo debugging ip packet command, you can disable
the IP packet debugging.
Example
Enable the IP debugging.
View
User view
Parameter
Description
Using the debugging tcp event command, you can enable TCP events
debugging. And using the undo debugging tcp event command, you can
disable TCP events debugging.
There is a limit for the number of debugging switches enabled, that is, only a fixed
number of debugging switches can be enabled at one time (combination of task
ID and socket ID). In addition, when TCP is enabled to receive connection request
reactively, a new socket will be created to establish that connection, and some
programs will create a new task to process the connection, like Telnet server. So, to
view information about a connection, such parameters as task_id and socket_id
cannot be used for filtering.
Example
Enable debugging of TCP events.
<3Com> debugging tcp event
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 0,
TCPCB 0x02c6fd74 created
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 1,
state CLOSED changed to SYN_SENT
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 1,
sending SYN, seq = 74249530,
LA = 127.0.0.1:1025, FA = 1.1.1.1:23
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 1,
advertising MSS = 512,
LA = 127.0.0.1:1025, FA = 1.1.1.1:23
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = VTYD(9), socketid = 0,
received MSS = 512,
LA = 1.1.1.1:23, FA = 127.0.0.1:1025
*0.50959090-SOCKET-8-TCP EVENT:
733759463: sending RST to 2.2.2.1:11022
*0.1293330-SOCKET-8-TCP EVENT:
1043495346: task = Co0(2), socketid = 1,
connection refused because remote sent RST!
LA = 1.1.1.1:1026, FA = 1.1.1.2:21
<3Com> display debugging
TCP:
IP Performance Configuration Commands 465
View
User view
Parameter
None
Description
Using the debugging tcp md5 command, you can enable the MD5
authentication debugging of the TCP connection. Using the undo debugging
tcp md5 command, you can disable the MD5 authentication debugging of the
TCP connection.
Example
Enable the MD5 authentication debugging of the TCP connection.
<3Com> debugging tcp md5
View
User view
Parameter
Description
Using the debugging tcp packet command, you can enable the debugging of
TCP connection. The number of debugging switches users can enable is limited,
that is, at the same time only a fixed number of debugging switches can be
enabled (combination of task ID and socket ID). Using the undo debugging tcp
packet command, you can disable the debugging of TCP connection.
Example
Enable the debugging of TCP connection.
<3Com> debugging tcp packet
<3Com> display debugging
*0.100070-SOCKET-8-TCP PACKET:
1043204051: Input: Co0(5) socketId = 2, state = SYN_SENT,
src = 127.0.0.1:1025, dst = 2.2.2.2:23,
seq = 11084380, ack = 0, optlen = 4, flag = SYN ,
466 CHAPTER 5: NETWORK PROTOCOL
window = 8192
1043204051: Output: Co0(5) SocketId = 2, State = SYN_SENT,
src = 127.0.0.1:1025, Dst = 2.2.2.2:23,
Seq = 11084380, Ack = 0, Datalen = 4, Flag = ACK PSH ,
Window = 8192
1043204051: Retrans: Co0(5) SocketId = 2, State = SYN_SENT,
Src = 127.0.0.1:1025, Dst = 2.2.2.2:23,
Seq = 11084380, Ack = 0, Optlen = 4, Flag = SYN ,
Window = 8192
View
User view
Parameter
Description
Using the debugging udp packet command, you can enable the debugging of
UDP connection. The number of debugging switches users can enable is limited,
that is, at the same time only a fixed number of debugging switches can be
enabled (combination of task ID and socket ID). Using the undo debugging udp
packet command, you can disable the debugging of UDP connection.
Example
Enable the debugging of UDP connection.
<3Com> debugging udp packet
<3Com> display debugging
*0.377770-SOCKET-8-UDP:
1043494431: Output: task = ROUT(6), socketid = 3,
src = 1.1.1.1:520, dst = 255.255.255.255:520, datalen = 24,
View
Any view
Parameter
None
Description
Using the display fib command, you can view the summary of the Forwarding
Information Base.
IP Performance Configuration Commands 467
This command outputs the Forwarding Information Base in a list, in which each
line represents one route. The following points are included:
■ a Destination address/mask length
■ a Next hop
■ The current flag, which is expressed in the combination of G, H and U. G
represents Gateway, H is Host (host route), and U is UP (available).
■ a Time stamp
■ an Outbound interface
Example
Display the summary of the forwarding information base.
<3Com> display fib
Destination/MaskNexthopFlagTimeStampIInterface
80.10.0.2/3280.10.0.2GHUt[0]Serial2/0/0
80.10.255.255/32127.0.0.1HUt[0]InLoopBack0
80.10.0.0/1680.10.0.1Ut[0]Serial2/0/0
80.50.0.2/3280.50.0.2GHUt[0]Serial2/0/0
80.50.255.255/32127.0.0.1HUt[0]InLoopBack0
View
Any view
Parameter
Description
Using the display fib acl command, you can filter and display FIB information.
According to ACL number or name entered, you can display the FIB table entries
matching the filtering rules in a format.
A standard ACL name must be input if the ACL is expressed in name; otherwise,
the system will prompt an abnormal entering. When the ACL name or number
ranging from 1 to 99 is entered, the corresponding ACL will be searched. If no
ACL is found, all FIB table entries information will be displayed; and if such an ACL
is found, the FIB table entries information will be output in a format.
If the number of FIB table entries matching the filtering rules is 0, the following
information will be output:
Route entry matched by access-list 2:
Summary count: 0
If the number of FIB table entries matching the filtering rules is not 0, the FIB table
entry information will be output in the following format:
Summary count: 1
Destination/MaskNexthopFlagTimeStampInterface
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0
Example
Display the FIB table entries matched by the ACL.
<3Com> display fib acl 10
Route entry matched by access-list 10:
Summary counts: 1
Destination/MaskNexthopFlagTimeStampInterface
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0
View
Any view
Parameter
text: Character.
Description
Using the display fib command, you can output the lines related to the line
containing the character string text in the buffer according to the regular
expression.
Using the display fib | begin text command, you can view the lines beginning
from the line containing the character string text to the end line of the buffer.
Using the display fib | include text command, you can just view the lines
containing the character string text.
Using the display fib | exclude text command, you can view the lines not
containing the character string text.
Example
Display the lines beginning from the line containing the character string
“169.254.0.0” to the end line of the buffer:
<3Com> display fib | begin 169.254.0.0
Destination/MaskNexthopFlagTimeStampInterface
169.254.0.0/162.1.1.1Ut[0]Ethernet0/0/0
2.0.0.0/16 2.1.1.1 U t[0]Ethernet0/0/0
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0
Display all the lines not containing the character string ”169.254.0.0”:
IP Performance Configuration Commands 469
View
Any view
Parameter
Description
Using the display fib ip-prefix command, you can filter and display FIB
information. According to the name of prefix-list entered, you can display the FIB
entries matching the filtering rules in the prefix list in a format.
If there is no FIB table entry matching the prefix list, the prompt information will
be displayed that the number of FIB entry matched by the prefix list is 0. If the
name of ip-prefix cannot be found, all FIB table entries will be displayed; if the FIB
table entries after filtering is not 0, they will be output in a format.
If no FIB table entry matching the prefix list, the following information will be
output:
Route entry matched by prefix-list abc1:
Summary count: 0
If the number of FIB table entries after filtering is not 0, FIB table entry information
will be output in the following format:
Example
Display the FIB table entries matched by the prefix list abc0.
<3Com> display fib ip-prefix abc0
Route Entry matched by prefix-list abc0:
Summary count: 4
Destination/MaskNexthopFlagTimeStampInterface
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0
127.0.0.1/32127.0.0.1Ut[0]InLoopBack0
169.0.0.0/82.1.1.1SU t[0]Ethernet 0/0/0
169.0.0.0/152.1.1.1SUt[0]Ethernet 0/0/0
1. Using the above command, you can display the FIB table entries matching the
destination address. Different parameters selected leads to different matching
methods.
2. Using the above command, you can display the FIB table entries whose
destination address ranges from dest-addr1 dest-mask1 to dest-addr2
dest-mask2, including the FIB entries exactly matching dest-addr1 dest-mask1 and
dest-addr2 dest-mask2.
View
Any view
Parameter
Description
Different parameters selected leads to different matching methods;
■ display fib dest-addr: According to the destination address, if FIB table
entries can be found within the range of natural mask, all the subnets will
be displayed. Otherwise, only the FIB table entries found by operating the
longest match will be displayed,
■ display fib dest-addr dest-mask: The FIB table entries exactly matching the
destination address and mask are displayed,
■ display fib dest-addr longer: The FIB table entries matching the destination
addresses within the range of natural mask,
■ display fib dest-addr dest-mask longer: The FIB table entries matching the
destination IP addresses within the entered mask rang,.
■ The display fib dest-addr1 dest-mask1 dest-addr2 dest-mask2
command is used to display FIB table entries whose destination address is
within the range from dest-addr1 dest-mask1 to dest-addr2 dest-mask2.
Example
Display the FIB table entries whose destination address matches169.253.0.0
longest with the natural mask range.
<3Com> display fib 169.253.0.0
Destination/MaskNexthopFlagTimeStampInterface
IP Performance Configuration Commands 471
169.0.0.0/162.1.1.1 Ut[0]Ethernet0/0/0
Display the FIB entries whose destination address is within the range from
69.254.0.0/16 to 169.254.0.6/16.
View
Any view
Parameter
None
Description
Using the display fib statistics command, you can display the total numbers of
FIB table entries.
Example
Display the total numbers of FIB table entries.
<3Com> display fib statistics
Route Entry Count : 30
display ip Syntax
fast-forwarding cache display ip fast-forwarding cache
View
Any view
Parameter
None
Description
Using the display ip fast-forwarding cache command, you can view the
information on the fast-forwarding table.
Example
Display the information of the fast-forwarding table.
[Router] display ip fast-forwarding cache
Fast-Forwarding cache:
Index SrIP SrPort DsIP DsPort Pro Input_If Output_If FLAG
600:0 1.1.3.149 1463 10.10.26.30 23 6 Ethernet0/0/0 Ethernet1/0/0 81
The above information indicates that the latest cache contains the data flow from
port 1463 at 1.1.3.149 to port 23 at 10.10.26.30, with a protocol number 6, i.e.
the TCP data, ingress is Ethernet0/0/0 and the egress is Ethernet1/0/0.
472 CHAPTER 5: NETWORK PROTOCOL
View
Any view
Parameter
Description
Using the display ip interface command, you can view the information of IP
interfaces.
By default, if no interface is specified, the information about all IP interfaces will
be displayed.
This command is used to display all the information related to IP on the interface.
The information is helpful for fault diagnosis. For the related command, see
display interface.
Example
Display IP-related information at the interface Serial 0/0/0.
<3Com> display ip interface Serial 0/0/0
Serial 0/0/0 current state : UP
Line protocol current state : UP
Internet Address : 10.10.10.10/16
Broadcast address : 10.10.255.255
The Maximum Transmit Unit : 1500 bytes
input packets : 1231, bytes : 57557, multicasts : 1177
output packets : 0, bytes : 0, multicasts : 0
The above information shows that the physical link state of the interface serial
0/0/0 is UP, link-layer protocol state is UP, the maximum transmit unit is 1500
bytes, the IP address is 10.10.10.10, the broadcast subnet is 10.10.255.255 and
the packet receiving/sending conditions at this interface.
View
Any view
Parameter
Description
Using the display ip socket command, you can display the information about all
sockets in the current system.
Example
Display the information about the socket of TCP type.
<3Com> display ip socket socktype 1
SOCK_STREAM:
Task = VTYD(9), socketid = 1, Proto = 6,
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 4096, rcvbuf = 4096, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN
socket state = SS_PRIV SS_ASYNC
SOCK_DGRAM:
Task = ROUT(6), socketid = 1, Proto = 17,
LA = 0.0.0.0:0, FA = 0.0.0.0:0,
sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0,
socket option = SO_UDPCHECKSUM
socket state = SS_PRIV SS_ASYNC
SOCK_RAW:
Task = ROUT(6), socketid = 2, Proto = 2,
LA = 0.0.0.0, FA = 0.0.0.0,
sndbuf = 32767, rcvbuf = 32767, sb_cc = 0, rb_cc = 0,
socket option = 0,
socket state = SS_PRIV SS_NBIO SS_ASYNC
Display the information about the socket with socket ID as 4 and task ID as 8.
View
Any view
Parameter
None
Description
Using the display ip statistics command, you can view IP traffic statistics
information. This command is used to display such statistics information as IP
packet transmit/receive, packet assembly/disassembly, which is helpful to fault
diagnosis.
For the related commands, see display interface, display ip interface, and reset
ip statistics.
Example
Display the IP traffic statistic information.
<3Com> disp ip stat
Input: sum 0 local 0
bad protocol 0 bad format 0
bad checksum 0 bad options 0
Output: forwarding 0 local 0
dropped 0 no route 0
compress fails 0
Fragment:input 0 output 0
dropped 0
fragmented 0 couldn't fragment 0
Reassembling:sum 0 timeouts 0
View
Any view
Parameter
None
Description
Using the display icmp statistics command, you can view the statistics of ICMP
packet traffic.
For the related command, see display interface.
Example
Display the statistics of ICMP packet traffic.
[Router] display icmp statistics
Input: bad formats 0 bad checksum 0
echo 5 destination unreachable 0
source quench 0 redirects 0
echo reply 15 parameter problem 0
timestamp 0 information request 0
IP Performance Configuration Commands 475
View
Any view
Parameter
None
Description
Using the display tcp statistics command, you can view TCP traffic statistic
information.
The command is used to display the traffic statistic information of all the active
TCP connections. Statistics information is classified into two parts, receiving and
sending, and each part is further classified according to different types of packets.
For example, for receiving packets, there are retransmission packet numbers,
keep-alive detection packet numbers, etc. Also the statistics closely related to
connection are displayed, such as, connection number received, retransmission
packet numbers and keep-alive detection packet numbers. The unit of statistics
results is packet, and sometimes is byte.
For the related command, see display tcp status.
476 CHAPTER 5: NETWORK PROTOCOL
Example
Display the TCP traffic statistic information.
<3Com> display tcp statistics
Received packets:
Total: 0
packets in sequence: 0 (0 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, bad offset : 0, too short : 0
duplicate packets : 0 (0 bytes), partially duplicate packets : 0(0 bytes)
out-of-order packets : 0 (0 bytes)
packets with data after window : 0 (0 bytes)
packets after close : 0
ack packets:0 (0 bytes), duplicate ack packets:0, ack packets with unsend data:0
Sent packets:
Total: 0
urgent packets: 0
control packets: 0 ( 0 RST)
window probe packets: 0, window update packets: 0
data packets : 0 (0 bytes), data packets retransmitted: 0 (0 bytes)
ack only packets : 0(0 delayed)
Total retransmit timeout: 0, connections dropped in retransmit timeout: 0
Keepalive timeout: 0, keepalive probe: 0, dropped connections in keepalive: 0
Initiated connections: 0, accepted connections: 0,established connections: 0
Closed connections: 0,( dropped: 0, embryonic dropped: 0)
Dropped packets with MD5 authentication : 0
Permitted packets with MD5 authentication : 0
■ Receiving statistics:
■ Total number of packets received: 0
■ The number of packets reaching as the order (total bytes: 0): 0
■ Window detection packets number: 0, window upgrading packets number:
0.
■ The number of packet verification errors: 0, the number of packet length
errors: 0.
■ The number of totally repeated packets: 0 (the total bytes: 0), the number
of partial repeated packets: 0 (the total bytes: 0).
■ The number of packets with confusing order: 0 (the total bytes: 0).
■ The number of packets reaching outside of the receiving window: 0 (the
total bytes: 0).
■ The number of packets reaching after connection being closed: 0.
■ The confirmed packets number: 0 (the bytes of the confirmed data: 0), the
repeated confirmed packets number: 0, ACK packets number already being
confirmed but not being sent yet: 0.
■ Sending statistics:
■ Total number of packets sent: 0.
■ The urgent packets number: 0.
■ The control packets number: 0. (RST packets number: 0).
IP Performance Configuration Commands 477
View
Any view
Parameter
None
Description
Using the display tcp status command, you can monitor TCP connection any
time.
For the related command, see display local-user.
Example
Display the TCP connection status.
<3Com> display tcp status
TCPCB Local AddressForeign AddressState
0442c394 10.110.93.146.2310.110.93.175.1538ESTAB
045d8074 0.0.0.0.210.0.0.0.0 LISTEN
View
Any view
Parameter
None
478 CHAPTER 5: NETWORK PROTOCOL
Description
Using the display udp statistics command, you can view TCP traffic statistic
information.
The command is used to display the traffic statistic information of all the active
TCP connections. Statistics information is classified into two parts, receiving and
sending, and each part can be further classified according to different types of
packets, as checksum packets and error packets, for example. Moreover there are
statistics closely related to connection, such as the number of broadcast packets.
The statistics information is organized in terms of packet.
For relate configuration, please refer to the reset udp statistics command.
Example
Display the UDP traffic statistic information.
<3Com> display udp statistics
Received packet:
Total:0
checksum error:0
shorter than header:0, data length larger than packet:0
no socket on port:0
broadcast:0
not delivered, input socket full:0
input packets missing pcb cache:0
Sent packet:
Total:0
UDP packet is received, 0 packet has checksum error. And there is 0 packet whose
packet length is shorter than the packet header, 0 packet whose data length is
bigger than the packet length, 0 packet whose socket uses this port No. 0 packet
being broadcast packet, 0 packet not being delivered due to full socket buffer, 0
packet not finding pcb and 0 UDP packet being sent.
ip fast-forwarding Syntax
ip fast-forwarding [ inbound | outbound ]
undo ip fast-forwarding
View
Interface view
Parameter
Description
Using the ip fast-forwarding command, you can enable fast packet forwarding
on the outbound interface. Using the undo ip fast-forwarding command, you
can disable fast-forwarding on the outbound interface.
By default, fast-forwarding is allowed on both inbound and outbound interfaces.
IP Performance Configuration Commands 479
Fast-forwarding is well suited to high-speed links (such as Ethernet and FR). Its
function will be rendered useless, however, on a low-speed link, due to the low
transmission rate such a link can provide.
3Com Series Routers support fast-forwarding on the links of various high-speed
interfaces such as Ethernet, synchronous PPP, FR, and HDLC, on the interfaces
configured with firewall and NAT features, and on the virtual tunnel interface of
GRE as well. However, it should be noted that the interface configured with the
function of fast-forwarding will be unable to send ICMP redirection packets.
Example
Disable the interface to fast forward packets.
[3Com-Ethernet/0/0] undo ip fast-forwarding
View
User view
Parameter
None
Description
Using the reset ip fast-forwarding cache command, you can reset the
fast-forwarding cache.
This command is used to clear the fast-forwarding cache. The fast-forwarding
table will not contain any fast-forwarding entry after having been cleared.
Example
Clear the fast-forwarding cache.
<3Com> reset ip fast-forwarding cache
View
User view
Parameter
None
Description
Using the reset ip statistics command, you can clear the IP statistics information.
In some special cases, it is necessary to clear the IP statistics information and
perform new statistics.
480 CHAPTER 5: NETWORK PROTOCOL
For the related commands, see display ip interface and display ip statistics.
Example
Clear IP statistics information.
<3Com> reset ip statistics
View
User view
Parameter
None
Description
Using the reset tcp statistics command, you can clear TCP traffic statistic
information. After the execution of this command, there’s no prompt information
on the screen, and the existing statistics are cleared.
For the related command, see display tcp statistics.
Example
Display the TCP traffic statistic information.
<3Com> reset tcp statistics
View
User view
Parameter
None
Description
Using the reset udp statistics command, you can clear the UDP statistics
information. After the execution of this command, there’s no prompt information
on the screen, and the existing statistics are cleared.
Example
Clear UDP traffic statistics information.
<3Com> reset udp statistics
View
Interface view
Parameter
Value: The threshold for the TCP packet to be fragmented, with the value ranging
from 128 to 2048.
Description
Using the tcp mss command, you can designate a value as a threshold for TCP
packets to be fragmented. The undo tcp mss command is used to prevent TCP
packets from being fragmented. As the default MTU of the interface being 1500
bytes, this restricts the total length of encryption packet head + data link
expenditure + IP packet head + TCP packet to 1500 bytes. So the dear length of
TCP packets to fragment may be about 1200 bytes.
By default, TCP packets are not fragmented.
Example
Configure the threshold of TCP packet fragmentation to be 300.
3Com-Ethernet0/0/0] tcp mss 300
View
System view
Parameter
time-value: TCP finwait timer value, in second, with the value range of 76 to 3600.
Description
Using the tcp timer fin-timeout command, you can configure the TCP finwait
timer. Using the undo tcp timer fin-timeout command, you can restore the
default value of the timer.
By default, TCP finwait timer value is 675 seconds.
When the TCP connection status changes from FIN_WATI_1 to FIN_WAIT_2, the
finwait timer is enabled. If FIN packet is not received before the timeout of finwait
timer, the TCP connection will be closed.
The configuration of this parameter needs to be implemented under the guidance
of the technical support engineers.
For the related commands, see tcp timer syn-timeout and tcp window.
Example
Configure the TCP finwait timer value as 675 seconds.
[3Com] tcp timer fin-timeout 675
482 CHAPTER 5: NETWORK PROTOCOL
View
System view
Parameter
time-value: TCP synwait timer value in second, with the value range of 2 to 600.
Description
Using the tcp timer syn-timeout command, you can configure the TCP synwait
timer. Using the undo tcp timer syn-timeout command, you can restore the
default value of the timer.
By default, TCP synwai timer value is 75 seconds.
When a syn packet is sent, TCP enables the synwait timer. If the response packet is
not received before synwait timeout, the TCP connection will be disabled.
The configuration of this parameter needs to be implemented under the guidance
of the technical support engineers.
For the related commands, see tcp timer fin-timeout and tcp window.
Example
Configure the TCP synwait timer value as 75 seconds.
[3Com] tcp timer syn-timeout 75
View
System view
Parameter
Description
Using the tcp window command, you can configure the size of the transceiving
buffer of the connection-oriented Socket. Using the undo tcp window
command, you can restore the default size of the buffer.
By default, the size of the connection-oriented transceiving buffer is 4K bytes.
The configuration of this parameter needs to be implemented under the guidance
of the technical support engineers.
For the related commands, see tcp timer fin-timeout and tcp timer
syn-timeout.
IP Performance Configuration Commands 483
Example
Configure the size of the transceiving buffer of the connection-oriented Socket as
4 KB.
[3Com] tcp window 4
View
User view
Parameter
Description
Using the debugging nat command, you can enable the NAT debugging
function. Using the undo debugging nat command, you can disable the NAT
debugging function.
View
Any view
Parameter
source global global-addr: Only displays the NAT entry with address as
global-addr after NAT.
source inside inside-addr: Only displays the NAT entry with internal address as
inside-addr.
Description
Using the display nat command, you can display the configuration of address
translation. Users can verify if the configuration of address translation is correct
according to the output information after execution of this command. When
address translation connection information is displayed, the parameters of
global-addr and inside-addr can be specified for the display nat session command
simultaneously.
Example
Display all the information about address translation.
<3Com> display nat all
NAT address-group Information:
1: from 11.1.1.1to11.1.1.20
2: from 22.1.1.1to22.1.1.20
NAT outbound information:
Serial0/0/0: acl(11)-NAT address-group(1) [no-pat]
Serial0/0/0: acl(22)-NAT address-group(2) [no-pat]
Server in private network information:
InterfaceGlobalAddrGlobalPort InsideAddr InsidePort Pro
Serial0/0/0201.119.11.380805.5.5.580(www)6(tcp)
Serial0/0/0201.119.11.32121 5.5.5.521(ftp)6(tcp)
NAT aging-time value information:
tcp------aging-time value is 240(seconds)
udp------aging-time value is 40(seconds)
icmp-----aging-time value is 20(seconds)
Two address pools are configured: Address pool 1 ranges from 11.1.1.1 to
11.1.1.20, and address tool 2 ranges from 22.1.1.1 to 22.1.1.20.
View
System view
Parameter
Description
Using the nat address-group command, you can configure an address pool.
Using the undo nat address-group command, you can delete an IP address pool.
Address pool indicates the cluster of some outside IP addresses. If start-addr and
end-addr are the same, it means that there is only one address.
The address pool cannot be deleted, if it has been correlated to some certain
access control list to perform the address translation.
Example
Configure an address pool from 202.110.10.10 to 202.110.10.15, with its NAT
pool ID being 1.
[3Com] nat address-group 1 202.110.10.10 202.110.10.15
View
System view
Parameter
dns: Sets the address translation lifetime for DNS to 60 seconds (default).
ftp-ctrl: Sets the address translation lifetime for FTP control links to 7200 seconds
(default).
ftp-data: Sets the address translation lifetime for FTP data links to 240 seconds
(default).
icmp: Sets the address translation lifetime for ICMP to 60 seconds (default).
486 CHAPTER 5: NETWORK PROTOCOL
pptp: Sets the address translation lifetime for PPTP to 86400 seconds (default).
tcp: Sets the address translation lifetime for TCP to 86400 seconds (default).
tcp-fin: Sets the address translation lifetime for TCP FIN or TCP RST connections to
60 seconds (default).
tcp-syn: Sets the address translation lifetime for TCP SYN connections to 60
seconds (default).
udp: Sets the address translation lifetime for UDP to 300 seconds (default).
Description
Using the nat aging-time command, you can set the lifetime of NAT connections.
This command is used to set the lifetime of address translation connection in
seconds, and different time values are set for different types of protocols.
View
Interface view
Parameter
no-pat: Uses simple address translation, which means only to translate the address
of the packet but not use port information.
acl-number: ACL index in the range of 1 to 199 (the advanced ACL can be used).
Description
Using the nat outbound command, you can associate an ACL with an address
pool, indicating that the address specified in the acl-number can be translated by
using address pool group-number. Using the undo nat outbound command, you
can remove the corresponding address translation.
Translation of the source address of the packet that conforms to the ACL is
accomplished by configuring the association between the ACL and the address
pool. The system performs address translation by selecting one address in the
address pool or by directly using the IP address of the interface. Users can
configure different address translation associations at the same interface. The
corresponding undo form of the command can be used to delete the related
IP Performance Configuration Commands 487
Example
Enable the hosts of the 10.110.10.0/24 network segment to perform address
translation by selecting the addresses from 202.110.10.10 to 202.110.10.12 as
the translated address. Suppose that the interface Serial0/0/0 connects to ISP.
[3Com] acl number 1
[3Com-acl-basic-1] rule permit source 10.110.10.0 0.0.0.255
[3Com-acl-basic-1] rule deny
Allow address translation and use the addresses of address pool 1 for address
translation. During translation, the information of TCP/UDP port is used.
The configuration that can be used when performing address translation by using
the IP address of interface Serial0/0/0 directly.
View
Interface view
Parameter
vpn-instance-name: The virtual route forwarding instance of the VPN the internal
server belongs to. If the parameter is not configured, it represents that the internal
server belongs to an ordinary private network, other than one MPLS VPN.
global-port: A service port number provided for the outside to access. If ignored,
its value shall be the same with the host-port’s value.
host-port: Service port number provided for a server in the range of 0 to 65535,
and the common used port numbers are replaced by key words. For example,
www service port number is 80, which can also be represented by www. ftp
service port number is 21, and ftp can also stands for it. If the inside-port is 0, it
indicates that all the types of services can be provided and the key word any can
be used to stand for it in this situation. If the parameter is not configured, it is
considered as the case of any, which is the same as that there is a static connection
between global-addr and host-addr. When the host-port is configured as any, the
global-port also should be any, otherwise the configuration is illegal.
pro-type: The protocol type carried by IP, possibly being a protocol ID, or a key
word as a substitution. For example: icmp (its protocol ID is 1), tcp (its protocol ID
is 6), udp (its protocol ID is 7).
Description
Using the nat server command, you can define the mapping table of an internal
server. Users can access the internal server with the address and port as host-addr
and host-port respectively through the address port defined by global-addr and
global-port. Using the undo nat server command, you can remove the mapping
table.
Through this command, you can configure some internal network servers for
outside use. The internal server can locate in the ordinary private network or in
MPLS VPN. For example, www, ftp, telnet, kpop3, dns and so on.
Up to 256 internal server conversion commands can be configured on one
interface and at most 4096 internal servers can be configured on one interface.
IP Performance Configuration Commands 489
Example
Specify the IP address of the interior www server of the LAN as 10.110.10.10, the
IP address of the interior ftp server as 10.110.10.11. It is expected that the outside
can access WEB through http:// 202.110.10.10:8080 and connect FTP web site
through ftp://202.110.10.10. Suppose that Serial0/0/0 is connected to ISP.
[3Com-Serial0/0/0] nat server protocol tcp global 202.110.10.10 8080 inside 10.110.10.10
www
[3Com] ip vpn-instance vrf10
[3Com-vpn-instance] route-distinguisher 100:001
[3Com-Serial0/0/0] nat server protocol tcp global 202.110.10.10 inside 10.110.10.11 ftp
Specify one interior host 10.110.10.12, expecting that the host of the exterior
network can ping it with ping 202.110.10.11 command.
[3Com-Serial0/0/0] undo nat server protocol tcp global 202.110.10.10 8070 inside
10.110.10.10 www
By the command below, the internal ftp server of VPN vrf10 can be removed.
[3Com-Serial0/0/0] undo nat server protocol tcp global 202.110.10.11 8070 inside
10.110.10.11 ftp
Specify an outside address as 202.110.10.10, and map the ports ranging from
1001 to 1100 to the addresses of 10.110.10.1 to 10.110.10.100 respectively to
access ftp service inside VPN vrf10. 202.110.10.10:1001 accesses 10.110.10.1
and 202.110.10:1002 accesses 10.110.10.2, etc.
[3Com-Serial0/0/0] nat server protocol tcp global 202.110.10.10 1001 1100 inside
10.110.10.1 10.110.10.100 telnet
View
User view
Parameter
slot slot-number: Number of the interface card, which only exists in the
distributed environment.
Description
This command is used to clear up the mapping tables of address translation in the
memory and release all the memory dynamically allocated to store the mapping
tables.
Example
In the central environment, clear NAT log buffer.
<3Com> reset nat log-entry
IP Unicast Policy
Routing Configuration
Commands
View
Route-policy view
Parameter
Description
Using the apply default output-interface command, you can set default
forwarding interface for packets. Using the undo apply default
output-interface command, you can cancel the configuration of the default
forwarding interface of packets.
IP Unicast Policy Routing Configuration Commands 491
This command is used to set forwarding interface for the matched IP packet, and
the clause is valid for the packet whose route has not been found.
For the related commands, see apply ip-precedence, apply ip-address
next-hop, apply output-interface, and apply ip-address default next-hop.
Example
Set the default forwarding interface of packets as serial 0/0/0.
[3Com-route-policy] apply default output-interface serial 0/0/0
View
Route-policy view
Parameter
Description
Using the apply ip-address default next-hop command, you can set the default
next hop of a packet. Using the undo apply ip-address default next-hop
command, you can cancel the configured default packet next hop.
This command is only valid for the packet whose route has not been found.
For the related commands, see apply ip-precedence, apply output-interface,
apply default output-interface, and apply ip-address next-hop.
Example
Set the default next hop of a packet to 1.1.1.1.
[3Com-route-policy] apply ip-address default next-hop 1.1.1.1
View
Route-policy view
Parameter
Description
Using the apply ip-address next-hop command, you can set the packet next
hop. Using the undo apply ip-address next-hop command, you can cancel the
configuration about the next hop.
This command is used to set the next hop for the matched IP packet and at most
two next hops can be specified. The next hop should be adjacent to this device.
492 CHAPTER 5: NETWORK PROTOCOL
Example
Set the packet next hop to 1.1.1.1.
[3Com-route-policy] apply ip-address next-hop 1.1.1.1
View
Route-policy view
Parameter
value: The preference value. There are totally 8 (in the range 0 to 7) preferences:
■ 0 routine
■ 1 priority
■ 2 immediate
■ 3 flash
■ 4 flash-override
■ 5 critical
■ 6 internet
■ 7 network
Description
Using the apply ip-precedence command, you can set precedence of IP packets.
Using the undo apply ip-precedence command, you can remove the precedence
of IP packets. This command is used to configure the set clause of route-policy and
the preference for the matched IP packets.
For the related commands, see apply output-interface, apply ip-address
next-hop, apply default output-interface, and apply ip-address default
next-hop.
Example
Set the preference of IP packet to 5 (critical).
[3Com-route-policy] apply ip-precedence critical
View
Route-policy view
Parameter
Description
Using the apply output-interface command, you can set a packet forwarding
interface. Using the undo apply output-interface command, you can cancel the
configuration on a forwarding interface.
This command is used to set the packet forwarding interface for the matched IP
packet. At most two forwarding interfaces can be specified.
For the related commands, see apply ip-precedence, apply ip-address
next-hop, apply default output-interface, and apply ip-address default
next-hop.
Example
Specify forwarding interface as serial0/0/0 for the matched IP packet.
[3Com-route-policy] apply output-interface Serial 0/0/0
View
Any view
Parameter
None
Description
Using the display ip policy command, you can view the routing policies of local
and configured interface policy routings. This command is used to display the
routing policies of local and configured interface policy routings.
Example
Display the routing policies of the local and configured interface policy routings.
<3Com> display ip policy
Route-policy Interface
pr02 Local
pr02 Virtual-Template0
pr01 Ethernet 0/0/0
The first line is prompt information. The first row shows where is used the routing
policy indicated in the second row. Take the first line as an example, "local"
indicates that the policy routing is used on the local router, i.e., all packets sent
from the local router (not forward through it) using the policy routing "pr02". The
494 CHAPTER 5: NETWORK PROTOCOL
second and third lines represent that the interfaces virtual-template0 and
Ethernet0/0/0 use route policy pr02 and pr01 respectively.
View
Any view
Parameter
Description
Using the display ip policy setup command, you can view the setting
information of policy routings.
The display output of the display ip policy setup local command is the same as
that with policy-tag which will be shown soon, except that it displays the policy
routing enabled on the local router but not the configuration of a certain specified
route-policy.
The display ip policy setup interface command displays the configuration of
the policy routing enabled on the interface.
Example
Display the specific configurations of the specified policy routing, enabled or
disabled.
<3Com> display ip policy setup pr01
route-policy pr01 permit node 0
if-match acl 11
apply ip-address next-hop 3.3.3.3
This command displays the specific configuration of the policy routing named
pr01. As shown above, the policy routing has one 0 node and includes an if-match
clause and an apply clause. For the accurate meanings of the if-match clause and
the apply clause, you can refer to the configuration guide of the command. The
example shows how the option map-tag is used.
View
Any view
Parameter
Description
Using the display ip policy statistic command, you can view the statistics of
policy routings.
Example
Display the matching statistics of the specified policy routing.
<3Com> display ip policy statistic local
local policy pr02 summary information:
Main board
Total success packet number: 0
Total failure packet number: 0
The above information shows the forwarding success and failure times for all the
forwarding policy (i.e., the apply clause) of the local router policy routing.
To display the more detail statistics classified according to each apply clause, the
option verbose should be added.
If the optional field verbose is added, the more detail statistics of each apply clause
in the policy routing will be displayed separately and the statistics of the
forwarding errors has been classified.
496 CHAPTER 5: NETWORK PROTOCOL
View
Route-policy view
Parameter
Description
Using the if-match acl command, you can set the match condition for IP address.
Using the undo if-match acl command, you can delete the IP address match
condition.
An acl-number can be basic standard access-list or advanced access-list.
For the related command, see if-match packet-length.
Example
Set packets that accord with the access list 10 to be matched.
[3Com] route-policy map1 permit node 10
[3Com-route-policy] if-match acl 10
View
Route-policy view
Parameter
Description
Using the if-match packet-length command, you can set length match
conditions of IP packets. Using the undo if-match packet-length command, you
can delete the configuration about IP packet length match conditions.
For the related command, see if-match acl.
Example
Set the packet in the range 100 to 200 to be matched.
[3Com] route-policy map1 permit node 10
[3Com-route-policy] if-match packet-length 100 200
View
System view
Parameter
policy-tag: Policy name.
Description
Using the ip local policy route-policy command, you can enable local policy
routing. Using the undo ip local policy route-policy command, you can delete
the existing setting of the policy routing.
By default, interface local policy routing is disabled.
This command is used to enable or disable the local policy routing for the packets
sent by the local device. If there is no special demand, it is recommended that
users do not configure local policy routing.
For the related command, see ip policy route-policy.
Example
Enable a local policy routing at system view. The policy routing is specified by
route-policy AAA.
[3Com] ip local policy route-policy AAA
View
Interface view
Parameter
policy-name: Policy name.
Description
Using the ip policy route-policy command, you can enable policy routing at an
interface. Using the undo ip policy route-policy command, you can delete the
existing policy routing at an interface.
By default, interface policy routing is disabled.
For the related command, see ip local policy route-policy.
Example
Enable the policy routing specified by route-policy AAA at the interface Ethernet
0/0/0.
[3Com-ethernet0/0/0] ip policy route-policy AAA
498 CHAPTER 5: NETWORK PROTOCOL
IP Multicast Policy
Routing Configuration
Commands
View
Route-policy view
Parameter
ip-address: Specifies the next hop address. Multiple next hop addresses can be
specified.
Description
Using the apply ip-address command, you can configure the next hop IP address
list in a route-node. Using the undo apply ip-address command, you can remove
the configuration.
By default, no apply clause is defined.
This command specifies the next hop address for packets that match the if-match
acl command. It specifies the next hop IP address list for multicast policy routing
through the ACL. This command is in juxtaposition relation with the apply
output-interface command. If both apply clauses are configured at the same
time, in multicast policy routing, the packets will be replicated and forwarded to
all the interfaces and next hops specified by the ACLs respectively. This is different
from unicast policy routing because only one apply clause works.
For the next hop IP address, the specified ACL is the standard ACL.
For the related commands, see if-match acl, apply output-interface, and
display ip multicast-policy.
View
Route-policy view
Parameter
acl-number: ID of interface-based ACL, ranging from 1000 to 1999.
Description
Using the apply output-interface command, you can configure an outgoing
interface list in a route-node. Using the undo apply output-interface command,
you can remove the configuration.
IP Multicast Policy Routing Configuration Commands 499
For the related commands, see apply ip-address next-hop, if-match acl, and
display ip multicast-policy.
debugging ip Syntax
multicast-policy debugging ip multicast-policy [ acl-number ]
undo debugging ip multicast-policy
View
User view
Parameter
Description
Using the debugging ip multicast-policy command, you can enable the
debugging of IP multicast policy routing. Using the undo debugging ip
multicast-policy command, you can disable the debugging of multicast policy
routing.
The contents of the debugging information contain the route-node that the
packets match and the next hop/outgoing interface to which the packets are
forwarded. The debugging information output can be filtered with the
interface-based ACL.
It should be noted that enabling the debugging will affect the performance of the
system. You should disable the debugging when the system is running normally.
For the related command, see route-policy.
display ip Syntax
multicast-policy display ip multicast-policy [ setup interface interface-name | statistic interface
interface-name ]
View
Any view
500 CHAPTER 5: NETWORK PROTOCOL
Parameter
Description
Using the display ip multicast-policy command, you can view the multicast
policy routing information.
Example
Display the information about the multicast policy routing configured on interface
Ethernet2/0/0.
[3Com] display ip multicast-policy setup interface ethernet2/0/0
route-policy cc permit node 10
if-match acl 110
apply ip-address next-hop acl 50
route-policy cc permit node 20
if-match acl 120
apply output-interface acl 1005
Display the statistic information about the multicast policy routing configured on
interface Ethernet2/0/0.
View
Route-policy view
Parameter
ip-prefix-name: Specifies the name of an address prefix list used for filtering.
Description
Using the if-match acl command, you can set conditions that multicast packets
should meet in each policy node. Using the undo if-match acl command, you can
remove the match conditions set.
By default, no if-match clause is defined.
If a packet meets the if-match conditions specified in a policy node, actions
specified by the node will be performed. If a packet does not meet the if-match
conditions specified in a policy node, the next node will be detected. If a packet
does not meet the conditions of all policy nodes, the packet will return to the
normal forwarding flow. The configuration and use of this command are the same
as those of the same command in the unicast policy routing.
IP Multicast Policy Routing Configuration Commands 501
ip multicast-policy Syntax
route-policy ip multicast-policy route-policy policy-name
undo ip multicast-policy route-policy policy-name
View
Interface view
Parameter
Description
Using the ip multicast-policy route-policy command, you can enable a
multicast policy routing on an interface. Using the undo ip multicast-policy
route-policy command, you can remove a multicast policy route applied on the
interface.
By default, no multicast route policy is enabled.
Using this command can enable multicast policy routing defined by the
route-policy named policy-name on an interface.
When multicast policy routing is configured on an interface of a router, all
multicast packets entering the router on the interface will be filtered.
The filter method is that all policy nodes of the route-policy specified by the policy
routing are tried in the order of the ascending sequence of the numbers. If a
packet meets the if-match conditions specified in a policy node, actions specified
by the node will be performed. If a packet does not meet the if-match conditions
specified in a policy node, the next node will be detected. If a packet does not
meet the conditions of any policy nodes, the packet will return to the normal
forwarding flow.
For the related command, see route-policy.
Example
Enable multicast policy routing named map1 on interface Ethernet 2/0/0.
[3Com-Ethernet2/0/0] ip multicast-policy route-policy map1
route-policy Syntax
route-policy policy-name { permit | deny } node sequence-number
undo route-policy policy-name [ permit | deny ] [ node sequence-number ]
View
System view
Parameter
permit: Specifies the match mode of the route-policy node defined as permit.
When a route entry meets the if-match clause of the node, the entry is permitted
502 CHAPTER 5: NETWORK PROTOCOL
to pass the filter of the node and the apply clause of the node will be performed.
If a route entry does not meet the if-match clause of the node, the next node of
the route-policy will be tested. For multicast policy routing configuration, all the
if-match clauses except the if-match acl clause are invalid.
deny: Specifies the match mode of the route-policy node defined as deny. When a
route entry meets the if-match clause of the node, the entry is denied to pass the
filter of the node and the next node will not be tested. For multicast policy routing
configuration, all the if-match clauses except the if-match acl clause are invalid.
Description
Using the route-policy command, you can configure a route-policy node and
enter the route-policy view. Using the undo route-policy command, you can
remove a route-policy or a node.
By default, no route-policy is defined.
The policy of IP multicast policy routing is implemented by configuring
route-policies. Multiple route-policies can be configured on a router. Each
route-policy may contain multiple route-nodes. Different route-nodes in a
route-policy are identified by different integer sequence-numbers. In each
route-node, set the conditions that packets should match (i.e., the match rule)
with the if-match command, and configure the forwarding actions to be
executed to packets that meet the match conditions with the apply command.
The logical relation that filter the if-match clauses is “and”. This means that any
if-match clause passing the filter will cause others to be ignored.
Only the if-match acl clause is effective for multicast policy routing. The logical
relation between route-policy nodes is “or”. That is, one packet forwarded in one
policy node results in all the following nodes being ignored. If all permit nodes can
not succeed in matching with the features of packet or any deny node is matched,
the packet will then be forwarded or discarded normally, up to the route table.
When multicast policy routing is configured on an interface of a router, all
multicast packets entering the router on the interface will be filtered. The filter
method is that all policy nodes of the route-policy are applied in the ascending
sequence of their ID(a number).
For the related commands, see if-match, apply output-interface, apply
ip-address next-hop, and display ip multicast-policy.
Example
Configure a route-policy named map1 with the node ID of 10 and with the match
mode of permit and enter the route-policy view.
[3Com] route-policy map1 permit node 10
[3Com-route-policy]
IPX Configuration Commands 503
IPX Configuration
Commands
View
User view
Parameter
Description
Using the debugging ipx packet command, you can enable IPX packet
debugging switch to view the contents of IPX packet received and transmitted.
Using the undo debugging ipx packet command, you can disable the
debugging switch.
Example
Enable IPX packet debugging switch.
<3Com> debugging ipx packet
*0.8942310-IPX-8-IPXPKT:
Sending, interface = Serial3/0/0,
pktlen = 40, hops = 0, pkttype = 0x1,
dstnet = 0xb, dstnode = ffff-ffff-ffff, dstsocket = 0x453,
srcnet = 0xb, srcnode = 00e0-fc01-5517, srcsocket = 0x453
prompt: Sending the packet.
*0.8942610-IPX-8-IPXPKT:
Delivering, interface = Serial3/0/0,
pktlen = 480, hops = 0, pkttype = 0x4,
dstnet = 0xb, dstnode = ffff-ffff-ffff, dstsocket = 0x452,
srcnet = 0xb, srcnode = 00e0-fc01-54f6, srcsocket = 0x452
prompt: IPX packet is delivering up!
Table 7 Description of display information of the debugging ipx packet command
Item Description
pktlen = Length of packet in decimal format (not including MAC address
header).
hops = How many routers the packet has passed through.
pkttype = Packet type in hexadecimal format.
dstnet = Destination network number of the packet.
dstnode = Destination node address of the packet.
dstsocket = Destination socket of the packet.
srcnet = Source network number of the packet.
504 CHAPTER 5: NETWORK PROTOCOL
Item Description
srcnode = Source node address of the packet.
srcsocket = Source socket of the packet.
promt: Prompt of how router processes the packet and reasons of
discarding packet.
View
User view
Parameter
None
Description
Using the debugging ipx ping command, you can enable IPX Ping packet
debugging switch to view the contents of Ping packet received and transmitted.
Using the undo debugging ipx ping command, you can disable the debugging
switch.
By default, IPX Ping packet debugging switch is disabled.
Example
Enable IPX Ping packet debugging switch.
<3Com> debugging ipx ping
*0.15396012-IPX-8-IPXHWPING:
Ping receiving: Request, Src = a.00e0-fc04-8859, Dst = a.00e0-fc01-54f6
*0.15396130-IPX-8-IPXPING:
Ping sending: Response, Src = a.00e0-fc01-54f6, Dst = a.00e0-fc04-8859
Table 8 Description of display information of the debugging ipx ping command
Item Description
Src = Source address of Ping packet.
Dst = Destination address of Ping packet.
IPX Configuration Commands 505
View
User view
Parameter
Description
Using the debugging ipx rip command, you can enable RIP debugging switch to
view information on RIP packet received and transmitted, routing changes and
timer expiry. Using the undo debugging ipx rip command, you can disable RIP
debugging switch.
By default, IPX RIP debugging switch is disabled.
Example
Enable IPX RIP packet debugging switch.
<3Com> debugging ipx rip packet
Send RIP Response to Ethernet0/0, length 96
src:a.00e0-fc01-5517(453), dst:a.ffff-ffff-ffff(453)
Number of Entries in Pkt: 8
Enable IPX RIP packet verbose debugging switch.
<3Com> debugging ipx rip packet verbose
Send RIP Response to Ethernet0/0, length 96
src:a.00e0-fc01-5517(453), dst:a.ffff-ffff-ffff(453)
Number of Entries in Pkt: 8
Network 0x1, hops 2, delay 2
Network 0x2, hops 2, delay 2
Network 0x3, hops 2, delay 2
Network 0x4, hops 2, delay 2
Network 0x5, hops 2, delay 2
Network 0x6, hops 2, delay 2
Network 0x8, hops 2, delay 8
Network 0xa, hops 1, delay 2
View
User view
Parameter
None
Description
Using the debugging ipx rtpro-flash command, you can turn on the debugging
switch of route refreshing in the IPXRM module. Using the undo debugging ipx
rtpro-flash command, you can turn off the debugging switch of route refreshing
in the IPXRM module.
This kind of debugging information is generated when routes are refreshed for the
sake of route change.
Example
Switch on route refreshing debugging for IPXRM module.
<3Com>debugging ipx rtpro-flash
<3Com>
Remove an IPX static route.
[3Com]undo ipx route-static b2 Serial 1
*0.18537610 3Com RMX/8/DBG:
IPXRM set a Rth on the flash list, ulRthDest = 0xb2 .
[3Com]
*0.18537820 3Com RMX/8/DBG:
IPXRM finish a flash, reset a Rth on the flash list, ulRthDest = 0xb2 .
[3Com]
View
User view
Parameter
None
Description
Using the debugging ipx rtpro-interface command, you can turn on the
debugging switch of interface change in the IPXRM module. Using the undo
debugging ipx rtpro-interface command, you can turn off the debugging
switch of interface change in the IPXRM module.
IPX Configuration Commands 507
Example
Enable IPX RIP packet debugging switch
<3Com> debugging ipx rip packet
[3Com-Serial1] shut
[3Com-Serial1]
[3Com-Serial1]
[3Com-Serial1]undo shut
[3Com-Serial1]
[3Com-Serial1]
View
User view
508 CHAPTER 5: NETWORK PROTOCOL
Parameter
None
Description
Using the debugging ipx rtpro-routing command, you can turn on the
debugging switch of route change in the IPXRM module. Using the undo
debugging ipx rtpro-routing command, you can turn off the debugging switch
of route change in the IPXRM module.
This kind of debugging information is generated when route changes as addition,
deletion or attribute adjustment occur.
Example
Switch on route change debugging for IPXRM module.
<3Com>debugging ipx rtpro-routing
<3Com>
Add a static route
3Com]ipx route-static d10 Serial 1
Interface: a.00e0-fcfb-3a00(Serial1)
Ticks: 6 Hops: 1
Interface: a.00e0-fcfb-3a00(Serial1)
Ticks: 6 Hops: 1
View
User view
Parameter
Description
Using the debugging ipx sap command, you can enable IPX SAP debugging
switch to view information on SAP packet received and transmitted, routing
changes and timer expiry. Using the undo debugging ipx sap command, you
can disable IPX SAP debugging switch.
Enabling IPX SAP debugging switch, you can confirm whether SAP packet is
received. Normally, a router or server sends out an SAP update packet every
minute. By default, each SAP packet includes up to seven service information
items at most. If a lot service information needs advertising on the network, the
router sends out multiple packets per update. For example, if a router has 20
service information items in SIT, it sends three SAP packets per update. The first
SAP includes the first seven items, the second SAP includes the next seven items,
and the last update includes the last six items.
The debugging ipx sap command generates significant amount of output, use it
with caution on networks that have many interfaces and a great deal of service
information. Disable debugging switch immediately after debugging to reduce
effect to normal services as possible.
Example
Enable SAP packet verbose debugging switch.
<3Com> debugging ipx sap packet verbose
*0.20909856-IPXSAP-8-IPX SAP: MSG: Receive Response Packet From Eth0,Length 480
Src: 000a.0000-0104-8f02 (0452) Dest: 000a.ffff-ffff-ffff (0452)
Number of entries in pkt: 7
Server type 2000 "PS1" 0008.000a-000a-000a (0452) hop 3
Server type 2345 "kkkkk" 000d.0005-0005-0005 (0452) hop 6
Server type 9000 "kiran-temp" 000d.0006-0006-0006 (0452) hop 16
Server type 6000 "kiran3" 000d.0003-0003-0003 (0452) hop 6
Server type 5000 "kiran2" 000d.0002-0002-0002 (0452) hop 16
Server type 4000 "kiran1" 000d.0001-0001-0001 (0452) hop 16
Server type 1000 "FS2" 000d.000a-000a-000a (0452) hop 2
View
Any view
510 CHAPTER 5: NETWORK PROTOCOL
Parameter
Description
Using the display ipx interface command, you can view IPX interface
configuration information and interface parameters in communication devices.
Example
Display IPX configuration and statistics of the interface Ethernet1/0/0.
<3Com> display ipx interface ethernet 1/0/0
Ethernet1/0/0 is up
IPX address is 2.00E0-FC01-0000 [up]
SAP is enabled
Split horizon is enabled
Update change only is disabled
Forwarding of IPX type 20 propagation packet is enabled
Delay of this IPX interface, in ticks is 1
SAP GNS response is enabled
RIP packet maximum size is 432 bytes
SAP packet maximum size is 480 bytes
IPX encapsulation is Netware 802.3
0 received, 0 sent
0 bytes received, 0 bytes sent
0 RIP received, 0 RIP sent, 0 RIP discarded
0 RIP specific requests received, 0 RIP specific responses sent
0 RIP general requests received, 0 RIP general responses sent
0 SAP received, 0 SAP sent, 0 SAP discarded
0 SAP requests received, 0 SAP responses sent
Table 9 Description of display information of the display ipx interface command
Item Description
Ethernet1/0/0 is ... In terms of physical layer and link layer status, the current
interface is UP, DOWN or administratively DOWN.
IPX address is ... IPX network ID and node value of the current interface. Refer to
the commands ipx network and ipx enable for details of
network ID and node value.
[up] IPX protocol status of the current interface.
SAP is … Whether SAP is enabled on the current interface.
Split horizon is … Whether split horizon is enabled on the current interface. The
related command is ipx split-horizon.
Update change only is Whether trigger update is enabled on the current interface. The
… related command is ipx update-change-only.
Forwarding of IPX type Whether IPX type 20 propagation packet is permitted to be
20 propagation packet forwarded on the current interface. The related command is ipx
is ... netbios-propagation.
Delay of this IPX Delay value of the current interface. The value is configured by
interface, in ticks is ... the ipx tick command.
SAP GNS response is ... Whether SAP GNS reply is enabled on the current interface. The
related command is ipx sap gns-disable-reply.
IPX Configuration Commands 511
Item Description
RIP packet maximum Maximum size of RIP updating packet on the current interface.
size is ... bytes The related command is ipx rip mtu.
SAP packet maximum Maximum size of SAP updating packet on the current interface.
size is ... bytes The related command is ipx sap mtu.
received Total number of packets received on the current interface.
sent Total number of packets sent on the current interface.
bytes received Total number of bytes received on the current interface.
bytes sent Total number of bytes sent on the current interface.
RIP received Total number of IPX RIP packets received on the current
interface.
RIP sent Total number of IPX RIP packets sent on the current interface.
RIP discarded Total number of IPX RIP packets discarded on the current
interface.
RIP specific requests Total number of IPX RIP specific requests received on the current
received interface.
RIP specific responses Total number of IPX RIP specific responses sent on the current
sent interface.
RIP general requests Total number of IPX RIP general requests received on the current
received interface.
RIP general responses Total number of IPX RIP general responses sent on the current
sent interface.
SAP received Total number of SAP packets received on the current interface.
SAP sent Total number of SAP packets sent on the current interface.
SAP discarded Total number of SAP packets discarded on the current interface.
SAP requests received Total number of SAP requests received on the current interface.
SAP responses sent Total number of SAP responses sent on the current interface.
View
Any view
Parameter
verbose: Displays detailed route information, including active and inactive routes.
Description
Using the display ipx routing-table command, you can view active IPX routing
information.
Using the display ipx routing-table verbose command, you can view detailed
IPX routing information including active and inactive routes.
Using the display ipx routing-table network command, you can view active IPX
routing information to specified destination network ID.
Using the display ipx routing-table network verbose command, you can view
detailed IPX routing information to specified destination network ID including
active and inactive routes.
Using the display ipx routing-table protocol { rip | static | default | direct }
command, you can view IPX routing information for specified destination type
including active and inactive routes.
Using the display ipx routing-table protocol { rip | static | default | direct }
verbose command, you can view detailed IPX routing information for specified
destination type including active and inactive routes.
Example
Display active IPX routing information.
[3Com] display ipx routing-table
Routing tables:
Summary count: 4
Dest_Ntwk_ID Proto Pre Ticks Hops Nexthop Interface
0x11 Direct 0 6 0 0.0000-0000-0000 Serial0/0/0
0x22 RIP 100 7 1 11.0000-0165-6401 Serial0/0/0
0x33 Direct 0 1 0 0.0000-0000-0000 Ethernet0/0/0
0x100 Static 60 6 1 0.0000-0000-0000 Serial0/0/0
The following table explains the contents in the above displayed information:
Item Description
Dest_Ntwk_ID Destination network ID of the route
Proto Protocol type of the route
Pre Preference of the route
Ticks Ticks value of the route
Hops Hops value of the route
Nexthop The next hop of the route
Interface Outgoing interface of the route
Display detailed IPX routing information, including active and inactive routes.
IPX Configuration Commands 513
Item Description
Time Aging time value of the route. Without aging, the value of
interface route and static route is 0.
State State can be <Active>, <Inactive> or <Delete>. <Active>
indicates active route, <Inactive> indicates inactive route and
<Delete> indicates the route is being deleted.
View
Any view
Parameter
None
Description
Using the display ipx routing-table statistics command, you can view IPX
routing statistics.
Example
Display IPX routing statistics.
<3Com> display ipx routing-table statistics
514 CHAPTER 5: NETWORK PROTOCOL
Routing tables:
Proto/State route active added deleted freed
Direct 2 2 2 0 0
Static 1 1 2 1 1
RIP 1 1 1 0 0
Default 0 0 0 0 0
Total 4 4 5 1 1
View
Any view
Parameter
Description
Using the display ipx service-table command, you can view contents of an IPX
service information table. The output information of the command helps users
with IPX SAP troubleshooting.
Example
Display contents of IPX service information table.
[3Com] display ipx service-table
Abbreviation: S - Static, Pref - Preference(Decimal), NetId - Network number,
NodeId - Node address, hop - Hops(Decimal), Recv-If - Interface from which the service is
receieved
Name Type NetId NodeId Sock Pref Hops Recv-If
FS2 1000 000d 000a-000a-000a 0452 500 02 Eth1/0/0
PS1 2000 0008 000a-000a-000a 0452 500 03 Eth1/0/0
IPX Configuration Commands 515
View
Any view
Parameter
None
Description
Using the display ipx statistics command, you can view statistics and type of IPX
packet transmitted and received.
Example
Display IPX statistics.
<3Com> display ipx statistics
Received: 0 total, 0 packets pitched
0 packets size errors, 0 format errors
0 bad hops(>16), 0 discarded(hops=16)
0 other errors, 0 local destination
0 can not be dealed
Sent: 0 forwarded, 0 generated
0 no route, 0 discarded
RIP: 0 sent, 0 received
0 responses sent, 0 responses received
0 requests received, 0 requests dealed
0 requests sent, 0 periodic updates
SAP: 0 general requests received
0 specific requests received
0 GNS requests received
0 general responses sent
0 specific responses sent
0 GNS responses sent
0 periodic updates, 0 errors
Table 12 Description of display information of the display ipx statistics command
Item Description
Received Statistics for received messages
0 total Total number of received messages
0 packets pitched Total number of messages whose headers are re-pitched
516 CHAPTER 5: NETWORK PROTOCOL
Item Description
0 packets size errors Total number of discarded messages due to packet size errors
0 format errors Total number of discarded messages due to encapsulation format
errors
0 bad hops Total number of messages whose hop field values exceed 16
0 discarded(hop=16) Total number of messages whose hop field values are 16
0 other errors Total number of discarded messages due to other errors
0 local destination Total number of messages which have local destinations
0 can not be dealt Total number of messages that can not be dealt with
Sent: Statistics for sent messages
0 forwarded Number of messages which need to be forwarded
0 generated Number of messages which are sent by router itself
0 no route Number of messages which do not find routes
0 discarded Number of messages discarded during sending
RIP: Statistics for RIP messages
0 sent Number of RIP messages sent by router
0 received Number of RIP messages received
0 responses sent Number of RIP response messages sent by router
0 responses received Number of RIP response messages received
0 requests received Number of RIP request messages received
0 requests dealt Number of RIP request messages dealt
0 requests sent Number of RIP request messages sent by router
0 periodic updates Number of RIP periodic update messages sent by router
SAP: Statistics for SAP messages
0 general requests Number of received SAP general request messages
received
0 specific requests Number of received SAP specific request messages
received
0 GNS requests Number of received SAP GNS request messages
received
0 general responses Number of sent SAP general response messages
sent
0 specific responses Number of sent SAP specific response messages
sent
0 GNS responses sent Number of sent SAP GNS response messages
0 periodic updates Number of SAP periodic update messages sent by router
0 errors Number of error SAP messages
View
System view
IPX Configuration Commands 517
Parameter
If there is no Ethernet interface in the router, the system will assign a random node
value based on the system clock.
Description
Using the ipx enable command, you can activate IPX. Using the undo ipx
enable command, you can deactivate IPX and remove all IPX configurations
simultaneously.
Activating IPX again after executing the undo ipx enable command, you can not
restore any IPX configuration.
Example
Enable IPX.
[3Com] ipx enable
Disable IPX.
[3Com] undo ipx enable
View
Ethernet Interface view
Parameter
Description
Using the ipx encapsulation command, you can set IPX frame encapsulation
format on Ethernet interface. Using the undo ipx encapsulation command, you
can restore the default IPX frame encapsulation format.
By default, IPX frame encapsulation format on Ethernet interface is dot3
(Ethernet_802.3).
In WAN interfaces, IPX frame only supports PPP encapsulation.
518 CHAPTER 5: NETWORK PROTOCOL
Example
Configure IPX frame encapsulation format on the interface Ethernet0/1/0 as
Ethernet_II.
[3Com-Ethernet 0/1/0] ipx encapsulation ethernet-2
Restore the default IPX frame encapsulation format on the interface
Ethernet0/1/0.
[3Com-Ethernet 0/1/0] undo ipx encapsulation
View
Interface view
Parameter
None
Description
Using the ipx netbios-propagation command, you can configure the router to
forward type 20 broadcast packets on the current interface. Using the undo ipx
netbios-propagation command, you can disable the forwarding of type 20
packets.
By default, type 20 broadcast packets will be discarded by the router rather than
forwarded.
IPX type 20 packet is a packet for NetBIOS (Network Basic Input/Output System)
defined by Novell NetWare.
Example
Enable the receipt and forwarding of type 20 broadcast packets.
[3Com-Ethernet 0/1/0] ipx netbios-propagation
Disable the receipt and forwarding of type 20 broadcast packets.
[3Com-Ethernet 0/1/0] undo ipx netbios-propagation
View
Interface view
Parameter
Description
Using the ipx network command, you can configure a network ID for an
interface. Using the undo ipx network command, you can delete IPX network ID
of an interface.
By default, IPX is disabled on all interfaces after it is activated. There is no IPX
network ID on the interface.
Example
Configure the interface Ethernet0/1/0 as IPX interface and assign it with a network
ID.
[3Com-Ethernet 0/1/0] ipx network 675
Cancel the configuration of the interface Ethernet0/1/0 as IPX interface.
[3Com-Ethernet 0/1/0] undo ipx network
View
System view
Parameter
Description
Using the ipx rip import-route static command, you can import static routes
into RIP. RIP adds them in their route updates. Using the undo ipx rip
import-route static command, you can disable the importation of static routes.
Example
Import a static route to RIP.
[3Com] ipx rip import-route static
View
Interface view
Parameter
bytes: Maximum RIP updating packet size in byte, ranging from 432 to 1500. By
default, it is 432.
Description
Using the ipx rip mtu command, you can configure RIP updating packet size.
Using the undo ipx rip mtu command, you can restore the default configuration.
520 CHAPTER 5: NETWORK PROTOCOL
By default, the maximum size of RIP updating packets is 432 bytes. In RIP updating
packets, the size of each routing information item is 8 bytes and the size of IPX
header and RIP header is 32 bytes. So an updating packet can carry up to 50
routing information items at most.
Example
Configure the maximum size of RIP updating packets on the interface
Ethernet1/0/0 to 500 bytes.
[3Com-Ethernet1/0/0] ipx rip mtu 500
View
System view
Parameter
multiplier: It is used to calculate the aging period of RIP routing information table
items, ranging from 1 to 1000. By default, the value is 3. The actual aging time is
the value of multiplier multiplied by the RIP updating interval.
Description
Using the ipx rip multiplier command, you can configure the aging period of RIP
routing information table items. Using the undo ipx rip multiplier command,
you can restore the default configuration.
By default, RIP aging period is 3 times of updating interval.
Routers may contain a timer for each item in their routing information table,
which keeps track of elapsed time since the route was received. Every time the
updating packet containing the routing information is received, the timer is reset
to zero. If RIP route is not updated in a period of time, the system will regard the
route is no longer valid and delete it from the routing table.
For the related command, see ipx rip timer update.
Example
Configure RIP aging period of routing information table items is 5 times of
updating interval.
[3Com] ipx rip multiplier 5
View
System view
IPX Configuration Commands 521
Parameter
Description
Using the ipx rip timer update command, you can configure RIP updating
interval. Using the undo ipx rip timer update command, you can restore the
default value of RIP updating interval.
By default, the RIP updating interval is 60 seconds.
On a network, routers need to constantly exchange routing information with each
other to keep routing information consistent with actual network topology. In RIP,
directly connected routers periodically send updating packets to each other.
The changes of RIP updating interval will affect aging period. For the related
command, see ipx rip multiplier.
Example
Configure RIP updating interval to 30 seconds.
[3Com] ipx rip timer update 30
View
System view
Parameter
network.node: The next hop address of IPX static route. network is the network ID
of the next hop. node is a triplet of four-bit hexadecimal numbers separated by
“-“, each ranging from 1 to 0xFFFF.
interface-type: Outgoing interface type, only supporting the interface with PPP
encapsulation. It can be Serial or POS interface.
value: Route preference value, ranging from 0 to 255. The less the value, the
higher the preference.
522 CHAPTER 5: NETWORK PROTOCOL
ticks: It indicates the necessary time to destination network (1 tick = 1/18 second).
By default, it is the tick value of outgoing interface. Interfaces of different types
have different default tick values. The tick value of Ethernet interface is 1 and that
of Serial interface is 6. When the tick value of an interface is modified, the tick
value of the corresponding static route will also be changed.
Description
Using the ipx route-static command, you can configure IPX static route. Using
the undo ipx route-static command, you can delete static route.
The system regards the IPX static route with destination network ID being -2
(0xFFFFFFFE) as the default route.
Example
Configure an IPX static route with destination network ID being 0x5a, the next
hop being 1000.0-0c91-f61f, ticks 10 and hops 2.
[3Com] ipx enable
[3Com] ipx route-static 5a 1000.0-0c91-f61f 10 2
Configure the default IPX route with the next hop being 3.4a-60-7, ticks 10, hops
2 and preference 20.
Configure an IPX static route with destination network ID being 3a, outgoing
interface being Serial1/0/0, ticks 10, hops 2 and preference 30.
View
System view
Parameter
paths: The maximum equivalent route number to the same destination address,
ranging from 1 to 64. By default, the value is 1.
Description
Using the ipx route load-balance-path command, you can configure the
equivalent route number to the same destination address. Using the undo ipx
route load-balance-path command, you can restore the default configuration.
IPX Configuration Commands 523
The equivalent route number to the same destination address is the maximum
number of active equivalent routes in the current system. If the newly configured
value is less than the current active route number, the system will change the
excessive active routes to inactive status.
Example
Configure the equivalent route number to the same destination address to 30.
[3Com] ipx route load-balance-path 30
View
System view
Parameter
paths: The maximum dynamic route number to the same destination address,
ranging from 1 to 255. By default, the value is 4.
Description
Using the ipx route max-reserve-path command, you can configure the
maximum dynamic route number to the same destination address. Using the
undo ipx route max-reserve-path command, you can restore the default
configuration.
When the dynamic route number to the same destination address exceeds the
maximum value configured the newly found dynamic routes will not be added
into the routing table; discarded directly. If the newly configured value is less than
the original one the excessive routes in the current routing table will not be
deleted until they age themselves or are deleted manually.
Example
Configure the maximum dynamic route number to the same destination address
to 200.
[3Com] ipx route max-reserve-path 200
View
Interface view
Parameter
None
524 CHAPTER 5: NETWORK PROTOCOL
Description
Using the ipx sap disable command, you can disable SAP on the current
interface. Using the undo ipx sap disable command, you can enable SAP on the
current interface.
By default, the interface SAP is enabled as soon as IPX is enabled.
Example
Disable SAP on the interface Ethernet0/0/0.
[3Com-Ethernet0/0/0] ipx sap disable
View
Interface view
Parameter
None
Description
Using the ipx sap gns-disable-reply command, you can disable IPX GNS reply on
the current interface. Using the undo ipx sap gns-disable-reply command, you
can enable IPX GNS reply on the current interface.
By default, GNS reply is enabled on an interface.
Example
Disable GNS reply on the interface Ethernet0/0/0.
[Ethernet0/0/0] ipx sap gns-disable-reply
Re-enable GNS reply on the interface Ethernet0/0/0.
[Ethernet0/0/0] undo ipx sap gns-disable-reply
View
System view
Parameter
None
IPX Configuration Commands 525
Description
Using the ipx sap gns-load-balance command, you can configure the router to
respond GNS request in Round-robin method, i.e., all servers respond GNS request
in turn. Using the undo ipx sap gns-load-balance command, you can configure
the nearest server to respond GNS request.
By default, for GNS request, a router will inform all servers it knows to respond in
Round-robin method to avoid overload of one server.
For the related command, see ipx sap gns-disable-reply.
Example
Configure the nearest server to respond GNS request.
[3Com] undo ipx sap gns-load-balance
View
System view
Parameter
length: The length of the dynamic service information reserve queue, ranges
from1 to 2048. By default, the value is 2048.
Description
Using the ipx sap max-reserve-servers command, you can configure the length
of the service information reserve queue. Using the undo ipx sap
max-reserve-servers command, you can restore the default configuration.
If the newly configured service information queue length is less than the present
one, the items in SIT will not be deleted. If the service information item number for
the same service type exceeds the maximum value configured, the new service
information will not be added.
Example
Set the maximum length of service information reserve queue to 1024.
[3Com] ipx sap max-reserve-servers 1024
View
Interface view
526 CHAPTER 5: NETWORK PROTOCOL
Parameter
bytes: The maximum SAP packet size in byte, ranging from 480 to 1500. By
default, the value is 480.
Description
Using the ipx sap mtu command, you can configure the maximum size of SAP
updating packet. Using the undo ipx sap mtu command, you can restore the
default configuration.
By default, the maximum size of SAP updating packet is 480 bytes. The size of IPX
header and SAP header is 32 bytes, so a 480-byte SAP updating packet contains 7
service information items (64 bytes each).
Example
Set the maximum size of SAP updating packet on the interface Ethernet1/0/0 to
674 bytes (carrying 10 service information items at most).
[3Com-Ethernet0/0/0] ipx sap mtu 674
View
System view
Parameter
multiplier: It is used to calculate the aging period of SAP service information table
items, ranging from 1 to 1000. By default, the value is 3. When the updating
interval is 60 seconds, the aging period is 60*3 = 180 seconds.
Description
Using the ipx sap multiplier command, you can configure the aging period of
SAP service information table items. Using the undo ipx sap multiplier
command, you can restore the default value of SAP aging period.
By default, the aging period of SAP service information table items is 3 times of
SAP updating interval.
For the related command, see ipx sap timer update.
Example
Set the aging period of SAP service information table items is 5 times of updating
interval.
[3Com] ipx sap multiplier 5
View
System view
Parameter
Description
Using the ipx sap timer update command, you can configure SAP updating
interval. Using the undo ipx sap timer update command, you can restore the
default value of SAP updating interval.
When an interface adopts trigger update method, the command configuration
does not take effect.
For the related commands, see ipx sap multiplier and ipx update-change-only.
Example
Configure SAP updating interval to 300 seconds.
[3Com] ipx sap timer update 300
View
System view
Parameter
name: The server name which provides the service, in character string with the
maximum length being 48 bytes.
hop-count: The number of hops to the server in decimal, ranging from 1 to 15.
Note that hop count more than or equal to 16 implies the service is unreachable.
service information table items is 60 and the preference of the dynamic one is
500.
Description
Using the ipx service command, you can add a static service information item to
SIT. Using the undo ipx service command, you can delete a static service
information item from SIT.
The NetWare server uses SAP to advertise service information and stores the
service information to SIT which is dynamically updated by SAP. Adding a service
information item to SIT, users can access the service.
Example
Add a static service information item with service type 4, service name
“FileServer”, server network ID 130, node value 0000-0a0b-abcd, server hops 1
and server preference 60.
[3Com] ipx service 4 FileServer 130.0000-0a0b-abcd 451 hop 1 preference 60
[3Com] ipx service 4 FileServer 130.0000-0a0b-abcd 451 hop 1
[3Com] ipx service 114 MyServer 199.0000-0a0b-abcd 451 hop 10
Service information with server type 114 will not be advertised if there is no active
route to the network 199.
View
Interface view
Parameter
None
Description
Using the ipx split-horizon command, you can enable split horizon on the
current interface. Using the undo ipx split-horizon command, you can disable
split horizon on the current interface.
By default, split horizon is enabled on the interface.
Split horizon is a way to avoid routing loops, i.e., routing information received
from an interface is not permitted to be sent from the interface. The function does
not take effect point-to-point connection links.
Example
Enable split horizon on the interface Ethernet1/1/0.
[3Com-Ethernet1/1/0] ipx split-horizon
View
Interface view
Parameter
ticks: Delay time in tick, ranging from 0 to 30000. One tick is 1/18 second
(approximately 55 ms). By default, the delay of Ethernet interface is 1 tick, that of
the asynchronous serial port is 30 ticks and that of WAN port is 6 ticks.
Description
Using the ipx tick command, you can configure the delay of interface sending IPX
packets. Using the undo ipx tick command, you can restore the default value of
interface delay.
As the IPX RIP delay field, the delay value configured by the ipx tick command is a
basis for the optimal routing selection.
Example
Configure the delay is 5 ticks on the interface Ethernet1/0/0.
[3Com-Ethernet1/0/0] ipx tick 5
View
Interface view
Parameter
None
Description
Using the ipx update-change-only command, you can enable trigger update on
the current interface. Using the undo ipx update-change-only command, you
can disable trigger update on the current interface.
By default, trigger update is disabled on the interface.
IPX RIP and SAP periodically advertise updating broadcast packets. Users can
configure trigger update to avoid broadcast flood.
Example
Enable trigger update on the interface Ethernet1/1/0.
[3Com-Ethernet 1/1/0] ipx update-change-only
View
Any view
Parameter
count: Number of Ping packets that are sent. By default, the value is 5.
timout: The period of time to wait for Ping response. By default, the value is 2
seconds.
Description
Using the ping ipx command, you can check host reachability and network
connectivity in IPX network.
Example
Ping system whose destination address is 675.0000-a0b0-fefe with default
parameters.
<3Com> ping ipx 675.0000-a0b0-fefe
View
User view
Parameter
None
Description
Using the reset ipx statistics command, you can clear IPX statistics by the system.
Example
Clear IPX statistics.
<3Com> reset ipx statistics
View
User view
Parameter
default: Clears the statistical information of the default IPX route type.
direct: Clears the statistical information of the IPX route directly connected.
Description
The reset ipx routing-table statistics command is used to clear the statistical
information of a specified type of IPX route. Such information can be shown upon
the terminal using the display ipx routing-table statistics command.
Example
Add 5 IPX static routes to the router, then delete them, and then add anther 9 IPX
static routes. The IPX route statistical information would be as follows:
[3Com]dis ipx routing-table statistics
Routing tables:
Proto/State route active added deleted freed
Direct 1 1 1 0 0
Static 9 9 14 5 5
RIP 0 0 0 0 0
Default 0 0 0 0 0
Total 10 10 15 5 5
[3Com]
Clear the IPX static route.
<3Com>reset ipx routing-table statistics protocol static
This will erase the specific routing counters information.
Are you sure?[Y/N]y
<3Com>
The displayed statistical information shows that all three items (add, delete, freed)
of static route have changed to 0, and the below Total item has also changed
accordingly.
DLSw Configuration
Commands
View
Synchronous serial interface view
Parameter
Description
Using the bridge-set (in Synchronous serial interface system view)
command, you can add the synchronous serial interface encapsulated into SDLC
into the bridge group. Using the undo bridge-set (in synchronous serial
interface view) command, you can delete the interface from the DLSw bridge
group.
By default, no synchronous serial port is added into the bridge group.
In order for the SDLC encapsulated synchronous serial port to join the DLSw
forwarding, the SDLC interface is needed to added into a bridge group by using
this command. What is different is that the bridge group on the Ethernet interface
joins the local forwarding, while the bridge group configured on the SDLC only
joins the DLSw forwarding, that is, all the data on it will be forwarded onto the
TCP tunnel. If it is configured in the Ethernet Interface view, the Ethernet interface
of the same group number on the router can forward packets transparently. But
packets cannot be transferred transparently between the serial ports. Each serial
port only exchanges packet with the remote end.
Example
Add the Serial1/0/0 into the DLSw bridge group numbered 20.
[3Com] dlsw bridge-group 20
[3Com] interface Serial1/0/0
[3Com-Serial1/0/0] bridge-set 20
View
Ethernet Interface view
Parameter
bridge-set-number: The bridge group number that the Ethernet interface is added
into, ranging from 1 to 63.
Description
Using the bridge-set (in the Ethernet Interface view) command, you can add
the Ethernet interface into the bridge. Using the undo bridge-set (in the
Ethernet Interface view) command, you can delete the interface from the DLSw
bridge group.
By default, no Ethernet interface is added into the bridge group.
DLSw Configuration Commands 533
After an Ethernet interface is added into the bridge group, the LLC2 packets on
the Ethernet interface can be sent to the remote peer through the related TCP
tunnel.
Example
Add the Ethernet1/0/0 interface into the DLSw bridge group numbered 20.
[3Com] dlsw bridge-group 20
[3Com] interface Ethernet1/0/0
[3Com-Ethernet1/0/0] bridge-set 20
View
Synchronous serial interface system view
Parameter
None
Description
Using the code nrzi command, you can configure the NRZI encoding of the
synchronous serial port. Using the undo code nrzi command, you can remove the
NRZI encoding of the synchronous serial port.
By default, the NRZ encoding is configured on the synchronous serial port.
There are two coding schemes, NRZI and NRZ, available on the synchronous serial
port. The NRZ coding scheme is generally used in our router. The serial port coding
scheme of some SNA devices is the NRZI coding scheme. Therefore the coding
scheme of the router needs to be changed according to the encoding of the
connected device.
Example
Configure the NRZI encoding on the Serial1/0/0.
[3Com-Serial1/0/0] code nrzi
View
User view
Parameter
ip-address: IP address.
Description
Using the debugging dlsw command, you can enable the DLSw debugging.
Using the undo debugging dlsw command, you can disable the DLSw
debugging.
View
User view
Parameter
Description
Using the debugging llc2 command, you can enable the LLC2 debugging. Using
the undo debugging llc2 command, you can disable the LLC2 debugging.
View
User view
Parameter
Description
Using the debugging sdlc command, you can enable the SDLC debugging. Using
the undo debugging sdlc command, you can disable the SDLC debugging.
View
Any view
Parameter
None
DLSw Configuration Commands 535
Description
Using the display dlsw bridge-entry command, you can view the bridge group
information.
Example
Display the bridge group information.
<3Com> display dlsw bridge-entry
Mac_entry Port group hashIndex
0000.e81c.b6bf Ethernet0/0/0 1 79
View
Any view
Parameter
Description
Using the display dlsw circuits command, you can view the DLSw virtual circuits.
The output information of this command helps the user understand the
information regarding DLSw virtual circuits.
Example
Display the general information of the virtual circuits.
<3Com> display dlsw circuits
Correlator Local addr(LSAP) Remote addr(RSAP) State
2ce0005 0020.357b.e065 (4) 0000.1738.6dfd (4) CONNECTED
Syntax description:
Correlator: Distinguish different IDs of the circuits
Local addr(LSAP) Local MAC address, with the “lsap” being the last SAP used by
the local device.
Remote addr(RSAP) Remote MAC address, with the “rsap” being the last SAP
used by the remote device.
State: State of the links.
Display the detail information of the virtual circuits.
<3Com> display dlsw circuits verbose
Correlator Local addr(LSAP) Remote addr(RSAP) State
2ce0005 0020.357b.e065 (4) 0000.1738.6dfd (4) CONNECTED
Port Ethernet 0/0/0
Direction:ORIGIN
Connection Time: 14:19:49
Flow Control: Transmit CW:40 GT:0 Receive CW:40 GT:0
Info-Frame: Transmit:0 Receive:0 Drop:0
536 CHAPTER 5: NETWORK PROTOCOL
View
Any view
Parameter
Description
Using the display dlsw information command, you can view the DLSw
exchange capability information. The output information of the command
facilitates the user to understand the status of the DLSw virtual circuit and perform
fault diagnosis.
Example
Display the general information of exchange capability.
<3Com> display dlsw information
DLSw: Capabilities for peer 10.10.20.1:
Vendor ID (OUI) : '00000c' (3Com)
Version number : 01
Release number : 00
Init Pacing Window : 40
Num of TCP sessions : 01
Mac address exclusive : no
NetBIOS Name exclusive : no
Mac address List : none
NetBIOS Name List : none
Configured IP address : 14.0.0.1
Version string :
Copyright (c) 1997-2002 3Com TECH CO., LTD.
■ Syntax description:
■ Version number: RFC 1795
■ Release number: Release version of RFC 1795
■ Init Pacing Window: Size of the initiated window
■ Num of TCP sessions: Number of TCP sessions
■ Mac address exclusive: Reachable MAC address registered in the router
■ NetBIOS Name exclusive: Reachable NetBIOS address registered in the
router
■ Mac address List: Reachable MAC address list
■ NetBIOS Name List: Reachable NetBIOS address
■ Configured IP address: Local IP address
■ Version string: Version number of 3Com’s router operation system
View
Any view
Parameter
ip-address: Displays the information of the remote peer with specified IP address
or of all the remote peers.
Description
Using the display dlsw remote command, you can view the information of the
remote peers. The output information helps the user to understand the
connection state between the DLSw and the remote peers.
Example
Display the information of the remote peers.
<3Com> display dlsw remote
Peers: State pkts_rx pkts_tx drops uptime
*TCP 11.0.0.1 DISCONNECT 0 0 0 00:00:00
*TCP 13.0.0.1 DISCONNECT 0 0 0 00:00:00
*TCP 14.0.0.1 CONNECT 1897 1899 0 14:26:22
Syntax description:
*TCP: The * mark indicates the connection can be created on the peer. If there is
no this mark before the TCP, it indicates it is an inactivated backup peer.
View
Any view
Parameter
Description
The display interface command is used to display statistical information of LLC2.
Example
View
System view
Parameter
Description
Using the dlsw bridge-set command, you can configure the bridge group to
connect DLSw . Using the undo dlsw bridge-set command, you can delete the
bridge.
In order to forward packets of specified bridge group to the remote end through
the TCP connection, a local bridge group needs to be connected with the DLSw by
using this command, that is, packets of the local bridge group can be sent to the
remote end through the TCP tunnel. This command can be used many times to
connect many bridge groups with the DLSw, and make them all capable of joining
the forwarding through the TCP tunnel.
Example
Configure the bridge group connected with the DLSw, with the ID of the bridge
group being 20.
[3Com] dlsw bridge-group 20
DLSw Configuration Commands 539
View
System view
Parameter
None
Description
Using the dlsw enable command, you can enable the DLSw performance. Using
the undo dlsw enable command, you can suspend the DLSw performance.
By default, the DLSw performance is enabled.
After this command is performed, the system will release all dynamic resources,
but retain the original configuration.
Example
Suspend the DLSw performance.
[3Com] undo dlsw enable
View
System view
Parameter
max-frame-size: Maximum length of the packet, which can be 516, 1470, 1500,
2052, 4472, 8144, 11407, 11454, or 17800 bytes.
Description
Using the dlsw local command, you can create the DLSw local peer. Using the
undo dlsw local command, you can delete the local peer or restore the default
values of the parameters.
The default init-window-size is 40. The default keepalive-interval is 30 seconds.
The default max-frame-size is 1500 bytes. The default max-window-size is 50.
To create the TCP tunnel is the first step for establishing the DLSw connection. In
order to create the TCP tunnel, the DLSw local peer is to be first configured to
specify the local IP address that creates the TCP connection before receiving the
TCP connection request initiated by the remote router. A router can only have one
local peer.
Example
Create the DLSw local peer, with the IP address being 1.1.1.1, the size of the local
response window being 50, time interval for sending the “keepalive” being 40
seconds, both the maximum length of the packet max-frame-size and the size of
the maximum local response window being the default value.
[3Com] dlsw local 1.1.1.1 init-window 50 keepalive 40
View
System view
Parameter
linger minutes: Linger time of the backup connection after the primary peer being
disconnected, ranging from 0 to 1440 minutes.
DLSw Configuration Commands 541
Description
Using the dlsw remote command, you can create the DLSw remote peer. Using
the undo dlsw remote command, you can delete the remote peer.
The default priority is 3. The default keepalive-interval is 30 seconds. The default
max-frame-size is 1500 bytes. The default max-queue-length is 200. The default
seconds is 90 seconds. The default minutes are 5 minutes.
After the local peer is configured, the remote peer needs to be configured to
create the TCP tunnel. The router will keep attempting to create the TCP
connection with the remote router. A router can be configured with several
remote peers so as to create the TCP tunnel with several remote routers.
The following deserves special attention on creating the remote backup-address:
1 In order to create the remote backup-address, the ip-address should be the IP
address of the backup peer end, and the backup backup-address should be the IP
address of the remote primary peer with the TCP connection already being
created. In other words, before creating the remote backup peer connection, the
user should ensure that the local end has created the TCP connection with a
remote primary peer. If the peer end backup peer is created the same time the
remote peer being first created, the system will prompt the following information:
Primary peer ip address does not exist
This prompt indicates that the user should first create a remote primary peer
before creating the backup peer.
2 If the backup link still exists after the TCP connection of the primary link is
interrupted, the TCP link can be retained (use the display dlsw remote
command and a TCP connection can be found still exist) till the backup link linger
minutes is also timeout.
Example
Create the DLSw remote peer, with the IP address being 2.2.2.2, the transmission
cost being 2, the time interval for sending the “keepalive” being 40 seconds, the
maximum length lf-size of the packet being the default value, and the size of the
TCP sending/receiving queue being 300.
[3Com] dlsw remote 2.2.2.2 priority 2 keepalive 40 max-queue 300
View
System view
Parameter
explorer-wait seconds: The waiting time of local explorer frames, ranging from 1
second to 65535 seconds. The default value is 30 seconds.
542 CHAPTER 5: NETWORK PROTOCOL
local-pending seconds: The local pending time, ranging from 1 second to 65535
seconds. The default value is 30 seconds.
cache seconds: Address saving time in SNA cache, ranging from 1 second to
65535 seconds. The default value is 120 seconds.
explorer seconds: The waiting time of remote explorer frames, ranging from 1
second to 65535 seconds. The default value is 30 seconds.
Description
Using the dlsw timer command, you can configure the DLSw timer parameters.
Using the undo dlsw timer command, you can restore the default value of the
DLSw timer parameters.
By configuring the DLSw timer, the various kinds of timers used for the DLSw to
create the virtual circuit can be revised, but the user is suggested not to revise the
DLSw timer parameters randomly.
Example
Configure the DLSw timer parameters, with the connected timeout being 200
seconds, the waiting timeout of the local explorer frame being 15 seconds, the
local waiting timeout being 15 seconds, the remote peer waiting timeout being 25
seconds, the SNA cache address timeout being the default value and the waiting
timeout of the remote explorer frame being the default value.
[3Com] dlsw timer connect 20 explorer-wait 15 local-pending 15 remote-pending 25
idle-mark Syntax
idle-mark
undo idle-mark
View
Synchronous serial interface view
Parameter
None
Description
Using the idle-mark command, you can configure the idle coding scheme of the
synchronous serial port. Using the undo idle-mark command, you can restore the
default idle coding scheme of the synchronous serial port.
By default, the synchronous serial port adopts the “7E” coding scheme.
3Com series routers encapsulate “7E” in the packets to identify the free time of
the SDLC serial interface, but some SDLC devices adopt full “1” high level instead.
In order to be better compatible to this kind devices, the idle coding scheme of the
router needs to be changed.
Sometimes when connecting with the AS/400, this command needs to be
configured to change the idle coding scheme and accelerate the AS/400 polling
speed.
DLSw Configuration Commands 543
Example
Configure the idle coding scheme of the synchronous serial port on the Serial1/0/0
as idle-mark.
[3Com-Serial1/0/0] idle-mark
View
Synchronous serial interface view
Parameter
None
Description
Using the link-protocol sdlc command, you can change the link layer
encapsulation protocol of the synchronous serial interface into SDLC.
By default, the encapsulated link layer protocol of the synchronous serial interface
is PPP.
The SDLC is a kind of link layer protocol relative to the SNA, with working principal
similar to that of the HDLC. In order for the DLSw to work normally, the link layer
encapsulation protocol of the synchronous serial interface should be changed into
SDLC.
Note all the IP related commands on the interface should be removed before
encapsulating the SDLC, as the SDLC link protocol cannot be used to carry the IP
protocol, for example, to delete the IP address on the interface, etc.
Example
Configure the encapsulation protocol on the Serial1/0/0 as SDLC.
[3Com-Serial1/0/0] link-protocol sdlc
View
Ethernet Interface view
Parameter
length: Length of the LLC2 advanced response window, ranging from 1 to 127.
Description
Using the llc2 max-ack command, you can configure the length of the advance
response window before the LLC2 sending the acknowledgement frame. Using
the undo llc2 max-ack command, you can restore the default length of the
advance response window before the LLC2 sending the acknowledgement frame.
By default, the length of the LLC2 advance response window is 3.
544 CHAPTER 5: NETWORK PROTOCOL
The LLC2 advance response window refers to the maximum receivable information
frames before sending the acknowledgement frame, that is, to send the response
packet in advance on receiving the packet n.
Example
Configure the length of the advanced response window before the LLC2 sends
the acknowledgement frame as 5.
[3Com-Ethernet1/0/0] llc2 max-ack 5
View
Ethernet Interface view
Parameter
length: The queue length sending the LLC2 packet, ranging from 20 to 200.
Description
Using the llc2 max-send-queue command, you can configure the queue length
sending the LLC2 packet. Using the undo llc2 max-send-queue command, you
can restore the default queue length sending the LLC2 packet.
By default, the queue length sending the LLC2 packet is 100. Example
Example
Configure the queue length sending the LLC2 packet as 30.
[3Com-Ethernet1/0/0] llc2 max-send-queue 30
View
Ethernet Interface view
Parameter
Description
Using the llc2 max-transmission command, you can configure the
retransmission times of the LLC2. Using the undo llc2 max-transmission
command, you can restore the default retransmission times of the LLC2.
By default, the LLC2 retransmission times are 20 times.
The LLC2 retransmission times refers to the times of resending information frames
before the acknowledgement frame is received from the peer end.
DLSw Configuration Commands 545
Example
Configure the LLC2 retransmission times as 10 times.
[3Com-Ethernet1/0/0] llc2 max-transmission 10
View
Ethernet Interface view
Parameter
Description
Using the llc2 modulo command, you can configure the modulus of the LLC2.
Using the undo llc2 modulo command, you can restore the default modulus of
the LLC2.
By default, the modulus of the LLC2 is 128.
LLC2, like X25, adopts modulus mode to number information packets, and the
modulus of LLC2 is 8 or 128. Ethernet generally uses modulus 128.
Example
Restore the default modulus of the LLC2.
[3Com-Ethernet1/0/0] undo llc2 modulo
View
Ethernet Interface view
Parameter
Description
Using the llc2 receive-window command, you can configure the maximum
packets that can be sent before the LLC2 receives the acknowledgement frame.
Using the undo llc2 receive-window command, you can restore the default
value of the maximum packets that can be sent before the acknowledgement
frame is received.
By default, the length of the LLC2 local response window is 7.
The LLC2 local response window refers to the maximum packets that can be sent
continuously before the acknowledgement frame is received.
546 CHAPTER 5: NETWORK PROTOCOL
Example
Configure the maximum packets that can be sent before the LLC2 receives the
acknowledgement frame as 10.
[3Com-Ethernet1/0/0] llc2 receive-window 10
View
Ethernet Interface view
Parameter
Description
Using the llc2 timer ack command, you can configure the LLC2 local response
time. Using the undo llc2 timer ack command, you can restore the default value
of the LLC2 local response time.
By default, the LLC2 local response time is 200ms.
The LLC2 local response time refers to the maximum waiting time for the response
from the peer end after an LLC2 data packet is sent.
Example
Configure the LLC2 local response time as 10ms.
[3Com-Ethernet1/0/0] llc2 timer ack 10
View
Ethernet Interface view
Parameter
Description
Using the llc2 timer ack-delay command, you can configure the local
acknowledgement delay time when the LLC2 receives information frames. Using
the undo llc2 timer ack-delay command, you can restore the default value of
the local acknowledgement delay time when the LLC2 receives information frame.
By default, the LLC2 local acknowledgement delay time is 100ms.
The LLC2 local acknowledgement delay time refers to the maximum waiting time
for delayed acknowledgement on receiving an LLC2 data packet.
DLSw Configuration Commands 547
Example
Configure the local acknowledgement delay time for received information frames
as 200 milliseconds.
[3Com-Ethernet1/0/0] llc2 timer ack-delay 200
View
Ethernet Interface view
Parameter
Description
Using the llc2 timer busy command, you can configure the LLC2 BUSY time.
Using the undo llc2 timer busy command, you can restore the default value of
the LLC2 BUSY time.
By default, the LLC2 BUSY time is 300ms.
The LLC2 BUSY time refers to the waiting time before repolling a busy station.
Example
Configure the LLC2 BUSY time as 200ms.
[3Com-Ethernet1/0/0] llc2 timer busy 200
View
Ethernet Interface view
Parameter
mseconds: LLC2 P/F waiting time, ranging from 1 to 60000ms.
Description
Using the llc2 timer poll command, you can configure the P/F waiting time of the
LLC2. Using the undo llc2 timer poll command, you can restore the default value
of the LLC2 P/F waiting time.
By default, the LLC2 P/F waiting time is 5000ms.
The LLC2 P/F waiting time refers to the time of waiting for the acknowledgement
frame after the frame P is sent.
Example
Configure the LLC2 P/F waiting time as 2000ms.
548 CHAPTER 5: NETWORK PROTOCOL
View
Ethernet Interface view
Parameter
Description
Using the llc2 timer reject command, you can configure the REJ time of the LLC2.
Using the undo llc2 timer reject command, you can restore the default value of
the LLC2 REJ time.
By default, the LLC2 REJ time is 500ms.
The LLC2 REJ time refers to the waiting time for the acknowledgement frame to
come after a deny frame is sent.
Example
Configure the LLC2 REJ time as 2000ms.
[3Com-Ethernet1/0/0] llc2 timer reject 2000
View
User view
Parameter
None
Description
Using the reset dlsw bridge-entry command, you can clear the entry cache
information in the DLSw bridge group.
Example
Clear the entry cache information in the DLSw bridge group.
<3Com> reset dlsw bridge-entry
View
User view
DLSw Configuration Commands 549
Parameter
Description
Using the reset dlsw circuits command, you can clear the DLSw virtual circuit
information.
Example
Clear the virtual circuit information with the virtual circuit number of 100.
<3Com> reset dlsw circuits 100
View
Synchronous serial interface view
Parameter
Description
Using the sdlc controller command, you can configure the secondary station
address of the SDLC. Using the undo sdlc controller command, you can delete
the secondary station address of the SDLC.
By default, the secondary station address of the SDLC is not configured.
The SDLC protocol permits several virtual circuits running on a single SDLC
physical link, with one end connected with the primary station and the other end
connected with the secondary station. In order to distinguish each virtual circuit,
their SDLC addresses need to be designated. Because the SDLC is in unbalanced
mode, a primary device can connect with several secondary devices through the
medium of shared machine or SDLC switches, while the secondary devices cannot
be connected with each other. And there can exist one and only primary device if
any. In this sense, the SDLC devices in the same group can be guaranteed to
communicate with each other normally only if the addresses of the secondary
devices are specified. This command specifies the SDLC address, which is unique
on a physical interface, for the virtual circuit. The configured SDLC address on
synchronous serial interface is virtually the address of the SDLC secondary station.
The SDLC address ranges from 0x01 to 0xFE. The SDLC address of a router is only
valid on one physical interface, that is, the SDLC addresses configured on different
interfaces can be same.
Example
Configure the secondary station address of the SDLC on the Serial1/0/0 as 0x05.
[3Com-Serial1/0/0] sdlc controller 05
550 CHAPTER 5: NETWORK PROTOCOL
View
Synchronous serial interface view
Parameter
Description
Using the sdlc mac-map local command, you can configure the virtual MAC
address of the SDLC. Using the undo sdlc mac-map local command, you can
delete the virtual MAC address of the SDLC.
By default, the SDLC has no virtual MAC address.
Example
Configure the virtual MAC address of the SDLC.
[3Com-Serial1/0/0] sdlc mac-map local 0000-e81c-b6bf
View
Synchronous serial interface view
Parameter
Description
Using the sdlc mac-map remote command, you can configure the SDLC peer.
Using the undo sdlc mac-map remote command, you can delete the SDLC peer.
By default, the synchronous serial interface has no peer.
This command is used to specify the MAC address of a peer end for an SDLC
virtual circuit so as to provide the destination MAC address on the transformation
from the SDLC to the LLC2. When configuring the DLSw, an SDLC address should
be configured a related partner (peer). The MAC address of the partner (peer)
should be the MAC address of the remote SNA device (physical addresses of such
devices as the Ethernet and the Token-Ring), or the MAC address of the peer end
compounded by the SDLC.
Example
Configure the SDLC peer.
[3Com-Serial1/0/0] sdlc mac-map remote 00E0-FC00-0010 0x05
DLSw Configuration Commands 551
View
Synchronous serial interface view
Parameter
n: The maximum receivable frame length of the SDLC, ranging from 1 to 17600
bytes.
Description
Using the sdlc max-pdu command, you can configure the maximum receivable
frame length of the SDLC. Using the undo sdlc max-pdu command, you can
restore the default value of the SDLC maximum receivable frame length.
By default, the maximum receivable frame length of the SDLC is of 265 bytes.
The SDLC maximum frame length refers to the bytes of the largest packet that can
be received and sent, excluding the parity bit and the start/stop bit.
The maximum receivable frame length of some PU2.0 devices is of 265 bytes, and
that of IBM AS/400 is generally of 521 bytes. Usually we need to configure it the
same value as the connected SDLC device.
Example
Configure the maximum receivable frame length of the SDLC as 512.
[3Com-Serial1/0/0] sdlc max-pdu 521
View
Synchronous serial interface view
Parameter
length: The queue length sending the SDLC packet, ranging from 20 to 255.
Description
Using the sdlc max-send-queue command, you can configure the queue length
sending the SDLC packet. Using the undo sdlc max-send-queue command, you
can restore the default value of the queue length sending the SDLC packet.
By default, the queue length sending the SDLC packet is 50.
Example
Configure the queue length sending the SDLC packet on the Serial1/0/0 as 30.
[3Com-Serial1/0/0] sdlc max-send-queue 30
552 CHAPTER 5: NETWORK PROTOCOL
View
Synchronous serial interface view
Parameter
retries: The SDLC timeout retransmission times, ranging from 1 to 255 times.
Description
Using the sdlc max-transmission command, you can configure the SDLC
timeout retransmission times. Using the undo sdlc max-transmission command,
you can restore the default value of the SDLC timeout retransmission times.
By default, the SDLC timeout retransmission times are 20.
The SDLC timeout retransmission times (N2) refers to the retransmission times
before receiving the acknowledgement packet from the peer end.
Example
Configure the SDLC timeout retransmission times as 30.
[3Com-Serial1/0/0] sdlc max-transmission 30
View
Synchronous serial interface view
Parameter
Description
Using the sdlc modulo command, you can configure the modulus of the SDLC.
Using the undo sdlc modulo command, you can restore the default modulus of
the SDLC.
By default, the SDLC modulus is 8.
SDLC, like X25, adopts modulus mode to number information packets, and the
modulus of SDLC is 8 or 128. Generally modulus 8 is selected.
Example
Restore the default modulus of the SDLC.
[3Com-Serial1/0/0] undo sdlc modulo
View
Synchronous serial interface view
Parameter
lsap: The virtual SAP address set by the device connected with the local interface.
Description
Using the sdlc sap-map local command, you can configure the SAP address on
transforming the SDLC into the LLC2. Using the undo sdlc sap-map local
command, you can restore the default value of the LLC2 SAP address.
By default, lsap is 04.
When the SDLC packet is translated into the LLC2 packet, the SAP address is
needed besides the MAC address.
Generally speaking, the SAP address of the SNA protocol is 0x04 or 0x08 or 0x0C.
For related configuration, please see the sdlc sap-map remote command.
Example
Configure the SAP address on translating the SDLC into the LLC2.
[3Com-Serial1/0/0] sdlc sap-map local 08 05
View
Synchronous serial interface view
Parameter
dsap: The SAP address of the DLSw peer device. By default, dsap is 04.
Description
Using the sdlc sap-map remote command, you can configure the remote DLSw
device SAP address when SDLC is translated into LLC2. And using the undo sdlc
sap-map remote command, you can restore the default value.
When the SDLC packet is translated into the LLC2 packet, the SAP address is
needed besides the MAC address.
Generally speaking, the SAP address of the SNA protocol is 0x04 or 0x08 or 0x0C.
For related configuration, please see sdlc sap-map local.
554 CHAPTER 5: NETWORK PROTOCOL
Example
Configure the remote DLSw device SAP address when SDLC is translated into
LLC2.
[3Com-Serial1/0/0] sdlc sap-map remote 0C 05
View
Synchronous serial interface view
Parameter
None
Description
Using the sdlc simultaneous command, you can configure the SDLC data to use
the bidirectional transmission mode. Using the undo sdlc simultaneous
command, you can stop the SDLC data to use the bidirectional transmission mode.
By default, the SDLC data are transmitted in bidirectional mode.
This command configures the synchronous serial interface to work in bidirectional
data simultaneous transmission mode. That is, the SDLC primary station can send
data to the secondary station and receive data at the same time.
Example
Configure the SDLC data to use the bidirectional transmission mode.
[3Com-Serial1/0/0] sdlc simultaneous
View
Synchronous serial interface view
Parameter
primary: The primary station of the end, controlling the whole connection
process.
secondary: The secondary station of the end, controlled by the primary station.
Description
Using the sdlc role command, you can configure the SDLC role the device acts.
Using the undo sdlc role command, you can restore the default SDLC role.
By default, the device has no role.
The SDLC is a kind of link layer protocol in unbalanced mode. That is, the statuses
of the devices on the two connected ends are unequal, one is primary and the
DLSw Configuration Commands 555
other is secondary. The primary side, being the primary station, whose role is
primary, plays the dominant role and controls the whole connection process. While
the other side, being the secondary station, whose role is secondary, receives
control passively.
Therefore, the user needs to configure the role for the interface encapsulated with
SDLC protocol. On the SDLC role configuration, the roles should be decided by the
status of the SDLC device connected with the local router. If the SDLC device
connected with the local interface is primary, the local interface is to be set
secondary, and vice versa.
In general, the central IBM mainframe is primary, whereas terminal devices,
including UNIX hosts and ATM, are secondary.
Example
Configure the SDLC device connected with the Serial1/0/0 as primary, and the
local interface as secondary.
[3Com-Serial1/0/0] sdlc role secondary
View
Synchronous serial interface view
Parameter
mseconds: The SDLC primary station response waiting time, ranging from 1 to
60000ms.
Description
Using the sdlc timer ack command, you can configure the SDLC primary station
response waiting time (mseconds). Using the undo sdlc timer ack command, you
can restore the default value of the SDLC primary station response waiting time.
By default, the configured SDLC primary station response waiting time is 3000ms.
The primary station response waiting time (mseconds) refers to the waiting time
for the response from the secondary station after the primary station sends
information frames.
Example
Configure the SDLC primary station response waiting time (mseconds) as 2000ms.
[3Com-Serial1/0/0] sdlc timer ack 2000
View
Synchronous serial interface view
556 CHAPTER 5: NETWORK PROTOCOL
Parameter
mseconds: The SDLC secondary station response waiting time, ranging from 1 to
60000ms.
Description
Using the sdlc timer lifetime command, you can configure the SDLC secondary
station response waiting time (mseconds). Using the undo sdlc timer lifetime
command, you can restore the default value of the SDLC secondary station
response waiting time.
By default, the SDLC secondary station response waiting time (mseconds) is
500ms.
The secondary station response waiting time (mseconds) refers to the waiting time
for the response from the primary station after the secondary station sends
information frames.
Example
Configure the SDLC secondary station response waiting time (mseconds) as
1000ms.
[3Com-Serial1/0/0] sdlc timer lifetime 1000
View
Synchronous serial interface view
Parameter
Description
Using the sdlc timer poll command, you can configure the SDLC poll pause timer.
Using the undo sdlc timer poll command, you can restore the default value of
the SDLC poll pause timer.
By default, the SDLC poll pause timer is 1000ms.
The SDLC poll pause timer refers to the waiting interval between the two SDLC
nodes polled by the SDLC primary station.
Example
Configure the SDLC poll pause timer as 200ms.
[3Com-Serial1/0/0] sdlc timer poll 200
View
Synchronous serial interface view
Parameter
Description
Using the sdlc window command, you can configure the length of the SDLC
local response window. Using the undo sdlc window command, you can restore
the default length of the SDLC local response window.
By default, the default length of the SDLC local response window is 7.
The SDLC local response window refers to the maximum packets number that can
be sent continuously without waiting for the response from the peer end.
Example
Configure the length of the SDLC local response window on the Serial1/0/0 as 5.
[3Com-Serial1/0/0] sdlc window 5
View
Synchronous serial interface view
Parameter
Description
Using the sdlc xid command, you can configure the XID of the SDLC. Using the
undo sdlc xid command, you can delete the XID of the SDLC.
By default, the synchronous serial interface has no XID of the SDLC.
The XID is the ID of a device in the SNA world. Generally speaking, there are two
kinds of devices: PU2.0 and PU2.1. The XID has been automatically configured on
the PU2.1 devices and they can announce their IDs by exchanging the XID. The
PU2.0 devices did not exchange the ID, so they can not get ID automatically.
Therefore, this command needs not to be configured on PU2.1 typed devices,
whereas it is needed to specify an XID for PU2.0 typed devices.
Example
Configure the XID of the SDLC, in which the xid-number is 0x2000.
[3Com3Com-Serial1/0/0] sdlc xid 05 2000
558 CHAPTER 5: NETWORK PROTOCOL
ROUTING PROTOCOL
6
For the specific examples and parameter explanation of VPN instance, refer to the
“MPLS” module of this manual.
Display Commands of
the Routing Table
View
Any view
Parameter
None
Description
Using the display ip routing-table command, you can view the routing table
summary.
This command views routing table information in summary form. Each line
represents one route. The contents include destination address/mask length,
protocol, preference, cost, next hop and output interface.
Only current used route, i.e., best route, is displayed via the display ip
routing-table command.
Example
View the summary of current routing table.
<3Com> display ip routing-table
Routing Table: public net
Destination/Mask Proto Pre Cost Nexthop Interface
1.1.1.0/24 DIRECT 0 0 1.1.1.1 Interface serial1/0/0
1.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
2.2.2.0/24 DIRECT 0 0 2.2.2.1 Interface serial2/0/0
2.2.2.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
3.3.3.0/24 DIRECT 0 0 3.3.3.1 Interface ethernet1/0/0
3.3.3.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
4.4.4.0/24 DIRECT0 0 4.4.4.1 Interface ethernet2/0/0
4.4.4.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
127.0.0.0/8 DIRECT 0 0 127.0.0. 1 InLoopBack0
127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
560 CHAPTER 6: ROUTING PROTOCOL
View
Any view
Parameter
verbose: The verbose information of both the active and inactive routes that
passed filtering rules. Without this parameter, this command only displays the
summary of the active routes that passed filtering rules.
Description
Using the display ip routing-table acl command, you can view the route filtered
through specified basic access control list (ACL).
The command is used in tracking route policy to display the route that passed the
filtering rule according to the input basic ACL number or name.
The command is only applicable to view the route that passed basic ACL filtering
rules.
Example
View the summary of active routes that are filtered through basic ACL 1.
<3Com> display ip routing-table acl 1
Routes matched by access-list 1:
Summary count: 4
Destination/MaskProtoPreCost NexthopInterface
127.0.0.0/8Direct00 127.0.0.1InLoopBack0
127.0.0.1/32Direct00 127.0.0.1InLoopBack0
169.0.0.0/8Static60 0 2.1.1.1LoopBack1
169.0.0.0/15Static6002.1.1.1LoopBack1
Display the verbose information of the active and inactive routes that are filtered through basic
ACL1.
<3Com> display ip routing-table acl 1 verbose
Routes matched by access-list 1:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:5
**Destination: 127.0.0.0Mask: 255.0.0.0
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 127.0.0.1Mask: 255. 255. 255. 255
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NotInstall NoAdvise Int ActiveU Retain Gateway Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 179.0.0.0Mask: 255.0.0.0
Display Commands of the Routing Table 561
Protocol: StaticPreference: 60
*NextHop: 4.1.1.1
Vlinkindex: 0
State: <Int Hidden Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.254.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
View
Any view
Parameter
longer-match: Indicates all route destination addresses are matched in the natural
mask range.
verbose: With the verbose parameter, this command displays the verbose
information of both the active and inactive routes. Without the parameter, this
command only displays the summary of active routes.
Description
Using the display ip routing-table ip_address command, you can view the
routing information of the specified destination address.
With different optional parameters, the output of the command is different. The
following is the output description for different forms of this command:
This command only displays the route fully matching with specified destination
address and mask.
This command displays all route destination addresses matching with destination
addresses in natural mask range.
Example
There is corresponding route in natural mask range. View the summary.
<3Com> display ip routing-table 169.0.0.0
Routing Tables:
Summary count:1
Destination/MaskProtoPreCost NexthopInterface
169.0.0.0/16Static6002.1.1.1LoopBack1
There is no corresponding route (only the longest matching route is displayed) in natural mask
range and summary is viewed.
<3Com> display ip routing-table 169.253.0.0
Routing Tables:
Summary count:1
Destination/MaskProtoPreCost NexthopInterface
169.0.0.0/8Static60 02.1.1.1LoopBack1
There are corresponding routes in the natural mask range. View the detailed information.
<3Com> display ip routing-table 169.0.0.0 verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:2
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.254.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
There are no corresponding routes in the natural mask range (only display the longest matching
route). View the detailed information.
<3Com> display ip routing-table 169.253.0.0 verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:1
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: -60
*NextHop: 2.1.1.1
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
View
Any view
Parameter
verbose: With the verbose parameter, this command displays the verbose
information of both the active and inactive routes. Without the parameter, this
command only displays the summary of active routes.
Description
Using the display ip routing-table ip_address1 ip_address2 command, you
can view the routing information in the specified destination address range.
Example
View the routing information of destination addresses ranging from 1.1.1.0 to
2.2.2.0.
<3Com> display ip routing-table 1.1.1.0 24 2.2.2.0 24
Routing tables:
Summary count: 3
Destination/Mask Proto Pre Cost Nexthop Interface
1.1.1.0/24 DIRECT 0 0 1.1.1.1 Interface serial1/0/0
1.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
2.2.2.0/24 DIRECT 0 0 2.2.2.1 Interface serial2/0/0
View
Any view
Parameter
verbose: With the parameter, this command displays the verbose information of
both the active and inactive routes that passed filtering rules. Without the
parameter, this command displays the summary of the active routes that passed
filtering rules.
Description
Using the display ip routing-table ip-prefix command, you can view the route
that passed the filtering rule according to the specified ip prefix list.
If there is no specified prefix list, this command will display the verbose
information of all active and inactive routes with the parameter verbose and it will
display the summary of all active routes without the parameter verbose.
564 CHAPTER 6: ROUTING PROTOCOL
Example
Display the summary of the active route that is filtered through ip prefix list abc2.
<3Com> display ip routing-table ip-prefix abc2
Routes matched by ip-prefix abc2:
Summary count: 4
Destination/MaskProtoPreCost NexthopInterface
127.0.0.0/8Direct00 127.0.0.1InLoopBack0
127.0.0.1/32Direct00 127.0.0.1InLoopBack0
169.0.0.0/8Static600 2.1.1.1LoopBack1
169.0.0.0/15Static6002.1.1.1LoopBack1
Display the verbose information of the active and inactive routes that are filtered through ip
prefix list abc2.
<3Com> display ip routing-table ip-prefix abc2 verbose
Routes matched by ip-prefix abc2:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:4
**Destination: 127.0.0.0Mask: 255.0.0.0
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 127.0.0.1Mask: 255. 255. 255. 255
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NotInstall NoAdvise Int ActiveU Retain Gateway Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 179.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference:-60
*NextHop: 4.1.1.1
Vlinkindex: 0
State: <Int Hidden Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47 Metric: 0/0
**Destination: 169.0.0.0Mask: 255.254.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47 Metric: 0/0
View
Any view
Display Commands of the Routing Table 565
Parameter
inactive: With the parameter, this command displays the inactive route
information. Without the parameter, this command displays the active and
inactive route information.
verbose: With the verbose parameter, this command displays the verbose routing
information. Without the parameter, this command displays the route summary.
Description
Using the display ip routing-table protocol command, you can view the routing
information of specified protocol.
Example
Display all direct connection routes summary.
<3Com> display ip routing-table protocol direct
DIRECT Routing tables:
Summary count: 4
DIRECT Routing tables status:<active>:
Summary count: 3
Destination/MaskProto Pre Cost NexthopInterface:
20.1.1.1/32DIRECT 00127.0.0.1InLoopBack0
127.0.0.0/8DIRECT 00127.0.0.1InLoopBack0
127.0.0.1/32DIRECT 00127.0.0.1InLoopBack0
DIRECT Routing tables status:<inactive>:
Summary count: 1
Destination/MaskProto PreCostNexthopInterface
210.0.0.1/32DIRECT 0 0127.0.0.1InLoopBack0
Display the static routing table.
<3Com> display ip routing-table protocol static
STATIC Routing tables:
Summary count: 1
STATIC Routing tables status:<active>:
Summary count: 0
STATIC Routing tables status:<inactive>:
Summary count: 1
Destination/Mask Proto Pre Cost Nexthop Interface
1.2.3.0/24 STATIC 60 0 1.2.4.5 Ethernet 2/0/0
566 CHAPTER 6: ROUTING PROTOCOL
View
Any view
Parameter
None
Description
Using the display ip routing-table radix command, you can view the routing
table information in a tree structure.
Example
View the routing table information in a tree structure.
<3Com> display ip routing-table radix
Radix tree for INET (2) inodes 7 routes 5:
+-32+--{210.0.0.1
+--0+
| | +--8+--{127.0.0.0
| | | +-32+--{127.0.0.1
| +--1+
| +--8+--{20.0.0.0
| +-32+--{20.1.1.1
View
Any view
Parameter
None
Description
Using the display ip routing-table statistics command, you can view the
integrated routing information.
The integrated routing information includes total route amount, the route amount
added or deleted by protocol, amount of the routes that are labeled deleted but
not deleted, the active route amount and inactive route amount.
Example
Display the integrated routing information.
<3Com> display ip routing-table statistics
Routing tables:
Protorouteactiveaddeddeletedfreed
BGP 0 0 000
DIRECT5 4 5 00
RIP 0 0 000
STATIC0 0 0 00
IS-IS0 0 0 00
Display Commands of the Routing Table 567
OSPF 0 0 000
O_ASE0 0 0 00
O_NSSA0 0 0 00
Total 5 4 500
View
Any view
Parameter
None
Description
Using the display ip routing-table verbose command, you can view the verbose
routing table information.
With the verbose parameter, this command displays the verbose routing table
information. The descriptor describing the route state will be displayed first, then
the statistics of the entire routing table will be output and finally the verbose
description of each route will be output.
All current routes, including inactive routes and invalid routes, can be displayed
using the display ip routing-table verbose command.
Example
Display the verbose routing table information.
<3Com> display ip routing-table verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Destinations: 4 Routes: 4
Holddown: 0 Delete: 9 Hidden: 0
**Destination: 127.0.0.0 Mask: 255.0.0.0
Protocol: Static Preference: 0
*NextHop: 127.0.0.1 Interface: 127.0.0.1(LO0)
State: <NoAdv Int Active Retain Rej>
Age: 19:31:06 Metric: 0/0
**Destination: 127.0.0.1 Mask: 255.255.255.255
Protocol: Direct Preference: 0
*NextHop: 127.0.0.1 Interface: 127.0.0.1(LO0)
State: <NoAdv Int Active Retain>
Age: 114:03:05 Metric: 0/0
568 CHAPTER 6: ROUTING PROTOCOL
The statistics of the entire routing table is displayed first, then the verbose
description of each route is output. The meanings of route state parameters are
explained in the following table:
Table 1 Description of the output information of the display ip routing-table verbose
command
View
Any view
Parameter
verbose: With the parameter, the command displays the verbose routing
information. Without the parameter, the command displays the route summary.
Description
Using the display ip routing-table vpn-instance command, you can view RIP
information associated with vpn instance address family.
Given that both ip-address and verbose are configured in the command, you can
view all routes to the specified IP address in the VPN-instance, including the local
routes as well as the routes learned from the remote.
Example
Display details of the routes to 10.1.1.1 in the VPN-instance vpn1.
<3Com> display ip routing-table vpn-instance vpn1 10.1.1.1 verbose
Routing tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both * = Next hop in use
Summary count: 2
**Destination: 10.1.1.1 Mask: 255.255.255.255
Protocol: DIRECT Preference: 0
*NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0)
Static Route Configuration Commands 569
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 54 Cost: 0/0
**Destination: 10.1.1.0 Mask: 255.255.255.0
Protocol: DIRECT Preference: 0
*NextHop: 10.1.1.1 Interface: 10.1.1.1(LoopBack0)
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 54 Cost: 0/0
Static Route
Configuration
Commands
View
System view
Parameter
None
Description
Using the delete static-routes all command, you can cancel all the static routes.
When this command is used to cancel static routes, the user should confirm the
settings before all the configured static routes are canceled.
For the related command, see display ip routing-table and ip route-static.
Example
Delete all the static routes configured on router.
[3Com] delete static-routes all
This will erase all unicast static routes and their configurations, you must reconfigure all static
routes
Are you sure to delete all the static routes?[Y/N]y
ip route-static Syntax
■ ip route-static ip-address { mask | mask-length } { interface-name | nexthop-address }
[ preference preference-value ] [ reject | blackhole ]
■ undo ip route-static ip-address { mask | mask-length } [ interface-name |
nexthop-address ] [ preference preference-value ]
570 CHAPTER 6: ROUTING PROTOCOL
View
System view
Parameter
mask: Mask.
mask-length: Mask length. Since "1" s in the 32-bit mask are required to be
consecutive, the mask in dotted decimal notation can be replaced by mask-length,
which is the number of the consecutive "1" s in the mask.
interface-name: Specifies the outbound interface name of the static route. The
interfaces of the public network or under other vpn-instances can be taken as the
outbound interface of the static route.
nexthop-address: Specifies the next hop IP address (in dotted decimal notation) of
the static route.
preference-value: Preference level of the static route in the range from 1 to 255.
Description
Using the ip route-static command, you can configure a static route. Using the
undo ip route-static command, you can cancel the configured static route.
Using the ip route-static vpn-instance command, you can configure a static route.
In the application of multi-role host, you can configure a static route on a private
network to specify the interface of another private network or public network as
its outbound interface. Using the undo ip route-static vpn-instance command,
you can remove the static route configuration.
By default, the system can obtain the sub-net route directly connected with the
router. When configuring a static route, the default preference is 60 if it is not
specified. If it is not specified as reject or blackhole, the route will be reachable by
default.
Precautions when configuring static route:
■ When the destination IP address and the mask are both 0.0.0.0, it is the
default route. If there are no route entries for a specific destination If it is
RIP Configuration Commands 571
failed to detect the routing table, a packet will be forwarded along the
default route.
■ For different configuration of preference level, flexible routing management
policy can be adopted. For example, configure multiple routes to the same
destination. Load sharing can be fulfilled by specifying the same preference
for the routes. Route backup can be realized by specifying different
preferences.
■ To configure static route, either transmission interface or next hop address
can be specified, which one is adopted in practice depends on actual
condition. For the interfaces supporting the resolution from network
address to link layer address or point-to-point interface, transmission
interface or next hop address can be specified. But for NBMA interfaces,
such as the interface or dialing interface encapsulated with X.25 or
frame-relay, they support point-to-multi-point. Except IP route is configured,
secondary route, i.e. the map from IP address to link layer address should be
established on link layer. In such condition, transmission interface cannot be
specified and the next hop IP address should be configured when
configuring static route.
■ VT interface cannot be configured as outbound interface.
In some conditions (for example, the link layer is encapsulated with PPP),
transmission interface can be specified when opposite address cannot be learned
in router configuration. After specifying transmission interface, the configuration
of this router is unnecessary to be modified as opposite address changes.
Example
Configure the next hop of the default route as 129.102.0.2.
[3Com] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2
Configure the static route, whose destination address is 100.1.1.1 and whose next-hop address
is 1.1.1.2.
[3Com] ip route-static vpn-instance vpn1 100.1.1.1 16 vpn-instance vpn1 1.1.1.2
RIP Configuration For the specific examples and parameter explanation of VPN instance, refer to
Commands “MPLS” module of this manual.
checkzero Syntax
checkzero
undo checkzero
View
RIP view
Parameter
None
572 CHAPTER 6: ROUTING PROTOCOL
Description
Using the checkzero command, you can check the zero field of RIP-1 packet.
Using the undo checkzero command, you can cancel the check of the zero fields.
Example
Configure not to perform zero check for RIP-1 packet.
[3Com-rip] undo checkzero
debugging rip
Syntax
debugging rip { packet | receive | send }
View
User view
Parameter
Description
Using the debugging rip command, you can enable the RIP packet debugging.
Using the undo debugging rip command, you can disable the RIP packet
debugging.
Users can learn the current information of receiving and sending RIP packets on
each interface by using this command.
Example
Enable the RIP packets debugging.
<3Com> debugging rip packet
View
RIP view
RIP Configuration Commands 573
Parameter
value: Default routing cost to be set, ranging from 1 to 16.The default value is 1.
Description
Using the default cost command, you can configure the default routing cost of
an imported route. Using the undo default cost command, you can restore the
default value.
If no specific routing cost is specified when importing other protocol routes with
the import-route command, the importing will be performed with the default
routing cost specified by the default cost command.
For the related command, see import-route.
Example
Set the default routing cost of importing other route protocol routes as 3.
[3Com-rip] default cost 3
View
Any view
Parameter
None
Description
Using the display rip command, you can view the current RIP running state and
its configuration information.
Example
Display the current running state and configuration information of the RIP
protocol.
<3Com> display rip
RIP is turned on
public net VPN-Instance
Checkzero is on Default cost : 1
Summary is on Preference : 100
Period update timer : 30
Timeout timer : 180
Garbage-collection timer : 120
No peer router
Table 2 Description of the output information of the display rip command
Item Description
RIP is turned on RIP is enabled.
public net VPN-Instance Public networks in the VPN-instance
Checkzero is on Enables checkzero of RIP.
Default cost : 1 The default cost of the imported route is 1.
Summary is on Enables route summary of RIP.
574 CHAPTER 6: ROUTING PROTOCOL
Item Description
Preference : 100 The preference of RIP is 100.
Period update timer : 30 Timeout timer : 180
Garbage-collection timer : 120 Setting on the three timers of RIP
No peer router RIP has no peer router.
View
Any view
Parameter
Description
Using the display rip vpn-instance command, you can view the related
configuration of VPN instance of RIP.
Example
None
View
RIP view
Parameter
acl-number: Access control list number used for filtering the destination addresses
of the routing information.
ip-prefix-name: Name of address prefix list used for filtering the destination
addresses of the routing information.
Description
Using the filter-policy export command, you can configure to filter the
advertised routing information by RIP. Using the undo filter-policy export
command, you can configure not to filter the advertised routing information.
By default, RIP does not filter the advertised routing information.
For the related commands, see acl, filter-policy import, and ip ip-prefix.
RIP Configuration Commands 575
Example
Filter the advertised route information according to acl 3.
[3Com-rip] filter-policy 3 export
View
RIP view
Parameter
ip-prefix-name: Name of address prefix list used for filtering the destination
addresses of the routing information.
acl-number: Access control list number used for filtering the destination addresses
of the routing information.
gateway ip-prefix-name: Name of address prefix list used for filtering the
addresses of the neighboring routers advertising the routing information.
Description
Using the filter-policy gateway command, you can configure to filter the
received routing information distributed from the specified address. Using the
undo filter-policy gateway command, you can configure not to filter the
received routing information distributed from the specified address.
Using the filter-policy import command, you can configure the filtering to the
received global routing information. Using the undo filter-policy import
command, you can disable filtering to the received global routing information
By default, RIP does not filter the received routing information.
The range of the routes received by RIP can be controlled by specifying the access
control list and the address prefix list.
For the related command, see acl, filter-policy export, and ip ip-prefix.
Example
Configure the filtering of the global routing information according to acl 3.
[3Com-rip] filter-policy 3 import
host-route Syntax
host-route
undo host-route
View
RIP view
576 CHAPTER 6: ROUTING PROTOCOL
Parameter
None
Description
Using the host-route command, you can control the RIP to accept the host route.
Using the undo host-route command, you can reject the host route.
By default, router accepts the host route.
In some special cases, RIP receives a great number of host routes in the same
network segment. These routes cannot help the path searching much but occupy
a lot of resources. In this case, the undo host-route command can be used to
reject host routes.
Example
Configure RIP to reject a host route.
[3Com-rip] undo host-route
import-route Syntax
import-route protocol [ cost value ] [ route-policy route-policy-name ]
undo import-route protocol
View
RIP view
Parameter
Description
Using the import-route command, you can import the routes of other protocols
into RIP. Using the undo import-route command, you can cancel the routes
imported from other protocols.
By default, RIP does not import any other routes.
The import-route command is used to import the route of another protocol by
using a certain value. RIP regards the imported route as its own route and
transmits it with the specified value. This command can greatly enhance the RIP
capability of obtaining routes, thus increasing the RIP performance.
If the cost value is not specified, routes will be imported according to the default
cost. It is in the range of 1 to 16. If it is larger than or equal to 16, it indicates an
unreachable route and the transmission will be stopped in 120 seconds.
For the related command, see default cost.
RIP Configuration Commands 577
Example
Import a static route with cost being 4.
[3Com-rip] import-route static cost 4
Set the default cost and import an OSPF route with the default cost.
[3Com-rip] default cost 3
[3Com-rip] import-route ospf
View
RIP view
Parameter
vpn-instance-name: Associates the specified VPN instance with the IPv4 address
family. Enter the MBGP address family view of RIP with this parameter.
Description
Using the ipv4-family command, you can enter MBGP address family view of RIP.
Using the undo ipv4-family command, you can cancel all configurations in
extended address family view.
ipv4-family command is used to enter the MBGP address family view. In this
view, parameters related to address family can be configured for RIP.
undo ipv4-family command is only used in RIP view.
The ipv4-family vpn-instance command is used for BGP/MPLS VPN. For related
description, refer to “MPLS VPN“ section in module “MPLS” chapter of this
manual.
For the related command, see display rip vpn-instance.
Example
None
network Syntax
network network-address
undo network network-address
View
RIP view
Parameter
network-address: Address of the network enabled/disabled. It can be the IP
network address of any interface.
578 CHAPTER 6: ROUTING PROTOCOL
Description
Using the network command, you can enable Routing Information Protocol (RIP)
on the interface. Using the undo network command, you can cancel the RIP on
the interface.
By default, RIP is disabled on any interface.
After enabling a RIP routing process, it is disabled on any interface by default. RIP
at a certain interface must be enabled with the network command.
The undo network command is similar to the interface undo rip work command
in terms of function. But they are not identical. Their similarity is that the interface
using either command will not receive/transmit RIP routes. The difference between
them is that, in the case of undo rip work , other interfaces will still forward the
routes of the interface using the undo rip work command. In the case of undo
network, it is like to perform undo rip work command on the interface, and the
routes of corresponding interfaces cannot be transmitted by RIP. Therefore, the
packets transmitted to this interface cannot be forwarded.
When the network command is used on an address, the effect is that the interface
on the network segment at this address is enabled. For example, the results of
viewing the network 129.102.1.1 with both the display current-configuration
command and the display rip command are shown as the network 129.102.0.0.
For the related command, see rip work.
Example
Enable the RIP on the interface with the network address as 129.102.0.0.
[3Com-rip] network 129.102.0.0
peer Syntax
peer ip-address
undo peer ip-address
View
RIP view
Parameter
ip-address: IP address of the peer router with which information will be exchanged
in unicast mode, represented in the format of dotted decimal.
Description
Using the peer command, you can configure the destination address of the peer
to which information is sent in unicast mode. Using the undo peer command,
you can cancel the set destination address.
By default, do not send RIP packet to any destination.
This command specifies the sending destination address to fit some non-broadcast
networks. Usually, it is not recommended to use this command.
Example
Specify the sending destination address 202.38.165.1.
[3Com-rip] peer 202.38.165.1
RIP Configuration Commands 579
preference Syntax
preference value
undo preference
View
RIP view
Parameter
value: Preference level, ranging from 1 to 255. By default, the value is 100.
Description
Using the preference command, you can configure the route preference of RIP.
Using the undo preference command, you can restore the default preference.
Every routing protocol has its own preference. Its default value is determined by
the specific routing policy. The preference will finally determine the routing
algorithm to obtain the optimal route in the IP routing table. This command can
be used to modify the RIP preference manually.
Example
Specify the RIP preference as 20.
[3Com-rip] preference 20
reset Syntax
reset
View
RIP view
Parameter
None
Description
Using the reset command, you can reset the system parameters of RIP.
When you need to re-configure parameters of RIP, this command can be used to
restore the default setting.
Example
Reset the RIP system.
[3Com-rip] reset
rip Syntax
rip
undo rip
View
system view
580 CHAPTER 6: ROUTING PROTOCOL
Parameter
None
Description
Using the rip command, you can enable the RIP and enter the RIP view. Using the
undo rip command, you can cancel RIP.
By default, the system does not run RIP.
To enter the RIP view to configure various RIP global parameters, RIP should be
enabled first. Whereas the configuration of parameters related to the interfaces is
not restricted by enabling/disabling RIP.
Example
Enable the RIP and enter the RIP view.
[3Com] rip
[3Com-rip]
View
Interface view
Parameter
key-string: MD5 cipher text authentication key, in character string format with 1 to
16 characters in simple text mode or 24 characters in cipher text mode.
Description
Using the rip authentication-mode command, you can configure RIP-2
authentication mode and corresponding parameters. Using the undo rip
authentication-mode command, you can cancel the RIP-2 authentication.
RIP-1 does not support authentication. There are two RIP authentication modes:
simple text authentication and MD5 cipher text authentication. When MD5 cipher
text authentication mode is used, there are two types of packet formats. One of
them is described in RFC 1723, which was discussed earlier. The other format is
the one described specially in RFC 2082. The router supports both of the packet
formats and the user can select either of them.
RIP Configuration Commands 581
Example
Specify Interface serial1/0/0 to use the simple text authentication with the key as
aaa.
[3Com] interface serial1/0/0
[3Com-Serial1/0/0] rip version 2
[3Com-Serial1/0/0] rip authentication-mode simple aaa
View
Interface view
Parameter
usual: Specifies the MD5 cipher text authentication packet to use the general
packet format (RFC1723 standard format).
Description
Using the rip authentication-mode md5 type command, you can configure
md5 type of RIP-2 authentication
By default, use nonstandard type.
RIP-2 packets can be in the following two formats when MD5 authentication is
adopted: The earlier raised format is described in RFC1723, which is adopted by
Gated. Another format fits into RFC2082 standard, which is adopted by part of
the routers in the industry.
For the related commands, see rip authentication-mode and rip version.
Example
Set MD5 authentication at Serial0, and the packet type is "nonstandard".
[3Com] interface serial1/0/0
[3Com-Serial1/0/0] rip version 2
[3Com-Serial1/0/0] rip authentication-mode md5 type nonstandard
View
Interface view
Parameter
None
582 CHAPTER 6: ROUTING PROTOCOL
Description
Using the rip input command, you can allow an interface to receive RIP packets.
Using the undo rip input command, you can cancel an interface from receiving
RIP packets.
By default, RIP packets at all interfaces (except loopback interface) can be
received..
This command is used in cooperation with the other two commands: rip output
and rip work. Functionally, rip work is equivalent to rip input & rip output. The
latter two control the receipt and the transmission of RIP packets respectively on
an interface. The former command equals the functional combination of the latter
two commands.
For the related command, see rip output and rip work.
Example
Specify the interface serial1/0/0 not to receive RIP packets.
[3Com-serial1/0/0] undo rip input
View
Interface view
Parameter
value: Additional route metric added when receiving a packet, ranging from 0 to
16. By default, the value is 1.
Description
Using the rip metricin command, you can configure the additional route metric
added to the route when an interface receives RIP packets. Using the undo rip
metricin command, you can restore the default value of this additional route
metric.
This command is valid for the routes distributed by the local network and other
routes imported by other routes. This command is invalid for the routes imported
by the local router.
For the related command, see rip metricout.
Example
Specify the additional route metric to 2 when the interface serial1/0/0 receives RIP
packets.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip metricin 2
View
Interface view
Parameter
value: Additional route metric added when transmitting a packet, ranging from 1
to 16. By default, the value is 1.
Description
Using the rip metricout command, you can configure the additional route metric
to the route when an interface transmits RIP packets. Using the undo rip
metricout command, you can restore the default value of this additional route
metric.
This command is valid for the routes distributed by the local network and other
routes imported by other routes. This command is invalid for the routes imported
by the local router.
For the related command, see rip metricin.
Example
Set the additional route metric to 2 when the interface serial1/0/0 transmits RIP
packets.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip metricout 2
View
Interface view
Parameter
None
Description
Using the rip output command, you can configure an interface to transmit RIP
packets. Using the undo rip output command, you can cancel an interface to
transmit RIP packets.
By default, RIP packets at all interfaces (except loopback interface) can be
transmitted.
This command is used in cooperation with the other two commands: rip input and
rip work. Functionally, rip work is equivalent to rip input & rip output. The latter
two control the receipt and the transmission of RIP packets respectively on an
interface. The former command equals the functional combination of the latter
two commands.
For the related command, see rip input and rip work.
Example
Disable the interface serial1/0/0 to transmit RIP packets.
584 CHAPTER 6: ROUTING PROTOCOL
View
Interface view
Parameter
None
Description
Using the rip split-horizon command, you can configure an interface to use split
horizon when transmitting RIP packets. Using the undo rip split-horizon
command, you can configure an interface not to use split horizon when
transmitting RIP packets.
By default, an interface is enabled to use split horizon when transmitting RIP
packets.
Normally, split horizon is necessary for reducing route loop. Only in some special
cases, split horizon should be disabled to ensure the correct execution of
protocols.
Example
Specify the interface serial1/0/0 not to use split horizon when processing RIP
packets.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] undo rip split-horizon
View
Interface view
Parameter
Description
Using the rip version command, you can configure the version of RIP packets on
an interface. Using the undo rip version command, you can restore the default
value of RIP packet version on the interface.
By default, the interface RIP version is RIP-1.
RIP-2 has 2 transmission modes: broadcast and multicast. Multicast is the default
mode. The multicast address in RIP-2 is 224.0.0.9. One of the advantages of
multicast mode is that the hosts that do not run RIP in this network will not receive
the broadcast packets. Additionally, hosts running RIP-1 will be prevented from
receiving and processing the RIP-2 routes with subnet masks.
When the interface specifies the use of RIP-1, only RIP-1 and RIP-2 broadcast
packets will be received. In this case, RIP-2 multicast packets will be rejected.
When the interface is specified to use RIP-2 multicast, only RIP-2 multicast packets
and RIP-2 broadcast packets will be received. In this case, RIP-1 packets will be
rejected.
Example
Configure the interface serial1/0/0 as RIP-2 broadcast mode.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip version 2 broadcast
View
Interface view
Parameter
None
Description
Using the rip work command, you can enable RIP on an interface. Using the
undo rip work command, you can disable RIP on an interface.
By default, RIP is enabled on an interface.
This command is used in cooperation with rip input, rip output and network
commands.
For the related commands, see network, rip input, and rip output.
Example
Disable the interface serial1/0/0 to run the RIP.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] undo rip work
summary Syntax
summary
undo summary
586 CHAPTER 6: ROUTING PROTOCOL
View
RIP view
Parameter
None
Description
Using the summary command, you can enable RIP-2 automatic route
summarization. Using the undo summary command, you can disable RIP-2
automatic route summarization.
By default, RIP-2 route summarization is enabled.
Route aggregation can be performed to reduce the routing traffic on the network
as well as to reduce the size of the routing table. If RIP-2 is used, route
summarization function can be disabled with the undo summary command, when
it is necessary to broadcast the subnet route.
RIP-1 does not support subnet mask. Forwarding subnet route may cause
ambiguity. Therefore, RIP-1 uses route summarization all the time. The undo
summary command is invalid for RIP-1.
For the related command, see rip version.
Example
Set RIP version on the interface serial1/0/0 as RIP-2 and disable the route
summarization function.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip version 2
[3Com-serial1/0/0] quit
[3Com] rip
[3Com-rip] undo summary
timers Syntax
timers { update update-timer-length | timeout timeout-timer-length } *
undo timers { update | timeout } *
View
RIP view
Parameters
Description
Using the timers command, you can modify value for the three timers, Period
update, Timeout and Garbage-collection, of RIP. Using the undo timers
command, you can restore the default setting.
OSPF Configuration Commands 587
The default values of timer Period update, Timeout and Garbage-collection are
respectively 30s, 180s and 120s.
Usually, the timing length of timer Garbage-collection is 3 times that of timer
Period update. However, in practice, an unreachable route will not be completely
deleted until the fourth update packet sent from the same neighbor is received. So
the actual timing length of timer Garbage-collection is as 3 to 4 times as that of
timer Period update. Additionally, the modification on timer Period update will
affect timer Garbage-collection.
The modified value of RIP timers will take effect immediately.
For the related command, see display rip.
Example
Set timer Period update to 10 seconds and timer Timeout to 30 seconds.
[3Com] rip
[3Com-rip] timers update 10 timeout 30
OSPF Configuration
Commands
abr-summary Syntax
abr-summary ip-address mask [ advertise | not-advertise ]
undo abr-summary ip-address mask
View
OSPF area view
Parameter
Description
Using the abr-summary command, you can configure the route aggregation on
the area border router (ABR). Using the undo abr-summary command, you can
cancel the function of route aggregation on the area border router.
By default, the area border router doesn’t aggregate routes.
This command is applicable only to the ABR and is used for the route aggregation
in an area. The ABR only transmits an aggregated route to other areas. Route
aggregation refers to that the routing information is processed in the ABR and for
each network segment configured with route aggregation, there is only one route
transmitted to other areas. An area can configure multiple aggregation network
segments. Thus OSPF can aggregate various network segments together.
588 CHAPTER 6: ROUTING PROTOCOL
Example
Aggregate the routes in the two network segments, 36.42.10.0 and 36.42.110.0,
of OSPF area 1 into one route 36.42.0.0 and transmit it to other areas.
[3Com-ospf-1] area 1
[3Com-ospf-1-area-0.0.0.1] network 36.42.10.0 0.0.0.255
[3Com-ospf-1-area-0.0.0.1] network 36.42.110.0 0.0.0.255
[3Com-ospf-1-area-0.0.0.1] abr-summary 36.42.0.0 255.255.0.0
area Syntax
area area-id
undo area area-id
View
OSPF view, OSPF area view
Parameter
area-id: ID of the OSPF area, which can be a decimal integer (ranging from 0 to
4294967295) or in IP address format.
Description
Using the area command, you can enter OSPF area view. Using the undo area
command, you can cancel the designated area.
Example
Enter area 0 view.
[3Com-ospf-1] area 0
[3Com-ospf-1-area-0.0.0.0]
asbr-summary Syntax
asbr-summary ip-address mask [ not-advertise | tag value ]
undo asbr-summary ip-address mask [ not-advertise | tag value ]
View
OSPF view
Parameter
not-advertise: Not advertises routes matching the specified IP address and mask.
Aggregated route will be advertised without this parameter.
Description
Using the asbr-summary command, you can configure summarization of
imported routes by OSPF. Using the undo asbr-summary command, you can
cancel the summarization.
By default, summarization of imported routes is disabled.
After the summarization of imported routes is configured, if the local router is an
autonomous system border router (ASBR), this command summarizes the
imported Type-5 LSAs in the summary address range. When NSSA is configured,
this command will also summarize the imported Type-7 LSAs in the summary
address range.
If the local router acts as both an ABR and a switch router in the NSSA, this
command summarizes Type-5 LSAs transformed from Type-7 LSAs. If the router is
not the router in the NSSA, the summarization is disabled.
For the related command, see display ospf asbr-summary.
Example
Set summarization of 3Com imported routes.
[3Com-ospf-1] asbr-summary 10.2.0.0 255.255.0.0 not-advertise
authentication-mode Syntax
authentication-mode [ simple | md5 ]
undo authentication-mode
View
OSPF area view
Parameter
Description
Using the authentication-mode command, you can configure one area of OSPF
to support the authentication attribute. Using the undo authentication-mode
command, you can cancel the authentication attribute of this area.
By default, an area does not support authentication attribute.
All the routers in one area must use the same authentication mode (no
authentication, supporting simple text authentication or MD5 cipher text
authentication). If the mode of supporting authentication is configured, all routers
on the same segment must use the same authentication key. To configure a simple
text authentication key, use the ospf authentication-mode simple command.
And, use the ospf authentication-mode md5 command to configure the MD5
cipher text authentication key if the area is configured to support MD5 cipher text
authentication mode.
For the related command, see ospf authentication-mode.
590 CHAPTER 6: ROUTING PROTOCOL
Example
Enter area 0 view.
[3Com-ospf-1] area 0
Specify the OSPF area 0 to support MD5 cipher text authentication.
[3Com-ospf-1-area-0.0.0.0] authentication-mode md5
View
User view
Parameter
process-id: OSPF process number. If no process number is specified, all the process
debugging is enabled or disabled.
packet: Enables OSPF packet information debugging. There are five sorts of
packets in OSPF as follows:
spf: Enables the debugging of the calculation of the OSPF shortest-path tree.
Description
Using the debugging ospf command, you can enable OSPF debugging. Using
the undo debugging ospf command, you can disable the function.
In OSPF multi-process, using debugging command, you can enable the
debugging of all the process simultaneously or one of the processes only.
If no process number is specified in the debugging command, the command is
valid to all the processes. And it keeps the state during the router running period
no matter OSPF process exits or not. In this way, the execution of this command
will enable/disable each enabled OSPF debugging. At the same time, the
debugging specified by this command will be enabled automatically when new
OSPF is enabled.
OSPF Configuration Commands 591
Example
Enable the information debugging of OSPF packets.
<3Com> debugging ospf packet
View
OSPF view
Parameter
value: Default routing cost of external route imported by OSPF, ranging from 0 to
16777214. By default, its value is 1.
Description
Using the default cost command, you can configure the default cost for OSPF to
import external routes. Using the undo default cost command, you can restore
the default value of the default routing cost configured for OSPF to import
external routes.
Since OSPF can import external routing information and propagate it to the entire
autonomous system, it is necessary to specify the default routing cost for the
protocol to import external routes.
If multiple OSPFs are enabled, the command is valid to this process only.
Example
Specify the default routing cost for OSPF to import external routes as 10.
[3Com-ospf-1] default cost 10
View
OSPF view
Parameter
seconds: Default interval for importing external routes. Its unit is second and the
value ranges from 1 to 2147483647. By default, the interval for OSPF to import
external routes is 1 second.
592 CHAPTER 6: ROUTING PROTOCOL
Description
Using the default interval command, you can configure the default interval for
OSPF to import external routes. Using the undo default interval command, you
can restore the default value of the default interval of importing external routes.
Because OSPF can import the external routing information and broadcast it to the
entire autonomous system, it is necessary to specify the default interval for the
protocol to import external routes.
Example
Specify the default interval for OSPF to import external routes as 10 seconds.
[3Com-ospf-1] default interval 10
View
OSPF view
Parameter
routes: Default value to the imported external routes in a unit time, ranging from
200 to 2147483647. By default, the value is 1000.
Description
Using the default limit command, you can configure default value of maximum
number of imported routes. Using the undo default limit command, you can
restore the default value.
OSPF can import external route information and broadcast them to the whole
autonomous system, so it is necessary to regulate the default value of external
route information imported in one process.
For the related command, see default interval.
Example
Specify the default value of OSPF importing external routes as 200.
[3Com-ospf-1] default limit 200
View
OSPF view
Parameter
Description
Using the default tag command, you can configure the default tag of OSPF when
it redistributes an external route. Using the undo default tag command, you can
restore the default tag of OSPF when it redistributes the external route.
When OSPF redistributes a route found by other routing protocols in the router
and uses it as the external routing information of its own autonomous system,
some additional parameters are required, including the default cost and the
default tag of the route.
For the related command, see default type.
Example
Set the default tag of OSPF imported external route of the autonomous system as
10.
[3Com-ospf-1] default tag 10
View
OSPF view
Parameter
Description
Using the default type command, you can configure the default type when OSPF
redistributes external routes. Using the undo default type command, you can
restore the default type when OSPF redistributes external routes.
By default, the external routes of type 2 are imported.
OSPF specifies the two types of external routing information. The command
described in this section can be used to specify the default type when external
routes are imported.
For the related command, see default tag.
Example
Specify the default type as type 1 when OSPF imports an external route.
[3Com-ospf-1] default type 1
default-cost Syntax
default-cost value
undo default-cost
View
OSPF area view
594 CHAPTER 6: ROUTING PROTOCOL
Parameter
value: Specifies the cost value of the default route transmitted by OSPF to the
STUB or NSSA area, ranging from 0 to 16777214. The default value is 1.
Description
Using the default-cost command, you can configure the cost of the default route
transmitted by OSPF to the STUB or NSSA area. Using the undo default-cost
command, you can restore the cost of the default route transmitted by OSPF to
the STUB or NSSA area to the default value.
This command is applicable for the border routers connected to STUB or NSSA
area.
The stub and default-cost commands are necessary in configuring STUB area. All
the routers connected to STUB area must use stub command to configure the
stub attribute to this area. Using the default-cost command, you can specify the
cost of the default route transmitted by ABR to STUB or NSSA area.
This command is only valid for this process if multiple OSPF processes are enabled.
For the related commands, see stub and nssa.
Example
Set the area 1 as the STUB area and the cost of the default route transmitted to
this STUB area to 60.
[3Com-ospf-1] area 1
[3Com-ospf-1-area-0.0.0.1] network 20.0.0.0 0.255.255.255
[3Com-ospf-1-area-0.0.0.1] stub
[3Com-ospf-1-area-0.0.0.1] default-cost 60
default-route-advertise Syntax
default-route-advertise [ always ] [ cost cost-value ] [ type type-value ] [ route-policy
route-policy-name ]
undo default-route-advertise [ always ] [ cost ] [ type ] [ route-policy ]
View
OSPF view
Parameter
always: Only available for the ASBR. If the parameter is selected, a default route
which is advertised via LSAs will be generated no matter whether there is a default
route in the routing table. For the ASBR in an general area, the default route is
advertised via Type-5 LSA, while in NSSA, the default route is advertised via Type-7
LSA.
cost-value: Cost value of this LSA. The cost-value ranges from 0 to 16777214. The
default value is 1.
type-value: Cost type of this LSA. It ranges from 1 to 2. The default value is 2.
Description
Using the default-route-advertise command, you can make the system
generate a default route to OSPF area. Using the undo default-route-advertise
command, you can cancel generation of a default route.
By default, OSPF does not generate default route.
Using the default-route-advertise command at ABR, you can generate a default
route which is advertised via the Type-5 LSA or Type-7 LSA no matter whether
there is a default route in the routing table.
An OSPF router after the default-route-advertise command is executed will
become an ASBR, as is similar to executing the import-route command on an OSPF
router. But you cannot import the default route into the OSPF area with the
import-route command.
In addition, the default-route-advertise command is not available for the Stub
area. For the ABR or ASBR in NSSA, the default-route-advertise command is
equivalent to the nssa default-route-advertise command in terms of effect.
This command is valid for the current process only if multiple OSPF processes are
enabled.
For the related commands, see import-route and nssa.
Example
If local route has default route, the LSA of default route will be generated,
otherwise it won’t be generated.
[3Com-ospf-1] default-route-advertise
The LSA of default route will be generated and advertised to OSPF route area
even the local router has no default route.
View
Any view
Description
Using the display debugging ospf command, you can view the global OSPF
debugging state and each process debugging state.
For the related command, see debugging ospf.
Example
View the global OSPF debugging state and each process debugging state.
<3Com> display debugging ospf
OSPF global debugging state:
OSPF SPF debugging is on
OSPF LSA debugging is on
OSPF process 100 debugging state:
OSPF SPF debugging is on
OSPF process 200 debugging state:
596 CHAPTER 6: ROUTING PROTOCOL
View
Any view
Parameter
None
Description
Using the display ospf abr-asbr command, you can view the information about
the Area Border Router (ABR) and Autonomous System Border Router (ASBR) of
OSPF.
Example
Display the information of the OSPF ABR and ASBR.
<3Com> display ospf abr-asbr
Routing Table to ABR and ASBR
Destination Area Cost Type Nexthop Interface
Intra 1.2.3.9 0.0.0.0 1 ASBR 1.2.3.9 Ethernet2/0/0
View
Any view
Parameter
Description
Using the display ospf asbr-summary command, you can view the summary
information of OSPF imported routes.
If the parameters are not configured, the summary information of all imported
routes will be viewed.
For the related command, see asbr-summary.
Example
Display the summary information of all OSPF imported routes.
<3Com> display ospf asbr-summary
Total summary address count: 2
Summary Address
net : 168.10.0.0
mask : 255.254.0.0
OSPF Configuration Commands 597
tag :1
status : Advertise
The Count of Route is 0
Summary Address
net : 1.1.0.0
mask : 255.255.0.0
tag : 100
status : DoNotAdvertise
The Count of Route is 0
View
Any view
Parameter
Description
Using the display ospf brief command, you can view the summary of OSPF.
Example
Display the OSPF summary.
<3Com> display ospf brief
RouterID: 3.3.3.3 Border Router: Area
spf-schedule-interval: 5
Routing preference: Inter/Intra: 10 External: 150
Default ASE parameters: Metric: 1 Tag: 0.0.0.1 Type: 2
SPF computation count: 13
Area Count: 2 Nssa Area Count: 0
Area 0.0.0.0:
Authtype: none Flags: <>
SPF scheduled: <>
Interface: 20.0.0.2 (Ethernet1/0/0)
Cost: 1 State: BackupDR Type: Broadcast
Priority: 1
Designated Router: 20.0.0.1
Backup Designated Router: 20.0.0.2
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
Interface: 30.0.0.1 (Ethernet2/0/0)
Cost: 1 State: DR Type: Broadcast
Priority: 1
Designated Router: 30.0.0.1
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
Area 0.0.0.1:
Authtype: none Flags: <Transit>
SPF scheduled: <>
Interface: 40.0.0.1 (LoopBack0) --> 40.0.0.1
Cost: 1562 State: P To P Type: PointToPoint
Priority: 1
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
598 CHAPTER 6: ROUTING PROTOCOL
RouterID: 1.2.3.4
Spf-schedule-interval: 5
Routing preference: Inter/Intra: 10 External: 150
Default ASE parameters: Metric: 1 Tag: 0.0.0.1 Type: 2
SPF computation count: 0
Area Count: 0 Nssa Area Count: 0
View
Any view
Parameter
None
Description
Using the display ospf cumulative command, you can view the OSPF cumulative
information.
Example
Display the OSPF cumulative information.
<3Com> display ospf cumulative
IO Statistics
Type InputOutput
Hello 225 437
DB Description78 86
Link-State Req18 18
Link-State Update 4853
Link-State Ack25 21
ASE: 1 Checksum Sum: FCAF
LSAs originated by this router
Router: 50SumNet: 40SumASB: 2
LSAs Originated: 92 LSAs Received: 33
Area 0.0.00.0:
Neighbors: 1 Interfaces: 1
Spf: 54 Checksum Sum F020
rtr: 2 net: 0 sumasb: 0 sumnet: 1
Area 0.0.0.1:
Neighbors: 0 Interfaces: 1
Spf: 19 Checksum Sum 14EAD
rtr: 1 net: 0sumasb: 1sumnet: 1
Routing Table:
Intra Area: 2 Inter Area: 0ASE: 1
View
Any view
Parameter
None
Description
Using the display ospf error command, you can view the statistics of error
information which OSPF received.
Example
Display the statistics of error information which OSPF received .
<3Com> display ospf error
OSPF packet error statistics:
0: IP: received my own packet0: OSPF: bad packet type
0: OSPF: bad version0: OSPF: bad checksum
0: OSPF: bad area id0: OSPF: area mismatch
0: OSPF: bad virtual link0: OSPF: bad authentication type
0: OSPF: bad authentication key 0: OSPF: packet too small
0: OSPF: packet size > ip length 0: OSPF: transmit error
0: OSPF: interface down0: OSPF: unknown neighbor
0: HELLO: netmask mismatch0: HELLO: hello timer mismatch
0: HELLO: dead timer mismatch0: HELLO: extern option mismatch
0: HELLO: router id confusion0: HELLO: virtual neighbor unknown
0: HELLO: NBMA neighbor unknown 0: DD: neighbor state low
0: DD: router id confusion0: DD: extern option mismatch
0: DD: unknown LSA type 0: LS ACK: neighbor state low
0: LS ACK: bad ack0: LS ACK: duplicate ack
0: LS ACK: unknown LSA type 0: LS REQ: neighbor state low
0: LS REQ: empty request0: LS REQ: bad request
0: LS UPD: neighbor state low0: LS UPD: newer self-generate LSA
0: LS UPD: LSA checksum bad0: LS UPD:received less recent LSA
0: LS UPD: unknown LSA type 0: OSPF routing: next hop not exist
0: DD: MTU option mismatch
View
Any view
Parameter
Description
Using the display ospf interface command, you can view the OSPF interface
information.
Example
Display the OSPF ethernet2/0/0 interface information.
600 CHAPTER 6: ROUTING PROTOCOL
View
Any view
Parameter
Description
Using the display ospf lsdb command, you can view the database information
about OSPF connecting state.
Example
Display the database information about OSPF connecting state.
<3Com> display ospf lsdb
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric Where
Rtr 1.1.1.1 1.1.1.1 563 36 80000008 0 SpfTree
Net 1.1.1.2 123.1.1.1 595 32 80000001 0 SpfTree
AS External Database:
Type LinkState ID AdvRouter Age Len Sequence Metric Where
ASE 1.1.0.0 1.1.1.1 561 36 80000001 1 Uninitialized
ASE 123.1.1.1 1.1.1.1 561 36 80000001 1 Uninitialized
View
Any view
Parameter
None
604 CHAPTER 6: ROUTING PROTOCOL
Description
Using the display ospf nexthop command, you can view the information about
the next-hop
Example
Display the OSPF next-hop information.
<3Com> display ospf nexthop
Address Type Refcount Intf Addr Intf Name
---------------------------------------------------------------------
202.38.160.1Direct 3202.38.160.1 Interface serial2/0/0
202.38.160.2Neighbor 1202.38.160.1 Interface serial2/0/0
View
Any view
Parameter
brief: Brief information of neighbors in areas.
Description
Using the display ospf peer command, you can view the information about the
neighbors in OSPF areas.
Using the display ospf peer brief command, you can view the brief information
of neighbors in OSPF, mainly the neighbor number at all states in every area.
The display format of OSPF neighbor valid time is different according to the length
of time. Description is as follows:
■ XXYXXMXXD: More than a year, namely year: month: day
■ XXXdXXhXXm: More than a day but less than a year, that is, day: hour:
minute
■ XX: XX: XX: Less than a day, namely hour: minute: second
Example
View the information of OSPF peer.
<3Com> display ospf peer
Area 0.0.0.0 interface 1.1.1.1(Serial2/0/0)'s neighbor(s)
RouterID: 1.1.1.3 Address: 1.1.1.3
State: Full Mode: Nbr is Master Priority: 1
DR: 1.1.1.3 BDR: 1.1.1.1
Dead timer expires in 31s
Neighbor is comes for 00:08:24
0.0.0.1 0 0 0 0 0 0 0 1 1
Total 0 0 0 0 0 0 0 2 2
View
Any view
Parameter
None
Description
Using the display ospf request-queue command, you can view the information
about the OSPF request-queue.
Example
View the information about the OSPF request-queue.
<3Com> display ospf request-queue
The Router's Neighbors is
RouterID: 103.160.1.1 Address: 103.169.2.5
Interface: 103.169.2.2 Area: 0.0.0.1
LSID:129.11.25.0 AdvRouter:103.160.1.1 Sequence:80000001 Age:201
LSID:129.11.25.0 AdvRouter:103.160.1.1 Sequence:80000001 Age:201
LSID:129.11.25.0 AdvRouter:103.160.1.1 Sequence:80000001 Age:201
View
Any view
Parameter
None
Description
Using the display ospf retrans-queue command, you can view the information
about the OSPF retransmission queue.
Example
View the information about the OSPF retransmission queue.
<3Com> display ospf retrans-queue
OSPF Process 200 with Router ID 103.160.1.1
Retransmit List
The Router's Neighbors is
RouterID: 162.162.162.162 Address: 103.169.2.2
Interface: 103.169.2.5 Area: 0.0.0.1
Retrans list:
Type: ASE LSID:129.11.77.0 AdvRouter:103.160.1.1
Type: ASE LSID:129.11.108.0 AdvRouter:103.160.1.1
606 CHAPTER 6: ROUTING PROTOCOL
View
Any view
Parameter
None
Description
Using the display ospf routing command, you can view the information about
OSPF routing table.
Example
View the routing table information related to OSPF.
<3Com> display ospf routing
Routing for Network
Destination Cost Type NextHop AdvRouter Area
10.110.0.0/16 1 Net 10.110.0.1 10.110.0.1 0
30.110.0.0/16 1 Stub 30.110.0.1 3.3.3.3 0
Total Nets: 2
Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0
View
Any view
Parameter
None
Description
Using the display ospf vlink command, you can view the information about
OSPF virtual links.
Example
View OSPF virtual links information.
<3Com> display ospf vlink
Virtual-link Neighbor-id -> 1.1.1.1, State: Down
Cost: 0 State: Down Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
View
OSPF view
OSPF Configuration Commands 607
Parameter
Description
Using the filter-policy export command, you can configure rules for OSPF
filtering to advertised routing information. Using the undo filter-policy export
command, you can cancel the filtering rules that have been set.
By default, no filtering of the distributed routing information is performed.
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. Then, the filter-policy command can be used to
configure the filtering conditions for the routing information to be advertised.
Only the routing information passing the filtration can be advertised.
For the related commands, see acl and ip ip-prefix
Example
Configure OSPF that only advertises the routing information permitted by acl 1.
[3Com] acl number 1
[3Com-acl-basic-1] rule permit source 11.0.0.0 0.255.255.255
[3Com-acl-basic-1] rule deny source any
[3Com-ospf] filter-policy 1 export
View
OSPF view
Parameter
acl-number: Access control list number used for filtering the destination addresses
of the routing information.
ip-prefix-name: Name of address prefix list used for filtering the destination
addresses of the routing information.
gateway ip-prefix-name: Name of address prefix list used for filtering the
addresses of the neighboring routers advertising the routing information.
Description
Using the filter-policy import command, you can configure the OSPF rules of
filtering the routing information received. Using the undo filter-policy import
command, you can cancel the filtering of the routing information received.
By default, no filtering of the received routing information is performed.
608 CHAPTER 6: ROUTING PROTOCOL
In some cases, it may be required that only the routing information meeting some
conditions can be received. Then, the filter-policy command can be used to set
the filtering conditions for the routing information to be advertised. Only the
routing information passed the filtration can be received.
Using the filter-policy import command, you can filter the routes calculated by
OSPF. Only the filtered routes can be added to the routing table. The filtering can
be performed according to the next hop and destination of the route.
Since OSPF is a dynamic routing protocol based on link state, its routing
information hides in the link state, this command cannot filter the
advertised/received routing information in link state. There is more limitation when
using this command in OSPF than using it in distance vector routing protocol.
This command is valid for this process only if multiple OSPF processes are enabled.
Example
Filter the received routing information according to the rule defined by the access
control list 2.
[3Com] acl number 2
[3Com-acl-basic-2] rule permit source 20.0.0.0 0.255.255.255
[3Com-acl-basic-2] rule deny source any
[3Com-ospf-1] filter-policy 2 import
import-route Syntax
import-route protocol [ cost value ] [ type value ] [ tag value ] [ route-policy
route-policy-name ]
undo import-route protocol
View
OSPF view
Parameter
protocol: Specifies the source routing protocol that can be imported. At present,
it includes direct, rip, bgp, isis, static, ospf, ospf-ase, and ospf-nssa.
ospf process-id: Imports only the internal routes found by OSPF process-id as
external routing information. If no process number is specified, the OSPF default
process number 1 is used.
ospf-ase process-id: Imports only the ASE external routes found by OSPF
process-id as external routing information. If no process number is specified, the
OSPF default process number 1 is used.
ospf-nssa process-id: Imports only the NSSA external routes found by OSPF
process-id as external routing information. If no process number is specified, the
OSPF default process number 1 is used.
Description
Using the import-route command, you can import the information of another
routing protocol. Using the undo import-route command, you can cancel the
imported external routing information.
By default, the routing information of other protocols is not imported.
Example
Specify an imported RIP route as the route of type 2, with the route tag as 33 and
the route cost as 50.
[3Com-ospf-1] import-route rip type 2 tag 33 cost 50
Specify OSPF process 100 to import the route found by OSPF 160.
[3Com-ospf-160] import-route ospf 160
network Syntax
network ip-address wildcard
undo network ip-address wildcard
View
OSPF area view
Parameter
wildcard: IP address wildcard mask, which is similar to the reversed form of the
mask of IP address. But when configure this parameter, you can type it as mask of
IP address, it could be translated as wildcard mask by VRP system.
Description
Using the network command, you can configure the interface running OSPF.
Using the undo network command, you can cancel the interface running OSPF.
By default, the interface does not belong to any area.
To run the OSPF protocol on one interface, the master IP address of this interface
must be in the range of the network segment specified by this command. If only
the slave IP address of the interface is in the range of the network segment
specified by this command, this interface will not run OSPF protocol.
After OSPF multi-instance is configured, different OSPF processes are bound with
different VPN instances. The network addresses between different processes can
be the same or inclusive. But for the same VPN instance, the network addresses
between different OSPF processes cannot be the same or inclusive. Otherwise, the
later configured command cannot be valid and the following will be displayed:
Network already set in OSPF process xx, that is, if network 10.1.0.0 0.0.255.255 is
enabled in process 100, network 10.1.0.0 0.0.255.255, network 10.1.1.0
0.0.0.255 or network 10.0.0.0 0.255.255.255 will fail to be enabled in other
OSPF processes.
CAUTION: OSPF configuration can only enable the interfaces that belong to the
same VPN instance.
610 CHAPTER 6: ROUTING PROTOCOL
Example
Specify the interfaces whose master IP addresses are in the segment range of
10.110.36.0 to run the OSPF protocol and specify the number of the OSPF area
(where these interfaces are located) as 6.
[3Com-ospf] area 6
[3Com-ospf-1-area-0.0.0.6] network 10.110.36.0.0 0.0.0.255
Enable OSPF process 100 on the router and specify the number of the area where
the interface is located as 2.
Enable OSPF process 200 on the router and specify the number of the area where
the interface is located as 1.
Enable OSPF process 300 on the router and specify the number of the area where
the interface is located as 2.
nssa Syntax
nssa [ default-route-advertise ] [ no-import-route ] [ no-summary ]
undo nssa
View
OSPF area view
Parameter
default-route-advertise: Only available for the NSSA ABR or ASBR. When using the
parameter at NSSA ABR, you can generate Type-7 LSAs for the default route no
matter whether there exists the default route 0.0.0.0 in the routing table. When
using the parameter at NSSA ASBR, you can generate Type-7 LSAs for the default
route only if there exists the default route 0.0.0.0 in the routing table.
OSPF Configuration Commands 611
no-summary: Only available for the NSSA ABR. When the parameter is selected,
the NSSA ABR advertises a default route via the Summary-LSAs (Type-3) in the
area, but no other Summary-LSAs to other areas.
Description
Using the nssa command, you can configure an area as NSSA area. Using the
undo nssa command, you can cancel the function.
By default, NSSA area is not configured.
For all the routers in the NSSA area, the command nssa must be used to configure
the area as NSSA .
Example
Configure area 1 as NSSA.
[3Com-ospf-1] area 1
[3Com-ospf-1-area-0.0.0.1] network 10.110.0.0 0.255.255.255
[3Com-ospf-1-area-0.0.0.1] nssa
opaque-capability Syntax
opaque-capability enable
undo opaque-capability
View
OSPF view
Parameter
None
Description
Using the opaque-capability enable command, you can enable the Opaque
capability of OSPF. Using the undo opaque-capability command, you can disable
the Opaque capability of OSPF.
If the application based on Opaque LSA is enabled, for example, the area TE
capability is enabled, the Opaque capability cannot be disabled.
Example
Enable Opaque capability.
[3Com-ospf-100] opaque-capability enable
ospf Syntax
ospf [ process-id ]
undo ospf [ process-id ]
612 CHAPTER 6: ROUTING PROTOCOL
View
System view
Parameter
Description
Using the ospf command, you can enable the OSPF protocol. Using the undo
ospf command, you can disable the OSPF protocol.
After enabling OSPF protocol, the user can make the corresponding configuration
in OSPF view.
By default, the system does not run the OSPF protocol.
VRP supports OSPF multi-process. Multiple OSPF processes can be enabled by
specifying different process numbers on a router.
It is suggested that user should specify router-id with parameter router-id when
enabling OSPF. Different router-ids should be specified for different processes if
multiple processes are enabled on the router.
For the related command, see network.
Example
Enable the running of the OSPF protocol.
[3Com] router id 10.110.1.8
[3Com] ospf
ospf Syntax
authentication-mode ospf authentication-mode { simple password | md5 key-id key }
undo ospf authentication-mode { simple | md5 }
View
Interface view
Parameter
simple password: Character string not exceeding 8 characters using simple text
authentication.
key-id: ID of the authentication key in MD5 cipher text authentication mode in the
range from 1 to 255.
key: MD5 authentication key. If it is input in a simple form, MD5 key is a character
string of 1 to 16 characters. And it will be displayed in a cipher text form in a
OSPF Configuration Commands 613
Description
Using the ospf authentication-mode command, you can configure the
authentication mode and key between adjacent routers. Using the undo ospf
authentication-mode command, you can cancel the authentication key that has
been set.
By default, the interface does not authenticate the OSPF packets.
The passwords for authentication keys of the routers on the same network
segment must be identical. In addition, using authentication-mode command, you
can set the authentication type of the area authentication key so as to validate the
configuration.
For the related command, see authentication-mode.
Example
Set the area 1 where the network segment 131.119.0.0 of Interface serial1/0/0 is
located to support MD5 cipher text authentication. The authentication key
identifier is set to 15 and the authentication key is 3Com.
[3Com-ospf-1] area 1
[3Com-ospf-1-area-0.0.0.1] network 131.119.0.0 0.0.255.255
[3Com-ospf-1-area-0.0.0.1] authentication-mode md5
[3Com-ospf-1-area-0.0.0.1] interface serial 1/0/0
[3Com-Serial1/0/0] ospf authentication-mode md5 15 3Com
View
Interface view
Parameter
Description
Using the ospf cost command, you can configure different packet sending costs
so as to send packets from different interfaces. Using the undo ospf cost
command, you can restore the default costs.
By default, the interface automatically calculates the costs required for running
OSPF protocol according to the current Baud rate.
Example
Specify the cost spent when an interface runs OSPF as 33.
[3Com] interface serial1/0/0
[3Com-Serial1/0/0] ospf cost 33
614 CHAPTER 6: ROUTING PROTOCOL
View
Interface view
Parameter
value: Interface priority for electing the "designated router", ranging from 0 to
255. By default, the value is 1.
Description
Using the ospf dr-priority command, you can configure the priority for electing
the "designated router" on an interface. Using the undo ospf dr-priority
command, you can restore the default value.
Interface priority determines the interface qualification when electing the
“designated router”. The interface with high priority is considered first when there
is collision in election.
Example
Set the priority of the interface Ethernet1/0/0 to 8, when electing the DR.
[3Com] interface Ethernet1/0/0
[3Com-Ethernet1/0/0] ospf dr-priority 8
View
System view
Parameter
Description
Using the ospf mib-binding command, MIB operation can be bound on the
specified OSPF process. Using the undo ospf mib-binding command, you can
restore the default configuration.
MIB operation is always bound on the first process enabled by OSPF protocol.
Using the this command, MIB operation can be bound on other OSPF processes.
Using the undo ospf mib-binding command, you can cancel the binding
configuration. MIB operation is rebound automatically by OSPF protocol on the
first enabled process.
By default, MIB operation is bound on the first enabled OSPF process.
Example
Bind MIB operation on OSPF process 100.
OSPF Configuration Commands 615
View
Interface view
Parameter
None
Description
Using the ospf mtu-enable command, you can enable the interface to write MTU
value when sending DD packets. Using the undo ospf mtu-enable command,
you can restore the default settings.
By default, the MTU value is 0 when sending DD packets, i.e. the actual MTU value
of the interface is not written.
Database Description Packets (DD packets) are used to describe its own LSDB
when the router running OSPF protocol is synchronizing the database.
The default MTU value of DD packet is 0. With this command, the specified
interface can be set manually to write the MTU value area in DD packets when
sending DD packets, i.e. the actual MTU value of the interface is written in.
Example
Set interface Ethernet1/0/0 to write MTU value area when sending DD packets.
[3Com] interface Ethernet1/0/0
[3Com-Ethernet1/0/0] ospf mtu-enable
View
Interface view
Parameter
Description
Using the ospf network-type command, you can configure the network type of
OSPF interface. Using the undo ospf network-type command, you can restore
the default network type of the OSPF interface.
OSPF divides networks into four types by link layer protocol:
■ Broadcast: If Ethernet is adopted, OSFP defaults the network type to
broadcast.
■ Non-Broadcast Multi-access (nbma): If Frame Relay, ATM, HDLC or X.25 is
adopted, OSPF defaults the network type to NBMA.
■ Point-to-Multipoint (p2mp): OSPF will not default the network type of any
link layer protocol to p2mp. The general undertaking is to change a partially
connected NBMA network to p2mp network if the NBMA network is not
fully-meshed.
■ Point-to-point (p2p): If PPP or LAPB is adopted, OSPF defaults the network
type to p2p.
If there is a router not supporting multicast address on the broadcast network, the
interface network type can be changed to NBMA. The interface network type can
also be changed from NBMA to broadcast.
If there are only two routers running OSPF protocol on the same network
segment, the interface network type can be changed to point-to-point.
Example
Set the interface serial1/0/0 to NBMA type.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf network-type nbma
View
Interface view
OSPF Configuration Commands 617
Parameter
seconds: Dead interval of the OSPF neighbor. It is in second and ranges from 1 to
65535.
Description
Using the ospf timer dead command, you can configure the dead interval of the
OSPF neighbor. Using the undo ospf timer dead command, you can restore the
default value of the dead interval of the neighbor.
By default, the dead interval for the OSPF neighbors of p2p and broadcast
interfaces is 40 seconds, and for those of p2mp and nbma interfaces is 120
seconds.
The dead interval of OSPF neighbors means that within this interval, if no Hello
message is received from the neighbor, the neighbor will be considered to be
invalid. The value of dead seconds should be at least 4 times of that of the Hello
seconds. The dead seconds for the routers on the same network segment must be
identical.
For the related command, see ospf timer hello.
Example
Set the neighbor dead interval on the interface serial1/0/0 to 80 seconds.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf timer dead 80
View
Interface view
Parameter
Description
Using the ospf timer hello command, you can configure the interval for
transmitting Hello messages on an interface. Using the undo ospf timer hello
command, you can restore the default value.
By default, the interval is 10 seconds for an interface of p2p or broadcast type to
transmit Hello messages, and 30 seconds for an interface of nbma or p2mp type.
For the related command, see ospf timer dead.
Example
Configure the interval of transmitting Hello packets on the interface serial1/0/0 to
20 seconds.
[3Com] interface serial1/0/0
618 CHAPTER 6: ROUTING PROTOCOL
View
Interface view
Parameter
seconds: Specifies the poll Hello messages interval, ranging from 1 to 65535 and
measured in seconds. By default, the value is 120 seconds.
Description
Using the ospf timer poll command, you can configure the poll Hello message
interval on nbma and p2mp network. Using the undo ospf timer poll command,
you can restore the default value.
On the nbma and p2mp network, if a neighbor is invalid, the Hello message will
be transmitted regularly according to the poll seconds. You can configure the poll
seconds to specify how often the interface transmits Hello message before it
establishes adjacency with the adjacent router. The value of poll seconds should be
no less than 3 times of that of Hello seconds.
Example
Configure to transmit poll Hello message from interface serial2/0/0 every 130
seconds.
[3Com-serial2/0/0] ospf timer poll 130
View
Interface view
Parameter
Description
Using the ospf timer retransmit command, you can configure the interval for
LSA re-transmitting on an interface. Using the undo ospf timer retransmit
command, you can restore the default interval value for LSA re-transmitting on the
interface.
If a router running OSPF transmits a "link state advertisement"(LSA) to the peer, it
needs to wait for the acknowledgement packet from the peer. If no
acknowledgement is received from the peer within the LSA retransmission, this
LSA will be re-transmitted. According to RFC2328, the LSA retransmission
OSPF Configuration Commands 619
between adjacent routers should not be set too short. Otherwise, unexpected
retransmission will be caused.
Example
Specify the retransmission for LSA transmitting between the interface serial1/0/0
and the adjacent routers to 12 seconds.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf timer retransmit 12
View
Interface view
Parameter
Description
Using the ospf trans-delay command, you can configure the LSA transmitting
delay on an interface. Using the undo ospf trans-delay command, you can
restore the default value of the LSA transmitting delay on an interface.
LSA will age in the "link state database" (LSDB) of the router as time goes by (add
1 for every second), but it will not age during network transmission. Therefore, it is
necessary to add a period of time set by this command to the aging time of LSA
before transmitting it.
Example
Specify the trans-delay of transmitting LSA on the interface serial1/0/0 as 3
seconds.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf trans-delay 3
peer Syntax
peer ip-address [ dr-priority dr-priority-number ]
undo peer ip-address
View
OSPF view
Parameter
Description
Using the peer command, you can configure the IP address of adjacent routers
and specify a DR priority on an NBMA network. Using the undo peer command,
you can cancel the configuration.
On the frame relay network, a full-meshed network (i.e. there is a VC directly
connecting any two routers on the network) can be implemented by configuring
map. Thus OSPF can perform in the same way in the frame relay network as in the
broadcast network (such as electing DR and BDR). However, the IP address of
adjacent routers and their election rights must be configured manually for the
interface because adjacent routers cannot be found dynamically by advertising
Hello messages.
Example
Configure the IP address of peer router as 10.1.1.1.
[3Com-ospf-1] peer 10.1.1.1
preference Syntax
preference [ ase ] value
undo preference [ ase ]
View
OSPF view
Parameter
Description
Using the preference command, you can configure the preference of an OSPF
protocol route. Using the undo preference command, you can restore the
default value of the OSPF protocol route.
By default, the preference of an OSPF protocol internal route is 10 and the
preference of an external route is 150.
Because multiple dynamic routing protocols could be running on a router, there is
the problem of routing information sharing among routing protocols and
selection. Therefore, a default preference is specified for each routing protocol.
When multiple routes to the same destination are found by different routing
protocols, the route found by high preference routing protocol will be selected to
forward IP packets.
Example
Specify the preference of an external imported route of the AS as 160.
[3Com-ospf-1] preference ase 160
View
User view
Parameter
process-id: OSPF process number. If no OSPF process number is specified, all the
OSPF processes should be reset.
Description
Using the reset ospf all command, you can reset all the OSPF processes. Using
the parameter of statistics to reset statistics about OSPF.
The reset ospf process-id command can be used to reset the specified process
and clear statistics data. Using the parameter of statistics to reset statistics about
OSPF.
Using the reset ospf command to reset the OSPF process, the following results
are expected:
■ Clear invalid LSA immediately without waiting for LSA timeout.
■ If the Router ID changes, a new Router ID will take effect by executing the
command.
■ Re-elect DR and BDR conveniently.
■ OSPF configuration will not be lost if the system is restarted.
■ Delete the original OSPF routes.
■ After OSPF process is restarted, new routes and LSA will be generated
correspondingly and LSA will be advertised.
The system will require the user to confirm whether to re-enable the OSPF
protocol after execution of the command.
Example
Reset all the OSPF processes
<3Com> reset ospf all
router id Syntax
router id router-id
undo router id
View
System view
622 CHAPTER 6: ROUTING PROTOCOL
Parameter
Description
Using the router id command, you can configure the ID of a router running the
OSPF protocol. Using the undo router id command, you can cancel the router ID
that has been configured.
By default, no router ID is configured.
Router ID is a 32-bit unsigned integer that uniquely identifies a router in an OSPF
autonomous system. If the router ID specified, the configurations of OSPF can not
be set.
When the router ID is configured manually, the IDs of any two routers cannot be
identical in the autonomous system. So, the IP address of certain interface might
as well be selected as the ID of this router.
Example
Set the router ID to 10.1.1.3.
[3Com] router id 10.1.1.3
silent-interface Syntax
silent-interface interface-type interface-number
undo silent-interface interface-type interface-number
View
OSPF view
Parameter
Description
Using the silent-interface command, you can disable an interface to transmit
OSPF packet. Using the undo silent-interface command, you can restore the
default setting.
By default, the interface is enabled to transmit OSPF packet.
You can use this command to disable an interface to transmit OSPF packet, so as
to prevent the router on some network from receiving the OSPF routing
information.
Different processes can disable the same interface to transmit OSPF packet. While
silent-interface command only takes effect on the interface enabled with OSPF
by this process, being invalid for the interface enabled by other processes.
OSPF Configuration Commands 623
Example
Disable interface serial2/0/0 to transmit OSPF packet.
[3Com-ospf-1] silent-interface serial2/0/0
Disable interface Ethernet2/0/0 to transmit OSPF packet in both OSPF process 100
and OSPF process 200.
View
System view
Parameter
trap-type: Type of SNMP TRAP packet transmitted by OSPF. It can be the keyword
in the following table.
Table 3 SNMP TRAP type keywords
keyword description
ifauthfail Enables the InterfaceAuthenticationFailure trap packets
ifcfgerror Enables the InterfaceConfigError trap packets
ifrxbadpkt Enables the InterfaceRecieveBadPacket trap packets
ifstatechange Enables the InterfaceStateChange trap packets
iftxretransmit Enables the InterfaceTxRetransmitPacket trap packets
lsdbapproachoverflow Enables the LsdbApproachOverflow trap packets
lsdboverflow Enables the LsdbOverflow trap packets
maxagelsa Enables the MaxAgeLsa trap packets
nbrstatechange Enables the NeighborStateChange trap packets
originatelsa Enables the OriginateLsa trap packets
virifauthfail Enables the VirtualInterfaceAuthenticationFailure trap
packets
virifcfgerror Enables the VirtualInterfaceConfigError trap packets
virifrxbadpkt Enables the VirtualInterfaceRecieveBadPacket trap packets
virifstatechange Enables the VirtualInterfaceStateChange trap packets
viriftxretransmit Enables the VirtualInterfaceTxRetransmitPacket trap packets
virnbrstatechange Enables the VirtualNeighborStateChange trap packets
624 CHAPTER 6: ROUTING PROTOCOL
Description
Using the snmp-agent trap enable ospf command, you can enable the TRAP
function of OSPF. Using the undo snmp-agent trap enable ospf command, you
can disable the TRAP function.
This command takes no effect on the OSPF process enabled after its execution.
By default, no OSPF process is enabled to transmit TRAP packets.
For detailed configuration of SNMP TRAP, refer to “system management” section
in this manual.
Example
Enable TRAP function of OSPF process 100.
<3Com> snmp-agent trap enable ospf 100
spf-schedule-interval Syntax
spf-schedule-interval interval
undo spf-schedule-interval
View
OSPF view
Parameter
Description
Using the spf-schedule-interval command, you can configure the route
calculation interval of OSPF. Using the undo spf-schedule-interval command,
you can restore the default setting.
According to the Link State Database (LSDB), the router running OSPF can
calculate the shortest path tree taking itself as the root and determine the next
hop to the destination network according to the shortest path tree. By adjusting
SPF calculation interval, network frequently changing can be restrained, which
may lead to that too many bandwidth resources and router resources will be used.
Example
Set the OSPF route calculation interval of 3Com to 6 seconds.
[3Com-ospf-1] spf-schedule-interval 6
stub Syntax
stub [ no-summary ]
undo stub
View
OSPF area view
OSPF Configuration Commands 625
Parameter
no-summary: Only available for the ABR in Stub area. When this parameter is
selected, the ABR only advertises the Summary-LSA for the default route, but no
other Summary-LSAs. The area is also called totally stub area.
Description
Using the stub command, you can configure the type of an OSPF area as the STUB
area. Using the undo stub command, you can cancel the settings.
By default, no area is set to be the STUB area.
All the routers in a Stub area must be configured with the corresponding attribute.
For the related command, see default-cost.
Example
Set the type of OSPF area 1 to the STUB area.
[3Com-ospf] area 1
[3Com-ospf-area-0.0.0.1] stub
vlink-peer Syntax
vlink-peer router-id [ hello seconds] [ retransmit seconds ] [ trans-delay seconds ] [ dead
seconds ] [ simple password | md5 keyid key ]
undo vlink-peer router-id
View
OSPF area view
Parameter
hello seconds: Interval that router transmits hello message. It ranges from 1 to
8192 seconds. This value must equal the hello seconds value of the router virtually
linked to the interface. By default, the value is 10 seconds,
retransmit seconds: Specifes the interval for re-transmitting the LSA packets on an
interface. It ranges from 1 to 8192 seconds. By default, the value is 5 seconds.
trans-delay seconds: Specifes the interval for delaying transmitting LSA packets on
an interface. It ranges from 1 to 8192 seconds. By default, the value is 1 second.
dead seconds: Specifies the interval of death timer. It ranges from 1 to 8192
seconds. This value must equal the dead seconds of the router virtually linked to it
and must be at least 4 times of the hello seconds. By default, the value is 40
seconds.
simple password: Specifies the simple text authentication key, not exceeding 8
characters, of the interface. This value must equal the authentication key of the
virtually linked neighbor.
keyid: Specifies the MD5 authentication key ID. Its value ranges from 1 to 255. It
must be equal to the authentication key ID of the virtually linked neighbor.
626 CHAPTER 6: ROUTING PROTOCOL
Description
Using the vlink-peer command, you can create and configure a virtual link. Using
the undo vlink-peer command, you can cancel an existing virtual link.
According to RFC2328, the OSPF area should be connected with the backbone
network. You can use vlink-peer command to keep the connectivity. Virtual link
somewhat can be regarded as a common ospf enabled interface so that you can
easily understand how to configure the parameters such as hello, retransmit, and
trans-delay on it.
One thing should be mentioned. When configuring virtual link authentication,
authentication-mode command is used to set the authentication mode as MD5
cipher text or simple text on the backbone network.
For the related command, see authentication-mode, and display ospf.
Example
Create a virtual link to 10.110.0.3 and use the MD5 cipher text authentication
mode.
[3Com-ospf] area 10.0.0.0
[3Com-ospf-area-10.0.0.0] vlink-peer 10.110.0.3 md5 3 345
BGP Configuration For the commands defining routing policies in BGP, refer to the "IP Routing Policy
Commands Configuration Commands" of the next chapter.
For the configuration examples and parameter explanation of VPNv4 and VPN
instance in BGP, refer to the "Multicast" module and "MPLS" module of this
manual.
aggregate Syntax
aggregate address mask [ as-set ] [ detail-suppressed ] [ suppress-policy
route-policy-name ] [ origin-policy route-policy-name ] [ attribute-policy
route-policy-name ]
undo aggregate address mask [ as-set ] [ detail-suppressed ] [ suppress-policy
route-policy-name ] [ origin-policy route-policy-name ] [ attribute-policy
route-policy-name ]
View
BGP view
Parameter
Description
Using the aggregate command, you can establish an aggregated record in the
BGP routing table. Using the undo aggregate command, you can cancel the
function.
By default, there is no route aggregation.
The keywords are explained as follows:
Table 4 Functions of the keywords
Keywords Function
as-set Used to create an aggregated route, whose AS path information
includes detailed routes. Use this keyword carefully when many
AS paths need to be aggregated, for the frequent change of
routes may lead to route vibration.
detail-suppressed This keyword does not establish any aggregated route, but it
restrains the advertisement of all the specific routes. If only some
specific routes are to be restrained, use the peer filter-policy
command carefully.
suppress-policy Create an aggregated route with this keyword, at the same
time, the advertisement of the specified route is restrained. If
you want to restrain some specific routes selectively and leaves
other routes still being advertised, use the if-match clause of the
route-policy command.
origin-policy Select only the specific routes that are in accordance with
route-policy to create an aggregated route.
attribute-policy Set aggregated route attributes. The same work can be done by
using peer route-policy, etc.
Example
Establish an aggregated record in the BGP routing table.
[3Com-bgp] aggregate 192.213.0.0 255.255.0.0
balance Syntax
balance num
undo balance
View
BGP view
Parameter
num: Number of BGP load sharing routes. Their ranges are defined according to
the router types. You can get prompt information by inputting “?” at its location
628 CHAPTER 6: ROUTING PROTOCOL
Description
Using the balance command, you can configure the number of routes performing
BGP load sharing. Using the undo balance command, you can restore the default
value.
By default, no load sharing is performed.
Different from IGP protocol, there is no specific indication for BGP to perform load
sharing. The load sharing of BGP is implemented by changing its routing rules.
For the related command, see display ip routing-table.
Example
Configure 2 routes to perform load sharing.
[3Com] bgp 100
[3Com-bgp] balance 2
bgp Syntax
bgp as-number
undo bgp [ as-number ]
View
System view
Parameter
as-number: Specifies local AS number, ranging from 1 to 65535.
Description
Using the bgp command, you can enable BGP and enter the BGP view. Using the
undo bgp command, you can disable BGP.
By default, BGP is not enabled.
This command is used to enable and disable BGP as well as to specify the local AS
number of BGP.
Example
Enable BGP.
[3Com] bgp 100
[3Com-bgp]
compare-different-as-me Syntax
d compare-different-as-med
undo compare-different-as-med
View
BGP unicast view, BGP multicast view, VPNv4 view
BGP Configuration Commands 629
Parameter
None
Description
Using the compare-different-as-med command, you can enable comparison of
MED values from different AS neighboring routes when determining the best
route. Using the undo compare-different-as-med command, you can disable
the comparison.
By default, it is disabled to compare the MED attribute values from the routing
paths of different AS peers.
If there are several routes available to one destination address, the route with
smaller MED parameter can be selected as the final route item.
You are not recommended to use this command unless you can make sure that
the ASs adopt the same IGP and routing method.
Example
Enable the comparison of the MED attribute values from different AS neighboring
route paths.
[3Com-bgp] compare-different-as-med
confederation id Syntax
confederation id as-number
undo confederation id
View
BGP view
Parameter
as-number: Number of the AS which contains multiple sub-ASs. The range is from
1 to 65535.
Description
Using the confederation id command, you can configure confederation
identifier. Using the undo confederation id command, you can cancel the BGP
confederation specified by parameter as-number.
By default, the confederation ID is not configured.
Confederation can be adopted to solve the problem of too many IBGP full
connections in a large AS domain. The solution is, first dividing the AS domain into
several smaller sub-ASs, and each sub-ASs remains full-connected. These sub-ASs
form a confederation. Key IGP attributes of the route, such as next hop, MED,
local preference, are not discarded across each sub-ASs. The sub-ASs still look like
a whole from the point of view of a confederation although these sub-ASs have
EBGP relations. This can assure the integrality of the former AS domain, and ease
the problem of too many connections in the domain
For the related commands, see confederation nonstandard and
confederation peer-as.
630 CHAPTER 6: ROUTING PROTOCOL
Example
Confederation 9 consists of four sub-ASs, namely, 38, 39, 40 and 41. Here, the
peer 10.1.1.1 is an internal member of the AS confederation while the peer
200.1.1.1 is an external member of the AS confederation. For external members,
Confederation 9 is a unified AS domain.
[3Com] bgp 41
[3Com-bgp] confederation id 9
[3Com-bgp] confederation peer-as 38 39 40
[3Com-bgp] peer 10.1.1.1 as-number 38
[3Com-bgp] peer 200.1.1.1 as-number 98
confederation Syntax
nonstandard confederation nonstandard
undo confederation nonstandard
View
BGP view
Parameter
None
Description
Using the confederation nonstandard command, the router can be compatible
with the AS confederation not adopting RFC1965. Using the undo
confederation nonstandard command, you can cancel this function.
By default, the configured confederation is consistent with RFC1965.
All the 3Com routers in the confederation should be configured with this
command for interworking with those nonstandard devices.
For the related commands, see confederation id and confederation peer-as.
Example
AS100 contains routers following nonstandard, which is composed of two
sub-ASs, 64000 and 65000.
[3Com] bgp 64000
[3Com-bgp] confederation id 100
[3Com-bgp] confederation peer-as 65000
[3Com-bgp] confederation nonstandard
View
BGP view
BGP Configuration Commands 631
Parameter
Description
Using the confederation peer-as command, you can configure a confederation
consisting of which sub-ASs. Using the undo confederation peer-as command,
you can cancel the specified sub-AS in the confederation.
By default, no autonomous system is configured as a member of the
confederation.
The configured sub-ASs in this command is inside a confederation and each
sub-AS uses fully meshed network. The confederation id command is used to
specify the confederation to which each sub-AS belongs. This configuration is
invalid before this command is performed.
For the related commands, see confederation nonstandard and
confederation id.
Example
Configure the confederation that contains AS 2000 and 2001.
[3Com-bgp] confederation peer-as 2000 2001
dampening Syntax
dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling ] [
route-policy policy-name ]
undo dampening
View
BGP view
Parameter
half-life-reachable: Specifies the half-life when the route is reachable. The range is
1 to 45 minutes. By default, the value is 15 minutes.
ceiling: Upper threshold of the penalty. The range is 1001 to 20000. By default,
its value is 16000.
Description
Using the dampening command, you can make BGP route attenuation valid or
modify various BGP route attenuation parameters. Using the undo dampening
command, you can make the characteristics invalid.
By default, no route attenuation is configured.
If the parameters are not set, the BGP route attenuation is valid and each
parameter is taken as the default value. half-life-reachable, half-life-unreachable
,reuse, suppress and ceiling are mutually dependent. Once any parameter is
configured, all other parameters should also be specified.
For the related command, see reset dampening, reset bgp flap-info, display
bgp routing-table dampened, and display bgp routing-table flap-info.
Example
Modify various BGP route attenuation parameters.
[3Com-bgp] dampening 15 15 1000 2000 10000
View
User view
Parameter
Description
Using the debugging bgp all command, you can enable all the information
debugging of BGP packets and events.
Using the debugging bgp event command, you can enable the information
debugging of BGP events.
Using the debugging bgp keepalive command, you can enable the information
debugging of BGP Keepalive packets.
Using the debugging bgp packet command, you can enable the information
debugging of BGP packets.
BGP Configuration Commands 633
Example
Enable the information debugging of BGP packets.
<3Com> debugging bgp packet
View
BGP unicast view, BGP multicast view, VPNv4 view
Parameter
Description
Using the default local-preference command, you can configure the default
local preference. Using the undo default local-preference command, you can
restore the default value.
Configuring different local preferences will affect BGP routing selection.
Example
The two routers RTA and RTB in the same autonomous area use X.25 and Frame
Relay protocols separately to connect with external autonomous areas. The
command can be used to configure the default local preference of RTB as 180 so
that the route via RTB is selected first when the same route goes through RTA and
RTB at the same time.
[3Com-bgp] default local-preference 180
View
BGP unicast view, BGP multicast view, VPNv4 view, VPN instance view
Parameter
Description
Using the default med command, you can configure the system MED value.
Using the undo default med command, you can restore the default value of
metric.
634 CHAPTER 6: ROUTING PROTOCOL
Multi-Exit Distinguish (MED) is the external metric of a route. Different from local
preference, MED is exchanged between ASs and will stay in the AS. MED indicates
the attribute of a route. The smaller an MED is, the better a route is. So the route
with a low MED is preferred.When a router running BGP obtains several routes
with identical destination address and different next-hops from various external
peers, it will select the best route depending on the MED value. In the case that all
other conditions are the same, the system first selects the route with the smaller
MED value as the external route of the autonomous system.
Example
Routers RTA and RTB belong to AS100 and router RTC belongs to AS200. RTC is
the peer of RTA and RTB. The network between RTA and RTC is X.25 network and
the network between RTB and RTC is Ethernet. So the MED of RTA can be
configured as 25 to allow RTC to select the route transmitted by RTB first.
[3Com-bgp] default med 25
View
Any view
Parameter
Description
Using the display bgp group command, you can view the information of peer
groups.
Example
View the information of the peer group "aaa".
<3Com> display bgp group aaa
group : aaa no as-number still
members in this group :
Description : aaa
route-policy specified in export policy : aaa
filter-policy specified in export policy : list no.30304410
acl specified in export policy : list no.30304410
ip-prefix specified in export policy : aaa
route-policy specified in import policy : aaa
filter-policy specified in import policy : list no.30304410
acl specified in import policy : list no.30304410
ip-prefix specified in import policy : aaa
with Route-policy aaa
View
Any view
Parameter
vpn-instance vpn-instance-name: Name of VPN instance.
route-distinguisher route-distinguisher: Name of route-distinguisher.
Description
Using the display bgp network command, you can view the routing information
that has been configured.
Example
View the routing information that has been configured.
<3Com> display bgp network
NetworkMask Route-policy
133.1.1.0255.255.255.0None
112.1.0.0255.255.0.0None
View
Any view
Parameter
Description
Using the display bgp paths command, you can view the information about AS
paths
Example
Display the information about the AS paths.
<3Com> display bgp paths ^600$
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Id Hash-Index References Aggregator Origin As-Path
--------------------------------------------------------------------
6 90 15 <null> IGP 600
View
Any view
636 CHAPTER 6: ROUTING PROTOCOL
Parameter
Description
Using the display bgp peer command, you can view the information of peer.
Using the display bgp multicast peer command, you can view the information
of MBGP peer.
Using the display bgp vpnv4 peer command, you can view the information of
VPN peer.
Example
Display the information of the peer 10.110.25.20.
<3Com> display bgp peer 10.110.25.20
Peer AS-number Version Queued-Tx Msg-Rx Msg-Tx Up/Down State
--------------------------------------------------------------------
10.110.25.20 100 4 0 0 0 00:33:43 Active
View the details of peer 133.1.1.2.
<3Com> display bgp peer 133.1.1.2 verbose
Peer: 133.1.1.2 Local: Unspecified
Type: External
State: Idle Flags: <Idled>
Last State: NoState Last Event: NoEvent
Last Error: None
Options: <>
Configuration within the peer :
no export policy route-policy
no export policy ip-prefix
no export policy filter-policy
no export policy acl
no import policy route-policy
no import policy ip-prefix
no import policy filter-policy
no import policy acl
no default route produce
View
Any view
Parameter
Description
Using the display bgp multicast routing-table command, you can view the BGP
routing information of the specified IP address in the BGP routing table.
Using the display bgp multicast routing-table command, you can view the
MBGP routing information of the specified IP address in the BGP routing table.
Using the display bgp vpnv4 routing-table command, you can view the VPN
routing information of the specified IP address in the BGP routing table.
Example
View all the BGP routing information.
<3Com> display bgp routing-table
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Pref Next-Hop Med Local-Pref Origin As-Path
--------------------------------------------------------------------
*> 1.1.1.0/24 10.10.10.1 IGP 200
*> 1.1.2.0/24 10.10.10.1 IGP 200
*> 1.1.3.0/24 10.10.10.1 IGP 200
*> 2.2.3.0/24 10.10.10.1 INC 200
*> 4.4.4.0/24 10.10.10.1 IGP 200
*> 9.9.9.0/24 10.10.10.1 INC 200
*> 10.10.10.0/24 0.0.0.0 IGP
* 10.10.10.1 IGP 200
View
Any view
Parameter
Description
Using the display bgp routing-table as-path-acl command, you can view
routes that match an as-path acl
Example
Display routes that match filtering list.
<3Com> display bgp routing-table as-path-acl 1
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Pref Next-Hop Med Local-pref Origin As-path
--------------------------------------------------------------------
^ 1.1.1.0/24 170 10.10.10.1 0 IGP 200
^ 1.1.2.0/24 170 10.10.10.1 0 IGP 200
^ 1.1.3.0/24 170 10.10.10.1 0 IGP 200
^ 2.2.3.0/24 256 10.10.10.1 0 INC 200
^ 4.4.4.0/24 256 10.10.10.1 0 INC 200
^ 9.9.9.0/24 256 10.10.10.1 0 INC 200
^ 10.10.10.0/24 256 10.10.10.1 0 IGP 200
^ 22.1.0.0/16 256 200.1.7.2 100 INC 200
88.1.0.0/16 60 0.0.0.0 IGP
View
Any view
Parameter
None
Description
Using the display bgp routing-table cidr command, you can view the routing
information about the non-natural mask (namely the classless inter-domain
routing, CIDR).
Example
<3Com> display bgp routing-table cidr
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Pref Next-Hop Med Local-pref Origin As-path
--------------------------------------------------------------------
^ 22.1.0.0/16 256 200.1.7.2 100 INC 200
88.1.0.0/16 60 0.0.0.0 IGP
BGP Configuration Commands 639
View
Any view
Parameter
no-export: Not exports routes outside the AS but advertise to other sub Ass.
Description
Using the display bgp routing-table community command, you can view the
routing information related to the specified BGP community number in the routing
table.
Example
Display the routing information matching the specified BGP community number.
<3Com> display bgp routing-table community 11:22
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Pref Next-Hop Med Local-pref Origin As-path
--------------------------------------------------------------------
^ 1.0.0.0/8 170 172.10.0.2 100 IGP
^ 2.0.0.0/8 256 172.10.0.2 100 IGP
View
Any view
Parameter
Description
Using the display bgp routing-table community-list command, you can view
the routing information matching the specified BGP community list.
640 CHAPTER 6: ROUTING PROTOCOL
Example
View the routing information matching BGP community list 1.
[3Com] display bgp routing-table community-list 1
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Destination/Mask Pref Next-hop Med Local-Pref Origin As-Path
--------------------------------------------------------------------
1.1.1.0/24 170 10.10.10.1 0 IGP 200
1.1.2.0/24 256 10.10.10.1 0 IGP 200
1.1.3.0/24 170 10.10.10.1 0 IGP 200
2.2.3.0/24 256 10.10.10.1 0 INC 200
4.4.4.0/24 170 10.10.10.1 0 INC 200
9.9.9.0/24 256 10.10.10.1 0 INC 200
10.10.10.0/24 0 10.10.10.2 0 IGP
10.10.10.0/24 256 10.10.10.1 0 IGP 200
View
Any view
Parameter
None
Description
Using the display bgp routing-table dampened command, you can view BGP
dampened routes.
Example
View BGP dampened routes.
<3Com> display bgp routing-table dampened
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Source Damping-limit Origin As-path
-----------------------------------------------------------------
D 11.1.0.0 133.1.1.2 1:20:00 IGP 200
Parameter
None
BGP Configuration Commands 641
Description
Using the display bgp routing-table different-origin-as command, you can
view routes that have different source autonomous systems
Example
View the routes that have different source ASs.
<3Com> display bgp routing-table different-origin-as
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Destination/Mask Pref Next-hop Med Local-Pref Origin As-Path
------------------------------------------------------------------
10.10.10.0/24 0 10.10.10.2 0 IGP
10.10.10.0/24 256 10.10.10.1 0 IGP 200
View
Any view
Parameter
longer-match: Displays the route flap information that is more specific than
<network-address, mask>.
Description
Using the display bgp routing-table flap-info command, you can view BGP flap
information. When <network-address mask> is <0.0.0.0.0.0.0.0>, this command
will view the flap information of all BGP routes.
Example
Display BGP flap information.
<3Com> display bgp routing-table flap-info
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Source Keepup-time Damping-limit Flap-times Origin As-path
--------------------------------------------------------------------
D 11.1.0.0/16 133.1.1.2 48 1:20:30 4 IGP 200
642 CHAPTER 6: ROUTING PROTOCOL
View
Any view
Parameter
Description
Using the display bgp routing-table peer command, you can view the routing
information the specified BGP peer advertised or received.
For the related command, see display bgp peer.
Example
View the routing information advertised by BGP peer 10.10.10.1.
<3Com> display bgp routing table peer 10.10.10.1 advertised
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/mask Next -Hop Med Local-pref Origin As-path
-----------------------------------------------------------------
*> 10.10.10.0/24 0.0.0.0 INC
View
Any view
Parameter
Description
Using the display bgp routing-table regular-expression command, you can
view the routing information matching the specified AS regular expression
Example
Display the routing information matching with AS regular expression ^600$.
<3Com> display bgp routing-table regular-expression ^600$
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Destination/Mask Pref Next-hop Med Local-Pref Origin As-Path
BGP Configuration Commands 643
--------------------------------------------------------------------
1.1.1.0/24 256 10.10.10.1 0 IGP 200
1.1.2.0/24 256 10.10.10.1 0 IGP 200
1.1.3.0/24 256 10.10.10.1 0 IGP 200
2.2.3.0/24 256 10.10.10.1 0 INC 200
4.4.4.0/24 256 10.10.10.1 0 IGP 200
9.9.9.0/24 256 10.10.10.1 0 INC 200
10.10.10.0/24 256 10.10.10.1 0 IGP 200
View
BGP unicast view, multicast view, VPNv4 view, VPN instance view
Parameter
acl-number: Specifies the number of access control list matching the destination
address field of routing information, ranging from 1 to 199.
ip-prefix-name: Specifies the name of the address prefix list matching the
destination address field of routing information, ranging from 1 to 19.
Description
Using the filter-policy export command, you can filter the advertised routes and
only the routes passing the filter can be advertised by BGP. Using the undo
filter-policy export command, you can cancel the filtering to the advertised
routes.
By default, the advertised routing information is not filtered.
If the parameter protocol is specified, only the imported route generated by the
specified protocol is filtered and the imported routes generated by other protocols
are not affected. If the parameter protocol is not specified, the imported route
generated by any protocol will be filtered.
Example
Use acl 3 to filter the routing information advertised by all BGPs.
[3Com-bgp] filter-policy 3 export
View
BGP unicast view, BGP multicast view, VPNv4 view, VPN instance view
644 CHAPTER 6: ROUTING PROTOCOL
Parameter
acl-number: Specifies the number of access control list matching the destination
address field of routing information, ranging from 1 to 199.
ip-prefix ip-prefix-name: Address prefix list name. The matched object is the
destination address domain of the routing information, ranging from 1 to 19.
gateway ip-prefix-name: Address prefix list name of the neighboring router. The
matched object is the routing information distributed by the specified neighboring
router, ranging from 1 to 19.
Description
Using the filter-policy gateway import command, you can filter the learned
routing information advertised by the specified address. Using the undo
filter-policy gateway import command, you can remove the filtering to the
routing information advertised by the specified address.
Using the filter-policy import command, you can filter the received global
routing information. Using the undo filter-policy import command, you can
remove the filtering to the received global routing information.
By default, the received routing information is not filtered.
This command can be used to filter the routes received by BGP and determines
whether to add the routes to the BGP routing table.
Example
Display how to use acl 3 to filter the routing information received by BGP.
[3Com-bgp] filter-policy 3 import
group Syntax
group group-name { [ internal ] | external }
undo group group-name
View
BGP view
Parameter
external: Creates an external peer group, including other sub AS groups in the
confederation.
Description
Using the group command, you can establish a peer group. Using the undo
group command, you can delete the configured peer group.
The use of BGP peer group is for the convenience of the user’s configuration.
When the user starts several peers with the same configuration, a peer group can
BGP Configuration Commands 645
be established first and be configured. Then add all the peers to the peer group so
that they have the same configuration as this peer group.
The default IBGP peer will be added to the default peer group without any
configuration. The configuration of the route update policy for any IBGP peer is
valid for the other IBGP peers in its group. To be specific, if the router is not a
route reflector, all the IBGP peers are in the same group. If the router is a route
reflector, all the route reflection clients are in a group, while non-clients are in
another group.
The external peer group members must be in the same network segment.
Otherwise, some EBGP peers may discard the transmitted route update.
The peer group members cannot be configured with the route update policy
which is different from that of the peer group, but can be configured with
different ingress policies.
Example
Establish a peer group "test".
[3Com-bgp] group test
import-route Syntax
import-route protocol [ med med-value ] [ route-policy route-policy-name ]
undo import-route protocol
View
BGP view
Parameter
med med-value: Specifies the MED value loaded by a redistributed route, ranging
from 0 to 4294967295.
Description
Using the import-route command, you can import routes of other protocols.
Using the undo import-route command, you can remove importing routes of
other protocols.
By default, BGP does not import the routes of other protocols.
Example
Import routes of RIP.
[3Com-bgp] import-route rip
View
System view
Parameter
Description
Using the ip as-path acl command, you can configure an AS path regular
expression. Using the undo ip as-path acl command, you can disable the defined
regular expression.
The configured AS path list can be used in BGP policy.
For the related command, see peer as-path-acl, and display bgp routing-table
as-path-acl.
Example
Configure an AS path list.
[3Com] ip as-path acl 10 permit 200,300
ip community-list Syntax
ip community-list stand-comm-list-number { permit | deny } { aa:nn | internet |
no-export-subconfed | no-advertise | no-export }
ip community-list ext-comm-list-number { permit | deny } as-regular-expression
undo ip community-list { stand-comm-list-number | ext-comm-list-number }
View
System view
Parameter
no-export: Used not to pass routes outside the AS but advertise to other sub ASs.
Description
Using the ip community-list command, you can configure a BGP community list.
Using the undo ip community-list command, you can delete the configured BGP
community list.
The configured community list can be used in BGP policy.
For the related command, see apply community, and display bgp
routing-table community-list.
Example
Define a community attribute list which does not advertise routes with the
community attribute beyond the confederation.
[3Com] ip community-list 6 permit no-export-subconfed
network Syntax
network ip-address [ address-mask ] [ route-policy route-policy-name ]
undo network ip-address [ address-mask ] [ route-policy route-policy-name ]
View
BGP view
Parameter
Description
Using the network command, you can configure the network routes advertised
by the local BGP. Using the undo network command, you can delete the existing
configuration.
By default, there is no network sent through BGP.
Example
Advertise routes to network segment 10.0.0.0/16.
[3Com-bgp] network 10.0.0.1 255.255.0.0
peer Syntax
advertise-community peer { group-name } advertise-community
undo peer { group-name } advertise-community
View
BGP view, VPNv4 view, VPN instance view
648 CHAPTER 6: ROUTING PROTOCOL
Parameter
Description
Using the peer advertise-community command, you can enable the
transmission of the community attribute to a peer/peer group. Using the undo
peer advertise-community command, you can cancel the existing configuration.
By default, the community attribute is not transmitted to any peer/peer group.
For the related commands, see if-match community-list and apply
community.
Example
Enable the transmission of the community attribute to a peer group "test".
[3Com-bgp] peer test advertise-community
View
BGP view, VPNv4 view, VPN instance view
Parameter
number: Specifies the repeating times of local AS number. The range is 1 to 10.
Description
Using the peer allow-as-loop command, you can configure the repeating time of
local AS. Using the undo peer allow-as-loop command, you can remove the
repeating time of local AS.
For the related command, see display current-configuration, display bgp
routing-table peer, and display bgp routing-table group.
Example
Specify to configure the repeating times of local AS to 2.
[3Com-bgp] peer 1.1.1.1 allow-as-loop 2
View
BGP view
BGP Configuration Commands 649
Parameter
Description
Using the peer as-number command, you can specify the peer AS number of
peer group. Using the undo peer as-number command, you can delete the AS
number of peer group.
By default, no AS number is configured.
Example
Specify the peer AS number for the peer test as 100.
[3Com-bgp] peer test as-number 100
View
BGP view, VPNv4 view, VPN instance view
Parameter
acl-number: Specifies the filter list number of an AS regular expression. The range
is 1 to 199.
Description
Using the peer as-path-acl command, you can specify BGP route filtering policy
based on AS path list. Using the undo peer as-path-acl command, you can
cancel the existing configuration.
By default, the peer group has no AS path list.
Example
Set the AS path ACL of the peer group test.
[3Com-bgp] peer test as-number 100
[3Com-bgp] peer test as-path-acl 3 export
650 CHAPTER 6: ROUTING PROTOCOL
View
BGP view
Parameter
Description
Using the peer connect-interface command, you can specify the source interface
of a route update packet. Using the undo peer connect-interface command,
you can restore the best source interface.
By default, BGP uses the best source interface.
Usually, BGP uses the optimal route to update the source interface of the packets.
However, you can set the mode of the interface to Loopback in order to send
route updates even if the interface does not work normally.
Example
None
peer Syntax
default-route-advertise peer { group-name } default-route-advertise
undo peer { group-name } default-route-advertise
View
BGP view
Parameter
Description
Using the peer default-route-advertise command, you can configure a
peer/peer group to import a default route for a peer. Using the undo peer
default-route-advertise command, you can cancel the existing configuration.
By default, a peer/peer group does not import the default route.
For this command, no default route is required in the routing table. A default
route is sent unconditionally to a peer with the next hop as itself.
Example
Specify a peer group "test" to import the default route.
[3Com-bgp] peer test as-number 100
BGP Configuration Commands 651
View
BGP view
Parameter
Description
Using the peer description command, you can configure the description
information of the peer/peer group. Using the undo peer description command,
you can remove the description information of the peer/peer group.
Example
Configure the description information of the peer named group1 as beijing1.
[3Com-bgp] peer group1 description beijing1
View
BGP view
Parameter
ttl: Specifies the maximum hop value. The range is 1 to 255. By default, the value
is 64.
Description
Using the peer ebgp-max-hop command, you can allow establishing EBGP
connection with the peer on indirectly connected network. Using the undo peer
ebgp-max-hop command, you can cancel the existing configuration.
By default, this feature is disabled.
652 CHAPTER 6: ROUTING PROTOCOL
Example
Establish EBGP connection with the peer group "test" on the indirectly connected
network.
[3Com-bgp] peer test ebgp-max-hop
View
BGP unicast address family view, IPv4 multicast address family view, VPNv4 address
family view, L2VPN address family view
Parameter
group-name: Specifies the name of the peer group, which specifies the entire peer
group.
Description
Using the peer enable command, you can enable the specified peer (group) and
can exchange information with a peer. Using the undo peer enable command,
you can disable the specified peer (group).
Here,
The peer peer-address enable command can be configured in unicast address
family only. Using this command, you can disable the unicast function of the peer.
You can delete the peer from the group in the corresponding address to disable its
multicast function or VPNv4 function.
By default, BGP peer (group) is enabled in unicast address family, but disabled in
VPN and MBP address families.
If the specified peer/peer group is disabled, the router will not exchange routing
information with the specified peer (group).
Example
Deactivate the specified peer.
[3Com] bgp 180
[3Com-bgp] peer 18.10.0.9 as-number 180
[3Com-bgp] undo peer 18.10.0.9 enable
View
BGP view, IPv4 multicast sub-address family view
BGP Configuration Commands 653
Parameter
Description
Using the peer filter-policy command, you can set the filter-policy list of a peer
group. Using the undo peer filter-policy command, you can cancel the existing
configuration.
By default, a peer group has no access control list (acl).
For the related commands, see ip as-path acl and peer as-path-acl.
Example
Set the filter-policy list of a peer group test.
[3Com-bgp] peer test as-number 100
[3Com-bgp] peer test filter-policy 3 import
View
BGP view
Parameter
Description
Using the peer group command, you can add a peer to the peer group. Using the
undo peer group command, you can delete the specified peer in the peer group.
In the unicast/VPN-INSTANCE address family view, when adding a peer to an
external peer group without specified AS number, you should specify the peer AS
654 CHAPTER 6: ROUTING PROTOCOL
number at the same time. While it is unnecessary when adding the peer to an
internal peer group or an external peer group with specified AS number.
In the multicast/VPNv4 address family view, it is required that the peer to be added
should exist and has been added to a peer group in the unicast address family
view (The peer can be disabled).
In different address family views, a peer can be added to different peer groups and
a peer group can have different members.
Example
Add the peer with IP address being 10.1.1.1 to the peer group TEST.
[3Com-bgp] group TEST
[3Com-bgp] peer 10.1.1.1 group TEST
View
BGP view, VPNv4 view, VPN instance view
Parameter
import: Applies the filtering policy on the route received by the specified
peer/peer group.
export: Applies the filtering policy on the route transmitted to the specified
peer/peer group.
Description
Using the peer ip-prefix command, you can configure the route filtering policy of
the peer/peer group based on the ip-prefix. Using the undo peer ip-prefix
command, you can cancel the route filtering policy of the peer/peer group based
on the ip-prefix.
By default, the route filtering policy of the peer/peer group is not specified.
For the related command, see ip ip-prefix.
Example
Configure the route filtering policy of the peer group based on the ip-prefix 1.
[3Com-bgp] peer group1 ip-prefix list1 import
View
BGP view
Parameter
Description
Using the peer next-hop-local command, you can perform the process of the
next hop in the route to be advertised to the peer/peer group and take the address
of itself as the next hop. Using the undo peer next-hop-local command, you can
cancel the existing configuration.
Example
When BGP distributes the route to the peer group "test", it will take its own
address as the next hop.
[3Com-bgp] peer test next-hop-local
View
BGP view, MBGP VPN-instance address family view
Parameter
Description
Using the peer password command, you can configure MD5 authentication for
BGP during TCP connection setup. Using the undo peer password command,
you can cancel the configuration.
By default, BGP does not perform MD5 authentication when TCP connection is set
up.
Once MD5 authentication is enabled, both parties involved in the authentication
must be configured with identical authentication modes and passwords.
Otherwise, TCP connection will not be set up because of the failed authentication.
656 CHAPTER 6: ROUTING PROTOCOL
This command is used to configure MD5 authentication for the specific peer only
when the peer group to which the peer belongs is not configured with MD5
authentication. Otherwise, the peer should be consistent with the peer group.
Example
Adopt MD5 authentication on the TCP connection set up between the local
router at 10.1.100.1 and the peer router at 10.1.100.2.
[3Com-bgp] peer 10.1.100.2 password simple 3Com
View
BGP view
Parameter
Description
Using the peer public-as-only command, you can configure not to carry the AS
number when transmitting BGP update packets. Using the undo peer
public-as-only command, you can configure to carry the AS number when
transmitting BGP update packets.
By default, private AS number is carried when transmitting BGP update packets.
Generally, BGP transmits BGP update packets with the AS number (either public
AS number or private AS number). To enable some outbound routers to ignore the
AS number when transmitting update packets, you can configure not to carry the
AS number when transmitting BGP update packets.
Example
Configure not to carry the private AS number when transmitting BGP update
packets to the peer named test.
[3Com-bgp] peer test public-as-only
View
BGP view or VPNv4 view
BGP Configuration Commands 657
Parameter
Description
Using the peer reflect-client command, you can configure a peer/peer group as
the route reflector client. Using the undo peer reflect-client command, you can
cancel the existing configuration.
By default, no route reflector is in AS.
Generally speaking, it is not necessary to configure this command for the peer
group, because IBGP peers are in its default group. A single peer peer-address
reflect-client command should be used to configure the route reflector clients.
For the related commands, see reflect between-clients and reflect cluster-id.
Example
Configure the peer group "test" as the route reflector client.
[3Com-bgp] peer test reflect-client
View
BGP view, VPNv4 view, VPN instance view
Parameter
import: Applies the route-policy to the routes coming from the peer (group).
export: Applies the route-policy to the routes advertised to the peer (group).
Description
Using the peer route-policy command, you can assign the route-policy to the
route coming from the peer (group) or the route advertised to the peer (group).
Using the undo peer route-policy command, you can delete the specified
route-policy.
By default, the peer (group) has no route-policy association.
Example
Apply the route-policy named test-policy to the route coming from the peer
group "test".
[3Com-bgp] peer test route-policy test-policy import
658 CHAPTER 6: ROUTING PROTOCOL
peer Syntax
route-update-interval peer { group-name } route-update-interval seconds
undo peer { group-name } route-update-interval
View
BGP view, VPNv4 view, VPN instance view
Parameter
Description
Using the peer route-update-interval command, you can configure the interval
for the transmission route of a peer (group). Using the undo peer
route-update-interval command, you can restore the default value.
Example
Configure the interval of the BGP peer 172.168.10.1 sending the route update
packet as 10 seconds.
[3Com-bgp] peer 172.168.10.1 as-number 100
[3Com-bgp] peer 172.168.10.1 route-update-interval 10
View
BGP view
Parameter
Description
Using the peer timer command, you can configure Keepalive and Keepalive
interval for a peer (group). Using the undo peer timer command, you can restore
the interval default value.
BGP Configuration Commands 659
The timer configured by using this command has a higher priority than the one
configured by using the timer command.
Example
Configure Keepalive and Holdtime intervals of the peer group "test".
[3Com-bgp] peer test timer keep-alive 60 hold 180
View
VPN instance view
Parameter
None
Description
Using the policy vpn-target command, you can configure whether to perform
the filtering on the vpn-target extended community of the received routing
information. Using the undo policy vpn-target command, you can cancel the
filter function.
By default, the system performs the filtering on the vpn-target extended
community of the received routing information.
Example
Perform the filtering on the vpn-target extended community of the received
routing information.
[3Com-bgp] policy vpn-target
preference Syntax
preference value
undo preference
View
BGP protocol view, BGP multicast address family view
Parameter
value: Specifies the preference, ranging from 1 to 256. By default, the value is
170.
Description
Using the preference command, you can configure the preference of BGP
protocol. Using the undo preference command, you can restore the default
preference.
Each kind of routing protocol has its own preference, by which the routing policy
will select the optimal one from the routes of different protocols. The greater the
preference value is, the lower the preference is. BGP defines two kinds of routes:
660 CHAPTER 6: ROUTING PROTOCOL
One is learned from external peer. The other is learned from internal peer. The
preferences of the two routes can be different, which can be set manually.
The system supports to configure different preferences for different sub-address
families, including unicast address family and multicast address family at present.
Example
Configure the preference of BGP protocol to 150.
[3Com-bgp] preference 150
View
BGP view, VPNv4 view, VPN instance view
Parameter
None
Description
Using the reflect between-clients command, you can set the between-client
reflection of a route. Using the undo reflect between-clients command, you
can disable this function.
By default, the reflection between clients is disabled.
After route reflector is configured, it reflects the routes of a client to other clients.
For the related commands, see reflector cluster-id and peer reflect-client.
Example
Disable the reflection between clients.
[3Com-bgp] undo reflect between-clients
View
BGP unicast view, BGP multicast view, VPNv4 view
Parameter
Description
Using the reflector cluster-id command, you can configure the cluster ID of the
route reflector. Using the undo reflector cluster-id command, you can remove
the cluster ID of the route reflector.
By default, each route reflector uses its Router ID as the cluster ID.
Usually, there is only one route reflector in a cluster. It is the router ID of the
reflector to identify the cluster. You can configure multiple route reflectors to
improve the stability of the network. If a cluster is configured multiple route
reflectors, you can use this command to configure identical cluster ID for all the
reflectors.
For the related commands, see reflect between-clients and peer reflect-client.
Example
Set cluster ID for local router to identify the cluster.
[3Com-bgp] reflector cluster-id 80
[3Com-bgp] peer 11.128.160.10 reflect-client
View
User view
Parameter
Description
Using the refresh bgp command, you can request the peer for route
retransmission or retransmit routes to the peer.
After BGP connection is created, only incremental routes are transmitted. But in
some cases, for example, when routing policy is changed, retransmission of routes
is required on both ends. And the routes should be filtered again according to the
new policy.
662 CHAPTER 6: ROUTING PROTOCOL
Example
Request all the peers to retransmit multicast routes.
<3Com> refresh bgp all multicast import
Retransmit all the routes to the CE peer 10.1.1.1 in VPN-INSTANCE vpn1.
<3Com> refresh bgp 10.1.1.1 vpn-instance vpn1 export
View
User view
Parameter
Description
Using the reset bgp peer-address command, you can reset the connection of
BGP with a specified BGP peer.
Using the reset bgp all command, you can reset all the connections with BGP.
After changing the BGP policy or protocol configuration, resetting BGP connection
can make the newly configured policy in effect immediately.
Example
Reset all the BGP connections to enable the new configuration (after configuring
the new Keepalive interval and Holdtime interval using the timer command).
<3Com> reset bgp all
View
User view
Parameter
Description
Using the reset bgp flap-info command, you can reset the flap information of a
route.
For the related command, see dampening.
Example
Clear the flap information of all the routes that go through filter list 10.
<3Com> reset bgp flap-info as-path-acl 10
View
User view
Parameter
group-name: Specifies the name of the peer group, in characters ranging from 1
to 47.
Description
Using the reset bgp group command, you can reset the connections between
the BGP and all the members of a group.
For the related command, see peer group.
Example
Reset BGP connections of all members from group1.
<3Com> reset bgp group group1
View
User view
Parameter
Description
Using the reset dampening command, you can clear the attenuation information
of a route and release the suppression of a suppressed route.
For the related commands, see dampening and display bgp routing-table
dampened.
Example
Clear the attenuation information of the route to the network 20.1.0.0, and
release the suppression of a suppressed route.
<3Com> reset dampening 20.1.0.0 255.255.0.0
View
BGP unicast view, BGP multicast view, VPN instance view
Parameter
None
Description
Using the summary automatic command, you can make automatic aggregation
of sub-network routes and disable it by using undo summary automatic
command.
By default, no automatic aggregation of sub-network routes is executed.
After the summary automatic is configured, BGP cannot receive the sub-network
routes imported from the IGP, so the amount of the routing information can be
reduced.
Example
Make the automatic aggregation of the sub-network routes.
[3Com-bgp] summary automatic
View
BGP unicast view, BGP multicast view, VPNv4 view, VPN instance view
Parameter
Description
Using the timer keep-alive hold command, you can configure the Keepalive and
Holdtime timer of BGP. Using the undo timer keep-alive hold command, you
can restore the default value of the Keepalive and Holdtime timer.
Example
Configure the Keep-alive and Hold-time timer as 30 seconds and 60 seconds.
[3Com-bgp] timer keep-alive 30 hold 60
View
BGP view, VPN instance view
Parameter
None
Description
Using the undo synchronization command, you can remove the synchronization
between BGP and IBGP.
Example
[3Com-bgp] undo synchronization
MBGP Configuration In the following command description, BGP unicast view indicates the common
Commands BGP view.
For the specific configuration of VPN instance and VPNv4, refer to "MPLS" module
in this manual.
ipv4-family Syntax
ipv4-family { multicast | vpn-instance vpn-instance-name }
undo ipv4-family [ multicast | vpn-instance vpn-instance-name ]
View
BGP view, VPN instance view
Parameter
multicast: Enters the BGP multicast extended address family view with the
parameter.
Description
Using the ipv4-family command, you can enter IPv4 extended address family
view of BGP. Using the undo ipv4-family command, you can remove all
configurations in extended address family view and return to IPv4 unicast address
view of BGP.
This command is used to enter the IPv4 extended address family view. In this view,
parameters related to the address family can be configured for BGP.
The undo ipv4-family multicast command can exit the multicast extended
address family view, remove all configurations in the address family view and
return to BGP unicast view.
The undo ipv4-family vpn-instance vpn-instance-name command is used to
remove the association between the specified VPN instance and IPv4 address
family and delete all configurations in the address family and return to BGP unicast
view.
The ipv4-family multicast command is used for multicast. For relevant contents,
refer to "MBGP Multicast Extended" chapter in module "Multicast" of this
manual.
The ipv4-family vpn-instance command is used for BGP/MPLS VPN. For related
description, refer to "MPLS VPN" chapter in module "MPLS" module of this
manual.
For the related commands, see ipv4-family vpnv4 and peer enable.
Example
None
View
BGP view
Parameter
unicast: Enters VPN-IPv4 unicast address family view with this parameter.
Description
Using the ipv4-family vpnv4 command, you can enter VPNv4 address family
view of BGP. Using the undo ipv4-family vpnv4 command, you can delete all
configurations in VPNv4 address family view and return to IPv4 unicast address
family view of BGP.
The ipv4-family vpnv4 command is used for BGP/MPLS VPN. For related
description, refer to "MPLS VPN" chapter in module "MPLS" of this manual.
The present VRP software platform only supports IPv4 unicast address of VPN.
Execution of the ipv4-family vpnv4 command will enter VPN-IPv4 unicast
address family view even if the unicast parameter is not specified.
For the related commands, see ipv4-family and peer enable.
MBGP Configuration Commands 667
Example
None
View
BGP view, VPNv4 view, VPN instance view
Parameter
group-name: Specifies the name of the peer group, which specifies the entire peer
group.
Description
Using the peer enable command, you can enable the specified peer/peer group
and disable it by using undo peer enable command.
By default, the unicast peer/peer group of IPv4 address family is enabled and other
peers/peer groups are disabled.
Using this command, you can enable/disable the routing exchange between the
peers (peer groups).
By default, the peer (group) of IPv4 unicast is enabled. The undo command is used
to disable them. When a connection is used in both unicast and multicast, you can
configure to disable unicast peer to delete unicast connection only.
By default, the peer (group) in other address families is disabled. It cannot
exchange routing information normally until it is enabled.
Example
Configure and enable the specified peer of VPNv4 unicast address family.
[3Com] bgp 100
[3Com-bgp] peer 10.15.0.15 as-number 100
[3Com-bgp] ipv4-family vpnv4 unicast
[3Com-bgp-af-vpn] peer 10.15.0.15 enable
Configure and enable the specified peer of IPv4 multicast address family.
IP Routing Policy
Configuration
Commands
View
Routing policy view
Parameter
Description
Using the apply as-path command, you can specify AS number to be added in
front of the original AS path in route-policy. Using the undo apply as-path
command, you can cancel the AS sequence number added in front of the original
AS path.
By default, no AS number is set.
If the match condition of route-policy is matched, the AS attribute of the
transmitting route will be changed. At least 10 AS numbers can be added.
Example
Add AS 200 in front of the original AS path in route-policy.
[3Com-route-policy] apply as-path 200
View
Routing policy view
Parameter
no-export: Not passes route through AS but advertise to other sub Ass.
Description
Using the apply community command, you can specify the set BGP community
attribute of route-policy. Using the undo apply community command, you can
cancel the set BGP community attribute.
By default, BGP community attribute is not set.
Configure BGP community attribute after matching the route-policy conditions.
For the related command, see ip community-list, if-match community-list,
route-policy, and display bgp routing-table community.
Example
Display how to configure one route-policy named setcommunity, whose node
serial number is 16 and match mode is permit, and enter route policy view to set
match conditions and attribute modification actions to be executed.
[3Com] route-policy setcommunity permit node 16
[3Com-route-policy] if-match as-path 8
[3Com-route-policy] apply community no-export
View
Routing policy view
Parameter
Description
Using the apply cost command, you can set the route cost value of route
information. Using the undo apply cost command, you can cancel the apply
clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply origin, and apply tag.
Example
Display how to define one apply clause. When it is used for setting route
information attribute, it sets the route cost value of route information as 120.
[3Com-route-policy] apply cost 120
View
Routing policy view
670 CHAPTER 6: ROUTING PROTOCOL
Parameter
internal: Uses the cost type of IGP as MED value of BGP to advertise route to
EBGP peer.
Description
Using the apply cost-type command, you can set the route cost type of route
information. Using the undo apply cost-type command, you can cancel the
apply clause.
By default, route cost type is not set.
Example
Set the cost type of IGP as MED value of BGP
[3Com-route-policy] apply cost-type internal
View
Routing policy view
Parameter
acl-number: Specifies the number of the access control list used for filtering,
ranging from 1 to 99
Description
Using the apply ip-address command, you can set the next hop address of route
information. Using the undo apply ip-address command, you can cancel the
apply clause.
By default, no apply clause is defined.
One of the apply clauses of the route-policy: When this command is used for
setting routing information attribute, it sets the next hop address of the packets
passed filtering.
If multiple next hop addresses are set through apply ip-address command, other
next hop addresses will be tried by turn when the first next hop address is invalid.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply local-preference, apply cost, apply origin, and apply tag.
Example
Define an apply clause to set the next hop address of routing information as
193.1.1.8 when it is used for setting routing information attribute.
[3Com-route-policy] apply ip-address 193.1.1.8
IP Routing Policy Configuration Commands 671
View
Routing policy view
Parameter
Description
Using the apply local-preference command, you can apply the local preference
of route information. Using the undo apply local-preference command, you can
cancel the apply clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply origin, and apply tag.
Example
Apply the local preference level of route information as 130 when this apply
clause is used for setting route information attribute.
[3Com-route-policy] apply local-preference 130
View
Routing policy view
Parameter
Description
Using the apply origin command, you can set the routing source of BGP routing
information. Using the undo apply origin command, you can cancel the apply
clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply cost, and apply tag.
672 CHAPTER 6: ROUTING PROTOCOL
Example
Display how to define one apply clause. When it is used for setting routing
information attribute, it sets the routing source of the routing information as igp.
[3Com-route-policy] apply origin igp
View
Routing policy view
Parameter
Description
Using the apply tag command, you can set the tag area of OSPF route
information. Using the undo apply tag command, you can cancel the apply
clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply cost, and apply origin.
Example
Display how to define one apply clause. When it is used for setting route
information attribute, it sets the tag area of route information as 100.
[3Com-route-policy] apply tag 100
View
Any view
Parameter
Description
Using the display ip ip-prefix command, you can view the address prefix list.
Display all the configured address prefix lists when no ip-prefix-name is specified.
For the related command, see ip ip-prefix.
Example
Display the information of the address prefix list named p1.
<3Com> display ip ip-prefix p1
ip-prefix p1
index 10: permit 192.168.10.10/16 greater-equal 17 less-equel 18
IP Routing Policy Configuration Commands 673
View
Any view
Parameter
Description
Using the display route-policy command, you can view the configured
route-policy
Display all the configured route-policy when no route-policy-name is specified.
For the related command, see route-policy.
Example
Display the information of route-policy named policy1.
<3Com> display route-policy policy1
Route-policy : policy1
Permit 10 : if-match (prefixlist) p1
apply cost 100
matched : 0 denied : 0
View
Routing protocol view
Parameter
acl-number: Number of the access control list used for matching the destination
address field of the routing information.
ip-prefix-name: Address prefix list used for matching the routing information
destination address field.
Description
Using the filter-policy export command, you can configure the filtering
conditions of the routing information advertised by a certain type of routing
protocols. Using the undo filter-policy export command, you can cancel the
filtering conditions set.
By default, the advertised routing information is not filtered.
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. Then, the filter-policy command can be used to set
674 CHAPTER 6: ROUTING PROTOCOL
the filtering conditions for the routing information to be advertised. Only the
routing information passing the filtering can be advertised.
For the related command, see filter-policy import.
Example
Define the filtering rules for advertising the routing information of RIP. Only the
routing information passing the filtering of address prefix list p1 will be advertised
by RIP.
[3Com-rip] filter-policy ip-prefix p1 export
View
Routing protocol view
Parameter
acl-number: Access control list number used for matching the destination address
field of the routing information.
ip-prefix ip-prefix-name: Prefix address list name. Its matching object is the
destination address field of the routing information.
gateway ip-prefix-name: Prefix address list name of the neighbor router address.
Its matching object is the routing information advertised by the specified neighbor
router.
Description
Using the filter-policy gateway import command, you can filter the routing
information advertised by a specified router. Using the undo filter-policy
gateway import command, you can cancel the setting of the filtering condition.
Using the filter-policy import command, you can configure the condition for
filtering the routing information. Using the undo filter-policy import command,
you can cancel the setting of filter condition.
By default, the received routing information is not filtered.
In some cases, it may be required that only the routing information meeting some
conditions can be received. Then, the filter-policy command can be used to set
the filtering conditions. acl-number is the access control list number used for
filtering the destination addresses of the routing information and ip-prefix
parameter is used to filter the routing information specified destination address.
For the related command, see filter-policy export.
Example
Define the filtering rule for receiving routing information of RIP. Only the routing
information filtered through the address prefix list p1 can be received by RIP.
IP Routing Policy Configuration Commands 675
View
Routing policy view
Parameter
acl-number: Specifies the number of the access control list used for filtering.
ip-prefix-name: Specifies the name of the prefix address list used for filtering.
Description
Using the if-match acl command, you can configure the IP address range to
match the route-policy. Using the undo if-match acl command, you can cancel
the setting of the match rule.
Filtering is performed by quoting an ACL.
For the related command, see if-match ip-prefix, if-match interface, if-match
ip next-hop, if-match cost, if-match tag, route-policy, apply ip-address,
apply cost, apply local-preference, apply origin, and apply tag.
Example
Display how to define one if-match clause. When the clause is used for filtering
route information, the route information filtered by route destination address
through address ACL 10 is enabled to pass the if-match clause.
[3Com-route-policy] if-match acl 10
View
Routing policy view
Parameter
Description
Using the if-match as-path command, you can configure the matched AS path
list number of route-policy. Using the undo if-match as-path command, you can
cancel the matched path list number.
By default, AS path list number is not matched.
This if-match clause of route-policy is used to filter BGP routing information. The
match condition is specified according to the AS path attributes of the routing
information.
676 CHAPTER 6: ROUTING PROTOCOL
Example
Define an as-path numbered as 2 and allow the autonomous system number to
contain the routing information of 200 and 300. Then, define a route-policy
named test. The node No.10 of this route-policy defines a if-match clause, which
quotes the definition of as-path.
[3Com] ip as-path acl 2 permit 200:300
[3Com] route-policy test permit node 10
[3Com-route-policy] if-match as-path 2
View
Routing policy view
Parameter
Description
Using the if-match community command, you can configure the community list
number to be matched in route-policy. Using the undo if-match community
command, you can cancel the configuration of the matched community list
number.
By default, community list is not matched.
The if-match clause of route-policy is used to filter BGP routing information. The
match condition is specified according to the community attributes of the routing
information.
For the related commands, see route-policy and ip community-list.
Example
Define a community-list numbered as 1, and allow the autonomous system
number to contain the routing information of 100 and 200. Then, the
route-policy named test is defined. The node No.10 of the route-policy defines a
if-match clause, which quotes the definition of the community-list.
[3Com] ip community-list 1 permit 100:200
[3Com] route-policy test permit node 10
[3Com-route-policy] if-match community 1
View
Routing policy view
Parameter
value: Specifies the required route cost value, ranging from 0 to 4294967295.
Description
Using the if-match cost command, you can configure one of the matching rules
of route-policy to match the cost of the routing information. Using the undo
if-match cost command, you can cancel the configuration of the matching rule.
By default, no if-match clause is defined.
This if-match clause of route-policy is used to specify the route cost value of the
matched routing information.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match tag, route-policy, apply ip-address,
apply local-preference, apply cost, apply origin, and apply tag.
Example
Define an if-match clause, which allows the routing information with routing cost
8 to pass this if-match clause.
[3Com-route-policy] if-match cost 8
View
Routing policy view
Parameter
Description
Using the if-match interface command, you can match the route whose next
hop is designated interface. Using the undo if-match interface command, you
can cancel the setting of match condition.
By default, no if-match clause is defined.
This if-match clause of the route-policy is used to match the corresponding
interface of the route next hop when it filters the route.
For the related command, see if-match acl, if-match ip-prefix, if-match ip
next-hop, if-match cost, if-match tag, route-policy, apply ip-address, apply
cost, apply local-preference, apply origin, and apply tag.
678 CHAPTER 6: ROUTING PROTOCOL
Example
Display how to define one if-match clause to match the route whose next hop
interface is ethernet 1/0/2.
[3Com-route-policy] if-match interface Ethernet1/0/2
View
Routing policy view
Parameter
acl-number: Specifies the number of the access control list used for filtering. The
range is 1 to 99.
ip-prefix-name: Specifies the name of the prefix address list used for filtering. The
range is 1 to 19.
Description
Using the if-match ip next-hop command, you can configure one of the match
rules of route-policy on the next hop address of the routing information. Using the
undo if-match ip next-hop command, you can cancel the setting of match
condition.
By default, no if-match clause is defined.
This if-match clause of the route-policy is used to specify the next hop address
field matching the routing information when it filters the routing information and
implement its filtering function by referring to an ACL or address prefix list.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match cost, if-match tag, route-policy, apply ip-address, apply
cost, apply local-preference, apply origin, and apply tag.
Example
Define an if-match clause. It permits the routing information, whose route next
hop address passes the filtering of the prefix address list p1, to pass this if-match
clause.
[3Com-route-policy] if-match ip next-hop ip-prefix p1
View
Routing policy view
Parameter
ip-prefix-name: Specifies the name of the prefix address list used for filtering.
IP Routing Policy Configuration Commands 679
Description
Using the if-match ip-prefix command, you can configure one of the match rules
of route-policy on the IP address range of the routing information. Using the undo
if-match ip next-hop command, you can cancel the setting of match condition.
The filtering is achieved through importing an IP address prefix name.
For the related command, see if-match acl, if-match interface, if-match ip
next-hop, if-match cost, if-match tag, route-policy, apply ip-address, apply
cost, apply local-preference, apply origin, and apply tag.
Example
Define an if-match sub-statement in which the IP address prefix list p1 is used in
routing information filtering.
[3Com-route-policy] if-match ip-prefix p1
View
Routing policy view
Parameter
Description
Using the if-match tag command, you can match the tag field of OSPF route
information. Using the undo if-match tag command, you can cancel the existing
matching rules.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, route-policy, apply
ip-address, apply cost, apply local-preference, apply origin, and apply tag.
Example
Display how to define one if-match clause and enable the OSPF route information
whose tag field is 8 to pass the if-match clause.
[3Com-route-policy] if-match tag 8
ip ip-prefix Syntax
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } network len [
greater-equal greater-equal | less-equal less-equal ]
undo ip ip-prefix ip-prefix-name [ index index-number | permit | deny ]
View
System view
680 CHAPTER 6: ROUTING PROTOCOL
Parameter
index-number: Identifies an item in the prefix address list. The item with smaller
index-number will be tested first.
permit: Specifies the match mode of the defined address prefix list items as
permit mode. In the permit mode, if the IP address to be filtered is in the defined
range, it will not be tested by the next node. Otherwise, it has to go on with the
test.
deny: Specifies the match mode of the defined address prefix list items as deny
mode. In the deny mode, the IP address in the defined range cannot pass the
filtering and is refused to go on with the next test. Otherwise, it will have the next
test.
network: IP address prefix range (IP address). If it is 0.0.0.0 0, all the IP addresses
are matched.
len: IP address prefix range (mask length). If it is 0.0.0.0 0, all the IP addresses are
matched.
Description
Using the ip ip-prefix command, you can configure an address prefix list or one
of its items. Using the undo ip ip-prefix command, you can delete an address
prefix list or one of its items.
The address prefix list is used for IP address filtering. An address prefix list may
contain several items, and each item specifies one address prefix range. The
inter-item filtering relation is "OR", i.e. passing an item means passing the filtering
of this address prefix list. Not passing the filtering of all items means not passing
the filtering of this prefix address list.
The address prefix range may contain two parts, which are determined by len and
[greater-equal, less-equal] respectively. If the prefix ranges of these two parts are
both specified, the IP to be filtered must match the prefix ranges of these two
parts.
If you specify network len as 0.0.0.0 0, it only matches the default route.
Specify network len as 0.0.0.0 0 less-equal 32 to match all the routes.
Example
Configure an address prefix list named p1. It permits the routes with the mask of
17 or 18 bits long and in network segment 10.0.192.0.8 to pass.
IP Routing Policy Configuration Commands 681
route-policy Syntax
route-policy route-policy-name { permit | deny } node { node-number }
undo route-policy route-policy-name [ permit | deny | node node-number ]
View
System view
Parameter
permit: Specifies the match mode of the defined route-policy node as permit
mode. If a route matches all the if-match clauses, it is permitted to pass the
filtering and execute the apply clauses of this node. If not, it will take the test of
next node of this route-policy.
deny: Specifies the match mode of the defined route-policy node as deny mode.
When a route matches all the if-match clauses of this node, it will be refused to
pass the filtering and will not take the next test.
node-number: Index of the node in the route-policy. When this route-policy is used
for routing information filtering, the node with smaller node-number will be
tested first.
Description
Using the route-policy command, you can create and enter route-policy view.
Using the undo route-policy command, you can cancel the established
route-policy.
By default, no route-policy is defined.
Route-policy is used for route information filtering or route policy. One
route-policy comprises of some nodes and each node comprises of some if-match
and apply clauses. The if-match clause defines the match rules of this node and
the apply clause defines the actions after passing the filtering of this node. The
filtering relationship between the if-match clauses of the node is "and", i.e., all
if-match clauses that meet the node. The filtering relation between route-policy
nodes is "OR", i.e. passing the filtering of one node means passing the filtering of
this route-policy. If the information does not pass the filtering of any nodes, it
cannot pass the filtering of this route-policy.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, apply
ip-address, apply local-preference, apply cost, apply origin, and apply tag.
Example
Display how to configure one route-policy policy1, whose node number is 10 and
the match mode is permit, and enter route policy view.
[3Com] route-policy policy1 permit node 10
682 CHAPTER 6: ROUTING PROTOCOL
[3Com-route-policy]
Route Capacity
Configuration
Commands
View
Any view
Parameter
None
Description
Using the display memory limit command, you can view the memory setting
and state information related to the router capacity.
It includes available memory and state information about connections such as
times for disconnecting connections, times for reestablishing connections and
whether the current system is in the emergent state or not.
Example
Display the current memory setting and state information.
<3Com> display memory limit
Current memory limit configuration information:
memory safety: 30
memory limit: 20
memory auto-establish enabled
Free Memory: 73855332 (Byte)
The state information about connection:
The times of disconnect: 0
The times of reconnect: 0
The current state: Normal
The information displayed by this command includes the router memory limit, the
size of the idle memory, the times of connection disconnecting, the times of
connection reestablishment and the current state.
The displayed information is described specifically in the following table:
Table 5 Description of the information displayed by the display memory limit command
Item Description
memory safety: 30 The safety value of the router memory is 30Mbytes.
memory limit: 20 The lower limit of the router memory is 20Mbytes.
memory auto-establish The system allows recovering the connection automatically. (If the
enabled automatic recover is disabled, the "auto-establish disabled" will
be displayed.)
Free Memory: The size of the current idle memory is 73855332 bytes, that is,
73855332 (Byte) 73.855M.
Route Capacity Configuration Commands 683
Table 5 Description of the information displayed by the display memory limit command
Item Description
The times of The times of the connection disconnecting of the router is 0.
disconnect: 0
The times of The times of the connection re-establishment of the router is 0.
reconnect: 0
The current state: The current state is normal. (If entering the emergent state, the
Normal system will display "Exigency" .)
View
System view
Parameter
None
Description
Using the memory auto-establish disable command, you can disable the
function of restoring the connections of all the routing protocols (even if the idle
memory reduces to a safety value).
By default, when the idle memory of the router recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory
of the router reduces to a lower limit, the connection will be disconnected
forcibly).
Using the memory auto-establish disable command, you can disable the above
function. Thus, connections of all the routing protocols will not recover when the
idle memory of the router recovers to a safety value. In this case, you need to
restart the routing protocol to recover the connections.
You shall use the command cautiously.
For the related commands, see memory auto-establish enable, memory {
safety | limit }, and display memory limit.
Example
Disable to recover the connections of all the protocols automatically when the
current router memory resumes.
[3Com] memory auto-establish disable
[3Com]
%3/13/2003 15:47:2-RM-5-S1-RTLOG:You have changed the model of connection
View
System view
684 CHAPTER 6: ROUTING PROTOCOL
Parameter
None
Description
By default, when the idle memory of the router recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory
of the router reduces to a lower limit, the connection will be disconnected
forcibly).
Using the memory auto-establish disable command, you can disable the above
function. Using the memory auto-establish enable command, you can enable
the above function again. By default, the function is always enabled.
Example
Enable memory resume of the current router and recover connections of all the
protocols automatically.
[3Com] memory auto-establish enable
[3Com]
%3/13/2003 15:48:2-RM-5-S1-RTLOG:You have changed the model of connection
View
System view
Parameter
limit-value: Lower limit of the router idle memory, in the unit of Mbytes. Its value
range depends on the idle memory of the current router. The default value is
20Mbytes.
Description
Using the memory limit command, you can configure the lower limit of the
router idle memory. When the idle memory of the router is less than this limit, all
the routing protocol connections will be disconnected forcibly. Using the undo
memory limit command, you can configure the safety value and the lower limit
of the router idle memory to the default configuration.
The limit-value in the command must be less than the current idle memory safety
value, and otherwise the configuration will fail.
Route Capacity Configuration Commands 685
This command can be used with memory safety command to change the safety
value and lower limit of the router idle memory. The safety-value must be more
than the limit-value in the command, and otherwise the configuration will fail.
For the related commands, see memory auto-establish disable, memory
auto-establish enable, memory safety, and display memory limit.
Example
Set the lower limit of the router idle memory to 25Mbytes.
[3Com] memory limit 25
[3Com]
%8/19/2002 16:35:41-RM-5-RTLOG:You have changed the memory limit/safety value
Set the lower limit of the router idle memory to 25Mbytes and the safety value to
30Mbytes.
View
System view
Parameter
safety-value: Safety value of the router idle memory, in the unit of Mbytes. Its
value range depends on the idle memory of the active router. The default value is
30Mbytes.
Description
Using the memory safety command, you can configure the safety value of the
router idle memory. Using the undo memory safety command, you can
configure the safety value and the lower limit of the router idle memory to the
default configuration.
The safety-value in the command must be more than the current idle memory
lower limit, and otherwise the configuration will fail.
This command can be used with memory limit command to change the safety
value and lower limit of the router idle memory. The safety-value must be more
than the limit-value in the command, and otherwise the configuration will fail.
For the related commands, see memory auto-establish disable, memory
auto-establish enable, memory limit, and display memory limit.
Example
Set the safety value of the router to 35Mbytes.
[3Com] memory safety 35
[3Com]
686 CHAPTER 6: ROUTING PROTOCOL
Set the lower limit of the router idle memory to 25Mbytes and the safety value to
30Mbytes.
Multicast Common
Configuration
Commands
View
User view
Parameter
None
Description
Using the debugging multicast forwarding command, you can enable
multicast packet forwarding debugging functions. Using the undo debugging
multicast forwarding command, you can disable the debugging functions.
Example
Enable multicast packet forwarding debugging functions.
<3Com> debugging multicast forwarding
View
User view
Parameter
None
Description
Using the debugging multicast kernel-routing command, you can enable
multicast kernel routing debugging functions. Using the undo debugging
multicast kernel-routing command, you can disable the debugging functions.
Example
Enable multicast kernel routing debugging functions.
<3Com> debugging multicast kernel-routing
View
User view
Parameter
None
Description
Using the debugging multicast status-forwarding command, you can enable
multicast forwarding status debugging functions. Using the undo debugging
multicast status-forwarding command, you can disable the debugging
functions.
Example
Enable multicast forwarding status debugging functions.
<3Com> debugging multicast status-forwarding
View
Any view
Multicast Common Configuration Commands 689
Parameter
group-address: Multicast group address, used to specify a multicast group,
ranging from 224.0.0.0 to 239.255.255.255.
mask: Mask.
Description
Using the display multicast forwarding-table command, you can view the
information of multicast forwarding table.
Example
Display the multicast forwarding table information.
<3Com> display multicast forwarding-table
View
Any view
Parameter
group-address: Multicast group address, used to specify a multicast group and
display the corresponding routing table information of the group. The value
ranges from 224.0.0.0 to 239.255.255.255.
source-address: Unicast IP address of the multicast source.
mask: Mask.
mask-length: Length of mask. Because “1” in 32-bit mask is required to be
continuous, the mask in dotted decimal notation format can be replaced by
mask-length (mask-length is the number of continuous “1”s in the mask).
incoming-interface: Incoming interface of the multicast route entry.
register: Register interface of PIM-SM.
690 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
Description
Using the display multicast routing-table command, you can view the
information of an IP multicast routing table.
This command displays the multicast routing table information, while the display
multicast forwarding-table command displays the multicast forwarding table
information.
The entry (S, G) in the multicast routing table, i.e., (multicast source, multicast
group) acts as the independent entry in the table. Each entry has an unique
Upstream, indicating the interface through which RPF goes to the multicast
source. Each entry also has a Downstream List indicating which interfaces need
multicast forwarding. The related information about (S, G) includes:
■ proto - The multicast protocol number which possesses the (S, G) (in
hexadecimal notation format).
■ Flags - All kinds of flags, such as RPT 0x1, WC 0x2, SPT 0x4, NEG CACHE
0x8 and JOIN SUPP 0x10. All the flags are marked by binary “bit”. In which,
RPT indicates the (S, G) is in the shared tree status. WC is the abbreviation
of wildcard. SPT indicates the shortest path tree. NEG CACHE indicates the
cache record that the downstream interface list is null. JOIN SUPP indicates
the prune suppression status.
Example
Display the corresponding route entry information of multicast group in the
multicast routing table.
<3Com> display multicast routing-table
Multicast Routing Table
Total 1 entry
(10.10.1.2, 225.1.1.1)
UpTime: 00:01:28, Timeout in 278 sec
Upstream interface: Ethernet0/0/0(10.10.1.20)
Downstream interface list:
LoopBack0(20.20.20.30), Protocol 0x1: IGMP
View
Any view
Parameter
config: When this parameter is chosen, all the routing information configured will
be displayed. If this parameter is not chosen, only effective routing information is
displayed.
mask: Mask.
Multicast Common Configuration Commands 691
Description
Using the display multicast routing-table static command, you can view the
configuration information of a static multicast route.
Example
Display the configuration information of static multicast route.
<3Com>display multicast routing-table static
100.10.0.0/16
RPF interface = 10.10.1.20(Ethernet0/0/0), RPF neighbor = 10.10.1.20
Matched routing protocol = <none>, route-policy = <none>, preference = 1
Running config = ip rpf-route-static 100.10.0.0 16 Ethernet0/0/0 preference 1
View
Any view
Parameter
source-address: IP address of the multicast source.
Description
Using the display multicast rpf-info command, you can view the Reverse Path
Forwarding (RPF) routing information for specified a multicast source.
Example
Display all the RPF routing information.
<3Com> display multicast rpf-info 192.193.194.192
Multicast source's RPF route information about 192.193.194.192
RPF interface: InLoopBack0, RPF neighbor: 127.0.0.1
Referenced route/mask: 192.193.194.192/32
Referenced route type: unicast (DIRECT)
RPF-route selecting rule: preference-preferred
mtracert Syntax
mtracert { source-address } [ last-hop-address ] [ group-address ]
View
Any view
Parameter
source-address: Address of the multicast source.
Description
Using the mtracert command, you can trace the network path from the multicast
source to the destination receiver along the Multicast Distribution Tree according
to either the multicast kernel routing table or the RPF rule to the source. This
command can help to locate the faults, such as information loss and configuration
error.
The trace mode to the group address of 0.0.0.0 is called weak trace mode.
Example
Trace the path reversely from the local hop router 18.110.0.1 to the multicast source 10.10.1.2
in weak trace mode.
<3Com> mtracert 10.10.1.2
Type Ctrl+C to abort
Mtrace from 10.10.1.2 to 18.110.0.1 via RPF
Querying full reverse path...
-1 18.110.0.1
Incoming Interface Address: 18.110.0.1
Previous-Hop Router Address: 18.110.0.2
Input packet count on incoming interface: 0
Output packet count on outgoing interface: 0
Total number of packets for this source-group pair: 0
Protocol: PIM
Forwarding TTL: 0
Forwarding Code: No error
-2 18.110.0.2
Incoming Interface Address: 11.110.0.2
Previous-Hop Router Address: 11.110.0.4
Input packet count on incoming interface: 0
Output packet count on outgoing interface: 0
Total number of packets for this source-group pair: 0
Protocol: PIM
Forwarding TTL: 0
Forwarding Code: No error
-3 11.110.0.4
Incoming Interface Address: 10.10.1.3
Previous-Hop Router Address: 0.0.0.0
Input packet count on incoming interface: 0
Output packet count on outgoing interface: 0
Total number of packets for this source-group pair: 0
Protocol: PIM
Forwarding TTL: 0
Forwarding Code: No error
Trace reversely the path information of multicast group 225.1.1.1 from the
multicast source 10.10.1.3 to the destination address 12.110.0.2.
View
Interface view
Parameter
ttl-value: The minimum TTL value, ranging from 0 to 255.
Description
Using the multicast minimum-ttl command, you can configure the minimum TTL
value for multicast forwarding. Using the undo multicast minimum-ttl
command, you can remove the minimum TTL value configured.
Example
Configure the minimum TTL value for multicast forwarding to 8.
<3Com-Ethernet1/0/1] multicast minimum-ttl 8
multicast Syntax
packet-boundary multicast packet-boundary acl-number
View
Interface view
Parameter
acl-number: Number of basic or advanced ACL, ranging from 1 to 199.
694 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
Description
Using the multicast packet-boundary command, you can configure a multicast
forwarding boundary. Using the undo multicast packet-boundary command,
you can remove the multicast forwarding boundary configured.
You can set boundary conditions for multicast packets on an interface via basic or
advanced Access Control List (ACL). Packets denied by the ACL will be discarded.
The source address of a multicast packet can be filtered through the basic ACL.
Both the source address and the destination address (source group address) of a
multicast packet can be filtered through the advanced ACL.
Example
Set boundary conditions for multicast packets through the basic ACL 1.
<3Com-Ethernet1/0/1] multicast packet-boundary 1
View
System view
Parameter
limit: Limit of multicast routing table capacity, ranging from 0 to
MAX_MROUTE_LIMIT. In which, MAX_MROUTE_LIMIT differs with the different
router types.
Description
Using the multicast route-limit command, you can limit the multicast routing
table capacity. If the capacity exceeds the limit, the router will discard protocols
and data packets of the newly-added (S, G).
If the number of route entries in the routing table has exceeded the configured
number when configuring the command, the previous route entry in the routing
table will not be deleted. The system will prompt “The number of current route
entries is more than that configured.”
If this command is executed repeatedly, the new configuration will overwrite the
previous one.
Example
Limit the multicast routing table capacity to 1000.
<3Com] multicast route-limit 1000
View
System view
Parameter
None
Description
Using the multicast routing-enable command, you can enable IP multicast
routing. Using the undo multicast routing-enable command, you can disable IP
multicast routing.
The system will not forward any multicast packet when IP multicast routing is
disabled.
Example
Enable IP multicast routing.
<3Com> system-view
<3Com] multicast routing-enable
View
User view
Parameter
statistics: If this parameter is used, the statistics of MFC forwarding entries will be
cleared. Otherwise, the MFC forwarding entries will be cleared.
slot-number: Number of the slot where the interface board resides. This parameter
is only present in the distributed router.
Description
Using the reset multicast forwarding-table command, you can clear MFC
forwarding entries or the statistics of MFC forwarding entries.
The sequence of group-address and source-address can be reversed, but the input
group-address and source-address must be valid. Otherwise, the system will
prompt input error.
For the related commands, see reset pim routing-table, reset multicast
routing-table, and display multicast forwarding-table.
Example
Clear the forwarding entry whose group address is 225.5.4.3 from the MFC
forwarding table.
<3Com> reset multicast forwarding-table 225.5.4.3
Clear the statistics of the forwarding entry whose group address is 225.5.4.3 from
MFC forwarding table.
View
User view
Parameter
all: All the route entries in multicast kernel routing table.
Description
Using the reset multicast routing-table command, you can clear the route entry
in the multicast kernel routing table and remove the corresponding forwarding
entry in MFC.
The sequence of group-address and source-address can be reversed, but the input
group-address and source-address must be valid. Otherwise, the system will
prompt input error.
For the related commands, see reset pim routing-table, reset multicast
forwarding-table. and display multicast forwarding-table.
Example
Clear the route entry whose group address is 225.5.4.3 from the multicast kernel
routing table.
<3Com> reset multicast routing-table 225.5.4.3
IGMP Configuration
Commands
View
User view
Parameter
all: All the debugging information of IGMP.
Description
Using the debugging igmp command, you can enable IGMP debugging
functions. Using the undo debugging igmp command, you can disable the
debugging functions.
Example
Enable all IGMP debugging functions
<3Com> debugging igmp all
698 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
View
Any view
Parameter
group-address: Multicast group address.
local: Information of the local interface which receives and sends multicast data.
Description
Using the display igmp group command, you can view the member information
of the IGMP multicast group.
You can view the information of a group, or the member information of the
multicast group, on an interface. The information displayed includes the multicast
groups joined through IGMP, and those joined statically through command lines by
the downstream host.
Example
Display the member information of the directly connected sub-network.
<3Com> display igmp group
LoopBack0 (20.20.20.20): Total 3 IGMP Groups reported:
Group Address Last Reporter Uptime Expires
225.1.1.1 20.20.20.20 00:02:04 00:01:15
225.1.1.3 20.20.20.20 00:02:04 00:01:15
225.1.1.2 20.20.20.20 00:02:04 00:01:17
Table 1 Description of Output Information of Display IP IGRMP Group Command
Item Description
Group address Multicast group address
Last Reporter Report the last host which becomes the multicast group member
Uptime The time since the multicast group is found (hour, minute, second)
Expires The predicted time when the record will be removed from the
IGMP group table (hour, minute, second)
View
Any view
IGMP Configuration Commands 699
Parameter
interface-type interface-number: Interface type and interface number of the
router, used to specify the interface. If the parameters are not specified,
information about all the interfaces running IGMP will be displayed.
Description
Using the display igmp interface command, you can view the IGMP
configuration, and running information on an interface.
Example
Display the IGMP configuration and running information on an interface.
<3Com> display igmp interface
Ethernet0/0/0 (10.10.1.20):
IGMP is enabled
Current IGMP version is 2
Value of query interval for IGMP(in seconds): 60
Value of other querier time out for IGMP(in seconds): 120
Value of maximum query response time for IGMP(in seconds): 10
Policy to accept IGMP reports: none
Querier for IGMP: 10.10.1.10
Total 2 IGMP groups reported
LoopBack0 (20.20.20.30):
IGMP is enabled
Current IGMP version is 2
Value of query interval for IGMP(in seconds): 60
Value of other querier time out for IGMP(in seconds): 120
Value of maximum query response time for IGMP(in seconds): 10
Policy to accept IGMP reports: none
Querier for IGMP: 20.20.20.30 (this router)
No IGMP group reported
View
Any view
Parameter
local: Information of the local interface which receives and sends multicast data.
Description
Using the display igmp local command, you can view the IGMP configuration
and running information of the local interface, which receives and sends multicast
data.
700 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
Example
Display the IGMP configuration and running information of the local interface
which receives and sends multicast data.
<3Com> display igmp local
Mcast_Out_IF (127.0.0.6):
IGMP is enabled on interface
Current IGMP version is 2
No IGMP group reported
Mcast_In_IF (127.0.0.5):
IGMP is disabled on interface
View
Interface view
Parameter
None
Description
Using the igmp enable command, you can enable IGMP on an interface. Using
the undo igmp enable command, you can disable IGMP on an interface.
Only after multicast is enabled can this command take effect. After this command
is configured, the configuration of other attributes of IGMP can be performed.
Example
Enable IGMP on the interface Ethernet0/0/0.
<3Com-Ethernet0/0/0] igmp enable
View
Interface view
Parameter
limit: Number of IGMP groups, ranging from 0 to MAX_IF_IGMP_GROUP_LIMIT.
The value of MAX_IF_IGMP_GROUP_LIMIT on routers is MAX_MROUTE_LIMIT,
which differs with the different router types.
IGMP Configuration Commands 701
Description
Using the igmp group-limit command, you can limit the number of IGMP groups
joined on the interface. If the number exceeds the limit, the router will not process
the joined IGMP packet any more. Using the undo igmp group-limit command,
you can restore the default configuration.
By default, the maximum number of IGMP groups joined on the interface is 1024.
If the number of IGMP groups joined on the interface has exceeded the
configuration value during configuration, the previously joined IGMP groups will
not be deleted.
If this command is executed repeatedly, the new configuration will overwrite the
previous one.
Example
Limit the maximum number of IGMP groups joined on the interface Ethernet1/0/0
to 100.
<3Com-Ethernet1/0/0] igmp group-limit 100
View
Interface view
Parameter
acl-number: Number of basic IP ACL, defining the range of a multicast group. The
value ranges from 1 to 99.
1: IGMP Version 1.
Description
Using the igmp group-policy command, you can set the filter of multicast groups
on an interface to control the accessing to the IP multicast groups. Using the undo
igmp group-policy command, you can remove the filter configured.
By default, no filter is configured, that is, a host can join any multicast group.
If you do not want the hosts on the network, that the interface is on, to join some
multicast groups and receive the packets from the multicast groups, you can use
this command to limit the range of the multicast groups served by the interface.
Example
Permit the hosts on the interface Ethernet1/0/0 to join multicast group 225.1.1.1
only.
<3Com] acl number 5
<3Com-acl-basci-5] rule permit source 225.1.1.1 0
<3Com-acl-basci-5] quit
<3Com] interface ethernet 1/0/0
<3Com-Ethernet1/0/0] igmp group-policy 5
View
Interface view
Parameter
group-address: Multicast address of the multicast group that an interface will join.
Description
Using the igmp host-join command, you can enable an interface of a router to
join a multicast group. Using the undo igmp host-join command, you can
disable the configuration.
Example
Configure Ethernet1/0/0 to join the multicast group 255.0.0.1.
<3Com-Ethernet1/0/0] igmp host-join 225.0.0.1
igmp Syntax
lastmember-queryinterv igmp lastmember-queryinterval seconds
al
undo igmp lastmember-queryinterval
View
Interface view
Parameter
seconds: Interval at which IGMP querier sends the IGMP specified group query
packet when it receives IGMP Leave packet from the host, in second. The value
ranges from 1 to 5 seconds. By default, the value is 1 second.
IGMP Configuration Commands 703
Description
Using the igmp lastmember-queryinterval command, you can set the interval
at which IGMP querier sends the IGMP specified group query packet when it
receives IGMP Leave packet from the host. Using the undo igmp
lastmember-queryinterval command, you can restore the default value.
On a shared network, that is, when there are multiple hosts and multicast routers
on a network segment, the query router (querier for short) takes charge of
maintaining IGMP group membership on an interface. When the host in IGMP
Version 2 leaves a group, the host should send IGMP Leave packet. If IGMP querier
receives the packet, it must send the IGMP specified group query packet for
robust-value times according to the interval seconds configured via igmp
lastmember-queryinterval command (if the command is not configured, seconds is
1) and the robust coefficient robust-value configured via igmp robust-count (if the
command is not configured, robust-value is 2). If another host receives the IGMP
specified group query packet from IGMP querier and is interested in the group, it
will send IGMP Membership Report packet within the maximum response time
regulated by the packet. If IGMP querier receives IGMP Membership Report packet
from another host within the time robust-value x seconds, it will go on
maintaining the group membership. If not, it will regard the group is timeout and
stop maintaining the group membership.
The command is only valid when IGMP query router is running in IGMP Version 2.
If the host runs in IGMP Version 1, it may not send IGMP Leave packet when it
leaves a group. At that time, the command is invalid to the host.
For the related commands, see igmp robust-count and display igmp interface.
Example
Configure the query interval of the querier for the last group member on the
interface Ethernet1/0/0 to 3 seconds.
<3Com-Ethernet1/0/0] igmp lastmember-queryinterval 3
View
Interface view
Parameter
seconds: The maximum response time in the IGMP query packet in second,
ranging from 1 to 25. By default, the value is 10 seconds.
Description
Using the igmp max-response-time command, you can configure the maximum
response time contained in the IGMP query packet. Using the undo igmp
max-response-time command, you can restore the default value.
The maximum query response time determines the period for a router to quickly
detect that there are no more directly connected group members in a LAN.
704 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
Example
Configure the maximum response time to 8 seconds.
<3Com-Ethernet1/0/0] igmp max-response-time 8
View
Interface view
Parameter
interface-type: Proxy interface type.
Description
Using the igmp proxy command, you can specify an interface of a leaf network
router as the IGMP proxy of another interface. Using the undo igmp proxy
command, you can remove the configuration.
An interface cannot act as the IGMP proxy of two or more other interfaces at the
same time.
If an interface is configured with IGMP proxy multiple times, the last one overrides
all the previous configurations.
Example
Configure the IGMP proxy of router Ethernet0/0/0 to Ethernet1/0/0.
<3Com-Ethernet0/0/0] igmp proxy ethernet 1/0/0
View
Interface view
Parameter
robust-value: IGMP robust coefficient, indicating the times IGMP querier sends the
IGMP specified group query packet when it receives IGMP Leave packet from the
host. The value ranges from 2 to 5. By default, the value is 2.
IGMP Configuration Commands 705
Description
Using the igmp robust-count command, you can set the times IGMP querier
sends the IGMP specified group query packet when it receives IGMP Leave packet
from the host. Using the undo igmp robust-count command, you can restore
the default value.
If another host receives the IGMP specified group query packet from IGMP querier
and is interested in the group, it will send IGMP Membership Report packet within
the maximum response time regulated by the packet. If IGMP querier receives
IGMP Membership Report packet from another host within the time robust-value x
seconds, it will go on maintaining the group membership. If not, it will regard the
group as overtime and stop maintaining the group membership.
The command is only valid when IGMP query router is running in IGMP Version 2.
If the host runs in IGMP Version 1, it may not send IGMP Leave packet when it
leaves a group. At that time, the command is invalid to the host.
Example
Configure the robust-value of querier on the interface Ethernet1/0/0 to 3.
<3Com-Ethernet1/0/0] igmp robust-count 3
View
Interface view
Parameter
seconds: IGMP querier present time, in second. The value ranges from 60 to 300
seconds. By default, the value is twice of IGMP query messages interval. It is 120
seconds in general.
Description
Using the igmp timer other-querier-present command, you can configure the
overtime value of the presence of an IGMP querier. Using the undo igmp timer
other-querier-present command, you can restore the default value.
706 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
On a shared network, i.e., there are multiple multicast routers on the same
network segment, the query router (querier for short) takes charge of sending
query messages periodically on the interface. If other non-queriers receive no
query messages within the valid period, the router will consider the previous query
to be invalid and the router itself becomes a querier.
For the related commands, see igmp timer query and display igmp interface.
CAUTION: If the querier present time configured is less than the twice of query
interval, it may lead to the repeated changes of queriers in the network.
Example
Configure the querier present time on the interface Ethernet1/0/0 to 200 seconds.
<3Com-Ethernet1/0/0] igmp timer other-querier-present 200
View
Interface view
Parameter
seconds: Interval at which the router sends the IGMP query messages, in second. It
ranges from 1 to 18000. By default, the value is 60 seconds.
Description
Using the igmp timer query command, you can configure the interval at which a
router interface sends IGMP query messages. Using the undo igmp timer query
command, you can restore the default value.
A multicast router sends IGMP query messages at intervals to find out whether
there are multicast group members on the network. The query interval can be
modified according to the practical conditions of the network.
Example
Configure the interval at which multicast router Ethernet1/0/0 sends IGMP query
packet to 125 seconds.
<3Com-Ethernet1/0/0] igmp timer query 125
View
Interface view
Parameter
1: IGMP Version 1.
Description
Using the igmp version command, you can specify the version of IGMP that a
router uses. Using the undo igmp version command, you can restore the default
value.
All systems running in the same sub-network must support the same version of
IGMP. When a router finds the system of Version 1, it cannot switch to Version 1
by itself.
Example
Specify Ethernet1/0/0 to use IGMP Version 1.
<3Com-Ethernet1/0/0] igmp version 1
View
User view
Parameter
all: All IGMP groups.
Description
Using the reset igmp group command, you can delete the IGMP group joined on
the interface. The deletion of the group does not affect its joining again.
Example
Delete all the IGMP groups on all interfaces.
<3Com> reset igmp group all
Delete the IGMP groups ranging between the network segment 225.1.1.0 and
225.1.1.255 on the interface Ethernet0/0/0.
PIM Configuration
Commands
bsr-policy Syntax
bsr-policy acl-number
undo bsr-policy
View
PIM view
Parameter
acl-number: ACL number used by BSR filter policy , ranging from 1 to 99.
Description
Using the bsr-policy command, you can restrict the range for valid BSR so as to
prevent BSR spoofing. Using the undo bsr-policy command, you can restore the
normal state without any range restriction, and all the messages received will be
considered valid.
In PIM SM network which uses BSR mechanism, any router can set itself as C-BSR
and will take charge of advertising BP information in the network, if it succeeds in
competition. To prevent the valid BSR in the network from being replaced, the
following two measures should be taken:
■ Change RP mapping relationship to prevent the host from spoofing the
router by counterfeiting valid BSR packet. BSR packet is multicast packet
with TTL of 1, so this kind of attack usually takes place on the edge router.
BSR is in the internal network and the host is in the external network,
therefore, performing neighbor check and RPF check to BSR packet can
prevent this kind of attack.
■ If a router in the network is controlled by an attacker or an illegal router
accesses the network, the attacker can set the router to C-BSR and make it
succeed in competition and control the authority of advertising RP
information in the network. The router, after being configured as C-BSR,
will automatically advertise BSR information to the whole network. BSR
packet is the multicast packet which is forwarded hop by hop with TTL of 1.
The whole network will not be affected if the neighbor router does not
receive the BSR information. The solution is to configure bsr-policy on each
router in the whole network to restrict the range for legal BSR. For example,
if only 1.1.1.1/32 and 1.1.1.2/32 are permitted as BSR, the router will not
receive and forward other BSR information and legal BSR will not compete
with it.
PIM Configuration Commands 709
The above two points can partially protect the security of BSR in the network.
However, if a legal BSR router is controlled by an attacker, it will lead to the above
problem.
The source parameter in the related rule command is translated as BSR address in
bsr-policy command.
Example
Configure BSR filter policy on a router. Only permit 1.1.1.1/32 to act as BSR and
regard others are invalid.
<3Com-pim] bsr-policy 1
<3Com-pim] quit
<3Com] acl number 1
<3Com-acl-basic-1] rule 0 permit source 1.1.1.1 0
c-bsr Syntax
c-bsr interface-type interface-number hash-mask-len [ priority ]
undo c-bsr
View
PIM view
Parameter
interface-type interface-number: Interface type and interface number of a router.
A candidate BSR is configured on this interface. PIM-SM must be enabled on this
interface, the configuration can take effect.
hash-mask-len: Mask length. The mask performs “And” operation with multicast
address at first and then performs the operation of searching for RP. The value
ranges from 0 to 32.
priority: Priority of the candidate BSR. The larger the value is, the higher the
priority of candidate BSR is. The value ranges from 0 to 255. By default, the
priority is 0.
Description
Using the c-bsr command, you can configure a candidate BSR. Using the undo
c-bsr command, you can remove the candidate BSR configuration.
Since BSR and other devices in PIM domain need to exchange a great deal of
information during candidate BSR configuration, a relatively large bandwidth must
be guaranteed.
Example
Configure the IP address of the router on Ethernet1/0/0 as a candidate BSR with
the priority 2.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] c-bsr ethernet1/0/0 30 2
c-rp Syntax
c-rp interface-type interface-number [ group-policy acl-number ] [ priority
priority-value ]
View
PIM view
Parameter
interface-type interface-number: Specified interface with the IP address
advertised as a candidate RP address.
acl-number: Number of basic ACL that defines a group range, which is the service
range of the advertised RP. The value ranges from 1 to 99.
priority-value: Priority of a candidate RP. The larger the value is, the lower the
priority is. The value ranges from 0 to 255. By default, the value is 0.
Description
Using the c-rp command, you can configure the router to advertise itself as a
candidate RP to BSR. Using the undo c-rp command, you can remove the
configuration.
Example
Configure the interface Ethernet1/0/0 as the candidate RP for all groups.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] c-rp ethernet 1/0/0
crp-policy Syntax
crp-policy acl-number
undo crp-policy
PIM Configuration Commands 711
View
PIM view
Parameter
acl-number: ACL number used by C-RP filter policy, ranging from 100 to 199.
Description
Using the crp-policy command, you can restrict the range for valid C-RP, and the
group range served by each C-RP so as to prevent C-RP cheating. Using the undo
crp-policy command, you can restore the normal state without any range
restriction and regard all the messages received as valid.
In PIM SM network which uses BSR mechanism, any router can set itself as a C-RP
serving the specific group range. If it is elected in RP election, it will become an RP
serving in the group range.
In BSR mechanism C-RP router unicasts C-RP information to BSR router which is
responsible for advertising all C-RP information to the whole network by using BRP
information.
This command uses the ACL numbered from 100 to 199. The parameter source in
the related rule command indicates C-RP address, and the destination indicates
the group range the C-RP serves. Upon matching the received C-RP message, only
when the C-RP address in the packet matches source address and the group
address range is the subset of that in ACL can this configuration be regarded
successful.
Example
Configure C-RP policy on C-BSR router. Only permit 1.1.1.1/32 to act as C-RP
which only serves the group range 225.1.0.0/16.
<3Com-pim] crp-policy 100
<3Com-pim] quit
<3Com] acl number 100
<3Com-acl-adv-100] rule 0 permit ip source 1.1.1.1 0 destination 225.1.0.0 0.0.255.255
View
User view
Parameter
all: All the common debugging information of PIM.
712 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
Description
Using the debugging pim common command, you can enable common PIM
debugging functions. Using the undo debugging pim common command, you
can disable the debugging functions.
Example
Enable all common PIM debugging functions.
<3Com> debugging pim common all
undo debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all | assert |
graft | graft-ack | join | prune } }
View
User view
Parameter
all: All the debugging information of PIM-DM.
Description
Using the debugging pim dm command, you can enable PIM-DM debugging
functions. Using the undo debugging pim dm command, you can disable the
debugging functions.
Example
Enable all PIM-DM debugging functions
<3Com> debugging pim dm all
undo debugging pim sm { all | mbr | mrt | msdp | timer | verbose | warning | { recv | send
} { assert | bootstrap | crpadv | jp | reg | regstop } }
View
User view
Parameter
mbr: Debugging information of PIM-SM multicast boundary router event.
Description
Using the debugging pim sm command, you can enable PIM-SM debugging
functions. Using the undo debugging pim sm command, you can disable the
debugging functions.
Example
Enable all PIM-SM debugging functions
<3Com> debugging pim sm all
714 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
View
Any view
Parameter
None
Description
Using the display pim bsr-info command, you can view Bootstrap Router (BSR)
information.
Example
Execute this command on a router running PIM-SM and display the current BSR
information.
<3Com> display pim bsr-info
Current BSR Address: 20.20.20.30
Priority: 0
Mask Length: 30
Expires: 00:01:55
Local host is BSR
View
Any view
Parameter
interface-type interface-number: Interface type and interface number.
Description
Using the display pim interface command, you can view the PIM interface
information.
Example
Display the PIM information about the interface Ethernet1/0/0.
<3Com> display pim interface ethernet 1/0/0
PIM information of interface Ethernet1/0/0:
IP address of the interface is 10.10.1.20
PIM is enabled on interface
PIM version is 2
PIM mode is Sparse
PIM query interval is 30 seconds
Total 1 PIM neighbor on interface
PIM Configuration Commands 715
Item Description
PIM is enabled on interface PIM SM is enabled on the interface Ethernet1/0/0.
PIM query interval is 30 seconds The sending interval of Hello message is 30 seconds.
PIM DR (designated router) is IP address of DR is 10.10.1.20.
10.10.1.20
View
Any view
Parameter
interface-type interface-number: Interface type and interface number.
Description
Using the display pim neighbor command, you can view the PIM neighbor
information.
Example
Display the PIM neighbor information of the interface Ethernet1/0/0 on the router.
<3Com> display pim neighbor ethernet 1/0/0
Neighbor's Address Interface Name Uptime Expires
10.10.1.10 Ethernet1/0/0 00:41:59 00:01:16
View
Any view
Parameter
**rp: (*, *, RP) route entry.
Description
Using the display pim routing-table command, you can view the contents of
the PIM multicast routing table.
Example
Display the contents of the PIM multicast routing table on the router.
<3Com> display pim routing-table
PIM-SM Routing Table
Total 0 (S,G) entry, 2 (*,G) entries, 0 (*,*,RP) entry
(*, 224.0.1.40), RP 20.20.20.30
Protocol 0x20: PIMSM, Flag 0x2003: RPT WC NULL_IIF
UpTime: 00:17:25, never timeout
Upstream interface: Null, RPF neighbor: 0.0.0.0
Downstream interface list:
Ethernet0/0/0, Protocol 0x1: IGMP, never timeout
(*, 225.1.1.1), RP 20.20.20.30
Protocol 0x20: PIMSM, Flag 0x2003: RPT WC NULL_IIF
UpTime: 00:08:45, never timeout
Upstream interface: Null, RPF neighbor: 0.0.0.0
Downstream interface list:
Ethernet0/0/0, Protocol 0x1: IGMP, never timeout
Matched 0 (S,G) entry, 2 (*,G) entries, 0 (*,*,RP) entry
View
Any view
Parameter
group-address: Group address.
Description
Using the display pim rp-info command, you can view the corresponding RP
information of a multicast group; BSR and static RP information.
Example
Display the currently corresponding RP of 224.0.0.0.
<3Com> display pim rp-info 224.0.0.0
PIM-SM RP-SET information:
BSR is: 20.20.20.20
Group/MaskLen: 224.0.0.0/4
RP 20.20.20.20
Version: 2
Priority: 0
Uptime: 00:00:05
Expires: 00:02:25
PIM Configuration Commands 717
pim Syntax
pim
undo pim
View
System view
Parameter
None
Description
Using the pim command, you can enter PIM view. Using the undo pim
command, you can clear the configuration in PIM view.
The global parameter which is related with the PIM must be configured in PIM
view.
Example
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim]
View
Interface view
Parameter
None
Description
Using the pim bsr-boundary command, you can configure an interface to
become the PIM domain boundary. Using the undo pim bsr-boundary
command, you can remove the boundary.
Example
Configure a domain boundary on the interface Pos1/0/0.
<3Com-Pos1/0/0] pim bsr-boundary
718 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
pim dm Syntax
pim dm
undo pim dm
View
Interface view
Parameter
None
Description
Using the pim dm command, you can enable PIM-DM. Using the undo pim dm
command, you can disable PIM-DM.
Example
Enable PIM-DM on the interface Ethernet1/0/0.
<3Com] multicast routing-enable
<3Com] interface ethernet1/0/0
<3Com-Ethernet1/0/0] pim dm
View
Interface view
Parameter
limit: Upper limit of PIM neighbor number on an interface, ranging from 0 to 128.
Description
Using the pim neighbor-limit command, you can limit PIM neighbor number on
a router interface. If the number exceeds the limit configured, no new neighbor
can be added to the router. Using the undo pim neighbor-limit command, you
can restore the default configuration.
If the PIM neighbor number on an interface has exceeded the value configured
during configuration, the previous PIM neighbor will not be deleted.
Example
Limit the upper limit of PIM neighbor number on the interface Ethernet1/0/0/ to
50.
PIM Configuration Commands 719
View
Interface view
Parameter
acl-number: Number of basic ACL. The value ranges from 1 to 99.
Description
Using the pim neighbor-policy command, you can configure a router to filter the
PIM neighbor of the current interface. Using the undo pim neighbor-policy
command, you can cancel the filtering.
Only the router, which is permitted by ACL, can act as PIM neighbor of the current
interface, while other routers cannot.
If this command is configured repeatedly the new configuration will overwrite the
previous one.
Example
Configure 10.10.1.2 rather than 10.10.1.1 as the PIM neighbor of Ethernet1/0/0.
<3Com-Ethernet1/0/0] pim neighbor-policy 1
<3Com-Ethernet1/0/0] quit
<3Com] acl number 1
<3Com-acl-basic-1] rule permit source 10.10.1.2 0
<3Com-acl-basic-1] rule deny source 10.10.1.1 0
pim sm Syntax
pim sm
undo pim sm
View
Interface view
Parameter
None
Description
Using the pim sm command, you can enable PIM-SM protocol on an interface.
Using the undo pim sm command, you can disable PIM-SM protocol.
Example
Enable PIM-SM on the interface Ethernet1/0/0.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] interface ethernet 1/0/0
<3Com-Ethernet1/0/0] pim sm
View
Interface view
Parameter
seconds: Interval of sending Hello message in second, ranging from 1 to 18000.
By default, the value is 30 seconds.
Description
Using the pim timer hello command, you can configure the interval of sending a
PIM router Hello message. Using the undo pim timer hello command, you can
restore the default value.
Example
Configure the interval of sending Hello message on the interface Ethernet1/0/0 on
the PIM router to 40 seconds.
<3Com-Ethernet1/0/0] pim sm
<3Com-Ethernet1/0/0] pim timer hello 40
register-policy Syntax
register-policy acl-number
undo register-policy
View
PIM view
Parameter
acl-number: Number of advanced IP ACL, defining the rule of filtering the source
and group addresses. The value ranges from 100 to 199.
Description
Using the register-policy command, you can configure a RP to filter the register
packet sent by the DR in the PIM-SM network, and to accept a specific packet
only. Using the undo register-policy command, you can remove the configured
packet filtering.
PIM Configuration Commands 721
Example
If the local device is the RP in the network, using the following command can only
accept the multicast data register packets sent by the source on the network
segment 10.10.0.0/16 to the multicast address in the range of 225.1.0.0/16.
<3Com> system-view
<3Com] acl number 110
<3Com-acl-adv-110] rule permit ip source 10.10.0.0 255.255.0.0 destination 225.1.0.0
255.255.0.0
<3Com-acl-adv-110] quit
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] register-policy 110
View
User view
Parameter
all: All PIM neighbors.
Description
Using the reset pim neighbor command, you can clear PIM neighbor.
Example
Clear the PIM neighbor of the interface addressed with 25.5.4.3.
<3Com> reset pim neighbor 25.5.4.3
View
User view
Parameter
all: All PIM route entries.
722 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
Description
Using the reset pim routing-table command, you can clear PIM route entry.
The sequence of the group-address and source-address can be reversed, but the
input group-address and source-address must be valid. Otherwise, the system will
prompt input error.
After this command is executed, not only the multicast route entry is deleted from
PIM, but also the corresponding route entry or forwarding entry in the multicast
kernel routing table and the MFC.
For the related commands, see reset multicast routing-table, reset multicast
forwarding-table, and display pim routing-table.
Example
Clear the route entry with group address of 225.5.4.3 in PIM routing table.
<3Com> reset pim routing-table 225.5.4.3
source-policy Syntax
source-policy acl-number
undo source-policy
View
PIM view
PIM Configuration Commands 723
Parameter
acl-number: Number of basic or advanced ACL. The value ranges from 1 to 199.
Description
Using the source-policy command, you can configure a router to filter the
multicast data packet received according to source (group) address. Using the
undo source-policy command, you can remove the configuration.
If source address filtering and basic ACL are configured all the multicast data
packets received will be matched with source addresses. The packet that does not
pass the matching will be discarded.
If source address filtering and advanced ACL are configured, all the multicast data
packets received will be matched with source and group addresses. The packet
that does not pass the matching will be discarded.
This command filters not only multicast data, but also the multicast data
encapsulated in a register packet.
If this command is executed repeatedly, the new configuration will overwrite the
previous one.
Example
Configure to accept the multicast data packets with source address of 10.10.1.2
and discard the multicast data packets with source address of 10.10.1.1.
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] source-policy 1
<3Com-pim] quit
<3Com] acl number 1
<3Com-acl-basic-1] rule permit source 10.10.1.2 0
<3Com-acl-basic-1] rule deny source 10.10.1.1 0
spt-switch-threshold Syntax
spt-switch-threshold { traffic-rate | infinity } [ group-policy acl-number ]
View
PIM view
Parameter
traffic-rate: Switch rate threshold from the RPT to the SPT in Kbps, ranging from 0
to 65535. By default, the switch threshold value is 0, i.e., switching starts when
the RPT receives the first data packet.
acl-number: Number of basic IP ACL, defining the range of a multicast group. The
value ranges from 1 to 99.
724 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
Description
Using the spt-switch-threshold command, you can set the packet rate threshold
when the PIM leaf router switches from the RPT to the SPT. Using the undo
spt-switch-threshold command, you can restore the default setting.
Example
Set the threshold value to 4Kbps. If the transmission rate from the source to the
multicast group is higher than it, the router will switch to the SPT toward the
source.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] spt-switch-threshold 4
static-rp Syntax
static-rp rp-address [ acl-number ]
undo static-rp
View
PIM view
Parameter
rp-address: Static RP address. This address must be valid unicast IP address and
cannot be configured as the address in 127 network segment.
acl-number: Number of basic ACL, used in controlling the multicast group range
that static RP serves. The value ranges from 1 to 99.
Description
Using the static-rp command, you can configure static RP. Using the undo
static-rp command, you can remove the configuration.
RP is the kernel router in multicast routing. If the dynamic RP elected through BSR
mechanism is invalid for some reason, static RP can be configured as a backup of
the dynamic RP to improve the robustness of the network and operation
management capability of the multicast network.
All routers in the PIM domain should be configured with this command, and be
configured with the same RP address. If the configured static RP address is the
address of an UP interface on the local device, the local device will act as static RP.
PIM is not necessarily enabled on the interface which acts as static RP.
If this command is configured, but ACL is not specified, the static RP configured
will serve all the multicast groups. If ACL is specified, the static RP configured will
only serve the multicast group permitted by the ACL.
In the case that the RP elected through BSR mechanism is valid, static RP does not
take effect.
If this command is executed repeatedly, the new configuration will overwrite the
previous one.
MSDP Configuration Commands 725
Example
Configure 10.110.0.6 as a static RP.
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] static-rp 10.110.0.6
MSDP Configuration
Commands
cache-sa-enable Syntax
cache-sa-enable
undo cache-sa-enable
View
MSDP view
Parameter
None
Description
Using the cache-sa-enable command, you can enable the router to cache SA
state. Using the undo cache-sa-enable command, you can remove the cache
from the router.
By default, the router caches the SA state, i.e., (S, G) entry after it receives SA
messages.
If the router is in cache state, it will not send SA request message to the specified
MSDP peer when it receives a new group join message.
Example
Configure the router to cache all the SA states.
<3Com> system-view
<3Com] msdp
<3Com-msdp] cache-sa-enable
View
User view
Parameter
all: All the debugging information of MSDP.
726 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
Description
Using the debugging msdp command, you can enable MSDP debugging
functions. Using the undo debugging msdp command, you can disable MSDP
debugging functions.
Example
Enable all common MSDP debugging functions.
<3Com> debugging msdp all
View
Any view
Parameter
None
Description
Using the display msdp brief command, you can view the state of MSDP peer.
Example
Display the state of MSDP peer.
<3Com> display msdp brief
MSDP Peer Brief Information
Peer's Address State Up/Down time AS SA Count Reset Count
20.20.20.20 Up 00:00:13 100 0 0
View
Any view
Parameter
peer-address: Address of MSDP peer.
Description
Using the display msdp peer-status command, you can view the detailed
information of MSDP peer.
MSDP Configuration Commands 727
Example
Display the detailed information of the MSDP peer 10.110.11.11.
<3Com> display msdp peer-status 10.110.11.11
MSDP Peer 20.20.20.20, AS 100
Description:
Information about connection status:
State: Up
Up/down time: 14:41:08
Resets: 0
Connection interface: LoopBack0 (20.20.20.30)
Number of sent/received messages: 867/947
Number of discarded output messages: 0
Elapsed time since last connection or counters clear: 14:42:40
Information about (Source, Group)-based SA filtering policy:
Import policy: none
Export policy: none
Information about SA-Requests:
Policy to accept SA-Request messages: none
Sending SA-Requests status: disable
Minimum TTL to forward SA with encapsulated data: 0
SAs learned from this peer: 0, SA-cache maximum for the peer: none
Input queue size: 0, Output queue size: 0
Counters for MSDP message:
Count of RPF check failure: 0
Incoming/outgoing SA messages: 0/0
Incoming/outgoing SA requests: 0/0
Incoming/outgoing SA responses: 0/0
Incoming/outgoing data packets: 0/0
View
Any view
Parameter
group-address: Group address of (S, G) entry.
If neither group address nor source address is determined, all SA caches will be
displayed.
Description
Using the display msdp sa-cache command, you can view (S, G) state learnt
from MSDP peer.
728 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
Example
<3Com> display msdp sa-cache
MSDP Total Source-Active Cache - 5 entries
(Source, Group) Origin RP Pro AS Uptime Expires
(10.10.1.2, 225.1.1.1) 10.10.10.10 BGP 100 00:00:10 00:05:50
(10.10.1.3, 225.1.1.1) 10.10.10.10 BGP 100 00:00:11 00:05:49
(10.10.1.2, 225.1.1.2) 10.10.10.10 BGP 100 00:00:11 00:05:49
(10.10.2.1, 225.1.1.2) 10.10.10.10 BGP 100 00:00:11 00:05:49
(10.10.1.2, 225.1.2.2) 10.10.10.10 BGP 100 00:00:11 00:05:49
MSDP matched 5 entries
View
Any view
Parameter
autonomous-system-number: Number of sources and groups from the specified
autonomous system.
Description
Using the display msdp sa-count command, you can view the number of
sources and groups in MSDP cache.
Example
<3Com> display msdp sa-count
Number of cached Source-Active entries, counted by Peer
Peer's Address Number of SA
10.10.10.10 5
Number of source and group, counted by AS
AS Number of source Number of group
? 3 3
Total Source-Active entries: 5
import-source Syntax
import-source [ acl acl-number ]
undo import-source
View
MSDP view
Parameter
acl-number: Number of basic or advanced IP ACL, ranging from 1 to 199,
controlling which sources SA messages will advertise and to which groups it will
be sent in the domain. Basic ACL performs filtering to source and advanced ACL
MSDP Configuration Commands 729
Description
Using the import-source command, you can configure which (S, G) entries in the
domain need to be advertised when a MSDP originates a SA message. Using the
undo import-source command, you can remove the configuration.
By default, all the (S, G) entries in the domain are advertised by the SA message.
Besides controlling the SA messages creation, you can filter the forwarded SA
messages by the commands peer sa-policy import and peer sa-policy export.
Example
Configure which (S, G) entries from the multicast routing table will be advertised
in SA messages originated by the MSDP peer.
<3Com> system-view
<3Com] acl number 101
<3Com-acl-adv-101] rule permit ip source 10.10.0.0 0.0.255.255 destination 225.1.0.0
0.0.255.255
<3Com-acl-adv-101] quit
<3Com] msdp
<3Com-msdp] import-source acl 101
msdp Syntax
msdp
undo msdp
View
System view
Parameter
None
Description
Using the msdp command, you can enable MSDP and enter the MSDP view. Using
the undo msdp command, you can clear all configurations of MSDP, release all
resources that MSDP occupies, and restore the initial state.
Example
Clear all configurations of MSDP.
<3Com> system-view
<3Com] undo msdp
msdp-tracert Syntax
msdp-tracert source-address group-address rp-address [ max-hops max-hops ] [
next-hop-info ] [ sa-info ] [ peer-info ] [ skip-hops skip-hops ]
730 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
View
Any view
Parameter
source-address: Multicast address address.
max-hops: The maximum number of hops that are traced, ranging from 1 to 255.
By default, the value is 16.
Description
Using the msdp-tracert command, you can trace the transmission path of SA
messages in the network, which helps to locate the faults, such as information loss
and configuration error. After the transmission path of the SA messages is
determined, the correct configuration can avoid the overflow of SA messages.
Example
Trace (10.10.1.1, 225.2.2.2, 20.20.20.20) path information.
<3Com> msdp-tracert 10.10.1.1 225.2.2.2 20.20.20.20
Specify the maximum number of hops that are traced and collect detailed
information of SA and MSDP peer.
Item Description
Router Address Address where the local router creates Peering session with
Peer-RPF neighbor.
Peer Uptime Time for which the local router performs Peering session with
Peer-RPF neighbor in minute, with the maximum value of 255.
Cache Entry Uptime Present time of (S, G, RP) entry in SA cache of the local router, in
minute, with the maximum value of 255.
D-bit: 1 (S, G, RP) entry existing in SA cache of the local router.
But the RP is different RP-bit: 1
from the RP specified
in the request
message.
The local router is an NC-bit: 0
RP, but it is not
necessarily the source
RP in (S, G, RP) entry.
The local router C-bit: 1
enables SA cache.
(S, G, RP) entry exists in Return Code: Reached-max-hops
SA cache of the local
router.
Return reason is the Hit-src-RP: The local hop router is the source RP in (S, G, RP) entry.
reached maximum
hops and other
possible value includes:
Next-Hop Router If the parameter next-hop-info is used, Peer-RPF neighbor address
Address: 0.0.0.0 will be displayed.
Count of SA messages Number of SA messages received for tracing this (S, G, RP) entry.
received for this
(S,G,RP)
Count of encapsulated Number of encapsulated data packets received for tracing this (S,
data packets received G, RP) entry.
for this (S,G,RP)
SA cache entry uptime Present time of SA cache entry.
SA cache entry expiry Expiry time of SA cache entry.
time
Peering Uptime: 10 Time for which the local router performs Peering session with
minutes Peer-RPF neighbor.
Count of Peering Number of Peering session resets.
Resets
originating-rp Syntax
originating-rp interface-type interface-number
undo originating-rp
View
MSDP view
Parameter
interface-type: Interface type.
732 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
Description
Using the originating-rp command, you can allow a MSDP to use the IP address
of a specified interface as the RP address in the SA message that was originated.
Using the undo originating-rp command, you can remove the configuration.
Example
Configure IP address of the interface Ethernet1/0/0 as the RP address in the SA
message originated.
<3Com> system-view
<3Com] msdp
<3Com-msdp] originating-rp ethernet 1/0/0
peer Syntax
peer peer-address connect-interface interface-type interface-number
View
MSDP view
Parameter
peer-address: Address of MSDP peer.
Description
Using the peer command, you can configure an MSDP peer. Using the undo peer
command, you can remove the MSDP peer configured.
If the local router is also in BGP peer relation with a MSDP peer, the MSDP peer
and the BGP peer should use the same IP address.
Example
Configure the router using IP address 125.10.7.6 as an MSDP peer of the local
router.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 connect-interface ethernet 0/1/0
View
MSDP view
Parameter
peer-address: Address of MSDP peer.
text: Descriptive text, being case sensitive. The maximum length is 80 characters.
Description
Using the peer description command, you can configure descriptive text to
MSDP peer. Using the undo peer description command, you can remove the
descriptive text configured.
Example
Add descriptive text CstmrA to router 125.10.7.6 to specify that the router is
Client A.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 description router CstmrA
View
MSDP view
Parameter
name: Name of an Mesh Group, being case sensitive. The maximum length is 32
characters.
Description
Using the peer mesh-group command, you can configure an MSDP peer to join a
Mesh Group. Using the undo peer mesh-group command, you can remove the
configuration.
Example
Configure the MSDP peer with address 125.10.7.6 to be a member of the Mesh
Group Grp1.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 mesh-group Grp1
View
MSDP view
Parameter
peer-address: Address of the MSDP peer to which the TTL limitation applies.
Description
Using the peer minimum-ttl command, you can configure the minimum TTL
(Time-to-Live) value of the multicast data packets encapsulated in SA messages to
be sent to specified MSDP peer. Using the undo peer minimum-ttl command,
you can restore the default TTL threshold.
Example
Configure the TTL threshold value to 10, i.e., only those multicast data packets
with a TTL value greater than or equal to 10 can be forwarded to the MSDP peer
110.10.10.1.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 110.10.10.1 minimum-ttl 10
View
MSDP view
Parameter
peer-address: Address of MSDP peer.
MSDP Configuration Commands 735
Description
Using the peer request-sa-enable command, you can enable the router to send
a SA request message to the specified MSDP peer when receiving a new group
join message. Using the undo peer request-sa-enable command, you can
remove the configuration.
By default, when receiving a new group join message, the router sends no SA
request messages to MSDP peers but waits to receive the next SA message.
Example
Configure to send SA request message to the MSDP peer 125.10.7.6.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 request-sa-enable
View
MSDP view
Parameter
peer-address: Address of MSDP peer.
sa-limit: Maximum value that the SA cache allows, ranging from 1 to 2048.
Description
Using the peer sa-cache-maximum command, you can limit the number of
caches originated when the router receives SA messages from an MSDP peer.
Using the undo peer sa-cache-maximum command, you can restore the default
configuration.
This configuration is recommended for all MSDP peers in the networks possibly
attacked by DoS.
For the related commands, see display msdp, sa-count, display msdp
peer-status and display msdp brief.
Example
Limit the number of caches originated to 100 when the router receives SA
messages from the MSDP peer 125.10.7.6.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 sa-cache-maximum 100
736 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
View
MSDP view
Parameter
import: Receives SA messages from the specified MSDP peer.
acl acl-number: Number of advanced IP ACL, ranging from 100 to 199. If no ACL
is specified, all (S, G) entries are filtered.
Description
Using the peer sa-policy command, you can configure a filter list for SA
messages received or forwarded from the specified MSDP peer. Using the undo
peer sa-policy command, you can remove the configuration.
Example
Forward only those SA messages that passed the advanced IP ACL.
<3Com> system-view
<3Com] acl number 100
<3Com-acl-adv-100] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0
0.0.255.255
<3Com-acl-adv-100] quit
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 connect-interface ethernet 0/0/0
<3Com-msdp] peer 125.10.7.6 sa-policy export acl 100
View
MSDP view
Parameter
peer-address: Address from which the local router receives SA request messages
sent by the specified MSDP peer.
MSDP Configuration Commands 737
Description
Using the peer sa-request-policy command, you can limit SA request messages
that the router receives from MSDP peers. Using the undo peer
sa-request-policy command, you can remove the limitation.
By default, the router receives all SA request messages from the MSDP peer.
If no ACL is specified, all SA requests will be ignored. If ACL is specified, only those
SA request messages from the groups permitted by the ACL will be processed and
all the others will be ignored.
Example
Configure the ACL for filtering SA request messages from the MSDP peer
175.58.6.5. The SA request messages from group address range 225.1.1.0/8 will
be received and all the others will be ignored.
<3Com> system-view
<3Com] acl number 1
<3Com-acl-basic-1] rule permit source 225.1.1.0 0.0.0.255
<3Com-acl-basic-1] quit
<3Com] msdp
<3Com-msdp] peer 175.58.6.5 sa-request-policy acl 1
View
User view
Parameter
peer-address: Address of MSDP peer.
Description
Using the reset msdp peer command, you can reset TCP connection with the
specified MSDP peer, and clear all the statistics of the specified MSDP peer.
Example
View
User view
Parameter
group-address: Address of the group, (S, G) entries matching which are cleared
from the SA cache. If no multicast group address is specified, all SA cache entries
will be cleared.
Description
Using the reset msdp sa-cache command, you can clear SMDP SA cache entries.
For the related commands, see cache-sa-enable and display msdp sa-cache.
Example
Clear the cache entries with group address 225.5.4.3 from the SA cache.
<3Com> reset msdp sa-cache 225.5.4.3
View
User view
Parameter
peer-address: Address of the MSDP peer whose statistics, resetting information
and input/output information will be cleared. If no MSDP peer address is specified,
all MSDP peers statistics will be cleared.
Description
Using the reset msdp statistics command, you can clear statistics of one or more
MSDP peers without resetting the MSDP peer.
Example
Clear the statistics of the MSDP peer 25.10.7.6.
<3Com> reset msdp statistics 125.10.7.6
shutdown Syntax
shutdown peer-address
View
MSDP view
Parameter
peer-address: IP address of MSDP peer.
MSDP Configuration Commands 739
Description
Using the shutdown command, you can disable the MSDP peer specified. Using
the undo shutdown command, you can remove the configuration.
Example
Disable the MSDP peer 125.10.7.6.
<3Com> system-view
<3Com] msdp
<3Com-msdp] shutdown 125.10.7.6
static-rpf-peer Syntax
static-rpf-peer peer-address [ rp-policy list ]
View
MSDP view
Parameter
peer-address: Address of the static RPF peer to receive SA messages.
rp-policy list: Filter policy based on RP address, which filters the RP in SA messages.
If the parameter is not specified, all SA messages from static RPF peer will be
accepted. If the parameter rp-policy list is specified and filter policy is configured,
the router will only accept SA messages from the RP which passes filtering. If no
filter policy is configured, the router will still accept all SA messages from the static
RPF peer.
Description
Using the static-rpf-peer command, you can configure static RPF peer.. Using the
undo static-rpf-peer command, you can remove the static RPF peer.
You must configure the peer command before using the static-rpf-peer
command.
If you do not want to perform RPF check to SA messages from a same MSDP peer.
If only an MSDP peer is configured on a router, this MSDP peer will be regarded as
static RPF peer.
Example
Configure two static RPF peers.
<3Com> system-view
<3Com] ip ip-prefix list1 permit 130.10.0.0 16
<3Com] ip ip-prefix list2 permit 130.10.0.0 16
740 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
<3Com] msdp
<3Com-msdp] peer 130.10.7.6 connect-interface ethernet 1/0/0
<3Com-msdp] peer 130.10.7.5 connect-interface ethernet 1/0/0
<3Com-msdp] static-rpf-peer 130.10.7.6 rp-policy list1
<3Com-msdp] static-rpf-peer 130.10.7.5 rp-policy list2
View
MSDP view
Parameter
seconds: Value of connection request re-try period in second, ranging from 1 to
60.
Description
Using the timer retry command, you can configure the value of connection
request re-try period. Using the undo timer retry command, you can restore the
default value.
Example
Configure the connection request re-try period to 60 seconds.
<3Com> system-view
<3Com] msdp
<3Com-msdp] timer retry 60
MBGP Multicast
Extension
Configuration
Commands
aggregate Syntax
aggregate address mask [ as-set ] [ attribute-policy route-policy-name ] [
detail-suppressed ] [ origin-policy route-policy-name ] [ suppress-policy
route-policy-name ]
View
IPv4 multicast sub-address family view
MBGP Multicast Extension Configuration Commands 741
Parameter
address: Address of the aggregated route.
Description
Using the aggregate command, you can create a multicast aggregated record in
the BGP routing table. Using the undo aggregate command, you can remove the
aggregation.
Using the aggregate command without parameters, you can create one local
aggregated route and set atomic aggregation attributes.
Example
Create a multicast aggregated record in the BGP routing table and set the address
of aggregated route is 192.213.0.0.
<3Com-bgp-af-mul] aggregate 192.213.0.0 255.255.0.0
View
User view
Parameter
updates: Debug information of MBGP update packets.
Description
Using the debugging bgp mp-update command, you can enable the MBGP
packet debugging functions. Using the undo debugging bgp mp-update
command, you can disable the functions.
Example
Enable MBGP packet information debugging function.
<3Com> debugging bgp mp-update
742 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
View
Any view
Parameter
group-name: Name of peer group. If no peer group is specified, the information
about all peer groups will be displayed.
Description
Using the display bgp multicast group command, you can view the information
about peer groups.
Example
Display the information about the peer group named my_peer.
<3Com> display bgp multicast group my_peer
View
Any view
Parameter
None
Description
Using the display bgp multicast network command, you can view the routing
information that MBGP advertises.
Example
Display the network segment routing information that MBGP advertises.
<3Com> display bgp multicast network
View
Any view
Parameter
ip-address: MBGP routing information whose IP address is specified in the BGP
routing table.
Description
Using the display bgp multicast routing-table command, you can view the
MBGP routing information whose IP address is specified in the BGP routing table.
MBGP Multicast Extension Configuration Commands 743
Example
Display the MBGP routing information with destination network segment
14.1.0.0.
<3Com> display bgp multicast routing-table 14.1.0.0
View
Any view
Parameter
None
Description
Using the display bgp multicast routing-table cidr command, you can view the
routing information with non-natural network mask (i.e., classless inter-domain
routing, CIDR).
Example
Display CIDR routing information.
<3Com> display bgp multicast routing-table cidr
View
Any view
Parameter
community-number: Specifies community number.
no-export: Not advertises routes outside the local autonomous system but
advertise routes to other sub-autonomous systems.
Description
Using the display bgp multicast routing-table community command, you can
view the routing information that belongs to the specified MBGP community.
Example
Display the routing information that belongs to the specified MBGP community.
<3Com> display bgp multicast routing-table community 600:1
744 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
Parameter
list-number: Number of community list.
Description
Using the display bgp multicast routing-table community-list command, you
can view the routing information that is permitted by the MBGP community list.
Example
Display the routing information that is permitted by the MBGP community list.
<3Com> display bgp multicast routing-table community-list
Parameter
None
Description
Using the display bgp multicast routing-table different-origin-as command,
you can view AS routes with different origins.
Example
Display AS routes with different origins.
<3Com> display bgp multicast routing-table different-origin-as
View
Any view
Parameter
peer-address: Address of multicast neighbor, in dotted decimal notation format.
Description
Using the display multicast routing-table peer command, you can view the
route received from or sent to the specified multicast neighbor.
Example
Display the routing information sent to the multicast neighbor 10.10.1.11.
<3Com> display multicast routing-table peer 10.10.1.11 advertised
Parameter
as-regular-expression: AS regular expression matched.
Description
Using the display bgp multicast routing-table regular-expression command,
you can view the routing information matching the specified AS regular
expression.
Example
Display the MBGP routing information matching the regular expression ^600$.
<3Com> display bgp multicast routing-table regular-expression ^600$
View
Any view
Parameter
None
Description
Using the display bgp multicast routing-table statistic command, you can
view statistics of MBGP route information.
Example
Display statistics of MBGP route information.
<3Com> display bgp multicast routing-table statistic
import-route Syntax
import-route protocol [ route-policy policy-name ] [ med metric ]
View
IPv4 multicast sub-address family view
Parameter
protocol: Source routing protocols that can be imported, which can be direct,
ospf, ospf-ase, ospf-nssa, rip, isis and static at present.
Description
Using the import-route command, you can import routing information from
other protocols to BGP. Using the undo import-route command, you can cancel
the import of routing information from other protocols.
By default, BGP will not import routing information from other protocols.
Example
Configure to import a static route.
<3Com-bgp-af-mul] import-route static
View
BGP view
Parameter
None
Description
Using the ipv4-family multicast command, you can enter the IPv4 multicast
sub-address family view. Using the undo ipv4-family multicast command, you
can remove all the configurations in the IPv4 multicast sub-address family view.
Example
Enter the IPv4 multicast sub-address family view.
<3Com> system-view
<3Com] bgp 100
<3Com-bgp] ipv4-family multicast
<3Com-bgp-af-mul]
network Syntax
network ip-address [ address-mask ] [ route-policy policy-name ]
View
IPv4 multicast sub-address family view
Parameter
ip-address: Network address that BGP advertises.
Description
Using the network command, you can configure the network addresses to be
sent by the local BGP. Using the undo network command, you can remove the
existing configuration.
Example
Advertise routes to the network segment 10.0.0.0/16.
<3Com-bgp-af-mul] network 10.0.0.1 255.255.0.0
peer Syntax
advertise-community peer { group-name | peer-address } advertise-community
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
Description
Using the peer advertise-community command, you can advertise community
attributes to a peer (group). Using the undo peer advertise-community
command, you can remove the existing configuration.
Example
Advertise community attributes to the peer group named test.
<3Com-bgp-af-mul] peer test advertise-community
View
IPv4 multicast sub-address family view
Parameter
group-name: Peer group name
Description
Using the peer allow-as-loop command, you can choose to contain the local AS
number in the AS-PATH attributes recieved. Using the undo peer allow-as-loop
command, you can decide not to contain the local AS number in the AS-PATH
attributes received. The routing loop should be removed in the route update
messages received in Hub&Spoke networking mode.
For the standard BGP routing loop test is based on AS numbers but in Hub&Spoke
networking mode, if EBGP runs between a PE and a CE, the local AS number is
contained in the PE's advertising routing information to the CE, then the PE will
not be able to receive the updated messages for this route.
The peer allow-as-loop command can solve this problem, for it allows the
containment of the local AS number in the route update messages received from
the CE. The acceptable maximum of the local AS number is defined via the
asn_limit parameter.
Example
Specify to contain the local AS number in the AS_PATH attributes received.
<3Com-bgp] ipv4-family multicast
<3Com-bgp-af-vpn] peer 1.1.1.1 allow-as-loop 1
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
Description
Using the peer as-path-acl command, you can configure BGP filter policy based
on AS path list for the peer (group). Using the undo peer as-path-acl command,
you can remove the configuration.
By default, the peer (group) has no filter policy based on AS path list.
Example
Set BGP filter policy based on AS path list for the peer (group).
<3Com-bgp] peer test as-number 100
<3Com-bgp] ipv4-family multicast
<3Com-bgp-af-mul] peer test enable
<3Com-bgp-af-mul] peer test as-path-acl 3 export
View
IPv4 multicast sub-address family view
Parameter
peer-address: IP address of the multicast peer.
Description
Using the peer enable command, you can enable the multicast peer or peer
group. Using the undo peer enable command, you can disable the multicast
peer or peer group.
Only after the peer (peer group) is enabled, can it establish connection with the
multicast peer.
Example
Enable the multicast peer 1.1.11.1.
<3Com-bgp-af-mul] peer 1.1.11.1 enable
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
Description
Using the peer filter-policy command, you can set the filter policy list for a peer
(group). Using the undo peer filter-policy command, you can remove the
existing setting.
Example
Set the filter policy list for a peer.
<3Com-bgp] peer test as-number 100
<3Com-bgp] ipv4-family multicast
<3Com-bgp-af-mul] peer test enable
<3Com-bgp-af-mul] peer test filter-policy 3 import
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
import: Applies the filter policy to routes accepted by the specified peer (group).
export: Applies the filter policy to routes sent by the specified peer (group).
MBGP Multicast Extension Configuration Commands 751
Description
Using the peer ip-prefix command, you can configure the route filter policy
based on the address prefix-list for the peer (group). Using the undo peer
ip-prefix command, you can remove the configuration.
Example
Configure the route filter policy based on the address prefix-list for the peer.
<3Com-bgp-af-mul] peer group1 ip-prefix list1 import
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
Description
Using the peer next-hop-local command, you can remove the processing of the
next hop in routes which BGP will advertise to the peer (group), and set the local
address as the next hop. Using the undo peer next-hop-local command, you
can remove the existing setting.
Example
Set the local address as the next hop when advertising routes to peer group
named test.
<3Com-bgp-af-mul] peer test next-hop-local
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
Description
Using the peer public-as-only command, you can configure only to carry public
AS number rather than private AS number when BGP sends update packets. Using
the undo peer public-as-only command, you can choose to carry a private AS
number when BGP sends update packets.
By default, the private AS number is carried when BGP sends update packets.
Generally, BGP sends update packets with the AS number (which can be either the
public AS number or private AS number). To enable some external routers to
ignore the private AS number when sending update packets, you can configure
not to carry the private AS number when BGP sends update packets.
Example
Configure not to carry private AS number when BGP sends update packets to peer
group named test.
<3Com-bgp-af-mul] peer test public-as-only
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
Description
Using the peer reflect-client command, you can configure a peer (group) as a
client of the route reflector. Using the undo peer reflect-client command, you
can remove the existing configuration.
Example
Configure peer group named test to be client of the route reflector.
<3Com-bgp-af-mul] peer test reflect-client
View
IPv4 multicast sub-address family view
Multicast Static Route Configuration Commands 753
Parameter
group-name: Name of the peer group.
import: Applies route policy to the routes received from the peer (group).
export: Applies route policy to the routes advertised to the peer (group).
Description
Using the peer route-policy command, you can configure route policy for the
specified peer (group). Using the undo peer route-policy command, you can
remove the route policy of the peer (group).
Example
Apply route policy policy 1 to the routes received from the peer group named test.
<3Com-bgp-af-mul] peer test route-policy policy1 import
View
System view
Parameter
None
Description
Using the delete rpf-route-static all command, you can delete all the static
multicast routes.
When using this command, the system will prompt you to acknowledge. All static
multicast routes will be deleted after your acknowledgement.
Example
Delete all the static multicast routes.
<3Com] delete rpf-route-static all
754 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS
View
Any view
Parameter
source: IP address of multicast source (unicast address).
Description
Using the display multicast routing-table static command, you can view the
active multicast static routes.
If no multicast source address is specified, all active multicast static routes will be
displayed.
For the related command, see display multicast routing-table static config.
Example
Display all active multicast static routes.
<3Com> display multicast routing-table static
22.22.0.0/16 [inactive]
RPF interface = serial0/0/0, RPF neighbor = 66.55.99.88
Matched routing protocol = = <none>, route-policy = <none>, preference = 1
Running config = ip mroute 22.22.0.0 16 66.55.99.88 preference 1
Display the multicast static routes that exactly match the address 10.10.0.0/16.
Parameter
source: IP address of multicast source (unicast address).
Description
Using the display multicast routing-table static config command, you can
view multicast static routes configured.
If no multicast source address is specified, all configured multicast static routes will
be displayed.
Example
Display all the configured multicast static routes.
<3Com> display multicast routing-table static config
Display the multicast static routes that exactly match the address 1.0.0.0/8.
ip rpf-longest-match Syntax
ip rpf-longest-match
undo ip rpf-longest-match
View
System view
Parameter
None
Description
Using the ip rpf-longest-match command, you can configure the longest-match
rule to be the multicast RPF route selecting policy. Using the undo ip
rpf-longest-match command, you can restore the default configuration.
Example
Set the longest-match rule to be the multicast RPF route selecting policy.
<3Com] ip rpf-longest-match
ip rpf-route-static Syntax
ip rpf-route-static source { mask | mask-length } [ protocol ] [ route-policy policyname ] {
rpf-nbr | interface-name } [ order order-num | preference preference ]
View
System view
Parameter
source: IP address of multicast source (unicast address).
protocol: Indicates that matched routes must appear in the specified unicast
routing protocol. Protocol can be such unicast routing protocols as bgp, isis, ospf,
rip and static.
Description
Using the ip rpf-route-static command, you can configure multicast static routes.
Using the undo ip rpf-route-static command, you can remove the multicast
static routes from the multicast static routing table.
For the related commands, see display multicast routing-table static config
and display multicast routing-table static.
Example
Configure a multicast static route.
<3Com> system-view
<3Com] ip rpf-route-static 1.0.0.0 255.0.0.0 rip route-policy map1 11.0.0.1
Basic Configuration
Commands
undo debugging mpls lspm { all | packet | event | ftn | process | agent | interface | policy
| vpn }
View
User view
Parameter
agent: Enables all MPLS Agent information debugging.
Description
Using the debugging mpls lspm command, you can enable various LSP
information debugging. Using the undo debugging mpls lspm command, you
can disable corresponding debugging.
This command is used for the debugging of the problem that occurred while using
MPLS LSPM. Enabling the debugging will affect the performance of the router, so
it is recommended that the command be used with caution.
Example
Enable all relevant debugging of MPLS VPN.
<3Com> debugging mpls lspm vpn
View
Any view
Parameter
None
Description
Using the display mpls interface command, you can view all MPLS-enabled
interfaces.
For the related commands, see display mpls lsp, display mpls statistics,
display static-lsp.
Example
Display all MPLS-enabled interfaces.
[3Com] display mpls interface
View
Any view
Parameter
include text: Displays the information with the specified string included.
Description
Using the display mpls lsp command, you can view LSP information.
Basic Configuration Commands 759
By default, the display mpls lsp command displays all LSP information.
For the related commands, see display mpls interface, display mpls statistics,
and display static-lsp.
Example
Display all LSPs whose incoming interfaces are Serial 3/0/0.
[3Com] display mpls lsp include incoming-interface serial3/0/0
Syntax
display mpls static-lsp { verbose | include text }
View
Any view
Parameter
include text: Displays the information with the specified string included.
Description
Using the display mpls static-lsp command, you can display the information of
all or single static LSP(s).
For the related commands, see display mpls interface, display mpls lsp, and
display mpls statistics.
Example
Display information of the static LSP named “marlborough”.
[3Com] display mpls static-lsp include marlborough
View
Any view
Parameter
interface-type: Type of network interface.
Description
Using the display mpls statistics command, you can display statistics of all or
single LSP(s) and LSP statistics on all or single interface(s).
Specifically, the displayed information includes the bytes, packets, errors and
discarded packets processed on each LSP ingress and each LSP egress, and those
received and transmitted on each MPLS-enabled interface.
For the related commands, see display mpls interface and display mpls lsp.
Example
Display MPLS statistics.
[3Com] display mpls statistics lsp all
Building the information...
LSP Index/LSP Name : 1/lsp1
InSegment Octets of LSP is: 0 Bytes processed on each LSP ingress
InSegment Packets of LSP is: 0 Packets processed on each LSP ingress
InSegment Errors of LSP is: 0 Errors processed on each LSP ingress
InSegment Discard Packets of LSP is: 0 Discarded packets processed on each LSP ingress
LSP Index/LSP Name : 1/lsp1
OutSegment Octets of LSP is: 0 Bytes processed on each LSP egress
OutSegment Packets of LSP is: 0 Packets processed on each LSP egress
OutSegment Errors of LSP is: 0 Errors processed on each LSP egress
OutSegment Discard Packets of LSP is: 0 Discarded packets processed on each LSP egress
LSP Index/LSP Name : 17416/dynamic-lsp
InSegment Octets of LSP is: 0
InSegment Packets of LSP is: 0
InSegment Errors of LSP is: 0
InSegment Discard Packets of LSP is: 0
LSP Index/LSP Name : 17416/dynamic-lsp
OutSegment Octets of LSP is: 0
OutSegment Packets of LSP is: 0
OutSegment Errors of LSP is: 0
OutSegment Discard Packets of LSP is: 0
Field Description
In Octets of Mpls interface is: 0 Bytes coming from the interface
In Packets of Mpls interface is: 0 Packets coming from the interface
In Errors of Mpls interface is: 0 Packet processing errors coming from the
interface
In Discard Packets of Mpls interface is: 0 Discarded packets coming from the interface
Out Octets of Mpls interface is: 0 Bytes sent from the interface
Out Packets of Mpls interface is: 0 Packets sent from the interface
Out Errors of Mpls interface is: 0 Packet processing errors sent from the
interface
Out Discard Packets of Mpls interface is: 0 Discarded packets sent from the interface
lsp-trigger Syntax
lsp-trigger { all | ip-prefix ip-prefix }
View
MPLS view
Parameter
all: Sets up LSPs at any routes.
ip-prefix: Sets up LSPs only at those routes with the specified IP prefix.
Description
Using the lsp-trigger command, you can configure topology-triggered LSP
creation policy. Using the undo lsp-trigger command, you can remove the
filtering conditions specified by parameters and enable no route to trigger LSP
creation.
If you import an IP-prefix rule without contents, LSPs can be established at all host
routes according to the IP-prefix usage convention in VRP.
Example
Allow to set up LSPs at all routes.
762 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
mpls Syntax
mpls
View
System view, routing protocol view, interface view, virtual interface view
Parameter
None
Description
Using the mpls command in system view, you can enter MPLS view.
Using the mpls command in interface view, you can enable MPLS on the interface.
After executing the command, the user can enter MPLS view. Only after entering
MPLS view, can the user configure other MPLS commands.
To enter MPLS view, the user should configure the mpls lsr-id command first.
Example
Enter MPLS view in system view.
[3Com] mpls
[3Com-mpls]
[3Com-Ethernet6/0/0] mpls
Mpls starting, please wait... OK!
View
System view
Parameter
ip-address: LSR ID, with a form like IP address, used to identify an LSR.
Description
Using the mpls lsr-id command, you can configure an LSR ID. Using the undo
mpls lsr-id command, you can delete an LSR ID.
As a premise for configuring other MPLS commands, using this command you can
configure an LSR ID.
Example
Configure the ID of the LSR as 202.17.41.246.
[3Com] mpls lsr-id 202.17.41.246
View
MPLS view
Parameter
all: All interfaces or all LSPs
Description
Using the reset mpls statistics command, you can clear MPLS statistics.
This command clears statistics on all or single interface(s) or on all or single LSP(s).
Example
Clear statistics on the LSP named “Marlborough”.
[3Com] reset mpls statistics lsp name marlborough
View
System view
764 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
Parameter
None
Description
Using the snmp-agent trap enable ldp command, you can enable Trap function
in MPLS LDP creation. Using the snmp-agent trap enable ldp command, you
can disable Trap function in MPLS LDP creation.
Example
Enable TRAP function during MPLS LDP creation.
[3Com] snmp-agent trap enable lDp
View
System view
Parameter
None
Description
Using the snmp-agent trap enable lsp command, you can enable Trap function
in MPLS LSP creation. Using the snmp-agent trap enable lsp command, you
can disable Trap function in MPLS LSP creation.
Example
Enable TRAP function during MPLS LSP creation.
[3Com] snmp-agent trap enable lsp
View
MPLS view
Parameter
lsp-name: Name of LSP.
Description
Using the static-lsp egress command, you can configure a static LSP for an egress
LSR. Using the undo static-lsp egress command, you can delete an LSP for an
egress LSR.
By default, this command can be used to configure a static LSP for an egress LSR.
For the related commands, see static-lsp ingress and debugging mpls.
Example
Configure a static LSP named “bj-sh” on the egress LSR.
[3Com-mpls] static-lsp egress bj-sh incoming-interface serial8/0/0 in-label 233
View
MPLS view
Parameter
lsp-name: Name of LSP.
Description
Using the static-lsp ingress command, you can configure a static LSP for an
ingress LSR. Using the undo static-lsp ingress command, you can delete an LSP
for an ingress LSR.
This command can be used to configure a static LSP for ingress LSR and
simultaneously set precedence value and metric value for the LSP.
For the related commands, see static-lsp egress, static-lsp transit, and
debugging mpls.
766 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
Example
Configure a static LSP for the ingress LSR heading for the destination address
202.25.38.1.
[3Com-mpls] static-lsp ingress bj-sh destination 202.25.38.1 24 nexthop 202.55.25.33
out-label 237
View
MPLS view
Parameter
lsp-name: Name of LSP.
Description
Using the static-lsp transit command, you can configure a static LSP for transit
LSR. Using the undo static-lsp transit command, you can delete an LSP for
transit LSR.
This command can be used to configure a static LSP for transmit LSR.
For the related commands, see static-lsp egress and static-lsp ingress.
Example
Configure a static LSP for the serial interface Serial3/0/0 on transit LSR, with an
inbound label of 123 and an outbound label of 253.
[3Com-mpls] static-lsp transit bj-sh incoming-interface serial3/0/0 in-label 123 nexthop
202.34.114.7 out-label 253
View
MPLS view
LDP Configuration Commands 767
Parameter
interval-time: Time interval in seconds. It ranges from 30 to 65535.
Description
Using the statistic interval command, you can configure the time interval for
reporting statistics. Using the undo statistic interval command, you can restore
the default value.
Example
Configure the time interval as 30 seconds, that is, to report statistics every 30
seconds.
[3Com-mpls] statistics interval 30
LDP Configuration
Commands
undo debugging mpls ldp { all | main | advertisement | session | pdu | notification |
remote } [ interface interface-type interface-num ]
View
User view
Parameter
all: displays all debugging information related to LDP.
pdu: Displays the debugging information during processing PDU data packets.
Description
Using the debugging ldp command, you can enable the debugging of various
LDP messages. Using the undo debugging ldp command, you can disable the
debugging of various LDP messages.
Example
Enable LDP debugging.
<3Com> debugging mpls ldp all
View
Any view
Parameter
None
Description
Using the display mpls ldp command, you can view LDP and LSR information.
Example
Display LDP and LSR information.
[3Com] display mpls ldp
View
Any view
Parameter
None
Description
Using the display mpls ldp buffer-info command, you can view the buffer
information of LDP.
Example
Display LDP buffer information.
[3Com] display mpls ldp buffer-info
-----------------------------------------------------------------
LDP Configuration Commands 769
View
Any view
Parameter
None
Description
Using the display mpls ldp interface command, you can view the information of
an LDP-enabled interface.
For the related commands, see mpls ldp enable and display mpls ldp session.
Example
Display the information of an LDP-enabled interface.
[3Com-Ethernet3/0/0] display mpls ldp interface
View
Any view
Parameter
None
Description
Using the display mpls ldp lsp command, you can view relevant LSP information
created via LDP.
770 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
Example
Display LSP.
[3Com-Ethernet3/0/0] display mpls ldp lsp
View
Any view
Parameter
None
Description
Using the display mpls ldp peer command, you can display peer information.
Example
Display peer information.
[3Com] display mpls ldp peer
View
Any view
Parameter
None
Description
Using the display mpls ldp remote command, you can display the configured
remote peer information.
For the related commands, see mpls ldp remote and remote-peer.
Example
Display the configured remote-peer information.
[3Com] display mpls ldp remote
View
Any view
Parameter
None
Description
Using the display mpls ldp session command, you can display the session
between peers.
Example
Display the session between peers.
[3Com] display mpls ldp session
View
System view
Parameter
None
Description
Using the mpls ldp command, you can enable LDP. Using the undo mpls ldp
command, you can disable LDP.
Before enabling LDP, you must enable MPLS and configure LSR ID first.
Example
Enable LDP.
[3Com] mpls ldp
View
System view
772 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
Parameter
explicit-null: Specifies to assign explicit null label to the penultimate hop at egress.
implicit-null: Specifies to assign implicit null label to the penultimate hop at egress.
■ Label value 0 stands for IPv4 Explicit NULL Label, which is valid only at the
bottom of label stack. That is, the label stack must be popped and
forwarded as IPv4 header.
■ Label value 1 stands for Router Alert Label, which is valid except at the
bottom of label stack. When receiving messages with label value 1 at the
top of the label stack, the system forwards them into local software module
for further processing. If a lower-layer label is to be forwarded, it must be
put with Router Alert Label.
■ Label value 2 stands for IPv6 Explicit NULL Label, which is valid only at the
bottom of label stack. That is, the label stack must be popped and
forwarded as IPv4 header.
■ Label value 3 stands for Implicit NULL Label, which can be distributed and
forwarded, but cannot be placed in encapsulation. When LSR switches
top-layer labels, it only need to pop the labels, but cannot replace them
when using label 3 to replace the original label.
■ Labels 4~15 are reserved.
Description
Using the mpls label advertise command, you can specify what label is to be
assigned to the penultimate hop at egress node. Using the undo mpls label
advertise command, you can restore the default value.
When the keyword explicit-null is selected, the m-layer label of a packet with
m-layer label parameter will be popped at the penultimate LSR of the LSP, but not
the egress LSR. This can lower operation restriction at egress node and mitigate
the traffic at the egress node to a degree.
If explicit null label is assigned to the penultimate hop, it can only reside at the
bottom of the label stack.
Example
Specify at the egress to allocate general labels to the penultimate hop.
[3Com-mpls] mpls label advertise non-null
View
Interface view
LDP Configuration Commands 773
Parameter
None
Description
Using the mpls ldp enable command, you can enable LDP on an interface. Using
the undo mpls ldp enable command, you can disable LDP on an interface.
To enable an interface, you must enable LDP first. After LDP is enabled on an
interface, peer discovery and session creation proceed.
Example
Enable LDP on the interface.
[3Com-Ethernet3/0/0] mpls ldp disable
View
System view
Parameter
hop-number: The maximum hops of loop detection, ranging from 1 to 32.
Description
Using the mpls ldp hops-count command, you can set the maximum hops of
loop detection. Using the undo mpls ldp hops-count command, you can restore
the default value.
This command should be configured before enabling LDP on all interfaces. Its
value, which depends on actual networking situation, decides the loop detection
speed during LSP creation
For the related commands, see mpls ldp loop-detection and mpls ldp
path-vector.
Example
Set the maximum hops of loop detection to be 22.
[3Com] mpls ldp hops-count 22
Set the maximum hops of loop detection as 32, the default value.
[3Com] undo mpls ldp hops-count
View
System view
Parameter
None
Description
Using the mpls ldp loop-detect command, you can enable loop detection. Using
the undo mpls ldp loop-detect command, you can disable loop detection.
For the related commands, see mpls ldp hops-count, mpls ldp path-vectors.
Example
Enable loop detection.
[3Com] mpls ldp loop-detect
View
Interface view, remote-peer view
Parameter
simple: Transmitted in plain text.
Description
Using the mpls ldp password command, you can configure LDP authentication
mode. Using the undo mpls ldp password command, you can remove the
configuration.
Example
Configure the LDP authentication mode to be in plain text, with a password of
123.
[3Com-Ethernet0/0/0.1] mpls ldp password simple 123
LDP Configuration Commands 775
View
System view
Parameter
pv-number: The configured maximum value of path vector, ranging from 1 to 32.
Description
Using the mpls ldp path-vectors command, you can set the maximum value of
path vector. Using the undo mpls ldp path-vectors command, you can restore
the maximum value of path vector.
This command should be configured before enabling LDP on all interface. Its
value, which depends on actual networking situation, decides the loop detection
speed in LSP creation.
For the related commands, see mpls ldp loop-detection and mps ldp
hops-count.
Example
Set the maximum value of path vector to be 23
[3Com] mpls ldp path-vectors 23
View
System view or remote-peer view
Parameter
Index: Index of remote peer, used to identify an entity. It ranges from 0 to 99.
Description
Using the mpls ldp remote-peer command, you can create a remote-peer entity
and enter remote-peer view. Using the undo mpls ldp remote-peer command,
you can delete a remote-peer entity.
Example
Create a remote-peer.
[3Com] mpls ldp remote-peer 22
[3Com-mpls-remote22]
Delete a remote-peer.
[3Com-mpls-remote22] undo mpls ldp remote-peer 12
[3Com]
View
Interface view
Parameter
peer-address: Corresponding LDP Peer address (in IP address format).
Description
Using the mpls ldp reset-session command, you can reset a specified session on
an interface.
After LDP is configured on an interface and LDP session is created, this command
can be used to reset a specified session on the interface only by specifying the
address of the peer corresponding to the session to be reset.
For the related commands, see mpls ldp and mpls ldp enable.
Example
Reset the sessions at the interface Ethernet0/0/0.
[3Com-Ethernet0/0/0] mpls ldp reset-session 10.1.1.1
View
Interface view, remote-peer view
Parameter
hello hello-holdtime: Specifies hold time of hello timer, in seconds and the range
of 6 seconds to 65535 seconds.
Description
Using the mpls ldp timer command, you can set the duration of a Hello timer.
Using the undo mpls ldp timer command, you can restore the default value.
Timeout of Hello timer means that the adjacency relation with the peer is down,
while timeout of hold timer means that the session relation with the peer is down.
Generally speaking, the default value can be directly adopted. In special cases, it
needs to be modified according to requirements. It should be noted that the
modification of hello parameter may cause the original session to be recreated and
the LSP created on the basis of this session will also be deleted and needs to be
recreated.
For the related commands, see mpls ldp and mpls ldp enable.
Example
Modify the duration of a Hello timer.
[3Com-Ethernet3/0/0] mpls ldp timer hello 30
View
Interface view
Parameter
interface: Takes the IP address of the interface as the transport address.
Description
Using the mpls ldp transport-ip command, you can configure an LDP transport
address. Using the undo mpls ldp transport-ip command, you can restore the
default LDP transport address.
For a remote-peer, the configuration of transport address is not supported and its
transport address is fixed as an LSR ID.
Example
Take the address of the local interface as a transport address.
[Quidwa-Ethernet3/0/0] mpls ldp transport-ip interface
remote-ip Syntax
remote-ip remoteip
View
Remote-peer view
Parameter
remote-ip: IP address of a remote peer.
Description
Using the remote-ip command, you can configure a remote IP address. The
address should be the LSR ID of the remote LSR. For remote peers, as they adopt
LSR ID as their transport address, two remote peers take their LSR ID as their
transport addresses for creating TCP connection.
Example
Configure the address of remote-peer.
[3Com] mpls ldp remote-peer 12
[3Com-remote-peer12] remote-ip 192.168.1.
BGP/MPLS VPN
Configuration
Commands
View
Route-policy view
Parameter
vpn-name: Name of the configured VPN instance. At most, 6 VPN names can be
configured.
Description
Using the apply access-vpn vpn-instance command, you can specify packet to
search private network forwarding route in vpn-name1, vpn-name2, vpn-name3,
vpn-name4, vpn-name5, vpn-name6(if they all exist) and perform the
BGP/MPLS VPN Configuration Commands 779
corresponding forwarding after policy route to be enabled. Using the undo apply
access-vpn vpn-instance command, you can remove this function.
Example
Specify the configured VPN instance.
[3Com-route-policy] apply access-vpn vpn-instance vpn1
View
User view
Parameter
keepalive: Displays BGP keepalives.
Description
The debugging bgp command you can display the information concerning BGP
processing. The undo debugging bgp command you can disable debugging
function.
Example
<3Com> debugging bgp vpnv4
description Syntax
description vpn-instance-description
undo description
780 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
View
Vpn-instance view
Parameter
vpn-instance-description: Specify the description information of VPN instance.
Description
Using the description command, you can configure description information for
specified VPN instance. Using the undo description command, you can remove
the description of VPN instance.
Example
Display description information of VPN.
[3Com-vpn-vpna] description 3com
View
Any view
Parameter
all: Displays all VPNv4 database.
Description
Using the display bgp vpnv4 command, you can display VPNv4 information in
BGP database.
Example
Display the information about all BGP VPNV4 peers.
[3Com] display bgp vpnv4 all
BGP local router ID is 1.1.248.23
Status codes: s suppressed, d damped, h history, * valid, > best, i internal
Origin codes: i – IGP, e – EGP, ? - incomplete
Network Next Hop Label Metric LocPrf Path
Route Distinguisher:100:9 (default for vpn-instance vpn-instance_1)
BGP/MPLS VPN Configuration Commands 781
View
Any view
Parameter
vpn-instance-name: Name assigned to vpn-instance.
Description
Using the display ip routing-table vpn-instance command, you can view the
specified information in the IP routing table of vpn-instance.
Example
Display the IP routing table associated with the vpn-instance.
[3Com] display ip routing-table vpn-instance vpn-instance1
Routing Table: vpn-instance1 RD: 1233:11
Destination/Mask ProtoPreMetric Nexthop Interface
192.1.1.0/24 Direct0 0192.1.1.1 GigabitEthernet1/0/0
192.1.1.1/32 Direct0 0127.0.0.1 InLoopBack0
192.1.1.255/32 Direct0 0127.0.0.1 InLoopBack0
View
Any view
Parameter
vpn-instance-name: Name assigned to vpn-instance.
Description
Using the display ip vpn-instance command, you can view such information
associated with vpn-instance as the VPN instance RD, description and associated
interface.
Example
Display the information about vpn-instance 3Com.
[3Com] display ip vpn-instance 3com
VPN-Instance : vpn1
No description
Route-Distinguisher : 100:6
Interfaces :
782 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
Ethernet0/0/0.101
View
Any view
Parameter
None
Description
Using the display ospf sham-link command, you can view the information of
sham links.
Example
Display the information of sham links.
<3Com>display ospf sham-link
OSPF Process 1 with Router ID 1.1.1.1
Sham Links
Sham-link 3.3.3.3 -> 5.5.5.5, State: Down
Area: 0.0.0.1
Cost: 1 State: Down Type: Sham
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
View
Any view
Parameter
include text: Displays the MPLS L3VPN LSPs with the specified FEC string.
Description
Using the display mpls l3vpn-lsp include command, you can view the
information of MPLS L3VPN LSPs.
Example
Display the label swith path vpn-instance relative information of mpls l3vpn.
<3Com> display mpls l3vpn-lsp transit
--------------------------------------------------------------------LSP Information: L3vpn Transit Lsp
--------------------------------------------------------------------
TOTAL: 0 Record(s) Found.
View
Any view
Parameter
transit: LSP of ASBR VPN
include text: Displays the MPLS L3VPN LSPs with the specified FEC string.
Description
Using the display ip routing-table vpn-instance command, you can view the
vpn-instance information of MPLS L3VPN LSPs.
Example
Display the vpn-instance information of MPLS L3VPN LSPs.
<3Com> display mpls l3vpn-lsp transit
--------------------------------------------------------------------LSP Information: L3vpn Transit Lsp
--------------------------------------------------------------------
TOTAL: 0 Record(s) Found.
domain-id Syntax
domain-id { id-number | id-addr }
undo domain-id
View
OSPF protocol view
Parameter
id-number: Domain ID for a VPN instance, in range of 0~4294967295. By default,
it is 0.
Description
Using the domain-id command, you can specify domain ID for a VPN instance.
Using the undo domain-id command, you can restore the default domain ID.
784 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
The specified domain ID will not take effect until the reset ospf command is
executed.
Example
Configure domain ID 100 for OSPF procedure 100.
[3Com-ospf-100]domain-id 100
[3Com-ospf-100]domain-id 0.0.0.100
import-route Syntax
import-route { ospf | ospf-ase | ospf-nssa } [ process-id ] [ med value | route-policy
route-policyname ]
View
BGP unicast/multicast VPN-instance address family view, MBGP Interface
VPN-instance address family view
Parameter
process-id: OSPF procedure ID. By default, it is 1.
ospf: When only OSPF procedure ID is imported, ASE internal route is taken as
external route information.
Description
Using the ip binding vpn-instance command, you can enable to import OSPF
route. Using the undo ip binding vpn-instance command, you can disable to
import OSPF route.
BGP/MPLS VPN Configuration Commands 785
Example
Enable to import an OSPF route with procedure ID 100.
[3Com] ip vpn-instance sphinx
[3Com-vpn-sphinx] route-distinuisher 168.168.55.1:85
[3Com-vpn-sphinx] quit
[3Com] bgp 352
[3Com-bgp] ip vpn-instance sphinx
[3Com-bgp-af-vpn-instance] import-route ospf 100
View
Interface view
Parameter
vpn-instance-name: Name assigned to vpn-instance.
Description
Using the ip binding vpn-instance command, you can connect an interface or
sububterface with a vpn-instance. Using the undo ip binding vpn-instance
command, you can remove the connection.
The IP address of the interface will be removed if executing this command on it, so
the IP address of the interface needs to be reconfigured.
Example
Bind VPN instance vpn1 to the interface atm0/0/0.
[3Com] interface atm1/0/0
[3Com-Atm1/0/0] ip binding vpn-instance vpn1
ip route-static Syntax
vpn-instance ip route-static vpn-instance { vpn--name1 vpn-name2 …| ip-address1 } { mask |
mask-length } { interface-name | [ vpn-instance vpn-name-nexthop ip-address2 ] } [
public ] [ preference preference-value ] [ reject | blackhole ]
View
System view
Parameter
vpn-name: Name of VPN instance can be configured 6 names at most.
786 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
Description
Using the ip route-static vpn-instance command, you can configure static route,
specifying a private network interface as the out-interface of this static route. In
the application background of multi-role host, you can configure a static route in a
private network with an interface of another private network or public network as
its out-interface. Using the undo ip route-static vpn-instance command, you
can remove the configuration of this static route.
Example
Configure static route with destination address 100.1.1.1, next hop address
1.1.1.2.
[3Com] ip route-static vpn-instance vpn1 100.1.1.1 16 vpn-instance vpn1 1.1.1.2
ip vpn-instance Syntax
ip vpn-instance vpn-name
View
System view, routing protocol view
Parameter
vpn-name: Name assigned to vpn-instance.
Description
Using the ip vpn-instance command, you can create and configure a
vpn-instance. Using the undo ip vpn-instance command, you can delete the
specified vpn-instance.
By default, vpn-instance is not defined. Neither input nor output list is associated
with vpn-instance. No route-map is associated with vpn-instance.
BGP/MPLS VPN Configuration Commands 787
Example
Create VPN instance vpn1.
[3Com] ip vpn-instance vpn1
[3Com-vpn-vpn1]
ipv4-family Syntax
ipv4-family [ vpnv4 [ unicast ] | multicast | vpn-instance vpn-instance-name ]
View
BGP view
Parameter
multicast: IPv4 multicast address used by the address family. This parameter is
used to enter MBGP multicast address family view.
Description
Using the ipv4-family command, you can enter BGP IPv4 address family view or
MBGP VPNv4 address family view. Using the undo ipv4-family command, you
can delete the configuration of specified address family view or MBGP VPNv4
address family view.
Use this command to enter address family view and configure parameters
associated with address family for BGP in this view.
Example
Associate the specified vpn-instance example with IPv4 address family to enter
MBGP vpn-instance address family view, which can be configured only after
vpn-instance has been configured.
[3Com] bgp 100
788 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
ospf Syntax
ospf process-id [ router-id router-id-number ] [ vpn-instance vpn-instance-name ]
View
System view
Parameter
process-id: OSPF procedure ID. By default, it is 1.
Description
Using the ospf command, you can an enable OSPF procedure. Using the undo
ospf command, you can disable an OSPF procedure.
After enabling OSPF procedure, you can perform OSPF configurations in the OSPF
protocol view.
VRP supports multiple OSPF procedures, so you can specify different procedure IDs
to enable multiple OSPF procedures on a router.
If router ID is not specified in enabling OSPF procedure, but binding the procedure
with a VPN instance is required. An interface must exist that has been configured
with IP address.
If you want to bind a procedure to a VPN instance, you must specify VPN instance
name.
One VPN instance may include several procedures. For example, for the VPN
instance 1, you can configure it into OSPF procedures 1, 2 and 3 with the
BGP/MPLS VPN Configuration Commands 789
But one procedure can belong to only one instance. If you have executed ospf 1
vpn-instance vpn1, you cannot configure ospf 1 vpn-instance vpn2. Otherwise,
the system prompts the information “Wrong configuration. Process 1 has been
bound to vpn-instance VRF1”. If you configure ospf 1 first and then execute ospf 1
vpn-instance vpn1, the system prompts the information “Wrong configuration.
Process 1 has been running in public domain”.
If you execute ospf 1 vpn-instance vpn1 first and then configure ospf 1, the system
enters ospf 1 vpn-instance vpn1 view, in which the commands ospf 1 and ospf 1
vpn-instance vpn1 are equivalent.
When an OSPF procedure is bound to a VPN instance, the default OSPF router is PE
router. After executing the display ospf process-id brief command, you will get
the information “PE router, connected to VPN backbone”.
CAUTION:
If you bind an OSPF procedure to a nonexistent VPN instance, the command fails
in executing and the system prompts the information “Specified vpn instance not
configured”.
Example
Enable the default OSPF procedure 1.
[3Com] router id 10.110.1.8
[3Com] ospf
Enable OSPF procedure 100, specify its route ID as 2.2.2.2 and bind it to the VPN
instance vpn1.
[3Com] ospf 100 router-id 2.2.2.2 vpn-instance vpn1
[3Com-ospf-100]
View
BGP view, MBGP IPv4-family view
Parameter
group-name: Name of the peer group
asn-limit: The maximum number allowed in received route updates of the local
autonomous system number AS.
Description
Using the peer allow-as-loop command, you can enable route loop detection in
the received route updates in hub&spoke networking mode. Using the undo peer
allow-as-loop command, you can prohibit loop to occur in the received route
updates.
In the case of standard BGP, BGP tests routing loop via AS number. In the case of
Hub&Spoke networking, however, PE carries the AS number of the local
autonomous system when advertising the routing information to CE, if EBGP is
run between PE and CE. Accordingly, the updated routing information will carry
the AS number of the local autonomous system when route update is received
from CE. In this case, PE cannot receive the route update information.
Example
Enable route loop detection in the received route updates.
[3Com-bgp] ipv4-family vpn-instance one
[3Com-bgp-af-vpn-instance] peer 1.1.1.1 allow-as-loop 1
View
BGP view, MBGP vpn-instance view
Parameter
group-name: Peer group name.
Description
Using the peer as-number command, you can configure the remote AS number
of the specified peer (group). Using the undo peer as-number command, you
can remove the remote AS number of the specified peer (group).
Example
Set the remote AS number of the specified peer (group) to 100.
[3Com-bgp] peer test as-number 100
View
BGP view, MBGP VPNv4 view
Parameter
group-name: Peer group name
Description
Using the peer enable command, you can enable the specified peer (group).
Using the undo peer enable command, you can disable the specified peer
(group).
Example
Enable the peer (group) 168.
[3Com-bgp-af-vpn] peer 168 enable
View
BGP view, MBGP vpn-instance view
Parameter
group-name: Peer group name.
Description
Using the peer connect-interface command, you can configure to allow the
internal BGP session to use any operable interface that connects with TCP. Using
the undo peer connect-interface command, you can restore to use the best
local address to implement TCP connection.
By default, BGP uses the best local address to implement TCP connection.
Generally, BGP uses the best local address to implement TCP connection. In order
to make the TCP connection valid even when the interface fails, the internal BGP
session can be configured to be allow use of any operable TCP-connected
interface (For example, Loopback interface).
Example
Allow the internal BGP session to use any operable interface that connects with
TCP.
[3Com-bgp-af-vpn-instance] peer 1.1.1.1 connect-interface loopback 0
peer Syntax
default-route-advertise peer { group-name | peer-address } default-route-advertise
View
BGP view, MBGP IPv4-family view
Parameter
group-name: Peer group name.
Description
Using the peer default-route-advertise command, you can enable a peer
(group) to import a default route. Using the undo peer default-route-advertise
command, you can remove the existing setting.
This command does not require any default route in the routing table but
transmits a default route whose next hop address is itself to the peer
unconditionally.
Example
Enable the peer (group) test to import a default route.
[3Com–bgp] peer test as-number
[3Com–bgp] peer test default-route-advertise
View
BGP view, MBGP IPv4-family view
Parameter
group-name: Peer group name.
Description
Using the peer next-hop-local command, you can remove the processing of the
next hop in the routes that BGP advertises to a peer (group) and configure to use
its self-address as the next-hop. Using the undo peer next-hop-local command,
you can remove the existing setting.
Example
Specify the local IP address as the next hop in BGP's route advertising to the peer
(group).
[3Com-bgp-af-vpn] peer test next-hop-local
View
BGP view, MBGP IPv4-family view
Parameter
group-name: Peer group name.
Description
Using the peer public-as-only command, you can configure not to carry private
AS number when transmitting BGP update packets. Using the undo peer
public-as-only command, you can configure to carry private AS number when
transmitting BGP update packets.
Generally, BGP carries the AS number (either public or private AS number) when
transmitting BGP update packets. BGP can be configured not to carry the private
AS number so that some output routers may ignore the private AS number when
transmitting BGP update packets.
Example
Send MBGP update packets without bearing private AS number.
[3Com-bgp-af-vpn] peer 168 public-as-only
794 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
View
BGP view
Parameter
peer-address: IP address of a peer.
Description
Using the peer upe command, you can configure BGP peer as the UPE of
hierarchical BGP/MPLS VPN. Using the undo peer upe command, you can remove
this configuration.
Example
Configure BGP peer as the UPE of hierarchical BGP/MPLS VPN.
[3Com-bgp] ipv4-family vpnv4
[3Com-bgp-af-vpn] peer 1.1.1.1 upe
route-distinguisher Syntax
route-distinguisher route-distinguisher
View
vpn-instance view
Parameter
route-distinguisher: Configures a VPN IPv4 prefix by adding an 8-byte value to a
IPv4 prefix.
Description
Using the route-distinguisher command, you can configure RD for an MPLS VPN
instance. A vpn-instance cannot run until it is configured with an RD.
A route distinguisher (RD) creates route and forwarding list for a VPN and specify
default route identifier. Add RD to a specific IPv4 prefix start to make it the only
VPN IPv4 prefix.
Example
Configure RD for the MPLS VPN instance.
BGP/MPLS VPN Configuration Commands 795
route-tag Syntax
route-tag tag-number
undo route-tag
View
OSPF protocol view
Parameter
tag-number: Tag value to identify VPN import route, in range of 0~4294967295.
By default, its first two fields are fixed to 0xD000, while the last two fields are the
ASN of local BGP. For example, if local BGP ASN is 100, then the default tag value
in decimal is 3489661028.
Description
Using the route-tag command, you can specify a tag value to identify VPN import
route. Using the undo route-tag command, you can restore the default value.
If a VPN site is linked to multiple PEs, when the route learned from MPLS/BGP is
advertised by a PE router via its type-5 or type-7 LSA to the VPN site, the route may
be received by another PE router. This will result in route loop. To avoid route loop,
you should configure route-tag and it is recommended to configure the same
route-tag for the PEs in the same VPN domain. The route-tag is included in the
type-5/-7 LSA. The route-tag is not transmitted in the extended community
attributes of BGP, but can only be configured and function on the PE router which
receives BGP route and generates OSPF LSA.
If the route-tag included in the type-5/-7 LSA is identical with its existing tag, the
LSA received will be neglected in route calculation.
CAUTION: The route-tag configured will not take effect until the reset ospf
command is executed.
Example
Configure route-tag 100 to OSPF procedure 100.
796 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
vpn-target Syntax
vpn-target vpn-target-ext-community [ import-extcommunity | export-extcommunity |
both ]
View
Vpn-instance view
Parameter
import-extcommunity: Ingress route information from the extended community of
target VPN.
both: Imports ingress and egress route information to the extended community of
target VPN.
Description
Using the vpn-target command, you can create vpn-target extended community
for vpn-instance. Using the undo vpn-target command, you can remove the
vpn-target extended community attribute.
The vpn-target command you can create ingress and egress route target
extended community list for specified vpn-instance. Execute this command once
for each target community. Import the received route bearing the specific route
target extended community to all vpn-instances, which are configured extended
community as ingress route target. Vpn-target specifies a target VPN extended
community. Same as RD, an extended community is either composed with an
autonomous system number and an arbitrary number or composed with an IP
address and an arbitrary number.
Example
Create vpn-target extended community for the vpn-instance.
[3Com] ip vpn-instance vpn_red
BGP/MPLS VPN Configuration Commands 797
View
MBGP vpn-instance view
Parameter
limit: Specifies the route maximum allowed in a vpn-instance.
warn threshold: Rejects routes when the threshold value is reached. This threshold
value is the percentage of the specified route maximum from 1 to 100.
simply-alert: When the route maximum specified for a vpn-instance exceeds the
threshold, routes can be added and only a SYSLOG error message is sent out.
Description
Using the routing-table limit command, you can limit the route maximum in a
vpn-instance, to avoid too many routes in the ingress interface of the PE router.
Using the undo routing-table limit command, you can remove the limitation.
Example
[3Com] ip vpn-instance vpn1
[3Com-vpn- vpn1] route-distinguisher 100:1
[3Com-vpn- vpn1] vpn-target 100:1 import-extcommunity
[3Com-vpn- vpn1] routing-table limit 1000 simply-alert
sham-link Syntax
sham-link source-addr destination-addr [ cost cost-value ] [ dead seconds ] [ hello
seconds ] [ md5 keyid key seconds ] [ retransimit seconds ] [ simple password ] [
trans-delay seconds ]
View
OSPF area view
798 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
Parameter
source-addr: Source address of sham-link, a loopback interface address with 32-bit
mask
dead seconds: Specifies interval for the dead timer, in range of 1~8192 seconds.
By default, it is 40 seconds. It must be consistent with the dead seconds value for
sham link peer.
trans-delay seconds: Specifies delay period for LSA message transmission at the
interface, in range of 1~8192 seconds. By default, it is 1 second.
Description
Using the sham-link command, you can configure a sham link. Using the undo
sham-link command, you can delete a sham link.
In the OSPF PE-CE connection, suppose that in an OSPF area there are two sites
which belong to the same VPN, with each connected to different PE router and an
intra-domain link (backdoor) established between them. Though there may be
other routes connecting the two sites via the PE router, these routes are just
intra-domain routes, so OSPF will select those routes through the backdoor first.
Sometimes, the routes through VPN backbone are desired to be selected first, then
it is required to establish sham link between PE routers. In this case, the routes
through VPN backbone are of the highest priority within the OSPF area.
The sham link between VPN PE routers is taken as a link within the OSPF area. Its
source and destination addresses are both loopback interface addresses with
32-bit mask. This loopback interface must be bound with a VPN instance and
imported into BGP through a direct-connect route. The optional parameters can
be appended in the sham link command and only those appended in the sham
link command can be selected in the undo command.
BGP/MPLS VPN Configuration Commands 799
■ CAUTION
The source and destination addresses of a sham link are both loopback interface
addresses with 32-bit mask. This loopback interface must be bound with a VPN
instance and imported into BGP through a direct-connect route.
The source and destination addresses of a sham link cannot be the same.
The same sham link cannot be configured in the different OSPF procedures.
Example
Configure a sham link, with source address 1.1.1.1 and destination address
2.2.2.2.
[3Com-ospf-100-area-0.0.0.1] sham-link 1.1.1.1 2.2.2.2 cost 100
vpn-instance-capability Syntax
simple vpn-instance-capability simple
undo vpn-instance-capability
View
OSPF protocol view
Parameter
None
Description
Using the routing-table limit command, you can configure a router as
Multi-VPN-Instance CE. Using the undo routing-table limit command, you can
remove the configuration.
When OSPF procedures are bound with VPN instances, the default OSPF router
serves as PE router. This command will remove the default configuration and
change a router into Multi-VPN-Instance CE. Then OSPF procedure will set up all
peers again. DN bits and route-tag will not be check in routing calculation. To
prevent route loss, loop test function is disabled on PE routes. MGP/OSPF
interoperability is also disabled to save system resources.
After the display ospf brief command is executed successfully, the system
prompts the information “Multi-VPN-Instance enable on CE router”.
CAUTION: OSPF process will set up all peers again after this command is run.
Example
Configure OSPF procedure 100 as Multi-VPN-Instance CE.
800 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
View
System view
Parameter
interface-type interface-number: Interface for the remote connection.
Description
Using the ccc interface transmit-lsp receive-lsp command, you can create a
remote CCC connection. Using the undo ccc command, you can delete a remote
CCC connection.
Example
Create a remote CCC connection clink, with the transmit-LSP being tlsp and the
receive-LSP being rlsp.
[3Com-Ethernet3/0/0] ccc clink interface serial0/0/0 transmit-lsp tlsp receive-lsp rlsp
View
System view
MPLS L2VPN CCC Configuration Commands 801
Parameter
ccc-connection-name: CCC connection name of 1 to 20 characters, which is used
for uniquely identifying the CCC inside the PE.
Description
Using the ccc interface out-interface command, you can create a local CCC
connection. Using the undo ccc command, you can delete the local CCC
connection.
The supported interfaces include serial, asynchronous serial, ATM, Ethernet, VE,
and GE interfaces, as well as ATM, Ethernet, and GE sub-interfaces.
Example
Create a local CCC connection clink, with two CEs connected respectively to
Ethernet0/0/0 and Ethernet2/0/0.
[3Com] ccc clink interface serial0/0/0 out-interface Ethernet 2/0/0
undo debugging mpls l2vpn { all | advertisement | error | event | connections [ interface
interface-name | interface-type interface-num ] }
View
User view
Parameter
all: Enables/Disables all L2VPN debugging.
Description
Using the debugging mpls l2vpn command, you can view L2VPN link
information. Using the undo debugging mpls l2vpn command, you can disable
the debug function.
Example
<3Com> debugging mpls l2vpn all
View
Any view
Parameter
ccc-name: Name of the connection to be displayed.
Description
Using the display ccc command, you can view CCC connection information.
Example
Display CCC connection information.
[3Com] display ccc c-link
View
MPLS view
Parameter
lsp-name: LSP name
Description
Using the static-lsp egress l2vpn command, you can configure a static LSP used
in L2VPN for egress LSR. Using the undo static-lsp egress l2vpn command, you
can delete an LSP used in L2VPN of egress LSR.
Two LSPs (one in each direction) should be created in advance before creating
remote CCC connection.
MPLS L2VPN CCC Configuration Commands 803
For related commands, see static-lsp ingress l2vpn and debugging mpls.
Example
Add the static LSP bj-sh at egress LSR.
[3Com-mpls] static-lsp egress bj-sh l2vpn incoming-interface serial8/0/0 in-label 233
View
MPLS view
Parameter
lsp-name: LSP name
Description
Using the static-lsp egress l2vpn command, you can configure a static LSP used
in L2VPN for ingress LSR. Using the undo static-lsp egress l2vpn command, you
can delete an LSP used in L2VPN of ingress LSR.
With this command, you can configure a static LSP for ingress LSR, as well as
setting preference and measurement value for it.
Two LSPs (one in each direction) should be created in advance before creating
remote CCC connection.
For related commands, see static-lsp egress lvpn, static-lsp transit, and
debugging mpls.
Example
Add the static LSP with destination address 202.25.38.1 at ingress LSR.
[3Com-mpls] static-lsp ingress bj-sh destination 202.25.38.1 24 nexthop 202.55.25.33
out-label 237
View
MPLS view
804 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
Parameter
lsp-name: LSP name
Description
Using the static-lsp transit command, you can configure a static LSP used in
L2VPN for transit LSR. Using the undo static-lsp transit command, you can
delete an LSP used in L2VPN of transit LSR.
Two LSPs (one in each direction) should be created in advance and configured to
the transit LSR before creating remote CCC connection.
For related commands, see static-lsp egress l2vpn and static-lsp ingress
l2vpn.
Example
Add a static LSP used in 12vpn for the Serial0/0/0 of transit LSR, with inbound
label being 123 and outbound label being 253.
[3Com-mpls] static-lsp transit bj-sh l2vpn incoming-interface serial0/0/0 in-label 123
nexthop 202.34.114.7 out-label 253
View
Any view
Parameter
interface-type interface -num: Interface type and interface number
Description
Using the display mpls static-l2vc command, you can view the connection
information of static MPLS L2VPN.
Example
Display basic information of static connection.
[3Com-Ethernet1/0/1] display mpls static-l2vc
total connections: 1, 0 up, 1 down
ce-intf state destination tr-label rcv-label tnl-type tnl-index
Martini MPLS L2VPN Configuration Commands 805
View
Interface view
Parameter
destination-ip-address: ROUTER ID of destination router.
Description
Using the mpls static-l2vc command, you can create an SVC MPLS L2VPN
connection. Using the undo mpls static-l2vc command, you can delete the
connection.
Example
Create SVC MPLS L2VPN connection.
[3Com-s1/1/0] mpls static-l2vc destination 192.1.1.1 transmit-vpn-label 333
receive-vpn-label 111
View
Any view
Parameter
verbose: Displays the detailed information.
Description
Using the display mpls l2vc command, you can view the VC information in LDP
mode.
806 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
Example
None
View
Interface view
Parameter
ip-address: lsr-id address of peer PE.
Description
Using the mpls l2vc command, you can create an LDP connection. Using the
undo mpls l2vc command, you can delete the connection.
Supporting interface types: Serial, Asy Serial, POS, ATM, ATM subinterface,
Ethernet, Ethernet subinterface, VE, GE, GE subinterface.
Enable MPLS L2VPN and encapsulate CCC on the interface before using this
command.
Example
Create LDP connection.
[3Com-Ethernet3/0/0] mpls l2vc 10.0.0.11
ce Syntax
ce name [ id id range range ] [ default-offset offset ] ]
undo ce name
View
Parameter
name: CE name, unique in the current PE VPN.
range: CE range, in other words, the maximum CE number local CE can connect
with, ranging from 1 to 100. Default value is 10.
Description
Using the ce command, you can create CE or modify CE range. Using the undo ce
command, you can delete CE.
After CE is created, the system will create a CE mode and all the configurations of
CE will be performed in this mode.
To facilitate VPN expansion, CE range can be configured larger than the real
capacity. But it’s a waste of identifier because the system will distribute an
identifier block as large as the CE range.
If the CE range is smaller than need in VPN expansion, for example, the CE range
is 10 while the needed CE number is 20, you can modify the CE range to 20.
Example
Create a CE for vpna, named “Marlborough,” with CEID being 1, range default
value being 10.
[3Com]mpls l2vpn
[3Com] mpls l2vpn vpna encapsulation ppp
[3Com-mpls-l2vpn-vpna] ce marlborough id 1
[3Com-mpls-l2vpn-ce-vpna-marlborough]
connection Syntax
connection [ ce-offset offset ] { interface interface-type interface-num }
View
MPLS L2VPN CE view
Parameter
offset: Specifies remote CE ID for L2VPN connection in establishing local
connection
Description
Using the connection command, you can create a CE connection. Using the
undo connection command, you can delete a CE connection.
Example
Establish a CE connection.
808 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
View
Any view
Parameter
all: All L2VPN information in local address family.
Description
Using the display bgp l2vpn all command, you can view system operating
information and all L2VPN information.
Example
Display all L2VPN information.
[3Com] display bgp l2vpn all
BGP local router ID is 172.16.1.5 , Origin codes: i - IGP, e - EGP, ? - incomplete
bgp.l2vpn: 3 destinations
CE ID Label Offset Label Base nexthop pref as-path
Route Distinguisher: 100:1
2 1 800000 1.1.1.1 100 I 200 600
3 1 500000 1.1.1.1 100 I 200 600
Route Distinguisher: 100:2
1 1 700000 1.1.1.1 100 I 200 600
View
Any view
Parameter
vclabel: VC label
Description
Using the display mpls l2vpn forwarding-info command, you can view the
L2VPN information under a specific interface.
Example
Display the L2VPN information under a specific interface.
[3Com] display mpls l2vpn forwarding-info interface serial1/0/0
Kompella MPLS L2VPN Configuration Commands 809
l2vpn-family Syntax
l2vpn-family
undo l2vpn-family
View
BGP view
Parameter
None
Description
Using the l2vpn-family command, you can create an L2VPN address family view.
Using the undo l2vpn-family command, you can delete the L2VPN address
family view.
Using this command, you can enter L2VPN address family view.
Example
Create L2VPN address family view.
[3Com] bgp 100
[3Com-bgp] l2vpn-family
[3Com-bgp-af-l2vpn]
View
System view
Parameter
None
Description
Using the mpls l2vpn command, you can enable L2VPN. Using the undo mpls
l2vpn command, you can disable L2VPN.
Example
Enter MPLS view, then configure LSR ID and enable MPLS.
[3Com] undo mpls
[3Com-mpls] mpls lsr-id 10.0.0.1
[3Com] mpls
Enable L2VPN.
[3Com] mpls l2vpn
View
System view
Parameter
vpn-name: Unique VPN name in PE with 1 to 20 bytes.
atm-aal5 | ethernet | fr | vlan | hdlc | ppp: VPN encapsulation types. The CCC
encapsulation type on CE interface must keep accordance with that of VPN when
creating BGP L2VPN connection. Otherwise, the connection can not be performed
normally.
Description
Using the mpls l2vpn encapsulation command, you can create Kompella MPLS
L2VPN and specify encapsulation mode. Using the undo mpls l2vpn
encapsulation command, you can remove the encapsulation.
After creating Kompella MPLS L2VPN, system will create a L2VPN mode, all the
parameters of which are configured in L2VPN mode.
Example
Create a Kompella MPLS L2VPN, named “3Com”, with encapsulation type being
vlan:
[3Com] mpls l2vpn 3Com encapsulation vlan
mtu Syntax
mtu mtu
View
L2VPN view
Parameter
mtu: Layer2 MTU value of VPN. MTU is defaulted as 1500.
Kompella MPLS L2VPN Configuration Commands 811
Description
Using the mtu command, you can configure MTU of Kompella MPLS L2VPN.
When configuring VPN layer2 mtu, the mtu value of the same VPN on different
PEs must be the consistent in the whole SP network. Otherwise, VPN will not work
normally.
Example
Configure the mtu of VPN “3Com” as 1000.
[3Com-l2vpn-3Com] mtu 1000
View
L2VPN address family view
Parameter
group-name: Peer group name, specifying the whole peer group.
Description
Using the peer enable command, you can activate specified peer (group) in
L2VPN address family view. Using the undo peer enable command, you can
deactivate specified peer (group) in L2VPN address family view.
By default, unicast peer (group) of IPv4 address family is activated, while other
peer (groups) are deactivated.
Example
Activate the peer (group) 192 in the L2VPN address family view.
[3Com-bgp] peer 1.1.1.1 as-number 100
[3Com-bgp] l2vpn-family
[3Com-bgp-af-l2vpn] peer 1.1.1.1 enable
812 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
SECURITY
9
This chapter describes security commands for the 3Com routers.
AAA Configuration
Commands
access-limit Syntax
access-limit { disable | enable max-user-number }
undo access-limit
View
ISP domain view
Parameter
disable: No limit to the supplicant number in the current ISP domain.
enable max-user-number: Specifies the maximum supplicant number in the
current ISP domain, ranging from 1 to 1024
Description
Using the access-limit command, you can configure a limit to the amount of
supplicants in the current ISP domain. Using the undo access-limit command,
you can restore the limit to the default setting.
By default, there is no limit to the amount of supplicants in the current ISP domain.
This command limits the amount of supplicants contained in the current ISP
domain. The supplicants may contend with each other for the network resources.
So setting a suitable limit to the amount will guarantee the reliable performance
for the existing supplicants.
Example
# Set a limit of 500 supplicants for the ISP domain "3com163.net".
[3Com-isp-3com163.net] access-limit enable 500
View
ISP domain view
814 CHAPTER 9: SECURITY
Parameter
None
Description
Using the accounting optional command, you can enable optional accounting.
Using the undo accounting optional command, you can disable it.
Example
# Enable optional accounting for users in the domain “3com163.net”.
[3Com] domain 3com163.net
View
Any view
Parameter
domain isp-name: Displays all the user connections belonging to the ISP domain
specified by isp-name, a character string not exceeding 24 characters. The
specified ISP domain must an existing one.
Description
Using the display connection command, you can view the relevant information
on the specified user connection or all the connections. The output can help you
troubleshoot user connections.
Example
# Display the relevant information of all the users.
<3Com> display connection
View
Any view
Parameter
isp-name: Specifies the ISP domain name, with a character string not exceeding
24 characters. The specified ISP domain must be an exciting one.
Description
Using the display domain command, you can view the configuration of a
specified ISP domain or display the summary information of all ISP domains.
For the related commands, see access-limit, domain, scheme, state, display
domain.
Example
# Display the summary information of all ISP domains of the system.
<3Com> display domain
0 Domain = 2
816 CHAPTER 9: SECURITY
0 Domain = 2
Idle-cut = Disable
1 Domain = ls
Idle-cut = Disable
The following table describes information about the above terminal display.
Table 1 Information displayed after executing display domain (when no ISP domain is
specified)
Field Description
0 Domain=2 ISP domain index number domain name
State State
Access-limit Limit to the allowed number of access users
Default Domain Name name of the default ISP domain
View
Any view
Paramet
domain isp-name: Displays all the local users in the ISP domain specified by
isp-name, a character string not exceeding 24 characters. The specified ISP domain
must be an existing one.
service-type: Displays local users by specifying service type, which can be telnet,
ssh, terminal (terminal users logging on from Console, AUX, or Asyn port), ftp,
ppp, or PAD (X.25 PAD).
state { active | block }: Displays local users by specifying user state, where
active means users allowed to request for network services and block means the
opposite.
AAA Configuration Commands 817
Description
Using the display local-user command, you can view the relevant information on
the specified local user or all the local users. The output can help you troubleshoot
faults related to local user.
Example
# Display the relevant information of all the local users.
<3Com> display local-user
Idle-Cut: Disable
IP address: Disable
Field Description
State State
Idle-cut Idle-cut switch
Access-limit Limit to the allowed number of access users
Bind location Whether to be bound to ports
VLAN ID VLAN to which users beling
IP address IP address of user
MAC address MAC address of user
818 CHAPTER 9: SECURITY
domain Syntax
domain [ isp-name | default { disable | enable isp-name } ]
undo domain isp-name
View
System view
Parameter
isp-name: Specifies an ISP domain name. The name is expressed with a character
string not exceeding 24 characters, excluding "/", ": ", "*", "? ", "<", and ">".
default: Configures the default ISP domain. The default ISP domain of the system
is "system".
disable: Disables the configured default ISP domain. The users that have
usernames without a domain name are to be refused as a result.
Description
Using the domain command, you can configure an ISP domain or enter the view
of an existing ISP domain. Using the undo domain command, you can cancel a
specified ISP domain.
ISP domain is a group of users belonging to the same ISP. Generally, for a
username in the userid@isp-name format, gw20010608@3com163.net for
example, the isp-name ("3com163.net" in the example) following the "@" is the
ISP domain name. When an AAA server controls user access, for an ISP user whose
username is in userid@isp-name format, the system takes the part "userid" as
username for identification and takes the part "isp-name" as domain name.
For a router, each supplicant belongs to an ISP domain. The system supports to
configure up to 16 ISP domains.
When this command is used, if the specified ISP domain does not exist, the system
will create a new ISP domain. All the ISP domains are in the active state when
they are created.
For the related commands, see access-limit, scheme, state, and display
domain.
AAA Configuration Commands 819
Example
# Create a new ISP domain, 3com163.net, and enters its view.
[3Com] domain 3com163.net
[3Com-isp-3com163.net]
ip pool Syntax
ip pool pool-number low-ip-address [ high-ip-address ]
undo ip pool pool-number
View
System view, ISP domain
Parameter
pool-number: Address pool number, ranging from 0 to 99.
low-ip-address and high-ip-address: The start and end IP addresses of the
address pool. The number of in-between addresses cannot exceed 1024. If end IP
address is not specified, there will be only one IP address in the pool, namely the
start IP address.
Description
Using the ip pool command, you can configure a local address pool for assigning
addresses to PPP users. Using the undo ip pool command, you can delete the
specified local address pool.
By default, no local IP address pool is configured.
You can configure an IP address pool in system view and use the remote address
command in interface view to assign IP addresses from the pool to PPP users.
You can also configure an IP address pool in ISP domain view for assigning IP
addresses to PPP users in the current ISP domain. This applies to the case where an
interface serves a great amount of PPP users but with inadequate address
resources for allocation. For example, an Ethernet interface running PPPoE can
accommodate 4095 users at most. However, only one address pool with up to
1024 addresses can be configured on its Virtual Template (VT). This is obviously far
from what is required. To address the issue, you can configure address pools for
ISP domains and assign addresses from them to their PPP users.
For the related command, see remote address.
Example
# Configure the local IP address pool 0 with the address range of 129.102.0.1 to
129.102.0.10.
[3Com] domain 3com163.net
[3Com-isp-3com163.net] ip pool 0 129.102.0.1 129.102.0.10
level Syntax
level level
undo level
820 CHAPTER 9: SECURITY
View
Local user view
Parameter
level: Specifies user priority level, an integer ranging from 0 to 3.
Description
Using the level command, you can configure user priority level. Using the undo
level command, you can restore the default user priority level.
Example
# Set the priority level of the user to 3.
[3Com-luser-3com1] level 3
local-user Syntax
local-user user-name
undo local-user { user-name | all }
View
System view
Parameter
user-name: Specifies a local username with a character string not exceeding 80
characters, excluding "/", ":", "*", "?", "<" and ">". The @ character can be
used only once in one username. The username without domain name (the part
before @, namely the user ID) cannot exceed 24 characters. user-name is
case-insensitive, so UserA and usera are the same for example.
all: All the users.
Description
Using the local-user command, you can add a local user and enter the local user
view. Using the undo local-user command, you can remove the specified local
user.
Example
# Add a local user named 3com1.
AAA Configuration Commands 821
[3Com-luser-3com1]
local-user Syntax
password-display-mode
local-user password-display-mode { cipher-force | auto }
View
System view
Parameter
cipher-force: Forced cipher mode specifies that the passwords of all the accessed
users must be displayed in cipher text.
auto: The auto mode specifies that a user is allowed to use the password
command to set a password display mode.
Description
Example
Force all the local users to have passwords displayed in cipher text.
password Syntax
password { simple | cipher } password
undo password
View
Local user view
Parameter
simple: Specifies to display passwords in simple text.
cipher: Specifies to display passwords in cipher text.
password: Defines a password, which is a character string of up to 16 characters if
it is in simple text or of up to 24 characters if it is in cipher text.
822 CHAPTER 9: SECURITY
Description
Using the password command, you can configure a password for a local user.
Using the undo password command, you can cancel the password of the local
user.
If local-user password-display-mode cipher-force applies, the effort of
specifying in the password command to display passwords in simple text is
rendered useless.
For the related command, see display local-user.
Example
# Display the password of the user 3com1 in simple text, with the password being
20030422.
[3Com-luser-3com1] password simple 20030422
Scheme Syntax
scheme { radius-scheme radius-scheme-name | HWHWTACACS-scheme
HWHWTACACS-scheme-name | local | none }
undo scheme { radius-scheme | HWHWTACACS-scheme | none }
View
ISP domain view
Parameter
radius-scheme-name: RADIUS scheme, a character string not exceeding 32
characters
HWHWTACACS-scheme-name: HWHWTACACS scheme, a character string not
exceeding 32 characters
local: Local authentication
none: No authentication
Description
Using the scheme command, you can configure the AAA scheme to be
referenced by the current ISP domain. Using the undo scheme command, you
can restore the default AAA scheme.
The default AAA scheme in the system is local.
With this command, the current ISP domain can reference a
RADIUS/HWHWTACACS scheme that has been configured.
If the local or none scheme applies, no RADIUS or HWHWTACACS scheme can
be adopted.
For the related commands, see radius scheme and HWHWTACACS scheme.
Example
# Specify the current ISP domain, 3com163.net, to use the RADIUS scheme 3com.
[3Com-isp-3com163.net] scheme radius 3com
AAA Configuration Commands 823
service-type Syntax
service-type { telnet | ssh | terminal | pad }
undo service-type { telnet | ssh | terminal | pad }
View
Local user view
Parameter
telnet: Authorizes the user to use the Telnet service.
terminal: Authorizes the user to use the terminal service (login from the Console,
AUX or Asyn port).
Description
Using the service-type command, you can configure a service type for a
particular user. Using the undo service-type command, you can delete one or all
service types configured for the user.
For the related commands, see service-type ppp and service-type ftp.
Example
# Authorize the user to use the Telnet service.
[3Com-luser-3com1] service-type telnet
View
Local user view
Parameter
ftp-directory directory: Specifies a directory accessible for the FTP user.
Description
Using the service-type ftp command, you can specify a directory accessible for
the FTP user. Using the undo service-type ftp command, you can restore the
default directory accessible for the FTP user.
By default, no services of any type are authorized to any user and access of
anonymous FTP users is not allowed, but a user that is granted the FTP service is
authorized to access the root directory “flash:/”.
Example
# Authorize the user to use the FTP service.
[3Com-luser-3com1] service-type ftp
View
Local user view
Parameter
callback-nocheck: Specifies PPP user callback without authentication.
Description
Using the service-type command, you can configure the callback attribute and
caller number of the PPP user. Using the undo service-type command, you can
restore their default settings.
By default, PPP users are allowed to call back without authentication and no
callback number is specified; the system does not authenticate caller numbers of
ISDN users.
Example
# Set PPP user to call back without authentication.
[3Com-luser-3com1] service-type ppp callback-nocheck
state Syntax
state { active | block }
View
ISP domain view, local user view
Parameter
active: Configured to allow users in the current ISP domain or the current local
user to request for network services.
AAA Configuration Commands 825
block: Configured to block users in the current ISP domain or the current local
user to request for network services.
Description
Using the state command, you can configure the state of the current ISP domain
or local user.
By default, both ISP domain (in ISP domain view) and local user (in local user view)
are in the active state upon their creation (in ISP domain view).
Example
# Set the state of the current ISP domain "3com163.net" to block. The supplicants
in this domain cannot request for network services.
[3Com-isp-3com163.net] state block
acl Syntax
acl { number acl-number | name acl-name [ basic | advanced | interface ] } [ match-order
{ config | auto } ]
View
System View
Parameter
number: Defines a number-typed ACL ( access control list). The number used for
basic ACL is ranges from 1 to 99, and that for advanced ACL ranges from
100-199, and that for interface-based ACL ranges from 1000-1999.
config: Indicates to match the rule according to configuration oder that the user
configured them.
auto: Indicates to match the rule in automatic order (in acordance with “depth
first” principle._
Description
Using the acl command, you can create an access control list and enter ACL view.
Using the undo acl command, you can delete an access control list.
An access control list consists of a list of rules that are described by a series of
permit or deny sub-sentences. Several rule lists form an ACL. Before configuring
the rules for an access control list, you should create the access control list first.
When you create an access control list, you should specify the following
parameters:
Example
# Create an ACL numbered 10.
[3Com] acl number 10
[3Com-acl-basic-10]
[3Com-acl-adv-test]
[3Com-acl-if-int]
AAA Configuration Commands 827
View
Any view
Parameter
all: All ACL rules.
acl-number: ACL expressed by number.
acl-name: ACL expressed by name.
Description
Using the display acl command, you can view the rules of access control list.
The default match order of the system is the configuration order (config). If you
select match order as auto-match (auto), the system will display the information
with the match order as "auto". If the default match order (config) is selected,
the system will display without the configuration order information.
Example
# Display the contents of ACL1 rule.
[3Com-acl-basic-1] display acl 1
View
User View
Parameter
acl-number: ACL expressed by number.
acl-name: ACL expressed by name.
all: All ACL rules.
Description
Using the reset acl counter command, you can clear the statistics of access
control list.
Example
# Reset the statistics of access control list 1.
<3Com> reset acl counter 1
828 CHAPTER 9: SECURITY
rule Syntax
1.)> Create or delete a rule of a basic access control list.
rule [ rule-id ] { permit | deny } [ source source-addr source-wildcard | any ] [ time-range
time-name ] [ logging ] [ fragment ] [ vpn-instance vpn-instance-name ]
View
The first group of commands is used in basic ACL view.
The second group of commands is used in advanced ACL view.
The third group of commands is used in interface-based ACL view.
Parameter
In the rule command:
■ rule-id: ID of an ACL rule, optional, ranging from 0 to 127. If you specify a
rule-id, and the ACL rule related to the ID also exists, then the newly
defined rule will overwrite the old rule, just as editing an existing ACL rule.
If the rule-id you specify does not exist, a new rule related to the specified
rule-id will be created. If you do not specify the rule-id, it indicates to add a
new rule. The system will assign a rule-id to the ACL rule automatically and
add a new rule.
■ deny: Discards the qualified packets that meet the condition to pass.
■ permit: Permits the qualified packets.
■ protocol: protocol type over IP, expressed by name or number. The number
range is from 0 to 255, and the name range covers gre, icmp, igmp, ip,
ipinip, ospf, tcp and udp.
■ source: Optional, specify source address information of ACL rule. If it is not
configured, it indicates that any source address of the packets matches.
■ source-addr: Source IP address of packets in dotted decimal format. Or use
"any" to represent the source address 0.0.0.0 with the wildcard
255.255.255.255.
AAA Configuration Commands 829
■ fragment: Specifies that this rule is only valid for the fragment packets that
are not the first fragment. When this parameter is contained, it indicates
that the rule is only valid for the fragment packets that are not the first
fragment.
■ interface: Optional, specify the interface information of the packets. If it is
not specified, it indicates that all interfaces match.
■ interface-name: Specifies packets to enter from the interface. Or “any” can
be used to indicate all interfaces.
■ vpn-instance: Optional parameter specifying the vpn-instance to which the
packets belongs. If it is not specified, the ACL rule will be valid for the
packets in all the vpn-instances. If it is specified, the ACL rule will be valid
only for the specified vpn-instance.
■ vpn-instance-name: Specifies the name of a vpn-instance that existed.
■ In the undo rule command:
■ rule-id: ID of an ACL rule, it should be an existing ACL rule number. If the
command is not followed by other parameters, this ACL rule will be deleted
completely; otherwise, only part of information related to this ACL rule will
be deleted.
■ source: Optional. Only the information settings related to the source
address part of the ACL rule number will be deleted.
■ destination: Optional. Only the information setting related to the
destination address part of the ACL rule number will be deleted.
■ source-port: Optional. Only the information setting related to the source
port part of the ACL rule number will be deleted, valid only when the
protocol is TCP or UDP.
■ destination-port: Optional. Only the information setting related to the
destination port part of the ACL rule number will be deleted, valid only
when the protocol is TCP or UDP.
■ icmp-type: Optional. Only the information setting related to ICMP type and
message code part of the ACL rule number will be deleted, valid only when
the protocol is ICMP.
■ precedence: Optional. Only the setting of precedence configuration of the
ACL rule will be deleted.
■ tos: Optional. Only related tos setting corresponding to the ACL rule will be
deleted.
■ time-range: Optional. Only the setting corresponding to the time range
part of the ACL rule will be deleted.
■ logging: Optional. Only the setting corresponding to the logging part of
the ACL rule will be deleted.
■ fragment: Optional. Only the setting corresponding to the validity of
non-first packets fragmentation of the ACL rule will be deleted.
■ vpn-instance: Optional parameter. If it has been specified, the deletion
operation will delete only the settings involved the vpn-instance in the
specified ACL rule.
AAA Configuration Commands 831
Description
Using the rule command, you can add a rule in current ACL view. Using the undo
rule command, you can delete a rule.
The rule ID is needed when you try to delete a rule. If you do not know the ID,
using the display acl command to find it out.
Example
# Create ACL 101 and add a rule to prohibit the receiving or sending of RIP
packets.
[3Com] acl number 101
# Add a rule to permit hosts in the network segment 129.9.0.0 to send WWW
packet to hosts in the network segment 202.38.160.0.
# Add a rule to deny the WWW access (80) from the host in network segment
129.9.0.0 to the host in network segment 202.38.160.0, and log events that
violate the rule.
# Add a rule to permit the WWW access (80) from the host in network segment
129.9.8.0 to the host in network segment 202.38.160.0.
# Add a rule to prohibit all hosts from establishing Telnet (23) connection to the
host with the IP address 202.38.160.1.
# Add a rule to prohibit create UDP connections with port number greater than
128 from the hosts in network segment 129.9.8.0 to the hosts in network
segment 202.38.160.0
# Add a rule, denying the packets carrying the source address 1.1.1.1 from VPN
vrf1.
Add/delete a rule [ rule-id ] { deny | permit } [ type type-code type-mask | lsap lsap-code
MAC-based ACL rule lsap-mask ] ] [ source-mac sour-addr source-mask ] [ dest-mac dest-addr
dest-mask ]
832 CHAPTER 9: SECURITY
Parameter
type-code: Data frame type, a 16-bit hexadecimal number equivalent to the
type-code field in Ethernet_II and Ethernet_SNAP frames.
type-mask: A 16-bit hexadecimal number used for specifying the mask bits.
lsap-code: Encapsulation format of data frames, a 16-bit hexadecimal number.
lsap-mask: LSAP mask, a 16-bit hexadecimal number used to specify mask bits.
sour-addr: Source MAC address in the format of xxxx-xxxx-xxxx.
sour-mask: Source MAC address mask.
dest-addr: Destination MAC address in the format of xxxx-xxxx-xxxx.
dest-mask: Destination MAC address mask.
Ethernet Type-Code The following table lists the Ethernet type-code values recommended in RFC 1700
Values and their meanings.
Time-range
Configuration
Commands
View
Any view
Parameter
time-name: name of the time range.
836 CHAPTER 9: SECURITY
Description
Using the display time-range command, you can view the configuration and the
status of time range. For the active time range at present, it displays "active" and
for the inactive time range, it displays "inactive".
Since there is a time deviation when the system updates acl status, which is about
1 minute, but display time-range will display the information of time range at
the current time exactly. Thus, the following case may happen: use the command
display time-range to find that a time range is activated but the acl that should
be active in the time range is inactive. This case is normal.
Example
# Display all time ranges.
[3Com] display time-range all
time-range Syntax
time-range time-name [ start-time to end-time ] [ days ] [ from time1 date1 ] [ to time2
date2 ]
View
System view
Parameter
days: Indicates on which day of a week the time range is valid or from which day
in a week the time range is valid. The following parameters can be input:
Number (0 to 6);
from time1 date1: optional, which is used to indicate the start time and date. The
input format of time is hh:mm, which is shown with 24-hour type. The range of
hh is from 0 to 23 and the range of mm is from 0 to 59. The input format of date
is MM-DD-YYYY. DD can be in the value range from 1 to 31. MM is one number
in the range form 1 to 12 and YYYY is a 4-digit number. If no start time is set, it
means that there is no restriction on start time and only the end time should be
considered.
to time2 date2: Optional. It is used to indicate the end time and date. In addition,
the input format of time and date is the same with that of the start time. The end
time must be greater than the start time. If the end time is not set, it will be the
maximum time that the system can set.
Description
Using the time-range command, you can specify a time range. Using the undo
time-range command, you can delete a time range.
A time range consists of 2 parts, the first is the periodic time range within one
week described by the parameters start-time and end-time, depending on the
parameter days to specify on which day it is valid; the second is the time range
specified by from and to, which can be used to emphasize in what time range the
periodical time range is valid.
You can configure multiple time ranges with the same time-name. These time
ranges define a special time range all together and are expressed by name.
Example
# Configure the time range valid at 0:0 on Jan. 1, 2003, always valid.
[3Com] time-range test from 0:0 1-1-2003
# Configure the time range valid between 14:00 and 16:00 in every weekend
from 20:00 on Apr.01, 2003 to 20:00 on Dec.10, 2003.
[3Com] time test 14:00 to 16:00 off-day from 20:00 04-01-2003 to 20:00 12-10-2003
# Configure the time range valid between 8:00 and 18:00 in each working day.
# Configure the time range valid between 14:00 and 18:00 in each weekend day.
undo debugging firewall { all | icmp | tcp | udp | fragments-inspect | others } [ interface
interface-name ]
View
User view
Parameter
others: Debugging information of all the other packets except ICMP, TCP and
UDP.
Description
Using the debugging firewall command, you can enable the information
debugging of the firewall packet filtering. Using the undo debugging firewall
command, you can disable the information debugging of the firewall packet
filtering.
Example
# Enable the debugging information about UDP packet filtering.
[3Com] debugging firewall udp
View
Any view
Parameter
all: Displays the filtering packet statistics of all the interfaces.
interface: Displays the filtering packet statistics of a certain interface.
interface-name: Name of the interface.
fragments-inspect: Displays the fragment inspection information.
Description
Using the display firewall-statistics command, you can view the firewall
statistics.
Example
# Display the information of fragment inspection.
<3Com> display firewall-statistics fragments-inspect
View
System view
Parameter
permit: Default filter rule is permitting packets to pass.
deny: Default filter rule is denying packets to pass.
Description
Using the firewall default command, you can configure the default filtering rule
of the firewall, whether to be “permit” or “deny”.
Example
# Set the default filtering rule of the firewall to “deny”.
[3Com] firewall default deny
840 CHAPTER 9: SECURITY
View
System view
Parameter
none.
Description
Using the firewall enable command, you can enable the firewall. Using the
undo firewall enable command, you can disable the firewall.
Example
# Enables the firewall
[3Com] firewall enable
firewall Syntax
fragments-inspect
Firewall fragments-inspect
View
System view
Parameter
none
Description
Using the firewall fragments-inspect command, you can enable fragment
inspection switch. Using the undo firewall fragments-inspect command, you
can disable fragment inspection switch.
This command is the premise of realizing exact match. Only after fragment
inspection switch is enabled, can fragment exact match be implemented. Packet
filtering firewall will record the status of a fragment, and perform the exact
matching to advanced ACL rules according to the information beyond the layer 3
(IP layer).
Packet filtering firewall will consume some system resources for recording the
fragment status. If the exact match mode is not used, you are recommended to
disable this function so as to improve the running efficiency of system and reduce
the system cost.
Ethernet Type-Code Values 841
Only when the fragment packet inspection is enabled, can the exact match really
take effect.
Example
# Enable the fragment inspection switches
[3Com] firewall fragments-inspect
firewall Syntax
fragments-inspect { high
firewall fragments-inspect { high | low } { default | number }
| low }
undo firewall fragments-inspect { high | low }
View
System view
Parameter
high number: Specifies the high threshold of the fragment status records. It is in
the range from 100 to 10000.
low number: Specifies the low threshold of the fragment status records. It is in the
range from 100 to 10000.
default: Default number of fragment status records. The default high threshold of
the fragment status records is 2000 and the default low threshold of the fragment
status records is 1500.
Description
Using the firewall fragments-inspect { high | low } command, you can
configure the high and low thresholds of records for fragment inspection. Using
the undo firewall fragments-inspect { high | low } command, you can restore
the default high and low thresholds.
If fragment inspection switch is enabled and exact match filtering is applied, the
executing efficiency of the packet filtering will be slightly reduced. The more
matching entries are configured, the more the efficiency is reduced. Therefore, the
(high and low) thresholds should be set. When the number of fragment status
records reaches the high threshold, those status entries first reserved will be
deleted till the number of records is below the low threshold.
Example
# Configure the high threshold for fragment packet inspection to 3000 and
configure the low threshold to the default value.
[3Com] firewall fragments-inspect high 3000
842 CHAPTER 9: SECURITY
View
Interface view
Parameter
Description
Using the firewall packet-filter command, you can apply the access control list
to the corresponding interface. Using the undo firewall packet-filter command,
you can delete the corresponding setting.
Interface-based ACL (namely ACL rule with sequence number from 1000 to 1999)
can only use the parameter outbound.
For related command, see acl, display acl and firewall fragments-inspect.
Example
# Apply access control list rule 101 to the "in" direction of the interface serial
1/0/0.
[3Com-Serial1/0/0] firewall packet-filter 101 inbound
View
User view
Parameter
all: Clears the filtering packet statistics of all the interfaces.
interface: Clears the filtering packet statistics of a certain interface.
interface-name: Name of the interface.
Ethernet Type-Code Values 843
Description
Using the reset firewall-statistics command, you can clear the firewall statistics.
Example
# Clear filtering packet statistics of the interface E3/1/0.
[3Com] reset firewall-statistics interface e3/1/0
844 CHAPTER 9: SECURITY
Example
# Specify the ISAKMP Sa duration for IKE proposal 10 as 600 seconds (10
minutes).
[3Com] ike proposal 10
ASPF Configuration
Commands
aging-time Syntax
aging-time { syn | fin | tcp | udp } seconds
View
ASPF policy view
Parameter
seconds: Specifies the idle timeout time of SYN, FIN, TCP and UDP session entries
respectively when the related packets are inspected. The default timeout time of
SYN, FIN, TCP and UDP is 30s, 5s, 3600s and 30s respectively.
Description
Using the aging-time command, you can configure SYN status waiting timeout
value and FIN status waiting timeout value of TCP, session entry idle timeout value
of TCP and UDP. Using the undo aging-time command, you can restore the
default value.
Before the aging-time expires, the system will retain the connections and the
sessions that have been set up.
For related commands, see display aspf all, display aspf policy, display aspf
session and display aspf interface.
Example
# Configure SYN status waiting timeout value of TCP as 20 seconds.
[3Com-aspf-policy-1] aging-time syn 20
aspf-policy Syntax
aspf-policy aspf-policy-number
View
System view
Parameter
aspf-policy-number: ASPF policy number, ranging from 1 to 99.
Description
Using the aspf-policy command, you can define an ASPF policy. For a defined
policy, the policy can be invoked through its policy number.
Example
# Define an ASPF policy and enter ASPF view.
[3Com] aspf-policy 1
[3Com-aspf-policy-1]
undo debugging aspf { all | verbose | events | ftp | h323 | http | rtsp | session | smtp | tcp
| timer | udp }
View
User view
Parameter
Description
Using the debugging aspf command, you can enable ASPF debugging function.
Using the undo debugging aspf command, you can disable ASPF debugging
function.
For the related commands, see display aspf all, display aspf policy, display
aspf session and display aspf interface.
Example
# Open all the switches of debugging aspf
<3Com> debugging aspf all
detect Syntax
detect protocol [ java-list acl-number ] [ aging-time seconds ]
View
ASPF policy view
Parameter
seconds: Configures the idle timeout time of the protocol, ranging from 10 to
43200 seconds. The default TCP-based timeout time is 3600 seconds, and the
default UDP-based timeout time is 30 seconds.
protocol: Name of the protocols supported by ASPF, the value can be ftp, http,
h323, smtp, rtsp, tcp and udp.
Description
Using the detect command, you can specify ASPF policy for application layer
protocols. Using the undo detect command, you can cancel the configuration.
When the protocol is HTTP, Java blocking is permitted.
For related commands, see display aspf all, display aspf policy, display aspf
session and display aspf interface.
Example
# Configure to specify an ASPF policy for HTTP protocol with policy number 1. At
the same time, permit Java blocking and set ACL1 to make ASPF able to filter Java
Applets from destination server 10.1.1.1.
ASPF Configuration Commands 847
[3Com-acl-basic-1] quit
[3Com] aspf-policy 1
View
Any view
Parameter
none
Description
Using the display aspf all command, you can view the information of all ASPF
policies and sessions.
Example
# View the information of ASPF policy and session.
[3Com] display aspf all
[ASPF Policy 1]
tcp timeout: 33
[Interface Configuration]
Interface: Ethernet0/0/0
Item Description
Session audit trail: The session logging function is disabled.
disabled
tcp syn wait-time TCP connected SYN status timeout value is 30 seconds.
tcp finnwait-time TCP connection FIN status timeout value is 5 seconds.
tcp idle-time Timeout for the idle-time of TCP session is 3600 seconds.
udp idle-time Timeout for the idle-time of UDP session is 30 seconds.
http java-list 1 timeout Detect the HTTP traffic and filter the Java Applets from some
particular sites by using ACL 1. The HTTP timeout time is set to
3000 seconds. “h323 timeout” indicates the timeout time of the
h323 session entry.
h323 timeout The policy inspects h323 traffic. The timeout time of h323 is 3600
seconds.
tcp timeout The policy inspects tcp traffic. The timeout time of tcp is 33
seconds.
Inbound ASPF policy No ASPF policy is configured in inbound direction of the interface
Ethernet0/0/0.
outbound ASPF policy ASPF policy 1 is configured in outbound direction of the interface
Ethernet0/0/0.
View
Any view
Parameter
none
Description
Using the display aspf interface command, you can view the interface
configuration of the inspection policy.
Example
# View the interface configuration of the inspection policy.
<3Com> display aspf interface
[Interface Configuration]
Interface: Ethernet0/0/0
Item Description
Inbound ASPF policy No ASPF policy is configured in inbound direction of the interface
Ethernet0/0/0.
outbound ASPF policy ASPF policy 1 is configured in outbound direction of the interface
Ethernet0/0/0.
View
Any view
Parameter
aspf-policy-number: ASPF policy number, ranging from 1 to 99.
Description
Using the the display aspf policy command, you can view the configuration of a
specific inspection policy.
Example
# Display the configuration information of the inspection policy with policy
number of 1.
[3Com] display aspf policy 1
[ASPF Policy 1]
tcp timeout: 33
View
Any view
Parameter
verbose: Displays the detail information of the sessions.
850 CHAPTER 9: SECURITY
Description
Using the display aspf session command, you can view the information of the
ASPF sessions.
Example
# Display the information of current ASPF sessions.
[3Com] display aspf session
[Established Sessions]
[ Session 0xC7E5E4 ]
[ Established Sessions ]
[ Session 0xC7E2B4 ]
AppProt: 21
Child: 0xCA9EA4,
Parent: 0x0
Interface: Ethernet1/0/0,
Direction: outbound
Timeout 00:02:00(120),
Item Description
TransProt: 6 Transport layer protocol is numbered 6, which
means that TCP is used.
AppProt: 21 Application layer protocol uses port 21, which
means that the sessions are FTP sessions
Interface: Ethernet1/0/0 Direction: outbound
ASPF policy is applied in outbound direction Bytes/Packets sent
of the interface Ethernet1/0/0
Bytes/Packets transmitted between the Timeout 00:02:00(120)
originating and responding sides of the
connection
ASPF Configuration Commands 851
Item Description
Timeout time set for the protocol is 120
seconds
View
Interface view
Parameter
aspf-policy-number: ASPF policy number used on the interface.
inbound: Applies ASPF policy in inbound direction of the interface.
outbound: Applies ASPF policy in outbound direction of the interface.
Description
Using the firewall aspf command, you can apply ASPF policy in specified
direction to an interface. Using the undo firewall aspf command, you can delete
the applied ASPF policy on the interface.
There are two concepts in ASPF, inbound interface and outbound interface. If the
router connects with both intranet and internet, and uses ASPF to protect the
servers of intranet, the router interface connected with intranet is regarded as
inbound interface and the one connected with internet is regarded as outbound
interface.
When ASPF is applied on outbound interface, ASPF will refuse the access of
intranet from internet users, but the returning packets of intranet users accessing
internet can pass the detection of ASPF.
Example
# Configure ASPF firewall function in outbound direction of the interface
ethernet1/0/0.
[3Com-Ethernet1/0/0] firewall aspf 1 outbound
View
ASPF policy view
Description
Using the log enable command, you can enable ASPF session logging function.
Using the undo log enable command, you can disable logging function.
852 CHAPTER 9: SECURITY
ASPF provides enhanced session logging function which can log all connections,
including connection time, source address, destination address, port in use and
transmitted bytes number.
For related command, see display aspf all, display aspf policy, display aspf
session, display aspf interface.
Example
# Enable ASPF session logging function.
[3Com-aspf-policy-1] log enable
PAM Configuration
Commands
View
Any view
Parameter
application-name: Specifies the name of application for PAM. Optional
applications include ftp, http, h323, smtp and rtsp.
port-number: Port number in the range from 0 to 65535.
Description
Using the display port-mapping command, you can view PAM information.
Example
# Display all PAM information.
[3Com] display port-mapping
port-mapping Syntax
port-mapping application-name port port-number [ acl acl-number ]
View
System view
Parameter
Description
Using the port-mapping command, you can establish a mapping from the port to
application layer protocol. Using the undo port-mapping command, you can
delete the PAM ingress defined by the user.
PAM supports two mapping mechanisms, general port mapping and host port
mapping based on basic ACL. The former is to establish the mapping relation
between a user-defined port number and an application protocol. For example,
mapping the port 8080 to the HTTP will make all the TCP packets destined to
8080 be regarded as HTTP packets. The latter is to map the self-defined port
number to the application protocol for the packets from some specific hosts. For
example, you can map the TCP packets using the port 8080, which destine to the
hosts residing on the segment 1.1.0.0 to be the HTTP packets. The range of hosts
will be specified by the basic ACL.
For the same port, general port mapping and host port mapping based on basic
ACL cannot be configured at the same time.
Example
# Map port 3456 to FTP service, with this configuration, all the data flows destined
to port 3456 will be regarded as FTP data flows.
[3Com] port-mapping ftp port 3456
Firewall Configuration
Commands
undo debugging firewall { all | icmp | tcp | udp | fragments-inspect | others } [ interface
interface-name ]
View
User view
Parameter
others: Debugging information of all the other packets except ICMP, TCP and
UDP.
Description
Using the debugging firewall command, you can enable the information
debugging of the firewall packet filtering. Using the undo debugging firewall
command, you can disable the information debugging of the firewall packet
filtering.
Example
# Enable the debugging information about UDP packet filtering.
[3Com] debugging firewall udp
View
Any view
Parameter
all: Displays the filtering packet statistics of all the interfaces.
interface: Displays the filtering packet statistics of a certain interface.
interface-name: Name of the interface.
fragments-inspect: Displays the fragment inspection information.
Description
Using the display firewall-statistics command, you can view the firewall
statistics.
Example
# Display the information of fragment inspection.
<3Com> display firewall-statistics fragments-inspect
View
System view
Parameter
permit: Default filter rule is permitting packets to pass.
deny: Default filter rule is denying packets to pass.
Description
Using the firewall default command, you can configure the default filtering rule
of the firewall, whether to be “permit” or “deny”.
Example
# Set the default filtering rule of the firewall to “deny”.
[3Com] firewall default deny
View
System view
Parameter
none.
Description
Using the firewall enable command, you can enable the firewall. Using the
undo firewall enable command, you can disable the firewall.
Example
# Enables the firewall
[3Com] firewall enable
firewall Syntax
fragments-inspect
Firewall fragments-inspect
View
System view
Parameter
none
Description
Using the firewall fragments-inspect command, you can enable fragment
inspection switch. Using the undo firewall fragments-inspect command, you
can disable fragment inspection switch.
This command is the premise of realizing exact match. Only after fragment
inspection switch is enabled, can fragment exact match be implemented. Packet
filtering firewall will record the status of a fragment, and perform the exact
matching to advanced ACL rules according to the information beyond the layer 3
(IP layer).
Packet filtering firewall will consume some system resources for recording the
fragment status. If the exact match mode is not used, you are recommended to
disable this function so as to improve the running efficiency of system and reduce
the system cost.
Only when the fragment packet inspection is enabled, can the exact match really
take effect.
Example
# Enable the fragment inspection switches
[3Com] firewall fragments-inspect
firewall Syntax
fragments-inspect { high
firewall fragments-inspect { high | low } { default | number }
| low }
undo firewall fragments-inspect { high | low }
View
System view
Parameter
high number: Specifies the high threshold of the fragment status records. It is in
the range from 100 to 10000.
low number: Specifies the low threshold of the fragment status records. It is in the
range from 100 to 10000.
default: Default number of fragment status records. The default high threshold of
the fragment status records is 2000 and the default low threshold of the fragment
status records is 1500.
Firewall Configuration Commands 857
Description
Using the firewall fragments-inspect { high | low } command, you can
configure the high and low thresholds of records for fragment inspection. Using
the undo firewall fragments-inspect { high | low } command, you can restore
the default high and low thresholds.
If fragment inspection switch is enabled and exact match filtering is applied, the
executing efficiency of the packet filtering will be slightly reduced. The more
matching entries are configured, the more the efficiency is reduced. Therefore, the
(high and low) thresholds should be set. When the number of fragment status
records reaches the high threshold, those status entries first reserved will be
deleted till the number of records is below the low threshold.
Example
# Configure the high threshold for fragment packet inspection to 3000 and
configure the low threshold to the default value.
[3Com] firewall fragments-inspect high 3000
View
Interface view
Parameter
Description
Using the firewall packet-filter command, you can apply the access control list
to the corresponding interface. Using the undo firewall packet-filter command,
you can delete the corresponding setting.
858 CHAPTER 9: SECURITY
Interface-based ACL (namely ACL rule with sequence number from 1000 to 1999)
can only use the parameter outbound.
For related command, see acl, display acl and firewall fragments-inspect.
Example
# Apply access control list rule 101 to the "in" direction of the interface serial
1/0/0.
[3Com-Serial1/0/0] firewall packet-filter 101 inbound
View
User view
Parameter
all: Clears the filtering packet statistics of all the interfaces.
interface: Clears the filtering packet statistics of a certain interface.
interface-name: Name of the interface.
Description
Using the reset firewall-statistics command, you can clear the firewall statistics.
Example
# Clear filtering packet statistics of the interface E3/1/0.
[3Com] reset firewall-statistics interface e3/1/0
IPSec Configuration
Commands
ah Syntax
authentication-algorith
ah authentication-algorithm { md5 | sha1 }
m
undo ah authentication-algorithm
View
IPSec proposal view
Parameter
Description
Using the ah authentication-algorithm command, you can set the
authentication algorithm adopted by Authentication Header protocol in IPSec
proposal. Using the undo ah authentication-algorithm command, you can
restore the default setting.
MD5 algorithm uses the 128-bit key, and SHA1 uses the 160-bit key. By
comparison, MD5 is faster than SHA1, while SHA1 is securer than MD5.
The IPSec proposal adopted by the security policy at both ends of the security
tunnel must be set as using the same authentication algorithm.
For the related commands, see ipsec proposal, proposal, sa sip and transform.
Example
# Set IPSec proposal using AH and SHA1.
[3Com] ipsec proposal prop1
View
Any view
Parameter
all: Enables all debugging on the encryption card.
slot-id: Slot ID for the encryption card, whose range depends on the slot number on the router.
It is in 3-dimentional format, for example, x/y/z, where x stands for slot ID on the router, y and z
are fixed to 0 for the encryption card. If you do not specify a value for the parameter, the system
will display the log of all encryption cards.
Description
Using the debugging encrypt-card command, you can enable debugging on the encryption
card. Using the undo debugging ipsec command, you can disable debugging on the
encryption card.
Example
# Enable command debugging on the encryption card at slot 5/0/0.
View
User view
Parameter
Description
Using the debugging ipsec command, you can turn IPSec debugging on, Using
the undo debugging ipsec command, you can turn IPSec debugging off.
Example
# Enable IPSec SA debugging function.
IPSec Configuration Commands 861
View
Any view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.
Description
Using the display encrypt-card sa command, you can view SA information.
Example
# Display all SA information on the encryption card at slot 5/0/0.
[Router] display encrypt-card sa 5/0/0
AH SAs
proposal: ESP-AUTH-SHA1HMAC96
Uses Encrypt5/0
ESP SAs
proposal: ESP-ENCRYPT-3DES
proposal: ESP-AUTH-SHA1HMAC96
Uses Encrypt5/0/0
ESP SAs
proposal: ESP-ENCRYPT-3DES
proposal: ESP-AUTH-SHA1HMAC96
Uses Encrypt5/0/0
AH SAs
proposal: ESP-AUTH-SHA1HMAC96
Uses Encrypt5/0/0
View
Any view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.
Description
Using the display encrypt-card statistics command, you can view statistics on
the encryption cards.
If the slot ID you type in is greater than the available slot number on the router, the
error information "Invalid encrypt-card slot-id" will be prompted.
Example
# Display the statistics on the encryption card at slot 5/0/0.
[Router] display encrypt-card statistics 5/0/0
no enough memory: 0
queue is full: 0
authentication is failed: 0
wrong length: 0
replay packet: 0
wrong SA: 0
invalid proposal: 0
invalid protocol: 0
buffer error: 0
wrap error: 0
crypto error: 0
pad error: 0
View
Any view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.
864 CHAPTER 9: SECURITY
Description
Using the display encrypt-card syslog command, you can view the current
system log on the encryption cards.
If the slot ID you type in is greater than the available slot number on the router, the
error information "Invalid encrypt-card slot-id" shall be prompted.
Example
# Display the system log on the encryption card at slot 5/0/0.
[Router] display encrypt-card syslog 5/0/0
View
Any view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.
Description
Using the display interface encrypt command, you can view the information
about the ports on the encryption cards.
With this command, you can view the status of the encryption card, total number
of packets transmitted or received on it, maximum number of packets dropped
per second, information during the last five seconds.
Example
# Display the port information on the encryption card at slot 5/0/0.
[Router] display interface Encrypt 5/0/0
Total Statistics
Dropped packets : 0
Dropped packets : 0
View
Any view
Parameter
name: Displays information of the ipsec policy with the name policy-name and
sequence number seq-number.
If no argument has been specified, the details of all the IPSec policies will be
displayed. If name policy-name has been specified but seq-number has not, the
information of the specified IPSec policy group will be listed out.
Description
Using the display ipsec policy command, you can view information about the
ipsec policy.
866 CHAPTER 9: SECURITY
The brief keyword is used for displaying brief information about all the ipsec
policies, whose display format is the brief format (see the following example). The
brief command can be used to quickly display all the ipsec policies. Brief
information includes, name and sequence number, negotiation mode, access
control list, proposal, local address, and remote address.
The other command words are used to display the detailed information about the
ipsec policy, whose display format is the detailed format (refer to the following
example).
Example
# View brief information about all the ipsec policies.
<3Com> display ipsec policy brief
Item Description
Ipsec-policy-Name name and sequence number of an ipsec policy
Mode negotiation method used by an ipsec policy
acl access control list used by an ipsec policy
Local Address local IP address
Remote Address remote IP address
===========================================
===========================================
--------------------------------------------
sequence number: 10
mode: isakmp
--------------------------------------------
PFS (Y/N): N
IPSec Configuration Commands 867
===========================================
===========================================
-----------------------------------------
sequence number: 10
mode: manual
-----------------------------------------
inbound ah setting:
ah string-key:
esp string-key:
outbound ah setting:
ah string-key:
esp string-key:
Item Description
ipsec policy name, sequence number and negotiation
method of an ipsec policy
security data flow access control list used by an ipsec policy
proposal name name of the proposal used by an ipsec policy
inbound/outbound ah/esp setting settings of inbound/outbound ends using
AH/ESP, including SPI and key
tunnel Local Address local IP address
tunnel Remote Address remote IP address
PFS (Y/N) Whether using PFS(Perfect Forward Security)
or not
View
Any view
Parameter
brief: Displays brief information about all the ipsec policy templates.
name: Displays information of the ipsec policy template with the name
template-name and sequence number seq-number.
If no parameter is specified, then the detail information about all the ipsec policy
templates will be displayed. If name template-name has been specified but
seq-number has not, the information of the specified IPSec policy template group
will be listed out.
Description
Using the display ipsec policy-template command, you can view information
about the ipsec policy template.
Parameter brief is for showing brief information about all the ipsec policy
templates, whose display format is the brief format (see the following example). It
can be used to quickly display all the ipsec policy templates. Brief information
includes, template name and sequence number, access control list, and remote
address.
Any of the sub-commands can be used to display detail information of the IPSec
policy template.
IPSec Configuration Commands 869
Example
# View brief information about all the ipsec policy templates.
[3Com] display ipsec policy-template brief
------------------------------------------------------
test-tplt300 120
Item Description
Policy-template-Name name, sequence number of an ipsec policy
template
acl access control list used by an ipsec policy
template
Remote Address remote IP address
View
Any view
Parameter
proposal-name: Name of the proposal.
Description
Using the display ipsec proposal command, you can view information about the
proposal.
If the name of the proposal is not specified, then information about all the
proposals will be shown.
For the related commands, see ipsec proposal, display ipsec sa and display
ipsec policy.
Example
# View all the proposals.
[3Com] display ipsec proposal
transform: ah-new
transform: esp-new
Item Description
Ipsec proposal name name of the proposal
encapsulation mode modes used by proposal, including two types:
transport mode and tunnel mode
transform security protocols used by proposal, including
two types: AH and ESP
ah protocol the authentication-algorithm used by AH:
md5 | sha1
esp protocol the authentication-algorithm and encryption
method used by ESP respectively: MD5 and
DES
View
Any view
Parameter
policy: Displays information about the SA created by the ipsec policy whose name
is policy-name.
Description
Using the display ipsec sa command, you can view the relevant information
about the SA.
The command with brief parameter shows brief information about all the SAs,
whose display format is the brief format (refer to the following example). Brief
information includes source address, destination address, SPI, protocol, and
algorithm. A display beginning with "E" in the algorithm stands for the encryption
algorithm, and a display beginning with "A" stands for the authentication
algorithm. The brief command can be used to quickly display all the SAs already
set up.
IPSec Configuration Commands 871
The commands with remote and policy parameters both display the detailed
information about the SA. In display mode, part of the information about the
ipsec policy is shown first and then the detailed information of the SA in this ipsec
policy.
The command with duration parameter shows the global sa duration, including
"time-based" and "traffic-based" sa duration. Referring to the following
examples.
For the related commands, see reset ipsec sa, ipsec sa duration, display ipsec
sa and display ipsec policy.
Example
# View brief information about all the SAs.
<3Com> display ipsec sa brief
Item Description
Src Address Local IP address
Dst Address Remote Ip address
SPI security parameter index
Protocol security protocol used by IPSec
Algorithm The authentication algorithm and encryption
algorithm used by the security protocol. A
display beginning with "E" in the algorithm
stands for the encryption algorithm, and a
display beginning with "A" stands for the
authentication algorithm.
===============================
Interface: Ethernet1/0/0
===============================
872 CHAPTER 9: SECURITY
----------------------------------
sequence number: 10
mode: isakmp
----------------------------------
connection id: 4
[inbound ah SAs]
transform: AH-SHA1HMAC96
[outbound ah SAs]
transform: AH-SHA1HMAC96
Item Description
Interface Interface using ipsec policy
path MTU Maximum IP packet length sent from the
interface
IPSec Configuration Commands 873
Item Description
ipsec policy ipsec policy used, including name, sequence
number and negotiation method
connection id security channel identifier
in use settings IPSec mode, including two types: transport
mode and tunnel mode
tunnel local local IP address
tunnel remote remote IP address
inbound SA information of the inbound end
transform proposal used by the ipsec policy
sa remaining key duration rest sa duration of SA
max received sequence-number maximum sequence number of the received
packets (the anti-replay function provided by
the security protocol)
outbound SA information of the outbound end
max sent sequence-number maximum sequence number of the sent
packets (the anti-replay function provided by
the security protocol)
View
Any view
Parameter
none
Description
Using the display ipsec statistics command, you can view the IPSec packet
statistics information, including the input and output security packet statistics,
bytes, number of packets discarded and detailed description of discarded packets.
Example
# View IPSec packet statistics.
<3Com> display ipsec statistics
no enough memory: 0
874 CHAPTER 9: SECURITY
queue is full: 0
authen failed: 0
invalid length: 0
replay packet: 0
invalid SA: 0
Item Description
input/output security packets input/output packets under the security
protection
input/output security bytes input/output bytes under the security
protection
input/output discarded security packets input/output packets under the security
protection discarded by the router
encapsulation-mode Syntax
encapsulation-mode { transport | tunnel }
undo encapsulation-mode
View
IPSec proposal view
Parameter
Description
Using the encapsulation-mode command, you can set the encapsulation mode
that the security protocol applies to IP packets which can be transport or tunnel.
Using the undo encapsulation-mode command, you can restore it to the
default.
There are two encapsulation modes where IPSec is used to encrypt and
authenticate IP packets: transport mode and tunnel mode. In transport mode,
IPSec does not encapsulate a new header into the IP packet. The both ends of
security tunnel is of source and destination of original packets. In tunnel mode,
IPSec protects the whole IP packet, and adds a new IP header in the front part of
the IP packet. The source and destination addresses of the new IP header are the IP
addresses of both ends of the tunnel.
Generally, the tunnel mode is used between two security gateways (routers). A
packet encrypted in a security gateway can only be decrypted in another security
IPSec Configuration Commands 875
The transport mode is suitable for communication between two hosts, or for
communication between a host and a security gateway (like the network
management communication between the gateway workstation and a router). In
transport mode, two devices responsible for encrypting and decrypting packets
must be the original sender and receiver of the packet. Most of the data traffic
between two security gateways is not of the security gateway’s own. So the
transport mode is not ofen used between security gateways.
The proposal used by the ipsec policies, set at both ends of the security tunnel,
must be set as having the same packet encapsulation mode.
Example
# Set the proposal whose name is prop2 as using the transport mode to
encapsulate IP packets.
[3Com] ipsec proposal prop2
View
Any view
Parameter
None
Description
Using the encrypt-card backuped command, you can enable backup function
for the encryption card. Using the undo encrypt-card backuped command, you
can disable backup function for the encryption card.
For the IPSec SA implemented by the encryption card, if the card is normal, IPSec is
processed by the card. If the card fails, backup function is enabled on the card and
the selected encryption/authentication algorithms for the SA are supported by the
IPSec module on VRP platform, IPSec shall be implemented by the IPSec module
on VRP platform. In the event that the selected algorithms are not supported by
the IPSec module, the system drops packets.
876 CHAPTER 9: SECURITY
Example
# Enable backup function for the encryption card.
[Router] encrypt-card backuped
esp Syntax
authentication-algorith
esp authentication-algorithm { md5 | sha1 }
m
undo esp authentication-algorithm
View
IPSec proposal configuration view
Parameter
md5: Use MD5 algorithm with the length of the key 128 bits.
sha1: Use SHA1 algorithm with the length of the key 160 bits.
Description
Using the esp authentication-algorithm command, you can set the
authentication algorithm used by ESP. Using the undo esp
authentication-algorithm command, you can set ESP not to authenticate
packets.
The encryption and authentication algorithm used by ESP cannot be set to vacant
at the same time.
The proposal used by the ipsec policies, set at both ends of the security tunnel,
must be set as having the same authentication algorithm.
Example
# Set a proposal that adopts ESP, and uses SHA1.
[3Com] ipsec proposal prop1
esp Syntax
encryption-algorithm
esp encryption-algorithm { 3des | des }
View
IPSec proposal view
Parameter
des: Data Encryption Standard (DES), a universal encryption algorithm with the
length of the key being 56 bits.
3des: 3DES (Triple DES), another universal encryption algorithm with the length of
the key being 168 bits.
Description
Using the esp encryption-algorithm command, you can set the encryption
algorithm adopted by ESP. Using the undo esp encryption-algorithm command,
you can set the ESP not to encrypt packets.
3des can meet the requirement of high confidentiality and security, but it is
comparatively slow. And DES can satisfy the normal security requirements.
The encryption and authentication methods used by ESP cannot be set to a vacant
value at the same time. The undo esp encryption-algorithm command can take
effect only if the authentication algorithm is not null.
Example
# Set ESP to use 3des.
[3Com] ipsec proposal prop1
View
System view
878 CHAPTER 9: SECURITY
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the interface encrypt command, you can enter encryption card interface
mode.
In encryption card interface mode, you only can the shutdown and undo
shutdown commands, respectively to shut down the encryption card or turn the
card up.
Example
# Enter the interface mode of the encryption card at slot 5/0/0.
[Router] interface encrypt 5/0/0
[Router-Encrypt5/0/0]
View
System view
Parameter
proposal-name: Name of the SA proposal view, a string of less than 32 characters.
It is case-sensitive.
Description
Using the ipsec card-proposal command, you can create an SA proposal for the
encryption card and enter the corresponding view. Using the undo ipsec
card-proposal command, you can delete an SA proposal of the encryption card.
Example
# Create the SA proposal "card" using the encryption card at slot 5/0/0, configure
security and encryption algorithm.
[Router] ipsec card-proposal card
[Router-ipsec-card-proposal-card]quit
[Router]
View
Interface view
Parameter
policy-name: Specifies the name of an ipsec policy group applied at the interface.
The ipsec policy group with name policy-name should be configured in system
view.
Description
Using the ipsec policy(interface view) command, you can apply an ipsec policy
group with the name policy-name at the interface,. Using the undo ipsec
policy(interface view) command, you can cancel the ipsec policy group so as to
disable the IPSec function of the interface.
At an interface only one ipsec policy group can be applied. An ipsec policy group
can be applied at multiple interfaces.
When a packet is sent from an interface, it searches for each ipsec policy in the
ipsec policy group by number in an ascending order. If the packet matches an
access control list used by an ipsec policy, then this ipsec policy is used to process
the packet, otherwise it continues to search for the next ipsec policy. If the packet
does not match any of the access control lists used by all the ipsec policies, it will
be directly transmitted (that is, IPSec will not protect the packet).
Example
# Apply an ipsec policy whose name is policy1 to interface Serial 4/1/2.
[3Com] interface serial 4/1/2/
View
System view
Parameter
policy-name: Name of the ipsec policy. The naming rule is: the length of the name
is 1 to 15 characters, the name is case insensitive and the characters can be
English characters or numbers, cannot include “-”.
seq-number: Sequence number of the ipsec policy, ranging 1 to 10000, with lower
value indicating higher sequence priority.
Description
Using the ipsec policy command, you can establish or modify an ipsec policy, and
enter ipsec policy view. Using the undo ipsec policy policy-name command, you
can delete an ipsec policy group whose name is policy-name. Using the undo
ipsec policy policy-name seq-number command. you can delete an ipsec policy
whose name is policy-name and sequence number is seq-number.
Once the ipsec policy is established, its negotiation mode cannot be modified. For
example, if an ipsec policy is established in manual mode it cannot be changed to
isakmp mode--this ipsec policy must be deleted and then recreated, if
appropriate, with the negotiation mode being isakmp.
Ipsec policies with the same name constitute an ipsec policy group. The name and
sequence number are used together to define a unique ipsec policy. In an ipsec
IPSec Configuration Commands 881
policy group, at most 100 ipsec policies can be set. In an ipsec policy, the smaller
the sequence number of an ipsec policy is, the higher is its preference. Apply an
ipsec policy group at an interface means applying all ipsec policies in the group
simultaneously, so that different data streams can be protected by adopting
different SAs.
Note that IKE will not use a policy with a template argument to initiate a
negotiation. Rather, it uses such a policy to response the negotiation initiated by
its peer.
For the related commands, see ipsec policy (interface view), security acl, tunnel
local, tunnel remote, sa duration, proposal, display ipsec policy, ipsec
policy-template, and ike-peer.
Example
# Set an ipsec policy whose name is newpolicy1, sequence number is 100, and
negotiation mode is isakmp.
[3Com] ipsec policy newpolicy1 100 isakmp
[3Com-ipsec-policy-isakmp-newpolicy1-100]
View
System view
Parameter
policy-name: Name of the ipsec policy. The naming rule is as follows: length is 1 to
15 bytes, the name is case insensitive and the characters can be English characters
or numbers, cannot include “-”.
seq-number: Serial number of the ipsec policy, ranging 1 to 10000. In one ipsec
policy group, the smaller the serial number of the ipsec policy, the higher the
preference.
Description
Using the ipsec policy-template command, you can establish or modify an ipsec
policy template, and enter ipsec policy view. Using the undo ipsec
policy-template policy-name command, you can delete the ipsec policy group
named policy-name. Using the undo ipsec policy-template policy-name
882 CHAPTER 9: SECURITY
seq-number command, you can delete an ipsec policy with the name
policy-name and the serial number seq-number.
A policy template that has been created with the name being template-name can
be referenced by the ipsec policy policy-name seq-number isakmp template
template-name command to create an IPSec policy.
The IPSec policy template and the security policy of IPSec IPSAMP negotiation
share the same kinds of arguments, including the referenced IPSec proposal, the
protected traffic, PFS feature, lifetime, and the address of the remote tunnel end.
However, you should note that the proposal argument is compulsory to be
configured whereas other arguments are optional. If an IPSec policy template is
used for the policy match operation undertaken in an IKE negotiation, the
configured arguments must be matched, and the settings of the initiator will be
used if the corresponding arguments have not been configured.
For the related commands, see ipsec policy, security acl, tunnel local, tunnel
remote, proposal, display ipsec policy, and ike-peer.
Example
# Establish an ipsec policy template with the name template1 and the serial
number 100.
[3Com] ipsec policy-template template1 100
[3Com-ipsec-policy-template- template1-100]
View
System view
Parameter
proposal-name: Name of the specified proposal. The naming rule is: the length of
the name is 1 to 15 characters, case insensitive.
Description
Using the ipsec proposal proposal-name command, you can establish or modify
a proposal named proposal-name, and enter IPSec proposal view. Using the undo
ipsec proposal proposal-name command, you can delete the proposal named
proposal-name.
After a new IPSec proposal is established by using the ipsec proposal command,
the ESP protocol, DES encryption algorithm and MD5 authentication algorithm are
adopted by default.
Example
# Establish a proposal named newprop1.
[3Com] ipsec proposal newprop1
View
System view
Parameter
Description
Using the ipsec sa global-duration command, you can set a global SA duration.
Using the undo ipsec sa global-duration command, you can restore to the
default setting of the global SA duration.
When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration
specified by this command to negotiate with the peer. If the IPSec policy is
configured with its own duration, the system will use the duration of the IPSec
policy to negotiate with the peer. When IKE negotiates to set up an SA for IPSec,
the smaller one of the lifetime set locally and that proposed by the remote is
selected.
There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA,
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first the SA will become invalid. Before the SA is about to become
884 CHAPTER 9: SECURITY
invalid IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.
Modifying the global SA duration will not affect a map that has individually set up
its own SA duration, or an SA already set up. But the modified global SA duration
will be used to set up a new SA in the future IKE negotiation.
The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.
For the related commands, see sa duration and display ipsec sa duration.
Example
# Set the global SA duration to 2 hours.
[3Com] ipsec sa global-duration time-based 7200
pfs Syntax
pfs { dh-group1 | dh-group2 }
undo pfs
View
IPSec policy view, IPSec policy template view
Parameter
Description
Using the pfs command, you can set the Perfect Forward Secrecy (PFS) feature for
the IPSec policy to initiate the negotiation. Using the undo pfs command, you can
set not to use the PFS feature during the negotiation.
The command is used to add a PFS exchange process when IPSec uses the ipsec
policy to initiate a negotiation. This additional key exchange is performed during
the phase 2 negotiation to enhance the communication’s safety. The DH group
specified by the local and remote ends must be consistent, otherwise the
negotiation will fail.
Can this command be used only when the security alliance is established through
IKE style.
Example
# Set that PFS must be used when negotiating through ipsec policy shanghai 200.
[3Com] ipsec policy shanghai 200 isakmp
proposal Syntax
proposal proposal-name1 [ proposal-name2...proposal-name6 ]
View
IPSec policy view, IPSec policy template view
Parameter
proposal-name1,…, proposal-name6: Name of the proposals adopted.
Description
Using the proposal command, you can set the proposal used by the IPSec policy.
Using the undo proposal command, you can cancel the proposal used by the
IPSec policy.
Before using this command, the corresponding IPSec proposal must has been
configured.
If set up in isakmp mode, an SA can use six proposals at most. IKE negotiation will
search for the matching proposal at both ends of the security tunnel.
If it is the IPSec template, each template can use six proposals at most, and the IKE
negotiation will search for the matching proposal.
For the related commands, see ipsec proposal, ipsec policy(system view), ipsec
policy(interface view), security acl, tunnel local and tunnel remote.
Example
# Set a proposal with name prop1, adopting ESP and the default algorithm, and
sets an IPSec policy as using a proposal name prop1.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal-prop1] quit
View
User view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the reset counters encrypt command, you can clear the statistics on the
encryption card.
The statistics record all the information starting from normal operation of the
encryption card, while system debugging requires statistics of a specific time
period for fault analysis. Then you may need to reset the existing statistics and get
the statistics of a required time period.
For the related commands, see ipsec card-proposal and display encrypt-card
sa.
Example
# Clear the statistics on the encryption card on the slot 5/0/0.
[Router] reset counters encrypt-card 5/0/0
View
User view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the reset encrypt-card sa command, you can clear the SAs on the
encryption card.
You may need to clear the SA database information stored on the encryption card,
to output only the required information during debugging.
For the related commands, see ipsec card-proposal and display encrypt-card
sa.
IPSec Configuration Commands 887
Example
View
User view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the reset encrypt-card statistics command, you can clear the statistics
during processing of the encryption card.
The statistics record all the protocol processing information from the last
rebooting, including counts of incoming/outgoing ESP/AH packets, dropped
packets, failed authentications, erroneous SAs, invalid SA proposals, invalid
protocols.
Example
# Clear the processing statistics on the encryption card on the slot 5/0/0.
[Router] reset encrypt-card statistic 5/0/0
View
User view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the reset encrypt-card syslog command, you can clear all the logging
information on the encryption card.
The encryption card records all logging history information. And all the
information (including those obsolete items) shall be reported for every query,
which imposes somewhat difficulties to log monitoring and locating. Then you
may need to clear the log buffer of the encryption card.
Example
# Clear all the logging information on the encryption card on the slot 5/0/0.
View
User view
Parameter
policy-name: Specifies the name of the IPSec policy. The naming rule is as follows:
length is 1 to 15 characters, case sensitive, and the character can be English
character or number.
seq-number: Optional parameter specifying the serial number of the ipsec policy. If
no seq-number is specified, the IPSec policy refers to all the policies in the IPSec
policy group named policy-name.
protocol: Specifies the security protocol by inputting the key word ah or esp, case
insensitive. ah indicates the Authentication Header protocol and esp indicates
Encapsulating Security Payload.
spi: Specifies the security parameter index (SPI), ranging 256 to 4294967295.
Description
Using the reset ipsec sa command, you can delete an SA already set up (manually
or through IKE negotiation). If no parameter (remote, policy, parameters) is
specified, all the SA will be deleted.
The keyword parameters will take effect only after the spi of the outbound SA is
defined. Because SAs appear in pairs, the inbound SA will also be deleted after the
outbound SA is deleted.
Example
# Delete all the SAs.
<3Com> reset ipsec sa
# Delete the SA of the ipsec policy with the name policy1 and the serial number
10.
View
User view
Parameter
none
Description
Using the reset ipsec statistics command, you can clear IPSec message statistics,
and set all the statistics to zero.
For the related command, see display ipsec statistics.
Example
# Clear IPSec message statistics.
<3Com> reset ipsec statistics
890 CHAPTER 9: SECURITY
sa authentication-hex Syntax
sa authentication-hex { inbound | outbound } { ah | esp } hex-key
View
IPSec policy view in manual mode
Parameter
inbound: Configures the authentication-hex parameter for the inbound SA. IPSec
uses the inbound SA for processing the packet in the inbound direction (received).
ah: Sets the authentication-hex parameter for the SA using AH. If the IPSec
proposal used by the ipsec policy adopts AH, the ah key word is used here to set
the AH relevant parameter of the SA.
esp: Sets the authentication-hex parameter for the SA using ESP. If the IPSec
proposal used by the ipsec policy adopts ESP, the esp key word is used here to set
the ESP relevant parameter of the SA.
hex-key: Specifies a key for the SA input in the hex format. If MD5 is used, then
input a 16-byte key; if SHA1 is used, input a 20-byte key.
Description
Using the sa authentication-hex command, you can set the SA authentication
key manually for the ipsec policy of manual mode. Using the undo sa
authentication-hex command, you can delete the SA authentication key already
set.
This command is only used for the ipsec policy in manual mode.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually. IKE will automatically negotiate the SA parameter and establish a SA.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.
IPSec Configuration Commands 891
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set SPI of the inbound SA to 10000, key to
0x112233445566778899aabbccddeeff00; sets the SPI of the outbound SA to
20000, and its key to 0xaabbccddeeff001100aabbccddeeff00 in the ipsec policy
using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] quit
sa duration Syntax
sa duration { traffic-based kilobytes | time-based seconds }
View
IPSec policy view, IPSec policy template view
Parameter
Description
Using the sa duration command, you can set a SA duration of the ipsec policy.
Using the undo sa duration command, you can cancel the SA duration, i.e.,
restore the use of the global SA duration.
When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration to
negotiate with the peer. If the IPSec policy is configured with its own duration, the
system will use the duration of the IPSec policy to negotiate with the peer. When
892 CHAPTER 9: SECURITY
IKE negotiates to set up an SA for IPSec, the shorter one of the lifetime set locally
and that proposed by the remote is selected.
There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first, the SA will become invalid. Before the SA is about to become
invalid, IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.
The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.
Example
# Set the Sa duration for the ipsec policy shenzhen 100 to 2 hours, that is, 7200
seconds.
[3Com] ipsec policy shenzhen 100 isakmp
# Set the Sa duration for the ipsec policy shenzhen 100 to 20M bytes, that is, the
SA is overtime when the traffic exceeds 20000 kilobytes.
sa encryption-hex Syntax
sa encryption-hex { inbound | outbound } esp hex-key
View
IPSec policy view in manual mode
Parameter
inbound: Sets the encryption-hex parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).
outbound: Sets the encryption-hex parameter for outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).
esp: Sets the encryption-hex parameter for the SA using ESP. If the IPSec proposal
used by the ipsec policy adopts ESP, the esp key word is used here to set the ESP
relevant parameter of the SA.
hex-key: Specifies a key for the SA input in the hex format. When applied in ESP, if
DES is used, then input a 8-byte key; if 3DES is used, then input a 24-byte key.
IPSec Configuration Commands 893
Description
Using the sa encryption-hex command, you can set the SA encryption key
manually for the ipsec policy of manual mode. Using the undo sa
encryption-hex command, you can delete the SA parameter already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish an SA.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, and the key to 0x1234567890abcdef;
set the SPI of the outbound SA to 20000, and its key to 0xabcdefabcdef1234 in
the ipsec policy using ESP and DES.
[3Com] ipsec proposal prop_esp
[3Com-ipsec-proposal-prop_esp] quit
sa spi Syntax
sa spi { inbound | outbound } { ah | esp } spi-number
View
IPSec policy view in manual mode
894 CHAPTER 9: SECURITY
Parameter
inbound: Sets the spi parameter for the inbound SA. IPSec uses the inbound SA
for processing the packet in the inbound direction (received).
outbound: Sets the spi parameter for outbound SA. IPSec uses the outbound SA
for processing the packet in the outbound direction (sent).
ah: Sets the spi parameter for the SA using AH. If the IPSec proposal set used by
the ipsec policy adopts AH, the ah key word is used here to set the spi relevant
parameter of the SA.
esp: Sets the spi parameter for the SA using ESP. If the IPSec proposal set used by
the ipsec policy adopts ESP, the esp key word is used here to set the spi relevant
parameter of the SA.
spi-number: Security Parameter Index (SPI) in the triplet identification of the SA,
ranging 256 to 4294967295. The triplet identification of the SA, which appears as
SPI, destination address, and protocol number, must be unique.
Description
Using the sa spi command, you can set the SA SPI manually for the ipsec policy of
manual mode. Using the undo sa spi command, you can delete the SA SPI
already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, set the SPI of the outbound SA to
20000, in the ipsec policy using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] quit
sa string-key Syntax
sa string-key { inbound | outbound } { ah | esp } string-key
View
IPSec policy view in manual mode
Parameter
inbound: Sets the string-key parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).
outbound: Sets the string-key parameter for the outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).
ah: Sets the string-key parameter for the SA using AH. If the IPSec proposal set
used by the ipsec policy adopts AH, the ah key word is used here to set the
string-key relevant parameter of the SA.
esp: Sets the string-key parameter for the SA using ESP. If the IPSec proposal set
used by the ipsec policy adopts ESP, the esp key word is used here to set the
string-key relevant parameter of the SA.
string-key: Specifies the key for an SA input in the character string format, with a
length ranging 1 to 256 characters. For different algorithms, you can input
character strings of any length in the specified range, and the system will generate
keys meeting the algorithm requirements automatically according to the input
character strings. As for ESP, the system will automatically generate the key for the
authentication algorithm and that for the encryption algorithm at the same time.
Description
Using the sa string-key command, you can set the SA parameter manually for
the ipsec policy of manual mode. Using the undo sa string-key command, you
can delete the SA parameter already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
896 CHAPTER 9: SECURITY
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, and the key string to abcdef; sets the
SPI of the outbound SA to 20000, and its key string to efcdab in the ipsec policy
using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] quit
View
IPSec policy view, IPSec policy template view
Parameter
acl-number: Specifies the number of the access control list used by the ipsec
policy, ranging 100 to199.
Description
Using the security acl command, you can set an access control list to be used by
the ipsec policy. Using the undo security acl command, you can remove the
access control list used by the ipsec policy.
The data flow that will be protected by the IPSec policy is confined by the ACL in
this command. According to the rules in the ACL, IPSec determines which packets
need security protection and which do not. The packet permitted by the access
control list will be protected, and a packet denied by the access control list will not
be protected. The denied packets are sent out derectly without IPSec protection.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the ipsec policy as using access control list 101.
[3Com] acl number 101
View
System view
Parameter
None
Description
Using the snmp-agen trap enable encrypt-card command, you can enable
SNMP agent trap function on the encryption card. Using the undo snmp-agent
trap enable encrypt-card command, you can disable SNMP agent trap function
on the card.
When combined with appropriate NM configuration, the trap function allow you
to view the information about card rebooting, status transition and packet loss
processing on the Console of the NM station or router.
Example
# Enable the trap function on the encryption card.
[Router]snmp-agent trap enable encrypt-card
transform Syntax
transform { ah | ah-esp | esp }
undo transform
898 CHAPTER 9: SECURITY
View
IPSec proposal view
Parameter
ah-esp: Uses ESP specified in RFC2406 to protect the packets and then use AH
protocol specified in RFC2402 to authenticate packets.
Description
Using the transform command, you can set a security protocol used by a
proposal. Using the undo transform command, you can restore the default
security protocol.
If ESP is adopted, the default encryption algorithm is DES and the authentication
algorithm is MD5.
While establishing an SA manually, the proposals used by the ipsec policy set at
both ends of the security tunnel must be set as using the same security protocol.
The following figure illustrates the data encapsulation formats of different security
protocols in the transport mode and the tunnel mode.
Transfer
Security mode transport tunnel
protocol
ah IP AH data IP AH IP data
Example
# Set a proposal using AH.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal-prop1] transform ah
View
IPSec policy view in Manual mode
Parameter
ip-address: Local address in dotted decimal format.
Description
Using the tunnel local command, you can set the local address of an ipsec policy.
Using the undo tunnel local command, you can delete the local address set in
the ipsec policy.
It is not necessary to set a local address for an ipsec policy in isakmp mode, so this
command is invalid in this situation. IKE can automatically obtain the local address
from the interface where this ipsec policy is applied.
As for the ipsec policy in manual mode, it is necessary to set the local address
before the SA can be established. A security tunnel is set up between the local and
remote end, so the local address and remote address must be correctly configured
before a security tunnel can be set up.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel remote, sa duration and proposal.
Example
# Set the local address for the ipsec policy, which is applied at serial 4/1/2 whose IP
address is 10.0.0.1.
[3Com] ipsec policy guangzhou 100 manual
[3Com-ipsec-policy-manual-guangzhou-100] quit
View
Manually-established IPSec policy view
Parameter
ip-address: Remote address in dotted decimal format.
Description
Using the tunnel remote command, you can set the remote address of an ipsec
policy. Using the undo tunnel remote command, you can delete the remote
address in the ipsec policy.
For the ipsec policy in manual mode, only one remote address can be set. If a
remote address is already set, this existing address must be deleted before a new
one can be set.
The security tunnel is established between the local and remote ends. The remote
address must be set correctly on both ends of the security tunnel.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, sa duration, proposal.
Example
# Set the remote address of the ipsec policy to 10.1.1.2.
[3Com] ipsec policy shanghai 10 manual
View
Card SA proposal view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the use encrypt-card command, you can specify the SA proposal uses the
encryption card at a designated slot. Using the undo use encrypt-card
command, you can remove the configuration.
IPSec Configuration Commands 901
One SA proposal can only be processed by a single encryption card, but one single
encryption card can process different SA proposals.
Example
Refer to the example of the ipsec card-proposal command.
ah Syntax
authentication-algorith
ah authentication-algorithm { md5 | sha1 }
m
undo ah authentication-algorithm
View
IPSec proposal view
Parameter
Description
Using the ah authentication-algorithm command, you can set the
authentication algorithm adopted by Authentication Header protocol in IPSec
proposal. Using the undo ah authentication-algorithm command, you can
restore the default setting.
MD5 algorithm uses the 128-bit key, and SHA1 uses the 160-bit key. By
comparison, MD5 is faster than SHA1, while SHA1 is securer than MD5.
The IPSec proposal adopted by the security policy at both ends of the security
tunnel must be set as using the same authentication algorithm.
For the related commands, see ipsec proposal, proposal, sa sip and transform.
Example
# Set IPSec proposal using AH and SHA1.
[3Com] ipsec proposal prop1
View
User view
Parameter
Description
Using the debugging ipsec command, you can turn IPSec debugging on, Using
the undo debugging ipsec command, you can turn IPSec debugging off.
Example
# Enable IPSec SA debugging function.
<3Com> debugging ipsec sa
View
Any view
Parameter
name: Displays information of the ipsec policy with the name policy-name and
sequence number seq-number.
IPSec Configuration Commands 903
If no argument has been specified, the details of all the IPSec policies will be
displayed. If name policy-name has been specified but seq-number has not, the
information of the specified IPSec policy group will be listed out.
Description
Using the display ipsec policy command, you can view information about the
ipsec policy.
The brief keyword is used for displaying brief information about all the ipsec
policies, whose display format is the brief format (see the following example). The
brief command can be used to quickly display all the ipsec policies. Brief
information includes, name and sequence number, negotiation mode, access
control list, proposal, local address, and remote address.
The other command words are used to display the detailed information about the
ipsec policy, whose display format is the detailed format (refer to the following
example).
Example
# View brief information about all the ipsec policies.
<3Com> display ipsec policy brief
Item Description
Ipsec-policy-Name name and sequence number of an ipsec policy
Mode negotiation method used by an ipsec policy
acl access control list used by an ipsec policy
Local Address local IP address
Remote Address remote IP address
===========================================
===========================================
--------------------------------------------
904 CHAPTER 9: SECURITY
sequence number: 10
mode: isakmp
--------------------------------------------
PFS (Y/N): N
===========================================
===========================================
-----------------------------------------
sequence number: 10
mode: manual
-----------------------------------------
inbound ah setting:
ah string-key:
esp string-key:
outbound ah setting:
IPSec Configuration Commands 905
ah string-key:
esp string-key:
Item Description
ipsec policy name, sequence number and negotiation method of an ipsec
policy
security data flow access control list used by an ipsec policy
proposal name name of the proposal used by an ipsec policy
inbound/outbound settings of inbound/outbound ends using AH/ESP, including SPI
ah/esp setting and key
tunnel Local Address local IP address
tunnel Remote Address remote IP address
PFS (Y/N) Whether using PFS(Perfect Forward Security) or not
View
Any view
Parameter
brief: Displays brief information about all the ipsec policy templates.
name: Displays information of the ipsec policy template with the name
template-name and sequence number seq-number.
If no parameter is specified, then the detail information about all the ipsec policy
templates will be displayed. If name template-name has been specified but
seq-number has not, the information of the specified IPSec policy template group
will be listed out.
906 CHAPTER 9: SECURITY
Description
Using the display ipsec policy-template command, you can view information
about the ipsec policy template.
Parameter brief is for showing brief information about all the ipsec policy
templates, whose display format is the brief format (see the following example). It
can be used to quickly display all the ipsec policy templates. Brief information
includes, template name and sequence number, access control list, and remote
address.
Any of the sub-commands can be used to display detail information of the IPSec
policy template.
Example
# View brief information about all the ipsec policy templates.
[3Com] display ipsec policy-template brief
------------------------------------------------------
test-tplt300 120
Item Description
Policy-template-Name name, sequence number of an ipsec policy template
acl access control list used by an ipsec policy template
Remote Address remote IP address
View
Any view
Parameter
proposal-name: Name of the proposal.
Description
Using the display ipsec proposal command, you can view information about the
proposal.
If the name of the proposal is not specified, then information about all the
proposals will be shown.
For the related commands, see ipsec proposal, display ipsec sa and display
ipsec policy.
IPSec Configuration Commands 907
Example
# View all the proposals.
[3Com] display ipsec proposal
transform: ah-new
transform: esp-new
Item Description
Ipsec proposal name name of the proposal
encapsulation mode modes used by proposal, including two types: transport mode
and tunnel mode
transform security protocols used by proposal, including two types: AH and
ESP
ah protocol the authentication-algorithm used by AH: md5 | sha1
esp protocol the authentication-algorithm and encryption method used by ESP
respectively: MD5 and DES
View
Any view
Parameter
policy: Displays information about the SA created by the ipsec policy whose name
is policy-name.
Description
Using the display ipsec sa command, you can view the relevant information
about the SA.
The command with brief parameter shows brief information about all the SAs,
whose display format is the brief format (refer to the following example). Brief
information includes source address, destination address, SPI, protocol, and
algorithm. A display beginning with "E" in the algorithm stands for the encryption
algorithm, and a display beginning with "A" stands for the authentication
algorithm. The brief command can be used to quickly display all the SAs already
set up.
The commands with remote and policy parameters both display the detailed
information about the SA. In display mode, part of the information about the
ipsec policy is shown first and then the detailed information of the SA in this ipsec
policy.
The command with duration parameter shows the global sa duration, including
"time-based" and "traffic-based" sa duration. Referring to the following
examples.
For the related commands, see reset ipsec sa, ipsec sa duration, display ipsec
sa and display ipsec policy.
Example
# View brief information about all the SAs.
<3Com> display ipsec sa brief
Item Description
Src Address Local IP address
Dst Address Remote Ip address
SPI security parameter index
Protocol security protocol used by IPSec
Algorithm The authentication algorithm and encryption algorithm used by the
security protocol. A display beginning with "E" in the algorithm
stands for the encryption algorithm, and a display beginning with
"A" stands for the authentication algorithm.
===============================
Interface: Ethernet1/0/0
===============================
----------------------------------
sequence number: 10
mode: isakmp
----------------------------------
connection id: 4
[inbound ah SAs]
transform: AH-SHA1HMAC96
[outbound ah SAs]
transform: AH-SHA1HMAC96
Item Description
Interface Interface using ipsec policy
path MTU Maximum IP packet length sent from the interface
ipsec policy ipsec policy used, including name, sequence number and
negotiation method
connection id security channel identifier
in use settings IPSec mode, including two types: transport mode and tunnel mode
tunnel local local IP address
tunnel remote remote IP address
inbound SA information of the inbound end
transform proposal used by the ipsec policy
sa remaining key rest sa duration of SA
duration
max received maximum sequence number of the received packets (the
sequence-number anti-replay function provided by the security protocol)
outbound SA information of the outbound end
max sent maximum sequence number of the sent packets (the anti-replay
sequence-number function provided by the security protocol)
View
Any view
Parameter
none
Description
Using the display ipsec statistics command, you can view the IPSec packet
statistics information, including the input and output security packet statistics,
bytes, number of packets discarded and detailed description of discarded packets.
Example
# View IPSec packet statistics.
<3Com> display ipsec statistics
no enough memory: 0
queue is full: 0
authen failed: 0
invalid length: 0
replay packet: 0
invalid SA: 0
Item Description
input/output security packets input/output packets under the security protection
input/output security bytes input/output bytes under the security protection
input/output discarded security input/output packets under the security protection
packets discarded by the router
encapsulation-mode Syntax
encapsulation-mode { transport | tunnel }
undo encapsulation-mode
View
IPSec proposal view
Parameter
Description
Using the encapsulation-mode command, you can set the encapsulation mode
that the security protocol applies to IP packets which can be transport or tunnel.
Using the undo encapsulation-mode command, you can restore it to the
default.
There are two encapsulation modes where IPSec is used to encrypt and
authenticate IP packets: transport mode and tunnel mode. In transport mode,
IPSec does not encapsulate a new header into the IP packet. The both ends of
security tunnel is of source and destination of original packets. In tunnel mode,
IPSec protects the whole IP packet, and adds a new IP header in the front part of
the IP packet. The source and destination addresses of the new IP header are the IP
addresses of both ends of the tunnel.
912 CHAPTER 9: SECURITY
Generally, the tunnel mode is used between two security gateways (routers). A
packet encrypted in a security gateway can only be decrypted in another security
gateway. So an IP packet needs to be encrypted in tunnel mode, that is, a new IP
header is added; the IP packet encapsulated in tunnel mode is sent to another
security gateway before it is decrypted.
The transport mode is suitable for communication between two hosts, or for
communication between a host and a security gateway (like the network
management communication between the gateway workstation and a router). In
transport mode, two devices responsible for encrypting and decrypting packets
must be the original sender and receiver of the packet. Most of the data traffic
between two security gateways is not of the security gateway’s own. So the
transport mode is not ofen used between security gateways.
The proposal used by the ipsec policies, set at both ends of the security tunnel,
must be set as having the same packet encapsulation mode.
Example
# Set the proposal whose name is prop2 as using the transport mode to
encapsulate IP packets.
[3Com] ipsec proposal prop2
esp Syntax
authentication-algorith
esp authentication-algorithm { md5 | sha1 }
m
undo esp authentication-algorithm
View
IPSec proposal configuration view
Parameter
md5: Use MD5 algorithm with the length of the key 128 bits.
sha1: Use SHA1 algorithm with the length of the key 160 bits.
Description
Using the esp authentication-algorithm command, you can set the
authentication algorithm used by ESP. Using the undo esp
authentication-algorithm command, you can set ESP not to authenticate
packets.
The encryption and authentication algorithm used by ESP cannot be set to vacant
at the same time.
The proposal used by the ipsec policies, set at both ends of the security tunnel,
must be set as having the same authentication algorithm.
Example
# Set a proposal that adopts ESP, and uses SHA1.
[3Com] ipsec proposal prop1
esp Syntax
encryption-algorithm
esp encryption-algorithm { 3des | des }
View
IPSec proposal view
Parameter
des: Data Encryption Standard (DES), a universal encryption algorithm with the
length of the key being 56 bits.
3des: 3DES (Triple DES), another universal encryption algorithm with the length of
the key being 168 bits.
Description
Using the esp encryption-algorithm command, you can set the encryption
algorithm adopted by ESP. Using the undo esp encryption-algorithm command,
you can set the ESP not to encrypt packets.
3des can meet the requirement of high confidentiality and security, but it is
comparatively slow. And DES can satisfy the normal security requirements.
The encryption and authentication methods used by ESP cannot be set to a vacant
value at the same time. The undo esp encryption-algorithm command can take
effect only if the authentication algorithm is not null.
914 CHAPTER 9: SECURITY
Example
# Set ESP to use 3des.
[3Com] ipsec proposal prop1
View
Interface view
Parameter
policy-name: Specifies the name of an ipsec policy group applied at the interface.
The ipsec policy group with name policy-name should be configured in system
view.
Description
Using the ipsec policy(interface view) command, you can apply an ipsec policy
group with the name policy-name at the interface,. Using the undo ipsec
policy(interface view) command, you can cancel the ipsec policy group so as to
disable the IPSec function of the interface.
At an interface only one ipsec policy group can be applied. An ipsec policy group
can be applied at multiple interfaces.
When a packet is sent from an interface, it searches for each ipsec policy in the
ipsec policy group by number in an ascending order. If the packet matches an
access control list used by an ipsec policy, then this ipsec policy is used to process
the packet, otherwise it continues to search for the next ipsec policy. If the packet
does not match any of the access control lists used by all the ipsec policies, it will
be directly transmitted (that is, IPSec will not protect the packet).
Example
# Apply an ipsec policy whose name is policy1 to interface Serial 4/1/2.
[3Com] interface serial 4/1/2/
View
System view
Parameter
policy-name: Name of the ipsec policy. The naming rule is: the length of the name
is 1 to 15 characters, the name is case insensitive and the characters can be
English characters or numbers, cannot include “-”.
seq-number: Sequence number of the ipsec policy, ranging 1 to 10000, with lower
value indicating higher sequence priority.
Description
Using the ipsec policy command, you can establish or modify an ipsec policy, and
enter ipsec policy view. Using the undo ipsec policy policy-name command, you
can delete an ipsec policy group whose name is policy-name. Using the undo
ipsec policy policy-name seq-number command. you can delete an ipsec policy
whose name is policy-name and sequence number is seq-number.
Once the ipsec policy is established, its negotiation mode cannot be modified. For
example, if an ipsec policy is established in manual mode it cannot be changed to
isakmp mode--this ipsec policy must be deleted and then recreated, if
appropriate, with the negotiation mode being isakmp.
Ipsec policies with the same name constitute an ipsec policy group. The name and
sequence number are used together to define a unique ipsec policy. In an ipsec
policy group, at most 100 ipsec policies can be set. In an ipsec policy, the smaller
the sequence number of an ipsec policy is, the higher is its preference. Apply an
ipsec policy group at an interface means applying all ipsec policies in the group
simultaneously, so that different data streams can be protected by adopting
different SAs.
916 CHAPTER 9: SECURITY
Note that IKE will not use a policy with a template argument to initiate a
negotiation. Rather, it uses such a policy to response the negotiation initiated by
its peer.
For the related commands, see ipsec policy (interface view), security acl, tunnel
local, tunnel remote, sa duration, proposal, display ipsec policy, ipsec
policy-template, and ike-peer.
Example
# Set an ipsec policy whose name is newpolicy1, sequence number is 100, and
negotiation mode is isakmp.
[3Com] ipsec policy newpolicy1 100 isakmp
[3Com-ipsec-policy-isakmp-newpolicy1-100]
View
System view
Parameter
policy-name: Name of the ipsec policy. The naming rule is as follows: length is 1 to
15 bytes, the name is case insensitive and the characters can be English characters
or numbers, cannot include “-”.
seq-number: Serial number of the ipsec policy, ranging 1 to 10000. In one ipsec
policy group, the smaller the serial number of the ipsec policy, the higher the
preference.
Description
Using the ipsec policy-template command, you can establish or modify an ipsec
policy template, and enter ipsec policy view. Using the undo ipsec
policy-template policy-name command, you can delete the ipsec policy group
named policy-name. Using the undo ipsec policy-template policy-name
seq-number command, you can delete an ipsec policy with the name
policy-name and the serial number seq-number.
A policy template that has been created with the name being template-name can
be referenced by the ipsec policy policy-name seq-number isakmp template
template-name command to create an IPSec policy.
The IPSec policy template and the security policy of IPSec IPSAMP negotiation
share the same kinds of arguments, including the referenced IPSec proposal, the
protected traffic, PFS feature, lifetime, and the address of the remote tunnel end.
However, you should note that the proposal argument is compulsory to be
configured whereas other arguments are optional. If an IPSec policy template is
used for the policy match operation undertaken in an IKE negotiation, the
configured arguments must be matched, and the settings of the initiator will be
used if the corresponding arguments have not been configured.
For the related commands, see ipsec policy, security acl, tunnel local, tunnel
remote, proposal, display ipsec policy, and ike-peer.
Example
# Establish an ipsec policy template with the name template1 and the serial
number 100.
[3Com] ipsec policy-template template1 100
[3Com-ipsec-policy-template- template1-100]
View
System view
Parameter
proposal-name: Name of the specified proposal. The naming rule is: the length of
the name is 1 to 15 characters, case insensitive.
Description
Using the ipsec proposal proposal-name command, you can establish or modify
a proposal named proposal-name, and enter IPSec proposal view. Using the undo
ipsec proposal proposal-name command, you can delete the proposal named
proposal-name.
After a new IPSec proposal is established by using the ipsec proposal command,
the ESP protocol, DES encryption algorithm and MD5 authentication algorithm are
adopted by default.
Example
# Establish a proposal named newprop1.
[3Com] ipsec proposal newprop1
View
System view
Parameter
Description
Using the ipsec sa global-duration command, you can set a global SA duration.
Using the undo ipsec sa global-duration command, you can restore to the
default setting of the global SA duration.
When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration
specified by this command to negotiate with the peer. If the IPSec policy is
configured with its own duration, the system will use the duration of the IPSec
policy to negotiate with the peer. When IKE negotiates to set up an SA for IPSec,
the smaller one of the lifetime set locally and that proposed by the remote is
selected.
There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA,
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first the SA will become invalid. Before the SA is about to become
invalid IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.
IPSec Configuration Commands 919
Modifying the global SA duration will not affect a map that has individually set up
its own SA duration, or an SA already set up. But the modified global SA duration
will be used to set up a new SA in the future IKE negotiation.
The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.
For the related commands, see sa duration and display ipsec sa duration.
Example
# Set the global SA duration to 2 hours.
[3Com] ipsec sa global-duration time-based 7200
pfs Syntax
pfs { dh-group1 | dh-group2 }
undo pfs
View
IPSec policy view, IPSec policy template view
Parameter
Description
Using the pfs command, you can set the Perfect Forward Secrecy (PFS) feature for
the IPSec policy to initiate the negotiation. Using the undo pfs command, you can
set not to use the PFS feature during the negotiation.
The command is used to add a PFS exchange process when IPSec uses the ipsec
policy to initiate a negotiation. This additional key exchange is performed during
the phase 2 negotiation to enhance the communication’s safety. The DH group
specified by the local and remote ends must be consistent, otherwise the
negotiation will fail.
Can this command be used only when the security alliance is established through
IKE style.
Example
# Set that PFS must be used when negotiating through ipsec policy shanghai 200.
920 CHAPTER 9: SECURITY
proposal Syntax
proposal proposal-name1 [ proposal-name2...proposal-name6 ]
View
IPSec policy view, IPSec policy template view
Parameter
proposal-name1,…, proposal-name6: Name of the proposals adopted.
Description
Using the proposal command, you can set the proposal used by the IPSec policy.
Using the undo proposal command, you can cancel the proposal used by the
IPSec policy.
Before using this command, the corresponding IPSec proposal must has been
configured.
If set up in isakmp mode, an SA can use six proposals at most. IKE negotiation will
search for the matching proposal at both ends of the security tunnel.
If it is the IPSec template, each template can use six proposals at most, and the IKE
negotiation will search for the matching proposal.
For the related commands, see ipsec proposal, ipsec policy(system view), ipsec
policy(interface view), security acl, tunnel local and tunnel remote.
Example
# Set a proposal with name prop1, adopting ESP and the default algorithm, and
sets an IPSec policy as using a proposal name prop1.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal-prop1] quit
View
User view
Parameter
policy-name: Specifies the name of the IPSec policy. The naming rule is as follows:
length is 1 to 15 characters, case sensitive, and the character can be English
character or number.
seq-number: Optional parameter specifying the serial number of the ipsec policy. If
no seq-number is specified, the IPSec policy refers to all the policies in the IPSec
policy group named policy-name.
protocol: Specifies the security protocol by inputting the key word ah or esp, case
insensitive. ah indicates the Authentication Header protocol and esp indicates
Encapsulating Security Payload.
spi: Specifies the security parameter index (SPI), ranging 256 to 4294967295.
Description
Using the reset ipsec sa command, you can delete an SA already set up (manually
or through IKE negotiation). If no parameter (remote, policy, parameters) is
specified, all the SA will be deleted.
The keyword parameters will take effect only after the spi of the outbound SA is
defined. Because SAs appear in pairs, the inbound SA will also be deleted after the
outbound SA is deleted.
Example
# Delete all the SAs.
<3Com> reset ipsec sa
# Delete the SA of the ipsec policy with the name policy1 and the serial number
10.
View
User view
Parameter
none
Description
Using the reset ipsec statistics command, you can clear IPSec message statistics,
and set all the statistics to zero.
For the related command, see display ipsec statistics.
Example
# Clear IPSec message statistics.
<3Com> reset ipsec statistics
sa authentication-hex Syntax
sa authentication-hex { inbound | outbound } { ah | esp } hex-key
View
IPSec policy view in manual mode
IPSec Configuration Commands 923
Parameter
inbound: Configures the authentication-hex parameter for the inbound SA. IPSec
uses the inbound SA for processing the packet in the inbound direction (received).
ah: Sets the authentication-hex parameter for the SA using AH. If the IPSec
proposal used by the ipsec policy adopts AH, the ah key word is used here to set
the AH relevant parameter of the SA.
esp: Sets the authentication-hex parameter for the SA using ESP. If the IPSec
proposal used by the ipsec policy adopts ESP, the esp key word is used here to set
the ESP relevant parameter of the SA.
hex-key: Specifies a key for the SA input in the hex format. If MD5 is used, then
input a 16-byte key; if SHA1 is used, input a 20-byte key.
Description
Using the sa authentication-hex command, you can set the SA authentication
key manually for the ipsec policy of manual mode. Using the undo sa
authentication-hex command, you can delete the SA authentication key already
set.
This command is only used for the ipsec policy in manual mode.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually. IKE will automatically negotiate the SA parameter and establish a SA.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set SPI of the inbound SA to 10000, key to
0x112233445566778899aabbccddeeff00; sets the SPI of the outbound SA to
20000, and its key to 0xaabbccddeeff001100aabbccddeeff00 in the ipsec policy
using AH and MD5.
924 CHAPTER 9: SECURITY
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] quit
sa duration Syntax
sa duration { traffic-based kilobytes | time-based seconds }
View
IPSec policy view, IPSec policy template view
Parameter
Description
Using the sa duration command, you can set a SA duration of the ipsec policy.
Using the undo sa duration command, you can cancel the SA duration, i.e.,
restore the use of the global SA duration.
When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration to
negotiate with the peer. If the IPSec policy is configured with its own duration, the
system will use the duration of the IPSec policy to negotiate with the peer. When
IKE negotiates to set up an SA for IPSec, the shorter one of the lifetime set locally
and that proposed by the remote is selected.
There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first, the SA will become invalid. Before the SA is about to become
invalid, IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.
IPSec Configuration Commands 925
The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.
Example
# Set the Sa duration for the ipsec policy shenzhen 100 to 2 hours, that is, 7200
seconds.
[3Com] ipsec policy shenzhen 100 isakmp
# Set the Sa duration for the ipsec policy shenzhen 100 to 20M bytes, that is, the
SA is overtime when the traffic exceeds 20000 kilobytes.
sa encryption-hex Syntax
sa encryption-hex { inbound | outbound } esp hex-key
View
IPSec policy view in manual mode
Parameter
inbound: Sets the encryption-hex parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).
outbound: Sets the encryption-hex parameter for outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).
esp: Sets the encryption-hex parameter for the SA using ESP. If the IPSec proposal
used by the ipsec policy adopts ESP, the esp key word is used here to set the ESP
relevant parameter of the SA.
hex-key: Specifies a key for the SA input in the hex format. When applied in ESP, if
DES is used, then input a 8-byte key; if 3DES is used, then input a 24-byte key.
Description
Using the sa encryption-hex command, you can set the SA encryption key
manually for the ipsec policy of manual mode. Using the undo sa
encryption-hex command, you can delete the SA parameter already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
926 CHAPTER 9: SECURITY
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish an SA.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, and the key to 0x1234567890abcdef;
set the SPI of the outbound SA to 20000, and its key to 0xabcdefabcdef1234 in
the ipsec policy using ESP and DES.
[3Com] ipsec proposal prop_esp
[3Com-ipsec-proposal-prop_esp] quit
sa spi Syntax
sa spi { inbound | outbound } { ah | esp } spi-number
View
IPSec policy view in manual mode
Parameter
inbound: Sets the spi parameter for the inbound SA. IPSec uses the inbound SA
for processing the packet in the inbound direction (received).
outbound: Sets the spi parameter for outbound SA. IPSec uses the outbound SA
for processing the packet in the outbound direction (sent).
IPSec Configuration Commands 927
ah: Sets the spi parameter for the SA using AH. If the IPSec proposal set used by
the ipsec policy adopts AH, the ah key word is used here to set the spi relevant
parameter of the SA.
esp: Sets the spi parameter for the SA using ESP. If the IPSec proposal set used by
the ipsec policy adopts ESP, the esp key word is used here to set the spi relevant
parameter of the SA.
spi-number: Security Parameter Index (SPI) in the triplet identification of the SA,
ranging 256 to 4294967295. The triplet identification of the SA, which appears as
SPI, destination address, and protocol number, must be unique.
Description
Using the sa spi command, you can set the SA SPI manually for the ipsec policy of
manual mode. Using the undo sa spi command, you can delete the SA SPI
already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, set the SPI of the outbound SA to
20000, in the ipsec policy using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] quit
sa string-key Syntax
sa string-key { inbound | outbound } { ah | esp } string-key
View
IPSec policy view in manual mode
Parameter
inbound: Sets the string-key parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).
outbound: Sets the string-key parameter for the outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).
ah: Sets the string-key parameter for the SA using AH. If the IPSec proposal set
used by the ipsec policy adopts AH, the ah key word is used here to set the
string-key relevant parameter of the SA.
esp: Sets the string-key parameter for the SA using ESP. If the IPSec proposal set
used by the ipsec policy adopts ESP, the esp key word is used here to set the
string-key relevant parameter of the SA.
string-key: Specifies the key for an SA input in the character string format, with a
length ranging 1 to 256 characters. For different algorithms, you can input
character strings of any length in the specified range, and the system will generate
keys meeting the algorithm requirements automatically according to the input
character strings. As for ESP, the system will automatically generate the key for the
authentication algorithm and that for the encryption algorithm at the same time.
Description
Using the sa string-key command, you can set the SA parameter manually for
the ipsec policy of manual mode. Using the undo sa string-key command, you
can delete the SA parameter already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
IPSec Configuration Commands 929
is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, and the key string to abcdef; sets the
SPI of the outbound SA to 20000, and its key string to efcdab in the ipsec policy
using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] quit
View
IPSec policy view, IPSec policy template view
Parameter
acl-number: Specifies the number of the access control list used by the ipsec
policy, ranging 1000 to1999.
Description
Using the security acl command, you can set an access control list to be used by
the ipsec policy. Using the undo security acl command, you can remove the
access control list used by the ipsec policy.
The data flow that will be protected by the IPSec policy is confined by the ACL in
this command. According to the rules in the ACL, IPSec determines which packets
need security protection and which do not. The packet permitted by the access
control list will be protected, and a packet denied by the access control list will not
be protected. The denied packets are sent out derectly without IPSec protection.
930 CHAPTER 9: SECURITY
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the ipsec policy as using access control list 101.
[3Com] acl number 101
transform Syntax
transform { ah | ah-esp | esp }
undo transform
View
IPSec proposal view
Parameter
ah-esp: Uses ESP specified in RFC2406 to protect the packets and then use AH
protocol specified in RFC2402 to authenticate packets.
Description
Using the transform command, you can set a security protocol used by a
proposal. Using the undo transform command, you can restore the default
security protocol.
If ESP is adopted, the default encryption algorithm is DES and the authentication
algorithm is MD5.
While establishing an SA manually, the proposals used by the ipsec policy set at
both ends of the security tunnel must be set as using the same security protocol.
IPSec Configuration Commands 931
The following figure illustrates the data encapsulation formats of different security
protocols in the transport mode and the tunnel mode.
Transfer
Security mode transport tunnel
protocol
ah IP AH data IP AH IP data
Example
# Set a proposal using AH.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal-prop1] transform ah
View
IPSec policy view in Manual mode
Parameter
ip-address: Local address in dotted decimal format.
Description
Using the tunnel local command, you can set the local address of an ipsec policy.
Using the undo tunnel local command, you can delete the local address set in
the ipsec policy.
It is not necessary to set a local address for an ipsec policy in isakmp mode, so this
command is invalid in this situation. IKE can automatically obtain the local address
from the interface where this ipsec policy is applied.
As for the ipsec policy in manual mode, it is necessary to set the local address
before the SA can be established. A security tunnel is set up between the local and
932 CHAPTER 9: SECURITY
remote end, so the local address and remote address must be correctly configured
before a security tunnel can be set up.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel remote, sa duration and proposal.
Example
# Set the local address for the ipsec policy, which is applied at serial 4/1/2 whose IP
address is 10.0.0.1.
[3Com] ipsec policy guangzhou 100 manual
[3Com-ipsec-policy-manual-guangzhou-100] quit
View
Manually-established IPSec policy view
Parameter
ip-address: Remote address in dotted decimal format.
Description
Using the tunnel remote command, you can set the remote address of an ipsec
policy. Using the undo tunnel remote command, you can delete the remote
address in the ipsec policy.
For the ipsec policy in manual mode, only one remote address can be set. If a
remote address is already set, this existing address must be deleted before a new
one can be set.
The security tunnel is established between the local and remote ends. The remote
address must be set correctly on both ends of the security tunnel.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, sa duration, proposal.
Example
# Set the remote address of the ipsec policy to 10.1.1.2.
[3Com] ipsec policy shanghai 10 manual
IKE Configuration
Commands
authentication-algorith Syntax
m
authentication-algorithm { md5 | sha }
undo authentication-algorithm
View
IKE Proposal View
Parameter
Description
Using the authentication-algorithm command, you can select the
authentication algorithm for an IKE proposal. Using the undo
authentication-algorithm command, you can restore the authentication
algorithm for an IKE proposal to the default.
For the related commands, see ike proposal, display ike proposal.
Example
# Set HMAC-MD5 as the authentication algorithm for IKE proposal 10.
[3Com] ike proposal 10
authentication-method Syntax
authentication-method { pre-share }
undo authentication-method
View
IKE proposal view
Parameter
pre-share: Specifies the pre-shared key authentication as the Internet Key
Exchange (IKE) proposal authentication method.
Description
Using the authentication-method command, you can select the authentication
method used by an IKE proposal. Using the undo authentication-method
command, you can restore the authentication method used by an IKE proposal to
the default.
934 CHAPTER 9: SECURITY
For the related commands, see ike proposal and display ike proposal.
Example
# Specify pre-shared key authentication as the authentication method for IKE
proposal 10.
[3Com] ike proposal 10
View
User view
Parameter
Description
Using the debugging ike command, you can enable IKE debugging. Using the
undo debugging ike command, you can disable IKE debugging.
Example
# Enable IKE error debugging.
<3Com> debugging ike error
dh Syntax
dh { group1 | group2 }
undo dh
View
IKE proposal view
IKE Configuration Commands 935
Parameter
Description
Using the dh command, you can select the Diffie-Hellman group for an IKE
proposal. Using the undo dh command, you can restore the Diffie-Hellman group
for an IKE proposal to the default.
For the related commands, see ike proposal, display ike proposal.
Example
# Specify 768-bit Diffie-Hellman for IKE proposal 10.
[3Com] ike proposal 10
[3Com-ike-proposal-10] dh group1
View
Any view
Parameter
none
Description
Using the display ike proposal command, you can view the parameters
configured for each IKE proposal.
Example
# View the IKE proposal information after two IKE proposals are configured.
[3Com] display ike proposal
sa duration(seconds): 5000
sa duration(seconds): 50000
sa duration(seconds): 86400
Item Description
Protection suite priority priority of the IKE proposal, being any integer
between 1 and 100. The larger the priority
value, the lower the priority.
encryption algorithm encryption algorithm used by the IKE proposal
authentication algorithm authentication algorithm used by the IKE
proposal
authentication method authentication method used by the IKE
proposal
Diffie-Hellman group Diffie-Hellman (DH) group ID
sa duration ISAKMP Sa duration used by the IKE proposal
Default protection suite Default IKE proposal, which is used by default
or when all the configured IKE policies are not
matched. Its priority is the lowest.
View
Any view
Parameter
none
Description
Using the display ike sa command, you can view the current security tunnels
established by IKE.
Example
# View the security tunnels established by IKE.
[3Com] display ike sa
flag meaning:
The descriptions of the items displayed are listed in the following table.
Table 22 Display Information of IKE SA
Item Description
conn-id Security channel ID
remote Remote IP address of this SA
flag Display the status of this SA
RD (READY) means this SA has been ST (STAYALIVE) means that SA duration is
established successfully negotiated, and this SA will be refreshed in
fixed interval.
RL (REPLACED) means that this SA has been FD (FADING) means this SA has been soft
replaced by a new one, and will be timeout, but is still in use, and will be deleted
automatically deleted after a period of time. at the time of hard timeout.
TO (TIMEOUT) means this SA have not phase
received any keepalive packet after previous
keepalive timeout occurred. If this SA receives
no keepalive packet till next keepalive timeout
occurs, this SA will be deleted.
Phase of the SA: Phase 1: a phase of establishing security
channel to communicate, ISAKMP SA will be
established in the phase;
Phase 2: a phase of negotiating security doi
service, IPSec SA will be established in the
phase.
Domain of Interpretation
encryption-algorithm Syntax
encryption-algorithm { des-cbc | 3des-cbc }
undo encryption-algorithm
View
IKE proposal view
Parameter
des-cbc: Selects the 56-bit DES-CBC encryption algorithm for an IKE proposal.
DES algorithm adopts 56-bit keys for encryption.
938 CHAPTER 9: SECURITY
3des-cbc: Setss the encryption algorithm to the 3DES algorithm in CBC mode. The
3DES algorithm uses 168-bit keys for encryption.
Description
Using the encryption command, you can specify the encryption algorithm for an
IKE proposal. Using the undo encryption command, you can restore to the
default.
For the related commands, see ike proposal and display ike proposal.
Example
# Specify the 56-bit DES-CBC encryption algorithm for IKE proposal 10.
[3Com] ike proposal 10
exchange-mode Syntax
exchange-mode [ aggressive | main ]
undo exchange-mode
View
IKE-peer view
Parameter
Description
Using the exchange-mode command, you can select an IKE negotiation mode.
Using the undo exchange-mode command, you can restore the default
negotiation mode.
If the device at one end of a security tunnel obtains IP address dynamically, IKE
negotiation mode must be set to aggressive.
Example
# Adopt the main mode for IKE negotiation.
[Router] ike peer new_peer
id-type Syntax
id-type [ ip | name ]
IKE Configuration Commands 939
undo id-type
View
IKE-peer view
Parameter
name: Uses name of the local GW as its ID, i.e., IKE local ID designated by the ike
local id the command.
Description
Using the id-type command, you can select the type of ID used for identifying the
local GW in an IKE negotiation. Using the undo id-type command, you can
restore the default setting.
By default, the local GW is identified by its IP address.
If the id-type name command is configured, id configured in the ike local id
command will be used as ID of the local GW.
In main mode, only IP address can be used to identify the local GW. In IKE
aggressive mode, however, both IP address and name (configured using the ike
local id command) can be used to identify the local GW for SA setup. In the latter
case, regardless of the IP address assigned to a subscriber, whether static
or dynamic, an SA can be set up so long as the name and password used for
setting up the SA are correct.
Example
# Identify the local GW by name.
[Router] ike peer new_peer
View
System view
Parameter
id: ID of the local GW, which can be a string of 1 to 32 characters.
Description
Using the ike local id command, you can configure ID of the local GW. Using the
undo ike local id command, you can restore the default ID of the local GW.
Only if the id-type name command has been configured can the id configured
using the ike local id command be ID of the local GW.
Example
# Identify the local GW by the configured name (local ID) “beijing_VPN”
[Router] ike local id beijing_VPN
View
System view
Parameter
peer-name: IKE peer name, which can be a string of up to 15 characters.
Description
Using the ike peer command, you can configure an IKE peer and access IKE-peer
view. Using the undo ike peer command, you can delete an IKE peer.
Example
# Configure an IKE peer “new_peer” and access its view.
[Router] ike peer new_peer
[3Com-ike-peer-new_peer]
View
IPSec policy view, IPSec policy template view
Parameter
peer-name: IKE peer name, which is a string of up to 15 characters.
Description
Using the ike peer command, you can quote an IKE peer in an IPSec policy or
IPSec policy template. Using the undo ike peer command, you can remove the
quoted IKE peer from the IPSec policy or IPSec policy template.
Example
# Quote an IKE peer in the IPSec policy.
[Router-ipsec-policy-isakmp-policy-10] ike peer new_peer
IKE Configuration Commands 941
View
System view
Parameter
priority-level: An integer ranging 1 to 100, it is a priority level of an IKE proposal,
and can distinguish this proposal from other proposal, the bigger the
value(priority-level) be selected, the lower the priority level be set actually.
Description
Using the ike proposal command, you can define an IKE proposal. Using the
undo ike proposal command, you can delete an IKE proposal.
By default, the system provides default IKE proposal with the lowest priority.
Performing this command in system view will enter IKE proposal view. In the IKE
proposal, you can select encryption algorithm, authentication algorithm, DH group
ID, authentication method and specify sa duration for this IKE proposal. Default
IKE proposal has a default encryption algorithm, authentication algorithm, DH
group ID, authentication method and sa duration, as follows:
These parameters will be used to establish a security tunnel once these parameters
are confirmed by both sides of the negotiation.
Both sides of the negotiation can be configured in more then one IKE proposal.
During the negotiation, the IKE proposals in both sides are selected to match one
by one, by turns of their priority level. The parameters that must be same durning
the match are encryption algorithm, authentication algorithm, authentication
method, and DH group. The sa duration is decided by the initiator of the
negotiation, needing no agreement.
Example
# Define IKE proposal 10 with default encryption algorithm.
[3Com] ike proposal 10
View
System view
Parameter
seconds: Specifies the interval for sending Keepalive packet to the remote end
through ISAKMP SA. It can be set to a value in the range 20 to 28800.
Description
Using the ike sa keepalive-timer interval command, you can configure the
interval for sending Keepalive packet to the remote end through ISAKMP SA.
Using the undo ike sa keepalive-timer interval command, you can disable the
function.
This command is used to configure the interval for sending Keepalive packet to
the remote end through ISAKMP SA. IKE maintains the link state of the ISAKMP
SA by using the Keepalive packet. In general, if a timeout is configured at the
remote end by using the ike sa keepalive-timer timeout command, an interval
for sending Keepalive packet must be configured at the local end. When the
remote end in the configured timeout time does not receive the Keepalive packet,
the ISAKMP SA with the TIMEOUT flag and the IPSec SA corresponding to it will
be deleted, and otherwise the ISAKMP SA without the TIMEOUT flag will be
marked as TIMEOUT. Thus the configured timeout should be longer than the
interval for sending the Keepalive packet during configuration.
For the related command, see ike sa keepalive-timer timeout.
Example
# Configure the interval as 20 seconds for the local end to send Keepalive packet
to the remote end.
[3Com] ike sa keepalive-timer interval 20
View
System view
IKE Configuration Commands 943
Parameter
seconds: Specifies the timeout for ISAKMP SA to wait for the Keepalive packet. It
can be set to a value in the range 20 to 28800.
Description
Using the ike sa keepalive-timer timeout command, you can configure a
timeout for ISAKMP SA to wait for the Keepalive packet. Using the undo ike sa
keepalive-timer timeout command, you can disable the function.
By default, this function is disabled.
This command is used to configure the timeout for the remote end to send the
Keepalive packet. IKE maintains the link state of the ISAKMP SA by using the
Keepalive packet. When the remote end in the configured timeout does not
receive the Keepalive packet, the ISAKMP SA with the TIMEOUT flag and the IPSec
SA corresponding to it will be deleted, and otherwise the ISAKMP SA without the
TIMEOUT flag will be marked as TIMEOUT. Thus the configured timeout should be
longer than the interval for sending the Keepalive packet during configuration.
Generally, packets will not be lost for more than three consecutive times in the
network, so the timeout can be configured as three times of the interval set for
the remote end to send Keepalive packets.
Example
# Configure the timeout as 20 seconds for the local end to wait for the remote
end to send the Keepalive packet.
[3Com] ike sa keepalive-timer timeout 20
nat-traversal Syntax
nat-traversal
undo nat-traversal
View
IKE-peer view
Parameter
None
Description
Using the nat-traversal command, you can configure the NAT traversal function
of IKE/IPSec. Using the undo nat-traversal command, you can disable the NAT
traversal function of IKE/IPSec.
This command fits for the application that the NAT GW functionality is included in
the VPN tunnel constructed by IKE/IPSec.
Example
# Enable the NAT traversal function.
944 CHAPTER 9: SECURITY
pre-shared-key Syntax
pre-shared-key key
undo pre-shared-key
View
IKE-peer view
Parameter
key: Specifies a pre-shared key, which is a string of 1 to 128 characters.
Description
Using the pre-shared-key command, you can configure a pre-shared key to be
used in IKE negotiation. Using the undo pre-shared-key command, you can
remove the pre-shared key used in IKE negotiation.
Example
# Set the pre-shared key used in IKE negotiation to “abcde”.
[Router] ike peer new_peer
remote-address Syntax
remote-address ip-address
undo remote-address
View
IKE-peer view
Parameter
ip-address: IP address.
Description
Using the remote-address command, you can configure IP address of the remote
GW. Using the undo remote-address command, you can delete IP address of the
remote GW.
ip-address configured in this command should comply with the one configured for
the remote GW.
Example
# Set IP address of the remote GW to 10.0.0.1.
[Router] ike peer new_peer
remote-id Syntax
remote-id id
undo remote-id
View
IKE-peer view
Parameter
id: Specifies ID of the remote GW, which is a string of 1 to 32 characters.
Description
Using the remote-id command, you can specify a remote GW. Using the undo
remote-id command, you can remove the configuration of the remote GW.
id configured in this command must be the same one configured using the ike
local id command on the remote GW.
Example
# Set ID of the remote GW to “beijing”.
[Router] ike peer new_peer
View
User view
Parameter
connection-id: Specifies the SA to be deleted. If this parameter is not specified, all
the SAs at phase 1 and phase 2 will be deleted.
Description
Using the reset ike sa command, you can delete the security tunnel set up by IKE.
If connection-id is not specified, all the SAs at phase 1 and phase 2 will be deleted.
If ISAKMP SA at phase 1 exists when deleting the local security tunnel, a Delete
Message notification is sent to the remote under the protection of this security
tunnel to notify the remote to delete the SA database.
IKE uses ISAKMP of two phases: phase 1 or ISAKMP SA to establish SA, phase 2 or
IPSec SA to negotiate and establish IPSec SA, using the former established SA.
Example
# Delete the security tunnel to 202.38.0.2.
<3Com> display ike sa
946 CHAPTER 9: SECURITY
flag meaning:
flag meaning:
sa duration Syntax
sa duration seconds
undo sa duration
View
IKE proposal view
Parameter
seconds: Specifies the ISAKMP Sa duration. When the sa duration expires, ISAKMP
SA will update automatically. It can be set to a value in the range 60 to 604800
seconds.
Description
Using the sa duration command, you can specify the ISAKMP Sa duration for an
IKE proposal. Using the undo sa duration command, you can restore it to the
default.
Before the sa duration for a SA expires, a new SA will be negotiated for replacing
the existing SA, and the old SA will be automatically cleared when the Sa duration
expires.
For the related commands, see ike proposal and display ike proposal.
authentication-algorith Syntax
m
authentication-algorithm { md5 | sha }
undo authentication-algorithm
IKE Configuration Commands 947
View
IKE Proposal View
Parameter
Description
Using the authentication-algorithm command, you can select the
authentication algorithm for an IKE proposal. Using the undo
authentication-algorithm command, you can restore the authentication
algorithm for an IKE proposal to the default.
For the related commands, see ike proposal, display ike proposal.
Example
# Set HMAC-MD5 as the authentication algorithm for IKE proposal 10.
[3Com] ike proposal 10
authentication-method Syntax
authentication-method { pre-share }
undo authentication-method
View
IKE proposal view
Parameter
pre-share: Specifies the pre-shared key authentication as the Internet Key
Exchange (IKE) proposal authentication method.
Description
Using the authentication-method command, you can select the authentication
method used by an IKE proposal. Using the undo authentication-method
command, you can restore the authentication method used by an IKE proposal to
the default.
For the related commands, see ike proposal and display ike proposal.
948 CHAPTER 9: SECURITY
Example
# Specify pre-shared key authentication as the authentication method for IKE
proposal 10.
[3Com] ike proposal 10
View
User view
Parameter
Description
Using the debugging ike command, you can enable IKE debugging. Using the
undo debugging ike command, you can disable IKE debugging.
Example
# Enable IKE error debugging.
<3Com> debugging ike error
dh Syntax
dh { group1 | group2 }
undo dh
View
IKE proposal view
Parameter
Description
Using the dh command, you can select the Diffie-Hellman group for an IKE
proposal. Using the undo dh command, you can restore the Diffie-Hellman group
for an IKE proposal to the default.
For the related commands, see ike proposal, display ike proposal.
Example
# Specify 768-bit Diffie-Hellman for IKE proposal 10.
[3Com] ike proposal 10
[3Com-ike-proposal-10] dh group1
View
Any view
Parameter
none
Description
Using the display ike proposal command, you can view the parameters
configured for each IKE proposal.
Example
# View the IKE proposal information after two IKE proposals are configured.
[3Com] display ike proposal
sa duration(seconds): 5000
sa duration(seconds): 50000
sa duration(seconds): 86400
Item Description
Protection suite priority priority of the IKE proposal, being any integer between 1 and 100.
The larger the priority value, the lower the priority.
encryption algorithm encryption algorithm used by the IKE proposal
authentication authentication algorithm used by the IKE proposal
algorithm
authentication method authentication method used by the IKE proposal
Diffie-Hellman group Diffie-Hellman (DH) group ID
sa duration ISAKMP Sa duration used by the IKE proposal
Default protection Default IKE proposal, which is used by default or when all the
suite configured IKE policies are not matched. Its priority is the lowest.
View
Any view
Parameter
none
Description
Using the display ike sa command, you can view the current security tunnels
established by IKE.
Example
# View the security tunnels established by IKE.
[3Com] display ike sa
flag meaning:
The descriptions of the items displayed are listed in the following table.
Table 24 Display information of IKE SA
Item Description
conn-id Security channel ID
remote Remote IP address of this SA
flag Display the status of this SA
RD (READY) means this SA has been established ST (STAYALIVE) means that SA duration is
successfully negotiated, and this SA will be refreshed
in fixed interval.
RL (REPLACED) means that this SA has been FD (FADING) means this SA has been soft
replaced by a new one, and will be timeout, but is still in use, and will be
automatically deleted after a period of time. deleted at the time of hard timeout.
TO (TIMEOUT) means this SA have not received phase
any keepalive packet after previous keepalive
timeout occurred. If this SA receives no
keepalive packet till next keepalive timeout
occurs, this SA will be deleted.
Phase of the SA: Phase 1: a phase of establishing security
channel to communicate, ISAKMP SA will
be established in the phase;
Phase 2: a phase of negotiating security service, doi
IPSec SA will be established in the phase.
Domain of Interpretation
encryption-algorithm Syntax
encryption-algorithm { des-cbc | 3des-cbc }
undo encryption-algorithm
View
IKE proposal view
Parameter
des-cbc: Selects the 56-bit DES-CBC encryption algorithm for an IKE proposal.
DES algorithm adopts 56-bit keys for encryption.
3des-cbc: Setss the encryption algorithm to the 3DES algorithm in CBC mode. The
3DES algorithm uses 168-bit keys for encryption.
Description
Using the encryption command, you can specify the encryption algorithm for an
IKE proposal. Using the undo encryption command, you can restore to the
default.
For the related commands, see ike proposal and display ike proposal.
Example
# Specify the 56-bit DES-CBC encryption algorithm for IKE proposal 10.
[3Com] ike proposal 10
exchange-mode Syntax
exchange-mode [ aggressive | main ]
undo exchange-mode
View
IKE-peer view
Parameter
Description
Using the exchange-mode command, you can select an IKE negotiation mode.
Using the undo exchange-mode command, you can restore the default
negotiation mode.
If the device at one end of a security tunnel obtains IP address dynamically, IKE
negotiation mode must be set to aggressive.
Example
# Adopt the main mode for IKE negotiation.
[Router] ike peer new_peer
id-type Syntax
id-type [ ip | name ]
undo id-type
View
IKE-peer view
Parameter
name: Uses name of the local GW as its ID, i.e., IKE local ID designated by the ike
local id the command.
IKE Configuration Commands 953
Description
Using the id-type command, you can select the type of ID used for identifying the
local GW in an IKE negotiation. Using the undo id-type command, you can
restore the default setting.
By default, the local GW is identified by its IP address.
If the id-type name command is configured, id configured in the ike local id
command will be used as ID of the local GW.
In main mode, only IP address can be used to identify the local GW. In IKE
aggressive mode, however, both IP address and name (configured using the ike
local id command) can be used to identify the local GW for SA setup. In the latter
case, regardless of the IP address assigned to a subscriber, whether static
or dynamic, an SA can be set up so long as the name and password used for
setting up the SA are correct.
Example
# Identify the local GW by name.
[Router] ike peer new_peer
View
System view
Parameter
id: ID of the local GW, which can be a string of 1 to 32 characters.
Description
Using the ike local id command, you can configure ID of the local GW. Using the
undo ike local id command, you can restore the default ID of the local GW.
Only if the id-type name command has been configured can the id configured
using the ike local id command be ID of the local GW.
Example
# Identify the local GW by the configured name (local ID) “beijing_VPN”
[Router] ike local id beijing_VPN
View
System view
Parameter
peer-name: IKE peer name, which can be a string of up to 15 characters.
Description
Using the ike peer command, you can configure an IKE peer and access IKE-peer
view. Using the undo ike peer command, you can delete an IKE peer.
Example
# Configure an IKE peer “new_peer” and access its view.
[Router] ike peer new_peer
[3Com-ike-peer-new_peer]
View
IPSec policy view, IPSec policy template view
Parameter
peer-name: IKE peer name, which is a string of up to 15 characters.
Description
Using the ike peer command, you can quote an IKE peer in an IPSec policy or
IPSec policy template. Using the undo ike peer command, you can remove the
quoted IKE peer from the IPSec policy or IPSec policy template.
Example
# Quote an IKE peer in the IPSec policy.
[Router-ipsec-policy-isakmp-policy-10] ike peer new_peer
View
System view
IKE Configuration Commands 955
Parameter
priority-level: An integer ranging 1 to 100, it is a priority level of an IKE proposal,
and can distinguish this proposal from other proposal, the bigger the
value(priority-level) be selected, the lower the priority level be set actually.
Description
Using the ike proposal command, you can define an IKE proposal. Using the
undo ike proposal command, you can delete an IKE proposal.
By default, the system provides default IKE proposal with the lowest priority.
Performing this command in system view will enter IKE proposal view. In the IKE
proposal, you can select encryption algorithm, authentication algorithm, DH group
ID, authentication method and specify sa duration for this IKE proposal. Default
IKE proposal has a default encryption algorithm, authentication algorithm, DH
group ID, authentication method and sa duration, as follows:
These parameters will be used to establish a security tunnel once these parameters
are confirmed by both sides of the negotiation.
Both sides of the negotiation can be configured in more then one IKE proposal.
During the negotiation, the IKE proposals in both sides are selected to match one
by one, by turns of their priority level. The parameters that must be same durning
the match are encryption algorithm, authentication algorithm, authentication
method, and DH group. The sa duration is decided by the initiator of the
negotiation, needing no agreement.
Example
# Define IKE proposal 10 with default encryption algorithm.
[3Com] ike proposal 10
View
System view
Parameter
seconds: Specifies the interval for sending Keepalive packet to the remote end
through ISAKMP SA. It can be set to a value in the range 20 to 28800.
Description
Using the ike sa keepalive-timer interval command, you can configure the
interval for sending Keepalive packet to the remote end through ISAKMP SA.
Using the undo ike sa keepalive-timer interval command, you can disable the
function.
This command is used to configure the interval for sending Keepalive packet to
the remote end through ISAKMP SA. IKE maintains the link state of the ISAKMP
SA by using the Keepalive packet. In general, if a timeout is configured at the
remote end by using the ike sa keepalive-timer timeout command, an interval
for sending Keepalive packet must be configured at the local end. When the
remote end in the configured timeout time does not receive the Keepalive packet,
the ISAKMP SA with the TIMEOUT flag and the IPSec SA corresponding to it will
be deleted, and otherwise the ISAKMP SA without the TIMEOUT flag will be
marked as TIMEOUT. Thus the configured timeout should be longer than the
interval for sending the Keepalive packet during configuration.
For the related command, see ike sa keepalive-timer timeout.
Example
# Configure the interval as 20 seconds for the local end to send Keepalive packet
to the remote end.
[3Com] ike sa keepalive-timer interval 20
View
System view
Parameter
seconds: Specifies the timeout for ISAKMP SA to wait for the Keepalive packet. It
can be set to a value in the range 20 to 28800.
Description
Using the ike sa keepalive-timer timeout command, you can configure a
timeout for ISAKMP SA to wait for the Keepalive packet. Using the undo ike sa
keepalive-timer timeout command, you can disable the function.
By default, this function is disabled.
IKE Configuration Commands 957
This command is used to configure the timeout for the remote end to send the
Keepalive packet. IKE maintains the link state of the ISAKMP SA by using the
Keepalive packet. When the remote end in the configured timeout does not
receive the Keepalive packet, the ISAKMP SA with the TIMEOUT flag and the IPSec
SA corresponding to it will be deleted, and otherwise the ISAKMP SA without the
TIMEOUT flag will be marked as TIMEOUT. Thus the configured timeout should be
longer than the interval for sending the Keepalive packet during configuration.
Generally, packets will not be lost for more than three consecutive times in the
network, so the timeout can be configured as three times of the interval set for
the remote end to send Keepalive packets.
Example
# Configure the timeout as 20 seconds for the local end to wait for the remote
end to send the Keepalive packet.
[3Com] ike sa keepalive-timer timeout 20
nat-traversal Syntax
nat-traversal
undo nat-traversal
View
IKE-peer view
Parameter
None
Description
Using the nat-traversal command, you can configure the NAT traversal function
of IKE/IPSec. Using the undo nat-traversal command, you can disable the NAT
traversal function of IKE/IPSec.
This command fits for the application that the NAT GW functionality is included in
the VPN tunnel constructed by IKE/IPSec.
Example
# Enable the NAT traversal function.
pre-shared-key Syntax
pre-shared-key key
undo pre-shared-key
958 CHAPTER 9: SECURITY
View
IKE-peer view
Parameter
key: Specifies a pre-shared key, which is a string of 1 to 128 characters.
Description
Using the pre-shared-key command, you can configure a pre-shared key to be
used in IKE negotiation. Using the undo pre-shared-key command, you can
remove the pre-shared key used in IKE negotiation.
Example
# Set the pre-shared key used in IKE negotiation to “abcde”.
[Router] ike peer new_peer
remote-address Syntax
remote-address ip-address
undo remote-address
View
IKE-peer view
Parameter
ip-address: IP address.
Description
Using the remote-address command, you can configure IP address of the remote
GW. Using the undo remote-address command, you can delete IP address of the
remote GW.
ip-address configured in this command should comply with the one configured for
the remote GW.
Example
# Set IP address of the remote GW to 10.0.0.1.
[Router] ike peer new_peer
remote-id Syntax
remote-id id
undo remote-id
View
IKE-peer view
IKE Configuration Commands 959
Parameter
id: Specifies ID of the remote GW, which is a string of 1 to 32 characters.
Description
Using the remote-id command, you can specify a remote GW. Using the undo
remote-id command, you can remove the configuration of the remote GW.
id configured in this command must be the same one configured using the ike
local id command on the remote GW.
Example
# Set ID of the remote GW to “beijing”.
[Router] ike peer new_peer
View
User view
Parameter
connection-id: Specifies the SA to be deleted. If this parameter is not specified, all
the SAs at phase 1 and phase 2 will be deleted.
Description
Using the reset ike sa command, you can delete the security tunnel set up by IKE.
If connection-id is not specified, all the SAs at phase 1 and phase 2 will be deleted.
If ISAKMP SA at phase 1 exists when deleting the local security tunnel, a Delete
Message notification is sent to the remote under the protection of this security
tunnel to notify the remote to delete the SA database.
IKE uses ISAKMP of two phases: phase 1 or ISAKMP SA to establish SA, phase 2 or
IPSec SA to negotiate and establish IPSec SA, using the former established SA.
Example
# Delete the security tunnel to 202.38.0.2.
<3Com> display ike sa
flag meaning:
flag meaning:
sa duration Syntax
sa duration seconds
undo sa duration
View
IKE proposal view
Parameter
seconds: Specifies the ISAKMP Sa duration. When the sa duration expires, ISAKMP
SA will update automatically. It can be set to a value in the range 60 to 604800
seconds.
Description
Using the sa duration command, you can specify the ISAKMP Sa duration for an
IKE proposal. Using the undo sa duration command, you can restore it to the
default.
Before the sa duration for a SA expires, a new SA will be negotiated for replacing
the existing SA, and the old SA will be automatically cleared when the Sa duration
expires.
For the related commands, see ike proposal and display ike proposal.
IKE Configuration Commands 961
Example
# Specify the ISAKMP Sa duration for IKE proposal 10 as 600 seconds (10
minutes).
[3Com] ike proposal 10
authentication-method Syntax
authentication-method { pre-share | rsa-signature }
undo authentication-method
View
IKE proposal view
Parameter
pre-share: decides on pre-shared-key as the authentication method;
rsa-signature: decides on PKI digital signature as the authentication method.
Description
Using the authentication-method command, you can specify the authentication
method IKE policy uses. Using the undo authentication-method command, you
can reactivate the default authentication method.
pre-shared-key is the default authentication method.
This command is used to specify the authentication method for an IKE proposal.
Currently, both pre-shared-key and rsa-signature are practicable.
pre-shared-key requires the configuration of key, for which, you may refer to ike
pre-shared-key.
For related commands, see ike pre-shared-key, ike proposal, display ike
proposal, pki domain, and pki entity.
Example
# Specify pre-shared-key as the authentication method of IKE proposal 10
[Router] ike proposal 10
authentication-method Syntax
authentication-method { pre-share | rsa-signature }
undo authentication-method
View
IKE proposal view
Parameter
pre-share: decides on pre-shared-key as the authentication method;
rsa-signature: decides on PKI digital signature as the authentication method.
962 CHAPTER 9: SECURITY
Description
Using the authentication-method command, you can specify the authentication
method IKE policy uses. Using the undo authentication-method command, you
can reactivate the default authentication method.
pre-shared-key is the default authentication method.
This command is used to specify the authentication method for an IKE proposal.
Currently, both pre-shared-key and rsa-signature are practicable.
pre-shared-key requires the configuration of key, for which, you may refer to ike
pre-shared-key.
For related commands, see ike pre-shared-key, ike proposal, display ike
proposal, pki domain, and pki entity.
Example
# Specify pre-shared-key as the authentication method of IKE proposal 10
[Router] ike proposal 10
[Router-ike-proposal-10] authentication-method pre-share
PKI Configuration
Commands
PKI Domain
Configuration
Commands
ca identifier Syntax
ca identifier name
undo ca identifier
View
PKI domain view
Parameter
name: CA identifier this device trusts, within the range of 1 to 63 characters.
Description
Using the ca identifier command, you can specify the CA this device trusts and
have the “name” CA bound with this device. Using the undo ca identifier
command, you can delete the CA this device trusts.
Before the CA is deleted, the request, retrieval, revocation, and polling of this
certificate are carried out.
PKI Configuration Commands 963
Example
#Specify the name of the CA this device trusts.
[RouterCA-pki-domain-1]ca identifier new-ca
View
PKI domain view
Parameter
ca: indicates that the entity registers by CA for certificate request.
entity entity-name: name of the entity under certificate request. Within the
range of 1 to 15 characters, it shall be identical with that defined by the pki
entity command.
Description
Using the certificate request from command, you can choose between CA and
RA to register for certificate request. Using the undo certificate request from
command, you can undo the selection registration agent.
Example
# Specify that the entity registers by CA for certificate request
View
PKI domain view
964 CHAPTER 9: SECURITY
Parameter
manual: refers to the manual certificate request mode;
Description
Using the certificate request mode command, you can decide between the
manual or the auto request mode. Using the undo certificate request mode
command, you can restore the default request mode.
Auto mode enables the auto delivery of certificate request when there is no
certificate, or when the current certificate is about to expire. Manual mode
requires manual operation in the request process.
Example
# Set the request mode to Auto
[RouterCA-pki-domain-1]certificate request mode auto
View
PKI domain view
Parameter
minutes: renders the interval between two polls. Specified in minutes, it ranges
from 5 to 60 minutes, and by default, it is 20 minutes;
count: indicates the retry times. It ranges from 1 to 100, and by default, is 50.
Description
Using the certificate request polling command, you can specify the interval
between two polls and the retry times. Using the undo certificate request
polling command, you can restore the default parameters.
Example
# Specify the interval between two polls and the retry times
PKI Configuration Commands 965
View
PKI domain view
Parameter
string: refers to the server URL of the registration authority. Ranging from 1 to
255 characters, it composes server location and CA CGI command interface script
location in the format of http://server_location/ca_script_location. Thereamong,
server_location is generally expressed as IP address, which if is to be replaced by
server name, DNS needs to be configured for the conversion match between IP
addressed and server names.
Description
Using the certificate request url command, you can specify the server URL for
certificate request through SCEP protocol. SCEP is a protocol specialized in the
communication with authentication authorities. Using the undo certificate
request url command, you can delete the concerned location setting.
Example
#Specify the server location for certificate request.
[RouterCA-pki-domain-1] certificate request url http:
//169.254.0.100/ certsrv/mscep.dll
View
PKI domain view
Parameter
default: identical with the validity period of CRL
Description
Using the crl update period command, you can specify the update period of
CRL, which is the interval between local downloads of CRLs from access server.
966 CHAPTER 9: SECURITY
Using the undo crl update period command, you can restpre the default CRL
update period.
Example
#Specify CRL update period.
[RouterCA-pki-domain-1] crl update period 20
View
PKI domain view
Parameter
url-string: refers to the distribution point location of CRL. Ranging from 1 to
255 characters, it is in the format of Idap://server_location. Thereamong,
server_location is generally expressed as IP address, which if is to be replaced by
server name, DNS needs to be configured for the match between IP addresses and
server names.
Description
Using the crl url command, you can specify the distribution point URL for CRL.
Using the undo crl url command, you can undo the specification.
Example
#Specify the URL location of CRL database.
[RouterCA-pki-domain-1] crl url ldap: // 169.254.0 30
View
PKI domain view
Parameter
ip-address: IP address of LDAP server.
Description
Using the Idap server ip command, you can configure the LDAP server IP address
and the port. Using the undo ldap server ip command, you can cancel the
related configuration.
Example
#Specify the LDAP server address.
[RouterCA-pki-domain-1]ldap server ip 169.254.0 30
View
Any view
Parameter
name: PKI domain name specified for the quotation of other commands, indicating
the PKI domain this device belongs to. It can contain 1 to 15 characters.
Description
Using the pki domain command, you can enter PKI domain view, and configure
the parameters of LDAP server and for certificate request and authentication.
Using the undo pki domain command to delete the specified PKI domain.
Example
#Enter PKI domain view.
[RouterCA]pki domain 1
fqdn Syntax
fqdn name-str
undo fqdn
View
PKI entity view
Parameter
name-str: FQDN of an entity, within the range of 1 to 255 characters.
968 CHAPTER 9: SECURITY
Description
Using the fqdn command, you can specify the FQDN of an entity. Using the undo
fqdn command, you can delete the entity FQDN.
FQDN (Fully Qualified Domain Name) is the unique identifier an entity has in the
network, like email address. It can be resolved into IP address, usually in the form
of user.domain.
Example
#Configure the FQDN of an entity.
[RouterCA-pki-entity-1]fqdn pki.3com.com
undo common-name
View
PKI entity view
Parameter
name-str: common name of an entity, within the range of 1 to 31 characters
Description
Using the common-name command, you can specify the common name of an
entity, for instance, User Name. Using the undo common-name command, you
can delete the common name of this entity.
Example
#Configure the common name of an entity.
[RouterCA-pki-entity-1]common-name pki test
undo country
View
PKI entity view
Parameter
country-code-str: country code of 2 bytes
PKI Configuration Commands 969
Description
Using the country command, you can specify the code of the country the entity
belongs to. It is a standard 2-byte code, e.g., CN for China. Using the undo
country command, you can delete the country code of this entity.
Example
#Set the country code of an entity.
[RouterCA-pki-entity-1]country CN
ip Syntax
ip ip-address
undo ip
View
PKI entity view
Parameter
ip-address: IP address of an entity in the form of dotted decimal like A.B.C.D
Description
Using the ip command, you can specify the IP address of an entity. Using the
undo ip command, you can delete the specified IP address.
Example
#Configure the IP address of an entity.
[RouterCA-pki-entity-1]ip 161.12.2.3
locality Syntax
locality locality-str
undo locality
View
PKI entity view
Parameter
locality-str: name of the geographical locality of an entity, in the range of 1 to
31 characters.
Description
Using the locality command, you can name the geographical locality of an entity,
by a city for example. Using the undo locality command you can cancel the
mentioned naming operation.
Example
#Configure the name of the city where the entity lives.
[RouterCA-pki-entity-1]locality bei jing
organization Syntax
organization org-str
undo organization
View
PKI entity view
Parameter
org-str: organization name in the range of 1 to 31 characters.
Description
Using the organization command, you can specify the name of the organization
the entity belongs to. Using the undo organization command, you can delete
that name.
Example
#Configure the name of the organization to which an entity belongs.
[RouterCA-pki-entity-1]organization hua wei - 3com
undo organizational-unit
View
PKI entity view
Parameter
org-unit-str: organization unit name in the range of 1 to 31 characters.
Description
Using the organizational-unit command, you can specify the name of the
organization unit to which this entity belongs. Using the undo
organizational-unit command, you can delete the specified organization unit
name.
Example
#Configure the name of the organization unit to which an entity belongs.
[RouterCA-pki-entity-1]organizational-unit soft plat
PKI Configuration Commands 971
state Syntax
state state-str
undo state
View
PKI entity view
Parameter
state-str: state name within the range of 1 to 31 characters.
Description
Using the state command, you can clarify the name of the state where an entity
lies. Using the undo state command, you can cancel the previous operation.
Example
#Specify the state where an entity lies.
[RouterCA-pki-entity-1]state bei jing
View
Any view
Parameter
name-str: device-related unique character string of identification. Specified when
being quoted, it shall be within the range of 1 to 15 characters.
Description
Using the pki entity command, you can name a PKI entity and enter PKI entity
view. Using the undo pki entity command, you can delete the name and cancel
all configurations under the name space.
A variety of attributes can be configured in PKI entity view. name-str plays only for
the convenience in being quoted by other commands. No field of certificate is
concerned.
Example
#Enter PKI entity view.
[RouterCA]pki entity en
972 CHAPTER 9: SECURITY
View
Any view
Parameter
local: indicates the deletion of all local certificates that are locally stored.
ca: indicated the deletion of all CA certificates that are locally stored.
Description
Using the pki delete certificate command, you can delete the locally stored
certificates.
Example
#Delete the local certificates.
[RouterCA] pki delete certificate local
View
Any view
Parameter
domain-name: contains CA or RA related information. It is configured by using the
pki domain command.
pem: optionally involved in the printing of the certificate requests that can be in
outband modes such as phone, disk, and e-mail.
Description
Using the pki request certificate command, you can deliver certificate request
through SCEP to CA for the generated RSA key repair. If SCEP fails to go through
normal communication, you can print the local certificate request in base64
format using the optional parameter “pem”, copy it, and send one to CA in an
outband mode.
Example
#Manually apply for a certificate.
PKI Configuration Commands 973
View
Any view
Parameter
local: indicates the download of a local certificate.
Description
Using the pki retrieval certificate command, you can download a certificate
from the certificate issuing server.
Example
# Retrieve a certificate.
[RouterCA] pki retrieval certificate ca domain 1
View
Any view
Parameter
domain-name: contains CA or RA related information. It is configured by using the
pki domain command.
Description
Using the pki retrieval crl command, you can obtain the latest CRL from CRL
server for the verification of the validity of a current certificate.
Example
#Retrieve a CRL.
[RouterCA] pki retrieval crl domain 1
974 CHAPTER 9: SECURITY
View
Any view
Parameter
local: indicates the validation of a local certificate;
ca: indicates the validation of a CA certificate;
domain-name: specifies the domain of the certificate about to be verified. It is
configured by using the pki domain command.
Description
Using the pki validation certificate command, you can verify the validity of a
certificate. The focus is to check the CA signature on the certificate, and to make
sure that the certificate is still within the validity period and beyond revocation. All
certificates with authentic signatures of CA can pass the validation, since it is
believed that CA never issues fake certificates.
For related command, see pki domain.
Example
# Verify the validity of a certificate
[RouterCA] pki validation certificate domain 1
View
Any view
Parameter
request: debugging in certificate request;
retrieval: debugging in certificate retrieval;
verify: debugging in certification validation;
error: debugging in error cases
Description
Using the debugging pki command, you can enable PKI debugging functions.
Using the undo debugging pki command, you can disable PKI debugging
functions.
Unexpected problems do occur during the device operation. Debugging
commands enable the optional output and print of debugging information,
PKI Configuration Commands 975
facilitating the network monitor and fault diagnosis for the network operators and
developers.
By default, all PKI debugging functions are disabled.
Example
# Enable the debugging function related to errors in PKI certificate operation
[RouterCA] debugging pki error
[RouterCA] pki delete certificate ca
[RouterCA] pki request certificate 1
Certificate enroll failed!
Cannot get the CA/RA certificate when creating the x509 Request
# Enable the debugging function for PKI certificate retrieval
[RouterCA] debugging pki retrieval
[RouterCA] pki retrieval certificate local domain 1
Retrievaling CA/RA certificates. Please wait a while......
We receive 3 certificates.
The trusted CA's finger print is:
MD5 fingerprint: 74C9 B71D 406B DDB3 F74A 96BC E05B 40E9
SHA1 fingerprint: 770E 2937 4E32 ACD4 4ACC 7CF1 0FF0 6FB8 6C34 E24A
Is the finger print correct?(Y/N): y
Saving the CA/RA certificate to flash.....................Done!
# Enable the debugging function for PKI certificate request
[RouterCA] debugging pki request
[RouterCA] pki request certificate 1
Create PKCS#10 request: token seen: CN=pki test
Create PKCS#10 request: CN=pki test added
Create PKCS#10 request: subject dn set to '/CN=pki test'
Certificate Request:
…..
dir_name: certsrv/mscep/mscep.dll
host_name: 169.254.0.100
SCEP transaction id: 58D41D0C5A7B1E21C5F4A008B580B1A1
PKCS#7 envelope: creating inner PKCS#7
PKCS#7 envelope: data payload size: 297 bytes
data payload:
….
PKCS#7 envelope: successfully encrypted payload
PKCS#7 envelope: size 667 bytes
PKCS#7 envelope: creating outer PKCS#7
PKCS#7 envelope: signature added successfully
PKCS#7 envelope: adding signed attributes
976 CHAPTER 9: SECURITY
CN=myca
Key usage: general purpose
# Enable the debugging function for PKI certificate validation
[RouterCA] debugging pki validation
[RouterCA] pki validation certificate local domain 1
Verify certificate......
Serial Number:
101E266A 00000000 006B
Issuer:
emailAddress=myemail@3com.com
C=CN
ST=Beijing
L=Beijing
O=hw3c
OU=bjs
CN=myca
Subject:
C=CN
ST=bei jing
O=hua wei - 3com
CN=pki test
Verify result: ok
Field Description
Create PKCS#10 request Encapsulation of entity request in PKCS#10
format
PKCS#7 envelope Data encapsulation in PKCS#7 encryption
format
inner PKCS#7 PKCS#7 encryption of datagram
outer PKCS#7 Signing of PKCS#7 datagram
PKCS#7 develope De-encapsulation of PKCS#7 encrypted packet
host_name Host name of registration server
dir_name CGI script directory of registration server
data payload Data payload
token seen DN information of an entity
pkistatus PKI certificate operation status
SUCCESS Succeeded
FAILURE Failed
PENDING Waiting for procession
fingerprint Usually the signature of CA
base64 encoded A data encoding mode
x509 Request Request for certificates in standard X509
format
978 CHAPTER 9: SECURITY
Field Description
Key usage Encryption, signature, and other common
usages
Issuer Certificate issuer
Subject The entity that delivers certificate request
SCEP send message The entity sends a certificate operation packet
to CA through SCEP
Signed certificates Certificates signed by CA
View
Any view
Parameter
local: indicates the display of all local certificates;
ca: indicates the display of all CA certificates;
request-status: refers to the status of the certificate request after being
delivered;
domain-name: represents the domain of the certificate about to be verified. It is
configured by using the pki domain command.
Description
Using the display pki certificate command, you can display and browse through
the certificate.
For related commands, see pki retrieval certificate, pki domain, and
certificate request polling.
Example
Data:
Version: 3 (0x2)
Serial Number:
Issuer:
emailAddress=myemail@3com.com
PKI Configuration Commands 979
C=CN
ST=Beijing
L=Beijing
O=hw3c
OU=bjs
CN=new-ca
Validity
Subject:
C=CN
ST=beijing
L=beijing
CN=pki test
00D41D1F …
X509v3 extensions:
DNS: hyf.-3com.com
… …
A3A5A447 4D08387D …
View
Any view
Parameter
domain-name: represents the domain of the certificate about to be verified. It is
configured by using the pki domain command.
980 CHAPTER 9: SECURITY
Description
Using the display pki crl command, you can display and browse through the
locally saved CRL.
For related commands, see pki retrieval crl, and pki domain.
Example
# Display a CRL
[RouterCA] display pki crl domain 1
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer:
C=CN
O=h3c
OU=soft
CN=A Test Root
Last Update: Jan 5 08: 44: 19 2004 GMT
Next Update: Jan 5 21: 42: 13 2004 GMT
CRL extensions:
X509v3 CRL Number: 2
X509v3 Authority Key Identifier:
keyid:0F71448E E075CAB8 ADDB3A12 0B747387 45D612EC
Revoked Certificates:
Serial Number: 05a234448E…
Revocation Date: Sep 6 12:33:22 2004 GMT
CRL entry extensions:……
Serial Number: 05a278445E…
Revocation Date: Sep 7 12:33:22 2004 GMT
CRL entry extensions:…
HWTACACS
Configuration
Commands
data-flow-format Syntax
data-flow-format data [ byte | giga-byte | kilo-byte | mega-byte ]
data-flow-format packet [ giga-packet | kilo-packet | mega-packet |
one-packet ]
undo data-flow-format [ data | packet ]
View
HWHWTACACS view
Parameter
Description
Using the data-flow-format command, you can configure the unit of data flow
that is sent to the HWHWTACACS server. Using the undo data-flow-format
command, you can restore the default setting.
By default, the data unit is byte and the data packet unit is one-packet.
Example
# Set the unit of data flow destined for the HWHWTACACS server "3com" to be
kilo-byte and the data packet unit be kilo-packet.
[3com- HWHWTACACS-3com] data-flow-format data kilo-byte packet
kilo-packet
debugging Syntax
HWHWTACACS debugging HWHWTACACS { all | error | event | message | receive-packet
| send-packet }
undo debugging HWHWTACACS { all | error | event | message |
receive-packet | send-packet }
View
User view
Parameter
Description
Using the debugging HWHWTACACS command, you can enable
HWHWTACACS debugging. Using the undo debugging HWHWTACACS
command, you can disable HWHWTACACS debugging.
Example
# Enable the event debugging of HWHWTACACS.
<3com> debugging HWHWTACACS event
ViewHWHWTACACS
Any view
Parameter
HWHWTACACS-scheme-name: Scheme name of the HWHWTACACS server, a string
of 1 to 32 case-insensitive characters, excluding "/",":", "*", "?", "<" and ">".
Void of this argument, configuration information of all HWHWTACACS schemes
are displayed.
Description
Using the display HWHWTACACS command, you can view configuration
information of one or all HWHWTACACS schemes.
Example
# View configuration information of all HWHWTACACS schemes.
<3com> display HWHWTACACS
display Syntax
stop-accounting-buffer display stop-accounting-buffer HWHWTACACS-scheme
HWHWTACACS-scheme-name
View
Any view
Parameter
HWHWTACACS-scheme HWHWTACACS-scheme-name: Displays information on buffered
stop-accounting requests related to the HWHWTACACS scheme specified by
HWHWTACACS-scheme-name, a character string not exceeding 32 characters
and excluding "/", ":", "*", "?", "<" and ">".
HWTACACS Configuration Commands 983
Description
Using the display stop-accounting-buffer command, you can view information
on the stop-accounting requests buffered in the router.
Example
# Display information on the buffered stop-accounting requests related to the
HWHWTACACS scheme "3com".
<3com> display stop-accounting-buffer HWHWTACACS-scheme 3com
View
System view
Parameter
HWHWTACACS-scheme-name: Specifies an HWHWTACACS server scheme, with a
character string of 1 to 32 characters.
Description
Using the HWHWTACACS scheme command, you can enter HWHWTACACS
Server view. If the specified HWHWTACACS server scheme does not exist, you can
create a new HWHWTACACS scheme. Using the undo HWHWTACACS scheme
command, you can delete an HWHWTACACS scheme.
Example
# Create an HWHWTACACS scheme named "test1" and enter the relevant
HWHWTACACS Server view.
[3com] HWHWTACACS scheme test1
[3com-HWHWTACACS-test1]
key Syntax
key { accounting | authentication | authorization } string
undo key { accounting | authentication | authorization } string
View
HWHWTACACS view
Parameter
accounting: Shared key of the accounting server.
string: The shared key, a string up to 16 characters excluding the characters "/",
":", "*", "?", "<", and ">".
Description
Using the key command, you can configure a shared key for HWHWTACACS
authentication, authorization or accounting. Using the undo key command, you
can delete the configuration.
The HWHWTACACS client (the router system) and HWHWTACACS server use
MD5 algorithm to encrypt the exchanged packets. The two ends verify packets
using a shared key. Only when the same key is used can both ends accept the
packets from each other and give responses. So it is necessary to ensure that the
same key is set on the router and the HWHWTACACS server. If the
authentication/authorization and accounting are performed on two server devices
with different shared keys, you must set one shared key for each.
Example
# Use "hello" as the shared key for HWHWTACACS accounting.
[3com] HWHWTACACS scheme test1
nas-ip Syntax
nas-ip ip-address
undo nas-ip
View
HWHWTACACS view
Parameter
ip-address: IP address in dotted decimal format.
Description
Using the nas-ip command, you can have all the HWHWTACACS packets sent by
the NAS (the router) carry the same source address. Using the undo nas-ip
command, you can delete the setting.
Example
# Set the source IP address carried in the HWHWTACACS packets that are sent by
the NAS to 10.1.1.1.
[3com] HWHWTACACS scheme test1
View
HWHWTACACS view
Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.
port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.
Description
Using the primary accounting command, you can configure a primary
HWHWTACACS accounting server. Using the undo primary accounting
command, you can delete the configured primary HWHWTACACS accounting
server.
You are not allowed to assign the same IP address to both primary and secondary
accounting servers.
You can remove an accounting server only when it is not being used by any active
TCP connections, and the removal impacts only packets forwarded afterwards.
Example
# Configure a primary accounting server.
[3com] HWHWTACACS scheme test1
View
HWHWTACACS view
Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.
port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.
Description
Using the primary authentication command, you can configure a primary
HWHWTACACS authentication server. Using the undo primary authentication
command, you can delete the configured authentication server.
You are not allowed to assign the same IP address to both primary and secondary
authentication servers.
You can remove an authentication server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.
Example
# Configure a primary authentication server.
[3com] HWHWTACACS scheme test1
View
HWHWTACACS view
Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.
port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.
HWTACACS Configuration Commands 987
Description
Using the primary authorization command, you can configure a primary
HWHWTACACS authorization server. Using the undo primary authorization
command, you can delete the configured primary authorization server.
You are not allowed to assign the same IP address to both primary and secondary
authorization servers.
You can remove an authorization server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.
Example
# Configure a primary authorization server.
[3com] HWHWTACACS scheme test1
View
User view
Parameter
accounting: Clears all the HWHWTACACS accounting statistics.
Description
Using the reset HWHWTACACS statistics command, you can clear
HWHWTACACS protocol statistics.
Example
# Clear all HWHWTACACS protocol statistics.
<3com>reset HWHWTACACS statistics
988 CHAPTER 9: SECURITY
reset Syntax
stop-accounting-buffer reset stop-accounting-buffer HWHWTACACS-scheme
HWHWTACACS-scheme-name
View
User view
Parameter
HWHWTACACS-scheme HWHWTACACS-scheme-name: Configures to delete the
stop-accounting requests from the buffer according to the specified
HWHWTACACS scheme name. The HWHWTACACS-scheme-name specifies the
HWHWTACACS scheme name with a character string not exceeding 32
characters, excluding "/", ":", "*", "?", "<" and ">".
Description
Using the reset stop-accounting-buffer command, you can clear the
stop-accounting requests that have no response and are buffered on the router.
Example
# Delete the buffered stop-accounting requests that are related to the
HWHWTACACS scheme "3com".
<3com> reset stop-accounting-buffer HWHWTACACS-scheme 3com
View
HWHWTACACS view
Parameter
retry-times: The maximum number of real-time accounting request attempts. It
is in the range 1 to 300 and defaults to 100.
Description
Using the retry stop-accounting command, you can enable stop-accounting
packet retransmission and configure the maximum number of stop-accounting
request attempts. Using the undo retry stop-accounting command, you can
restore the default setting.
Example
# Enable stop-accounting packet retransmission and allow up to 50 packets to be
transmitted for each request.
[3com] retry stop-accounting 50
View
HWHWTACACS view
Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.
port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.
Description
Using the secondary accounting command, you can configure a secondary
HWHWTACACS accounting server. Using the undo secondary accounting
command, you can delete the configured secondary HWHWTACACS accounting
server.
You are not allowed to assign the same IP address to both primary and secondary
accounting servers.
You can remove an accounting server only when it is not being used by any active
TCP connections, and the removal impacts only packets forwarded afterwards.
Example
# Configure a secondary accounting server.
[3com] HWHWTACACS scheme test1
secondary Syntax
authentication secondary authentication ip-address [ port ]
undo secondary authentication
View
HWTACACS view
990 CHAPTER 9: SECURITY
Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.
port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.
Description
Using the secondary authentication command, you can configure a secondary
HWTACACS authentication server. Using the undo secondary authentication
command, you can delete the configured secondary authentication server.
You are not allowed to assign the same IP address to both primary and secondary
authentication servers.
You can remove an authentication server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.
Example
# Configure a secondary authentication server.
[3com] HWTACACS scheme test1
View
HWTACACS view
Parameter
ip-address: IP address of the server, a legal unicast address in dotted decimal
format.
port: Port number of the server, ranging from 1 to 65535. By default, it is 49.
Description
Using the secondary authorization command, you can configure a secondary
HWTACACS authorization server. Using the undo secondary authorization
command, you can delete the configured secondary authorization server.
You are not allowed to assign the same IP address to both primary and secondary
authorization servers.
You can configure only one primary authorization server in a HWTACACS scheme.
If you repeatedly use this command, the latest configuration replaces the previous
one.
You can remove an authorization server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.
Example
# Configure the secondary authorization server.
[3com] HWTACACS scheme test1
View
System view
Parameter
ip-address: Specifies a source IP address, which must be the address of this
device. It cannot be the address of all zeros, or a host/network address of class A,
B, or C, or an address starting with 127.
Description
Using the HWTACACS nas-ip command, you can specify the source address of
the HWTACACS packet sent from NAS. Using the undo HWTACACS nas-ip
command, you can restore the default setting..
By specifying the source address of the HWTACACS packet, you can avoid
unreachable packets as returned from the server upon interface failure. The source
address is normally recommended to be a loopback interface address..
By default, the source address is not specified, that is, the address of the interface
sending the packet serves as the source address.
This command specifies only one source address; therefore, the newly configured
source address may overwrite the original one.
Example
# Configure the router to send HWTACACS packets from 129.10.10.1.
[3com] HWTACACS nas-ip 129.10.10.1
992 CHAPTER 9: SECURITY
View
HWTACACS view
Parameter
minutes: Ranges from 1 to 255 minutes. By default, the primary server must wait
five minutes before it resumes the active state.
Description
Using the timer quiet command, you can set the duration that a primary server
must wait before it can resume the active state. Using the undo timer quiet
command, you can restore the default (five minutes).
Example
# Set the quiet timer for the primary server to ten minutes.
[3com3com] HWTACACS scheme test1
timer Syntax
realtime-accounting timer realtime-accounting minutes
undo timer realtime-accounting
View
HWTACACS view
Parameter
minutes: Real-time accounting interval, which is a multiple of 3 in the range 3 to
60 minutes and defaults to 12.
Description
Using the timer realtime-accounting command, you can configure a real-time
accounting interval. Using the undo timer realtime-accounting command, you
can restore the default interval.
For the related commands, see retry realtime-accounting and radius scheme.
Example
# Set the real-time accounting interval in the HWTACACS scheme "3com" to 51
minutes.
[3com-HWTACACS-3com] timer realtime-accounting 51
View
HWTACACS view
Parameter
seconds: Ranges from 1 to 300 seconds and defaults to five seconds.
Description
Using the timer response-timeout command, you can set the response timeout
timer of the HWTACACS server. Using the undo timer response-timeout
command, you can restore the default (five seconds).
As the HWTACACS is based on TCP, either the server response timeout and or the
TCP timeout may cause disconnection to the HWTACACS server.
Example
# Set the response timeout time of the HWTACACS server to 30 seconds.
[3com] HWTACACS scheme test1
user-name-format Syntax
user-name-format { with-domain | without-domain }
View
HWTACACS view
994 CHAPTER 9: SECURITY
Parameter
with-domain: Specifies to send the username with domain name to the
HWTACACS server..
Description
Using the user-name-format command, you can configure the username format
sent to the HWTACACS server.
Example
# Specify to send the username without domain name to the HWTACACS scheme
"3com".
undo allow
View
L2TP group view
Parameter
virtual-template-number: Specifies the virtual-template used when creating new
virtual access interface, an integer ranging from 0 to 1023.
remote-name: Specifies the name of the peer end of the tunnel that initiates the
connection request, case sensitive, a character string with length ranging from 1
to 30.
domain-name: Specifies the name of the enterprise with length ranging from 1 to
30.
Description
Using the allow l2tp command, you can specify the name of the peer end of the
tunnel on receiving call, and the Virtual-Template it uses. Using the undo allow
command, you can remove the name of the peer end of the tunnel.
When using L2TP group number1 (the default L2TP group number), the name of
the peer end of the tunnel remote-name can be unspecified. The format of the
command in group 1 configuration mode is as follows:
If the peer end name is still specified in L2TP group 1 configuration, L2TP group 1
is not served as the default L2TP group. For example, regarding Windows 2000
beta 2 version, the local name connected with VPN is NONE, so the peer end
name that the router receives is NONE. In order to receive the tunnel connection
request sent by this kind of nameless peer end, or for test application, a default
L2TP group can be configured.
996 CHAPTER 10: L2TP CONFIGURATION COMMANDS
The allow l2tp command is used on LNS side. If the peer end name of the tunnel
is configured, the name of the peer end of the tunnel should keep accordance
with the name of the local end configured on LAC side.
Example
# Receive L2TP tunnel connection request sent by LAC, the peer end of AS8010,
and creates virtual-access interface on virtual-template 1.
[3Com-l2tp2] allow l2tp virtual-template 1 remote AS8010
# Make L2TP group 1 as the default L2TP group, receiving L2TP tunnel connection
request sent by any peer end, and creates virtual-access interface according to
virtual-template 1.
[3Com] l2tp-group 1
undo debugging l2tp { all | control | error | event | hidden | payload | time-stamp }
View
System view
Parameter
Description
Using the debugging l2tp command, you can enable L2TP debugging. Using the
undo debugging l2tp command, you can disable L2TP debugging.
Example
View
Any view
Parameter
None
Description
Using the display l2tp session command, you can display the current L2TP
session.
The output information of the command assists the user in confirming the L2TP
session information currently established.
For the related command, see display l2tp tunnel.
Example
LocalSIDRemoteSIDLocalTID
1 1 2
Table 1 Domain description in displayed information of the display L2tp session command
Domain Description
Total session Number of sessions
LocalSID The number uniquely identifying the local session
RemoteSID The number uniquely identifying the peer session
LocalTID The local ID number of the tunnel
View
Any view
Parameter
None
Description
Using the display l2tp tunnel command, you can display the information of the
current L2TP tunnel.
The output information of the command assists the user in confirming the L2TP
tunnel information currently established.
Example
# Display the information of the current L2TP tunnel.
<3Com> display l2tp tunnel
Total tunnel = 1
Table 2 Domain description in displayed information of the display L2tp tunnel command
Domain Description
Total tunnels Number of tunnels
LocalTID The number uniquely identifying the local tunnel
RemoteTID The number uniquely identifying the peer tunnel
Remote Name Name of the peer end
RemoteAddress IP address of the peer end
Port Port number of the peer end
Sessions Number of sessions on the tunnel
interface Syntax
virtual-template
interface virtual-template virtual-template-number
View
System view
Parameter
virtual-template-number: Identifies serial number of the virtual template, an
integer ranging from 0 to 1023.
Description
Using the interface virtual-template command, you can create a virtual
template. Using the undo interface virtual-template command, you can delete
a virtual template.
Example
# Create virtual template 1 and enter its view.
[3Com] interface virtual-template 1
999
View
System view
Parameter
prefix-separator: Indicates that the specified delimiter is a prefix, such as
3Com.com#vpdnuser.
Description
Using the l2tp domain prefix-separator command, you can specify the delimiter
served as prefix. Using the undo l2tp domain prefix-separator command, you
can delete the configured prefix delimiter.
For the related command, see l2tp domain suffix-separator, start l2tp.
Example
# Specify the domain name as prefix and delimit the prefix and the username with
“#”.
[3Com] l2tp domain prefix-separator #
# Sets the prefix to be delimited by three delimiters: “#”, “@”, and “%”.
View
System view
Parameter
suffix-separator: Suffix delimiter, such as vpdnuser@3Com.com.
separator: Domain name delimiter, valid domain name delimiters include: “%”,
“@”,”#”, and “/”.
Description
Using the l2tp domain suffix-separator command, you can specify delimiter
used as suffix. Using the undo l2tp domain suffix-separator command, you can
delete the configured suffix delimiter.
For the related command, see l2tp domain prefix-separator, start l2tp.
Example
# Specify the domain name as a suffix, separated from the username by “@”.
[3Com] l2tp domain suffix-separator @
View
System view
1001
Parameter
None
Description
Using the l2tp enable command, you can enable the L2TP function. Using the
undo l2tp enable command, you can disable the L2TP function.
These commands are used to enable or disable the L2TP function. Only when this
function is enabled can the L2TP service be implemented.
Example
# Enable the L2TP function on the router.
[3Com] l2tp enable
View
System view
Parameter
Description
Using the l2tp match-order command, you can set the search order of the called
number and domain name. Using the undo l2tp match-order command, you
can reset the search order to default. By default, searching L2TP group according
to the called number before according to the domain name, that is, the
dnis-domain is adopted.
In the multi-instance application, the domain search is the only option at the LNS
side.
Delimiters fall into two types, prefix delimiter and suffix delimiter, and can be the
four special characters of “@”, “#”, “%” and “/”. A user with prefix delimiter is
as 3Com.com#vpdnuser, the one with a suffix delimiter is as
vpdnuser@3Com.com. The username and domain name will be separated on
searching according to the prefix/suffix delimiter and search only according to the
defined rule, so as to accelerate search speed greatly.
In the multi-instance application of L2TP, many enterprises share a single LNS, and
enterprises are distinguished with each other by their domain names. When the
LNS receives a packet sent by LAC, the domain name will be chosen from the
username in the packet, and the registered enterprise domain names in LNS are
checked to find one matching the received domain name. Obviously, the l2tp
match-order domain command must be used to set the search policy to
accelerate search speed.
Example
# Search only according to domain name.
[3Com] l2tp match-order domain
View
System view
Parameter
None
Description
This command serves the LNS side of L2TP.
Using the l2tpmoreexam enable command, you can enable the multi-instance
function of L2TP. Using the undo l2tpmoreexam enable command, you can
disable the function.
Only after the multi-instance function is enabled, can the service be deployed.
Example
# Enable the multi-instance function at the LNS side.
[3Com] l2tpmoreexam enable
l2tp-group Syntax
l2tp-group group-number
View
System view
Parameter
group-number: Number of L2TP group, an integer ranging from 1 to 1000.
Description
Using the l2tp-group command, you can create L2TP group. Using the undo
l2tp-group command, you can delete L2TP group.
The l2tp-group command is used to create a L2TP group (L2TP group 1 can be
the default L2TP group). After a L2TP group is deleted by the undo l2tp-group
command, all configured information of the group will be deleted subsequently.
Example
# Create L2TP group 2 and enter L2TP group 2 view.
[3Com] l2tp-group 2
[3Com-l2tp2]
mandatory-chap Syntax
mandatory-chap
undo mandatory-chap
View
L2TP group view
Parameter
None
Description
Using the mandatory-chap command, you can force LNS to perform CHAP
authentication again with the client. Using the undo mandatory-chap
command, you can disable CHAP re-authentication.
After the agent authentication is performed to the client on LAC, LNS will perform
authentication to the client again, so as to increase security. If the
mandatory-chap command is used, the authentication will be performed twice
to VPN client whose tunnel connection is initialized by access server: one is
performed on access server, and another is performed on LNS side. Some PPP
clients may not support the second authentication. In this case, CHAP
authentication of the local end will fail.
Example
# Force to perform CHAP authentication.
[3Com-l2tp1] mandatory-chap
1005
mandatory-lcp Syntax
mandatory-lcp
undo mandatory-lcp
View
L2TP group view
Parameter
None
Description
Using the mandatory-lcp command, you can renegotiate the Link Control
Protocol between LNS and the client. Using the undo mandatory-lcp command,
you can disable LCP renegotiation.
By default, the LCP is not renegotiated.
Concerning NAS-Initialized VPN client, PPP negotiation will be first performed with
NAS (Network Access Server) at the beginning of a PPP session. If the negotiation
is passed, the tunnel connection will be initiated by the access server and transmit
the information collected on negotiation with the client to LNS. LNS will judge
whether the user is legal or not according to received agent authentication
information. The mandatory-lcp command can be used to force LNS and the
client to LCP renegotiate. In this case, NAS agent authentication information is
ignored. If some PPP clients do not support LCP renegotiation, LCP renegotiation
will fail.
Example
# Enable LCP renegotiation.
[3Com-l2tp1] mandatory-lcp
View
user view
Parameter
remote-name: Name of the peer end of the tunnel, a character string with the
length ranging from 1 to 30.
tunnel-id: Local ID number of the tunnel.
Description
Using the reset l2tp tunnel command, you can clear the specified tunnel
connection, and clear all session connections in the tunnel.
1006 CHAPTER 10: L2TP CONFIGURATION COMMANDS
Example
# Clear the tunnel connection of the peer end named AS8010.
<3Com> reset l2tp tunnel AS8010
undo start
View
L2TP group view
Parameter
ip ip-addr: IP address of the peer end of the tunnel (LNS), five of which can be set
at most, forming backup LNS to each other.
Description
Using the start l2tp command, you can specify the trigger condition at which the
local end to send requests as L2TP LAC side. Using the undo start l2tp command,
you can delete the specified trigger condition.
This command is used on LAC side to specify the IP address of LNS and support
several trigger connection requests, for instance:
If it is found to be a VPN user, the local end (LAC) will send L2TP tunnel connection
request to a certain LNS according to the configured LNS priority or order. After
receiving response from LNS, the LNS will serve as the peer end of the tunnel.
Otherwise, LAC will send tunnel connection request to the next LNS.
Conflicts may exist between these VPN user judgment ways. For example, LNS
address specified according to full username is 1.1.1.1, while that according to
domain name is 1.1.1.2. In this case, the order for search users is necessary to be
specified. The search sequence is, first checking by full username whether L2TP
group specified according to the username exists. If nothing is found, search
according to the sequence of domain names and number dialed, which is set by
the l2tp match-order command.
Example
# Judge VPN users according to domain name “3Com.com”, with the
corresponding IP address of the L2TP access server of the headquarters being
202.38.168.1.
[3Com-l2tp1]start 12tp ip 202.38.168.1 domain 3Com.com
View
L2TP group view
Parameter
None
Description
Using the l2tp tunnel authentication command, you can enable L2TP tunnel
authentication function. Using the undo l2tp tunnel authentication command,
you can disable L2TP tunnel authentication function.
Example
# Set not to authenticate the peer end of the tunnel.
View
L2TP group view
Parameter
None
Description
Using the tunnel avp-hidden command, you can configure AVP (Attribute Value
Pair) data to be transmitted in hidden format. Using the undo tunnel
avp-hidden command, you can restore the default transmission way of AVP data.
Some parameters of L2TP protocol are transmitted by AVP data. If the user
demands data of high security, this command can be used to configure AVP data
to be transmitted in hidden.
Example
# Set AVP data to be transmitted in hidden.
[3Com-l2tp1] tunnel avp-hidden
View
L2TP group view
Parameter
None
Description
Using the tunnel flow-control command, you can enable L2TP tunnel
flow-control function. Using the undo tunnel flow-control command, you can
disable the flow-control function.
By default, the L2TP tunnel flow-control function is not performed.
Example
# Enable the flow-control function.
[3Com-l2tp1] tunnel flow-control
1009
View
L2TP group view
Parameter
name: Local name of the tunnel, a character string with the length ranging from 1
to 30.
Description
Using the tunnel name command, you can specify the local name of the tunnel.
Using the undo tunnel name command, you can restore the local name to the
default value.
On creating a L2TP group, the local name will be initiated into the router name.
Example
# Set the local name of the tunnel as itsme.
[3Com-l2tp1] tunnel name itsme
View
L2TP group view
Parameter
simple: Password in plaintext.
cipher: Password in ciphertext.
password: Password used on tunnel authentication, a character string with the
length ranging from 1 to 16.
Description
Using the tunnel password command, you can specify the password of tunnel
authentication. Using the undo l2tp tunnel password command, you can
remove the password of tunnel authentication.
Example
# Set the password of tunnel authentication as yougotit, displaying in cipher text.
1010 CHAPTER 10: L2TP CONFIGURATION COMMANDS
View
L2TP group view
Parameter
hello-interval: Forwarding time interval of Hello packet when LAC or LNS has no
packet to receive, an integer in second, ranging from 60 to 1000.
Description
Using the tunnel timer hello command, you can set the forwarding time interval
of Hello packet. Using the undo tunnel timer hello command, you can restore
the forwarding time interval of Hello packet in the tunnel to the default value.
Different Hello packet time intervals can be configured on LNS and LAC side. The
undo tunnel timer hello command is used to restore the time interval to the
default value.
Example
# Set forwarding time interval of Hello packet to 99 seconds.
[3Com-l2tp1] tunnel timer hello 99
GRE Configuration
Commands
View
User view
Parameter
None
Description
Using the debugging tunnel command, you can enable tunnel debugging. Using
the undo debugging tunnel command, you can disable tunnel debugging.
Example
None
GRE Configuration Commands 1011
destination Syntax
destination ip-addr
undo destination
view
Tunnel interface view
Parameter
ip-addr: IP address of the physical interface used by the peer end of the tunnel.
Description
Using the destination command, you can specify the filled destination IP address
of added IP header by tunnel interface on encapsulation. Using the undo
destination command, you can delete the set destination address.
By default, the destination address of the tunnel is not specified in the system.
The specified tunnel destination address is the IP address of the real physical
interface receiving GRE packet, which should be the same as the specified source
address in the tunnel interface of the peer end, and the route to the physical
interface of the peer end should be ensured reachable.
The source address and destination address, if they are exactly the same, cannot
be configured on two or more tunnel interfaces using the same encapsulation
protocol.
Example
# Create tunnel connection between the interface serial 0/0/0 of the router
3Com1 (with IP address of 193.101.1.1) and the interface serial 1/0/0 of the router
3Com2 (with IP address of 192.100.1.1).
[3Com1-Tunnel0/0/0] source 193.101.1.1
view
Any view
Parameter
number: Tunnel interface ID.
1012 CHAPTER 10: L2TP CONFIGURATION COMMANDS
Description
Using the display interface tunnel command, you can display the working
status of the tunnel interface.
For the related command, see source, destination, gre key, gre checksum,
tunnel-protocol.
Example
Domain Description
Tunnel2/0/4 is up The physical layer of the tunnel interface is up.
line protocol is up The link layer of the tunnel interface is up.
Description The description information of the tunnel interface, being 3Com
in this example.
3Com Series The router is 3Com series
Tunnel2/0/4 Interface Tunnel interface number
GRE Configuration Commands 1013
Table 3 Domain description in displayed information by the display interface tunnel 2/0/4
command
Domain Description
Maximum Transmit The size of MTU in the tunnel, being 1500 bytes in this example
Unit
Encapsulation The tunnel formed by encapsulated GRE protocol
Loopback Enable/disable loopback test. Because the tunnel interface does
not support loopback test, disable loopback is the case in this
example.
Tunnel source Source address of the tunnel, being 1.1.254.88 here.
Ethernet2/0/0 The interface of tunnel source address is the interface Ethernet 2/0/0.
destination Destination address of the tunnel, being 1.1.254.11 here.
Tunnel Encapsulation protocol and transmission protocol of the tunnel,
protocol/transport being GRE and IP here.
key Identification keyword of the tunnel interface, which is not
specified here.
Checksumming of End-to-end check of the tunnel, being disabled here.
packets
5 minutes input rate Input rate in second within the last 5 minutes
packets/sec Input packet number in second within the last 5 minutes
packets input Total input packet number
bytes Total input byte number
input error Number of error packet among all input packets.
output error Number of error packet among all output packets.
view
Tunnel interface view
Parameter
None
Description
Using the gre checksum command, you can set the two ends of the tunnel to
perform end-to-end check so as to authenticate the correctness of the packet and
discard the packet that does not pass the verification. Using the undo gre
checksum command, you can cancel the check.
The two ends of the tunnel can be enabled or disabled checksum according to real
application need. If the local end is enabled checksum, with the peer end disabled
checksum, the local end will not perform checksum on the received packet, but
perform checksum on the transmitted packet. On the contrary, the local end will
perform checksum to the packet sent from the peer end, but will not perform
checksum on the transmitted packet.
1014 CHAPTER 10: L2TP CONFIGURATION COMMANDS
Example
# Create a tunnel between interface serial 3/0/1 of the router 3Com1 and
interface serial 2/1/1 of the router 3Com2 and sets check on both ends of the
tunnel.
[3Com1-Tunnel3/0/1] gre checksum
[3Com2-Tunnel2/1/1] gre checksum
view
Tunnel interface view
Parameter
key-number: Identification keyword of the two ends of the tunnel, an integer
ranging from 0 to 4294967295.
Description
Using the gre key command, you can set identification keyword of the tunnel
interface, and by this feeble security mechanism avoid incorrectly identifying or
receiving packets from unexpected places. Using the undo gre key command,
you can delete this configuration.
By default, the identification keyword of the tunnel in use is not set in the system.
If key-number is set on both the two ends of the tunnel, the same key-number is
required to be specified on the two ends, or key-number is not set on either of the
two ends.
Example
# Create a tunnel between the router 3Com1 and the router 3Com2 and sets the
identification keyword of the tunnel.
[3Com1-Tunnel3/1/0] gre key 123
view
System view
GRE Configuration Commands 1015
Parameter
Number: For centralized router, the number is one dimensional, ranging from 0 to
1023.
Description
Using the interface tunnel command, you can create a tunnel interface and
enters tunnel interface configuration view. Using the undo interface tunnel
command, you can delete the specified tunnel interface.
The interface number of the tunnel is only of local significance. Different or same
interface numbers can be used on the two ends of the tunnel.
For the related command, see source, destination, gre key, gre checksum,
tunnel-protocol.
Example
# Create the tunnel interface with slot number/card number/interface number as
3/0/1.
[3Com] interface tunnel 3/0/1
source Syntax
source { ip-addr | interface-type interface-num }
undo source
view
Tunnel interface view
Parameter
ip-addr: Specifies the IP address of the real interface sending GRE packet in the
address form of A.B.C.D.
Description
Using the tunnel source command, you can specify the filled source IP address of
added IP header by tunnel interface on encapsulation. Using the undo tunnel
source command, you can delete the set source address.
1016 CHAPTER 10: L2TP CONFIGURATION COMMANDS
By default, the source address of the tunnel is not specified in the system.
The specified source address of the tunnel is the real interface address sending
GRE packet, which should keep accordance with the specified destination address
in the peer end of the tunnel.
The source address and destination address, if they are exactly the same, cannot
be configured on two or more tunnel interfaces using the same encapsulation
protocol.
Example
# Configure the interface tunnel0/0/5 on the router 3Com1, on which the real
outlet of the encapsulated packet is the interface serial 0/0/0 (with the IP address
of the interface being 192.100.1.1.
[3Com1-Tunnel0/0/5] source 192.100.1.1
Otherwise the “interface-name” form will be used:
[3Com1-Tunnel0/0/5] source serial 0/0/0
undo tunnel-protocol
view
Tunnel interface view
Parameter
gre: Encapsulation protocol of the tunnel.
Description
Using the tunnel mode command, you can set encapsulation mode of the tunnel
interface to be GRE.
By default, the encapsulation protocol of the tunnel interface is GRE. Under the
GRE mode, users can execute and view the GRE related commands, whereas other
relevant commands are available under other modes.
Example
# Create a tunnel between the router 3Com1 and the router 3Com2, with
encapsulation protocol being GRE and transmission protocol being IP.
[3Com1-Tunnel3/1/0] tunnel-protocol gre
Dynamic VPN
View
User view
Parameter
event: Opens DVPN event debugging information, including register and other
errors.
Description
Using the debugging dvpn command, you can enable DVPN debugging.
Example
# Enable DVPN event debugging.
[3Com] debugging dvpn event
View
Any view
Parameter
vpn-id: Specifies vpn-id.
private-IP: Specifies private IP address, that is, the IP address of a Tunnel interface.
Description
Using the display dvpn map command, you can view all of the Map information
for current the node.
Example
# Display current map information.
[3Com] display dvpn map
View
Tunnel interface view
Parameter
None
Description
Using the dvpn authenticate enable command, you can enable authentication
at a tunnel interface. Using the undo dvpn authenticate enable command, you
can disable authentication at a tunnel interface.
Example
# Enable Tunnel interface authentication.
[3Com-Tunnel0] dvpn authenticate enable
View
System view
Parameter
dvpn-class-name: Name for a dvpn-class view, in a string of 1~30 bytes.
Description
Using the dvpn class command, you can create a dvpn-class view and enter it. In
this view, you can configure destination server address and UDP port ID. Using the
undo dvpn class command, you can delete a dvpn-class view.
Dynamic VPN 1019
Example
# Create dvpn-class view “abc”.
[3Com] dvpn class abc
View
Tunnel interface view
Parameter
Private-ip: Private IP address at client, that is, IP address of a Tunnel interface
key-value: Private key of a client
Description
Using the dvpn client private-ip command, you can configure client
authentication information at server. Using the undo dvpn client private-ip
command, you can delete client authentication information.
private-ip and key-value are used for client authentication at server. If no private
key is configured for both the server and client, then authentication is not required
in registration and establishing session links.
Example
# Configure private key of the client with the IP address 10.0.0.2 as 123.
[3Com] dvpn client private-ip 10.0.0.2 key 123
View
Tunnel interface view
Parameter
client: Interface is client.
server: Interface is server.
Description
Using the dvpn interface-type command, you can specify type for a tunnel
interface.
By default, a tunnel interface is set as client.
Example
# Set a Tunnel interface as server.
[3Com-Tunnel0] dvpn interface-type server
1020 CHAPTER 10: L2TP CONFIGURATION COMMANDS
View
Tunnel interface view
Parameter
key-value: Encrypted value, in range of 0~4294967295.
Description
Using the dvpn key command, you can configure private key for a client (while
public key for server is generated randomly). Using the undo dvpn key
command, you can delete a private key configured.
Keys are used in establishing session links between DVPN clients. When the
authentication of a client succeeds, server encrypts its public key with a private key
with the client, then puts the encrypted value into a node register success packet
and transmits it back to the client. When the client decrypts the received value
with its private key to get the public key, then it can use the public key to set up
session links with other clients.
Example
# Set private key for a Tunnel interface as 123.
[3Com-Tunnel0] dvpn key 123
View
Tunnel interface view
Parameter
ip-address: Specifies IP address for the peer, public IP address and private IP
address (IP address for the tunnel interface) separately.
port-number: Specifies UDP port ID for the peer. The parameter is unavailable for
GRE encapsulation.
Description
Using the dvpn map private-ip command, you can create a static map, i.e. a
static tunnel. Using the undo dvpn map command, you can delete an existing
map.
If you have already known the private IP, public IP and UDP port ID of other clients,
you can use this command to create a static map. Note that the IP addresses and
UDP port ID configured here should be consistent with the peer, otherwise, no
correct static tunnel can be created.
Dynamic VPN 1021
Example
# Configure a static map at the tunnel interface with the public IP address
211.122.12.2, UDP port ID 8008 and private IP address 10.1.1.3.
[3Com-tunnel0] dvpn map private-ip 10.1.1.3 public-ip 211.122.12.2 8008
View
Tunnel interface view
Parameter
forward: Instructs server to forward all data packets at the client and not to send
next hop redirect notify packets to the client.
undistributed: Instructs server not to send information about this client to other
clients.
want: Instructs server to send information about other clients to this client.
Description
Using the dvpn register-type command, you can configure the type of
supplementary information for client registration at server. With the
supplementary information type, server can judge if a client is configured with a
fixed IP address and run further processing accordingly. Using the undo dvpn
register-type command, you can restore supplementary information type to the
default.
Example
# Set client registration type as that server propagate information about this client
to other clients.
[3Com-tunnel0] dvpn register-type undistributed
View
Tunnel interface view
1022 CHAPTER 10: L2TP CONFIGURATION COMMANDS
Parameter
retry-times: The maximum trial times for redirect notification, session setup
request and session keepalive request, in range of o1~10. By default, it is 3.
Description
Using the dvpn retry command, you can configure maximum trial times for
redirect notification, session setup request and session keepalive request at client.
Using the undo dvpn retry command, you can restore maximum trial times to
the default value.
Example
# Set the maximum trial times to 5.
[3Com-Tunnel0] dvpn retry 5
View
Tunnel interface view
Parameter
dvpn-class-name: Dvpn-class name for the Tunnel interface. Dvpn-class is a data
structure which includes such information as public and private IP addresses and
UDP port ID and it is created with the dvpn class command.
Description
Using the dvpn server command, you can specify dvpn-class name for a Tunnel
interface at client. Using the undo dvpn server command, you can delete a
dvpn-class name.
If the dvpn-class view specified does not exist, this command will also create a
dvpn-class configuration module.
By default, no dvpn-class is created.
Example
# Set server name for a Tunnel interface as abc.
[3Com-Tunnel0] dvpn server abc
View
Tunnel interface view
Dynamic VPN 1023
Parameter
time-interval: Time interval for map age_timer, in range of 10~3600 seconds. By
default, it is 60 seconds.
Description
Using the dvpn timer aging command, you can define time interval for map
age_timer. Using the undo dvpn timer aging command, you can restore the
time interval of map age_timer to the default value.
Example
# Set the time interval of map age_timer for a Tunnel interface to 120 seconds.
[3Com-Tunnel0] dvpn timer aging 120
View
Tunnel interface view
Parameter
time-interval: Time interval for idle_timer, in range of 60~86400 seconds. By
default, it is 600 seconds.
Description
Using the dvpn timer idle command, you can define time interval for idle_timer
which works in disconnecting session links in case of timeout. Using the undo
dvpn timer idle command, you can restore the time interval of idle_timer to the
default value.
Example
# Set the time interval of idle_timer for session links to 300 seconds.
[3Com-Tunnel0] dvpn timer idle 300
View
Tunnel interface view
Parameter
time-interval: Time interval for map keepalive_timer, in range of 1~3600 seconds.
By default, it is 10 seconds.
1024 CHAPTER 10: L2TP CONFIGURATION COMMANDS
Description
Using the dvpn timer keepalive command, you can define time interval for map
keepalive_timer. Using the undo dvpn timer keepalive command, you can
restore the time interval of map keepalive_timer.
Keepalive_Timer keeps normal session between clients. When a session link is set
up successfully, a keepalive packet is sent to the peer and the keepalive_timer also
is enabled. Once the timer times out, the client sends a keepalive packet to the
peer and waits for response from the peer.
Example
# Set the time interval of map keepalive_timer to 30 seconds.
[3Com-Tunnel0] dvpn timer keepalive 30
View
Tunnel interface view
Parameter
time-interval: Time interval for next hop redirect notify_timer, in range of 1~180
seconds. By default, it is 10 seconds.
Description
Using the dvpn timer redirect command, you can define time interval for next
hop redirect notify_timer. Each time timeout occurs the node sends next hop
redirect notification to the source client until it receives the acknowledgement
packet. Using the undo dvpn timer redirect command, you can set the time
interval of next hop redirect notify_timer to the default value.
When server or a client finds the destination of a packet received is not itself, but
another node in the VPN, it needs to forward this packet and send a next hop
redirect notify packet to the source node of the packet. If no response is received
from the source node within the preset time limit, it counts this as a trial action.
Example
# Set the time interval of next hop redirect notify_timer for a Tunnel interface to
30 seconds.
[3Com-Tunnel0] dvpn timer redirect 30
View
Tunnel interface view
Dynamic VPN 1025
Parameter
time-interval: Time interval for node register request_timer, in range of 1~600
seconds. By default, it is 30 seconds.
Description
Using the dvpn timer register command, you can define time interval for node
register request_timer. Each time timeout occurs, a client should log into server
again. Using the undo dvpn timer register command, you can restore the time
interval of node register request_timer to the default value.
Example
# Set the time interval of node register request_timer for a Tunnel interface to 60
seconds.
[3Com-Tunnel0] dvpn timer register 60
View
Tunnel interface view
Parameter
time-interval: Time interval for session setup request_timer, in range of 1~180
seconds. By default, it is 10 seconds.
Description
Using the dvpn timer setup command, you can define time interval for session
setup request_timer. Each time timeout occurs, a client sends session setup
request packets. Using the undo dvpn timer setup command, you can restore
the time interval of session setup request_timer to the default value.
When a client sends a session setup request, it also enables session setup
request_timer. If it receives no responses from the peer within the present time
limit, it counts this as one trial action and another session setup request.
Example
# Set the time interval of session setup request_timer for a Tunnel interface to 30
seconds.
[3Com-Tunnel0] dvpn timer setup 30
View
Tunnel interface view
1026 CHAPTER 10: L2TP CONFIGURATION COMMANDS
Parameter
udp-port: UDP port ID in DVPN, in range of 8000~8010. By default, it is 8000.
Description
Using the dvpn udp-port command, you can configure UDP port ID for a Tunnel
interface. The command is available at a Tunnel interface where UDP
encapsulation type is configured. Using the undo dvpn udp-port command, you
can restore the default port ID.
Example
# Configure UDP port ID for a Tunnel interface.
[3Com-Tunnel0 ] dvpn udp-port 8001
View
Tunnel interface view
Parameter
vpn-id: VPN ID for a tunnel interface, in range of 1~4294967295.
Description
Using the dvpn vpn-id command, you can specify VPN for a Tunnel interface.
Using the undo dvpn vpn-id command, you can delete VPN configuration for a
Tunnel interface.
Example
# Set the VPN for a Tunnel interface as 100.
[3Com-Tunnel0] dvpn vpn-id 100
private-ip Command
private-ip ip-address
View
dvpn-class view
Parameter
ip-address: Specifies private IP address for a specific server, that is, the IP address of
a Tunnel interface.
Description
Using the private-ip command, you can configure private IP address for a specific
server. Using the undo private-ip command, you can delete the private IP address
of a specific server.
Dynamic VPN 1027
Example
# Configure the private IP address of a server as 192.168.0.1.
[3Com-Dvpn-class-abc] private-ip 192.168.0.1
public-ip Command
public-ip ip-address
View
dvpn-class view
Parameter
ip-address: Specifies public IP address for a specific server.
Description
Using the public-ip command, you can configure public IP address for a specific
server. Using the undo public-ip command, you can delete the public IP address
of a specific server.
By default, no public IP address is configured.
Example
# Configure the public IP address of a server as 61.18.3.66.
[3Com-dvpn-class-abc] public-ip 61.18.3.66
View
User view
Parameter
vpn-id: Specifies vpn-id.
Description
Using the reset dvpn map command, you can clear sessions for a specific VPN.
Example
# Clear session links of VPN 100.
<3Com> reset dvpn map 100
View
Tunnel interface view
Parameter
gre dvpn: Creates tunnels in GRE DVPN encapsulation mode.
udp dvpn: Creates tunnels in UDP DVPN encapsulation mode.
Description
Using the tunnel-protocol dvpn command, you can configure encapsulation
mode for a Tunnel interface. DVPN attribute means the Tunnel interface is in DVPN
mode, then the interface turns into Multipoint attribute and NBMA type.
Example
# Set UDP DVPN encapsulation mode for a Tunnel interface.
[3Com-Tunnel0] tunnel-protocol udp dvpn
udp-port Command
udp-port port-number
undo udp-port
View
dvpn-class view
Parameter
port-number: UDP port ID for a specific server, only available for UDP
encapsulation mode. By default, it is 8000.
Description
Using the udp-port command, you can configure UDP port ID for server which is
specified with the dvpn-class command. Using the undo udp-port command, you
can restore the UDP port ID to the default value.
Example
# Configure UDP port ID for a server as 8010.
[3Com-Dvpn-class-abc] udp-port 8010
TRAFFIC POLICING AND SHAPING
11 CONFIGURATION COMMANDS
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos car interface command, you can view parameter
configuration and operating statistics of TP at each or all interfaces.
Example
# Display the TP parameter configuration information and running statistic
information on each interface.
[3Com] display qos car interface
Interface: Ethernet6/0/0
Direction: Inbound
Direction: Outbound
1030 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
Conformed: 0/0(Packets/Bytes)
Exceeded: 0/0(Packets/Bytes)
View
Any view
Parameter
carl-index: Committed Access Rate List (CARL) number in the range of 1 to 199.
Description
Using the display qos carl command, you can view a certain rule or all the rules
of CARL.
If carl-index is not specified, all rules of CARL will be displayed.
Example
# Display the first rule of CAR list.
[3Com] display qos carl 1
List Params
------------------------------------------------------
1 Precedence 1 2
undo qos car { inbound | outbound } { any | acl acl-index | carl carl-index } cir
committed-information-rate cbs committed-burst-size ebs excess-burst-size
View
Interface view
Traffic Policing (TP) Configuration Commands 1031
Parameter
any: Limit rates for the packets that match any rules.
acl acl-index: Specified to limit the rate of packets matching the ACL, with
acl-index being the ACL number in the range of 1 to 199.
carl carl-index: Specified to limit the rate of packets matching the CARL, with
carl-index being the CARL number in the range of 1 to 199.
red: Action taken on the packets when the traffic rate conforms to CAR..
green: Action taken on the packets when the traffic rate does not conform to
CAR.
Description
Using the qos car command, you can implement TP strategy on an interface.
Using the undo qos car command, you can remove a certain TP policy at the
interface.
The repeated use of this command will lead to setting several TP policies at an
interface. The executing order of the policies is the same as the configuration
order.
Example
# Configure traffic policing for output packets that conform to traffic at the
interface Ethernet6/0/0. The normal traffic is 38400 bps. The burst size, twice of
the normal traffic, can pass at the first time; then it is normally transmitted when
1032 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
the rate is less than or equal to 38400 bps. When it is larger than 38400 bps, it
should be transmitted after the packet precedence is changed to 0.
[3Com-Ethernet6/0/0] qos car outbound any carl 1 cir 38400 cbs 76800 ebs 0 red pass
green remark-prec-pass 0
View
System view
Parameter
carl: Specifies TPL(Committed Access Rate List) configuration information.
carl-index: TP list number in the range 1 to 199.
precedence-value: Precedence in the range 0 to 7.
mac-address: Hexadecimal MAC address.
Description
Using the qos carl command, you can establish or modify an access list for Traffic
Policing (TP) policies (abbreviated to TP list). Using the undo qos carl command,
you can delete TP list.
For a different carl-index, the repeat execution of this command will create
multiple CARLs, and for the same carl-index, such undertaking will modify the
parameters of the CARL.
You are allowed to define multiple precedence values but no more than eight. If
the same precedence is specified several times, the system by default regards that
only one precedence value has been specified. The precedence values are related
to one another in the way of “OR”.
Example
# Configure rule 1 of TP list with packet precedence 1 and 7.
[3Com] qos carl 1 precedence 1 7
Traffic Shaping
Configuration
Commands
View
Any view
Traffic Shaping Configuration Commands 1033
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos gts interface command, you can view TS configuration
and accounting information of certain interface or all interfaces.
Example
# Display TS configuration and accounting information of all interfaces.
[3Com] display qos gts interface
Interface: Ethernet6/0/0
View
Interface view
Parameter
acl acl-index: Specified to limit the rate of packets matching the ACL, with
acl-index being the ACL number in the range of 1 to 199.
Description
Using the qos gts command, you can set the shaping parameters for a certain
type of traffic and perform the traffic shaping. Using the undo qos gts command,
you can remove the shaping configuration for a certain type of traffic.
qos gts acl is used to set shaping parameters for the packets that conform to a
certain ACL. Different access-lists can be used to set shaping parameters for
different packets.
qos gts any is used to set shaping parameters for all packets.
qos gts acl cannot be used together with the qos gts any.
Example
# Configure traffic shaping for the packets that conform to ACL rule 1 at
Ethernet6/2/0 interface. The normal traffic is 38400bps. The burst size, twice of
the normal traffic, can pass at the first time. Then it is normally transmitted when
the traffic is less than or equal to 38400bps. When it is larger than 38400bps, it
will be added to the buffer queue and the buffer queue length is 100.
[3Com-Ethernet6/2/0] qos gts acl 1 cir 38400 cbs 76800 ebs 0 queue-length 100
Physical Interface
Rate-limit
Configuration
Commands
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos lr interface command, you can view LR configuration and
statistics of an interface.
If no interface is specified, the LR configuration and operating statistics of all
interfaces will be displayed.
Example
# Display LR configuration and statistics information in serial 0/0/0.
Congestion Management Configuration Commands 1035
Interface: Ethernet6/0/0
Active Shaping : NO
qos lr Syntax
qos lr cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size
]]
undo qos lr
View
Interface view
Parameter
Description
Using the qos lr command, you can limit the bandwidth of a physical interface.
Using the undo qos lr command, you can remove the limit.
Example
# Limit packet-forwarding rate of the physical interface Ethernet6/0/0.
[3Com-Ethernet6/0/0] qos lr cir 38400 cbs 76800 ebs 0
Congestion
Management
Configuration
Commands
FIFO Queue
Configuration
Commands
View
Interface view
Parameter
queue-length: Length limit of a queue in the range of 1 to 1024.
Description
Using the qos fifo queue-length command, you can set the length limit of FIFO
queue. Using the undo qos fifo queue-length command, you can restore the
default value of the queue length.
Example
# Set the length of FIFO queue to 100.
[3Com-Ethernet3/0/0] qos fifo queue-length 100
PQ Configuration
Commands
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos pq interface command, you can view the configuration
and statistics of priority queues at interfaces.
If interfaces are not specified when this command is used, the configuration and
statistics of the priority queues at all interfaces will be displayed.
Example
# Display the configuration and statistics of PQ at interface Ethernet 6/0/0.
[3Com] display qos pq interface ethernet 6/0/0
Interface: Ethernet6/0/0
Priority queueing: PQL 1 (Outbound queue:Size/Length/Discards)
PQ Configuration Commands 1037
View
Any view
Parameter
None
Description
Using the display qos pql command, you can view contents of priority lists.
Example
# Display priority lists.
[3Com] display qos pql
------------------------------------------------------
2 Normal Length 60
2 Bottom Length 40
qos pq Syntax
qos pq pql pql-index
undo qos pq
View
Interface view
Parameter
pql-index: Pql index of the priority list, ranging 1 to 16.
Description
Using the qos pq command, you can apply a group of priority list to an interface.
Using the undo qos pq command, you can restore the congestion management
policy at the interface to FIFO.
All the physical interfaces can use the priority queue except ATM interface and
interfaces with X.25 as the link layer.
This command can configure multiple classification rules for each group in the
priority list. During traffic classification, the system matches packets along the rule
list. If matching a certain rule, a packet will be classified into the priority queue
specified by this rule; or it will be put into the default priority queue.
For the related commands, see qos pql, display qos pq interface, display qos
pql, and display interface.
Example
# Apply the priority list 12 to the Ethernet 0/2/0.
[3Com-Ethernet0/2/0] qos pq pql 12
View
System view
Parameter
pql-index: Pql index of the priority list, ranging 1 to 16.
top, middle, normal and bottom: Corresponding to the four levels of priority
queue, with the priority reducing in turn. The queue defaults to normal.
Description
Using the qos pql default-queue command, you can designate the packets
without corresponding rules to a default queue. Using the undo qos pql
default-queue command, you can cancel the configuration and restore the
default value.
During traffic classification, if a packet does not match any rule, it will be put into
the default priority queue.
For the same pql-index, repeated use of this command will set new default queue.
Example
# Set the default queue of the packets without corresponding rules in group 12 of
the priority list to be the bottom queue.
[3Com] qos pql 12 default-queue bottom
View
System view
Parameter
pql-index: Group number of the priority list, ranging 1 to 16.
Interface-type: Interface type.
Interface-number: Interface number.
top, middle, normal and bottom: Corresponding to the four levels of priority
queue, with the priority reducing in turn. By default, it is set to normal.
Description
Using the qos pql inbound-interface command, you can establish classification
rules based on interfaces. Using the undo qos pql inbound-interface command,
you can delete the corresponding classification rule.
This command can match packets according to which interface the packet comes
from. For the same pql-index, this command can be repeatedly used, establishing
classification rules for packets that come from different interfaces.
For the related commands, see qos pql default-queue, qos pql protocol, qos
pql queue, and qos pq.
Example
# Display how to make packets from an interface Serial 0/0/0 be put into a middle
queue.
[3Com] qos pql 12 inbound-interface Serial 0/0/0 middle
View
System view
Parameter
pql-index: Pql index of the priority list, ranging 1 to 16.
top, middle, normal, bottom: Corresponding PQ queues, whose priority levels
are in descending order.
protocol-name: Protocol type, which can only be IP by far.
When the protocol-name is IP, the values of queue-key and key-value are displayed
in the following table:
Table 1 Descriptions of values of queue-key and key-value
When queue-key is tcp or udp, key-value can be port name or the associated port
number. You can enter “?” to get the port numbers associated with port names..
Description
Using the qos pql protocol command, you can establish classification rules based
on the protocol type. Using the undo qos pql protocol command, you can delete
the corresponding classification rule.
The system matches a packet to a rule according to the set order. When the
packet matches a certain rule, the search process is completed.
For the same pql-index, this command can be repeatedly used, establishing
multiple classification rules for IP packets.
Example
# Specify a rule to make IP packets be put into the top queue.
[3Com] qos pql 1 protocol ip acl 100 queue top
undo qos pql pql-index queue { top | middle | normal | bottom } queue-length
View
System view
Parameter
Description
Using the qos pql queue command, you can specify the maximum number of
packets that can wait in each of the priority queues, or the length of a PQ. Using
the undo qos pql queue command, you can restore to the default value of each
PQ length.
For the related commands, see qos pql default-queue, qos pql
inbound-interface, qos pql protocol, and qos pq.
Example
# Specify the maximum number of packets waiting in the top priority queue 10 to
10.
[3Com] qos pql 10 queue top queue-length 10
CQ Configuration
Commands
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos cq interface command, you can view configuration and
statistics of customized queues at interfaces.
If no interface is specified CQ configuration and statistics of all interfaces will be
displayed.
For the related command, see qos cq.
Example
# Display configuration and statistics of customized queues at interface Ethernet
6/0/0/.
[3Com] display qos cq interface 6/0/0
Interface: Ethernet6/0/0
1042 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
View
Any view
Parameter
None
Description
Using the display qos cql command, you can view contents of custom lists.
Default values will not be displayed.
For the related commands, see qos cq cql and qos cq.
Example
# Display information about a custom list.
[3Com] display qos cql
2 3 Protocol ip fragments
3 0 Length 100
3 1 Inbound-interface Ethernet0
qos cq Syntax
qos cq cql cql-index
undo qos cq
View
Interface view
Parameter
cql-index: Cql index number of a custom list, ranging 1 to 16.
CQ Configuration Commands 1043
Description
Using the qos cq cql command, you can apply the customized queue to an
interface. Using the undo qos cq command, you can restore the congestion
management policy at the interface to FIFO.
All the physical interfaces can use customized queues, except ATM interface and
interfaces with X.25 as the link layer.
This command can configure multiple classification rules for each group in the
custom list. During traffic classification, the system matches packets along the rule
link. If matching a certain rule, a packet will be classified into the corresponding
priority queue specified by this rule. If not matching any rule, it will go to the
default priority queue.
For the related commands, see qos cql default-queue, qos cql
inbound-interface, qos cql protocol, qos cql queue serving, and qos cql
queue queue-length.
Example
# Apply the custom group 5 on the Ethernet 6/0/0.
[3Com-Ethernet6/0/0] qos cq cql 5
View
System view
Parameter
cql-index: Cql index of the custom list, ranging 1 to 16.
queue-number: Queue number, ranging 0 to 16. By default, customized queue
number is 1.
Description
Using the qos cql default-queue command, you can assign a default queue for
those packets that do not match any rule in the custom list. Using the undo qos
cql default-queue command, you can restore to the default queue.
During traffic classification, if a packet does not match any rule, it will go to the
default queue.
For the related command, see qos cql inbound-interface, qos cql protocol, qos
cql queue serving, and qos cql queue queue-length.
Example
# Assign default queue 2 to custom list 5.
1044 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
View
System view
Parameter
Description
Using the qos cql inbound-interface command, you can establish classification
rules based on interfaces. Using the undo qos cql inbound-interface command,
you can delete corresponding classification rules.
This command matches a packet to a rule according to the interface that the
packet comes from. For the same group-number, this command can be repeatedly
used, establishing different classification rules for packets from different
interfaces.
For the related commands, see qos cql protocol, qos cql queue serving, and
qos cql queue queue-length.
Example
# Specify a rule to make a packet from tunnel 0/0/0 be put into queue 3.
[3Com] qos cql 5 inbound-interface tunnel 0 queue 3
View
System view
Parameter
cql-index: Group number of the custom list, ranging 1 to 16.
protocol-name: Protocol name, which can only be ip by far.
CQ Configuration Commands 1045
When queue-key is tcp or udp, key-value can be port name or the associated port
number. You can enter “?” to get the port numbers associated with port names.
Description
Using the qos cql protocol command, you can establish classification rules based
on the protocol type. Using the undo qos cql protocol command, you can delete
corresponding classification rules.
The system matches a packet to a rule according to the order that rules are
configured. When the packet matches a certain rule, the search process is
completed.
For the same cql-index, this command can be repeatedly used, establishing
multiple classification rules for IP packets.
For the related commands, see qos cql inbound-interface, qos cql protocol,
qos cql queue serving, and qos cql queue queue-length.
Example
# Specify a rule to make any IP packet that matches the access-list 100 be put into
queue 3.
[3Com] qos cql 5 protocol ip acl 100 queue 3
View
System view
1046 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
Parameter
cql-index: Cql index of the custom list, ranging 1 to 16.
queue-number: Queue number, ranging 0 to 16.
queue-length: The maximum length of the queue, ranging 0 to 1024 packets.
Description
Using the qos cql queue command, you can specify a default queue for the
packets without corresponding rules. Using the undo qos cql queue command,
you can cancel the configuration and restore the default value.
For the related commands, see qos cql inbound-interface, qos cql protocol,
and qos cql queue serving.
Example
# Specify the amount of packets in a queue 4 in custom list 5 to 40.
[3Com] qos cql 5 queue 4 queue-length 40
View
System view
Parameter
cql-index: Cql-index of the custom list, ranging 1 to 16.
queue-number: Queue number, ranging 0 to 16.
byte-count: number of bytes in packets that the given queue sends during each
poll, ranging 0 to 16777215 bytes.
Description
Using the qos cql queue serving command, you can set the byte-count of the
packets sent from a given queue during each poll. Using the undo qos cql queue
serving command, you can restore the byte-count of sent packets to the default
value.
For the related commands, see qos cql inbound-interface, qos cql protocol,
and qos cql queue queue-length.
Example
# Specify byte-count of queue 2 in the custom list 5 to 1400.
[3Com] qos cql 5 queue 2 serving 1400
WFQ Configuration Commands 1047
WFQ Configuration
Commands
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos wfq interface command, you can view customized queue
configuration and statistics of an interface.
Example
# Display the custom queue configuration and statistics of Ethernet 6/0/0
interface.
[3Com] display qos wfq interface ethernet 6/0/0
Interface: Ethernet6/0/0
WFQ: 0/100/0
View
Interface view
Parameter
max-queue-length: The maximum queue length in the range of 1 to 1024. It is the
maximum number of packets in each queue. Packets out of the range will be
discarded.
total-queue-number: Total queue number. Available numbers are 16, 32, 64, 128,
256, 512, 1024, 2048 and 4096.
Description
Using the qos wfq command, you can apply weighed fair queue or modify WFQ
parameters at an interface. Using the undo qos wfq command, you can restore
the default congestion management mechanism FIFO.
Except ATM interface and interfaces with X.25 as the link layer, all physical
interfaces can use weighed fair queue.
When an interface does not apply WFQ policy, this command can be used to apply
WFQ policy at the interface as well as specifying WFQ parameters. If an interface
has applied WFQ policy, this command can be used to modify WFQ parameters.
For the related commands, see display interface and display qos wfq
interface.
Example
# Apply WFQ at the Ehernet6/0/0 interface, set the queue length to 100 and set
the total queue number to 512.
[3Com-Ethernet6/0/0] qos wfq queue-length100 queue-number 512
CBQ Configuration
Commands
car Syntax
car cir committed-information-rate [ cbs committed-burst-size ebs excess-burst-size ] [
green action [ red action] ]
undo car
View
Traffic behavior view
Parameter
cbs committed-burst-size: Committed burst size, number of bits that can be sent
in each interval in the range of 15000 to 155000000 bits.
red: Action conducted to packets when traffic of packets does not conform to the
traffic convention. By default, the action of red is “discard”.
Description
Using the car command, you can configure traffic monitoring for a behavior.
Using the undo car command, you can delete the configuration of traffic
monitoring.
The policy can be used in the input or output direction of the interface.
If this command is frequently configured on classes of the same policy, the last
configuration will overwrite the previous ones.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Use traffic monitor for a behavior. The normal traffic of packets is 38400bps.
Burst traffic twice of the normal traffic can pass initially and later the traffic is
transmitted normally when the rate does not exceed 38400bps. When the rate
exceeds 38400bps, the precedence of the packet turns to 0 and the packet is
transmitted.
[3Com] traffic behavior database
[3Com-behavior-database] car cir 38400 cbs 76800 ebs 0 green pass red
remark-precedence-pass 0
View
Policy view
Parameter
tcl-name: Must be the name of the defined class, the system-defined or
user-defined class.
behavior–name: Must be the name of the defined behavior, the system-defined or
user-defined behavior.
Description
Using the classifier behavior command, you can specify the behavior for the
class in the policy. Using the undo classifier command, you can remove the
application of the class in the policy.
1050 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
Each class in the policy can only be associated with one behavior.
The undo command is not used for the default class.
For the related command, see qos policy.
Example
# Specify the behavior test for the class database in the policy 3Com.
[3Com] qos policy 3Com
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
pvc: Used for ATM interface only, i.e., policy configuration of specified PVC on
specified ATM interface can be displayed.
pvc-name: PVC name.
vpi/vci: VPI/VCI value pair. For detailed description, refer to the Parameter
Description about pvc command.
Description
Using the display qos cbq interface command, you can view CBQ configuration
information and operating status, the specified PVC on specified ATM interface or
on all interfaces.
Example
[3Com] display qos cbq interface
Interface: Ethernet10/2/0
Class Based Queuing: (Outbound queue: Total Size/Discards)
CBQ: 0/0
Queue Size: 0/0/0 (EF/AF/BE)
BE Queues: 0/0/256 (Active/Max active/Total)
AF Queues: 1 (Allocated)
Bandwidth(Kbps): 74992/75000 (Available/Max reserve)
View
Any view
CBQ Configuration Commands 1051
Parameter
system-defined: Policy pre-defined by the system.
user-defined: Policy pre-defined by the user.
policy-name: Policy name. If it is not specified, the configuration information of all
the policies pre-defined by the system or by the user will be displayed.
tcl-name: Class name in the policy.
Description
Using the display qos policy command, you can display the configuration
information of the specified class or all the classes and associated behaviors in the
specified policy or all policies.
Example
[3Com] display qos policy user-defined
User Defined QoS Policy Information:
Policy: test
Classifier: default-class
Behavior: be
-none-
Classifier: 3Com
Behavior: 3Com
Marking:
Remark IP Precedence 3
Expedited Forwarding:
Classifier: database
Behavior: database
Assured Forwarding:
Bandwidth 30 (Kbps)
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
pvc: Used for ATM interface only, i.e., policy configuration of specified PVC on
specified ATM interface can be displayed.
pvc-name: PVC name.
vpi/vci: VPI/VCI value pair. For details, refer to the parameter description about the
pvc command.
Description
Using the display qos policy interface command, you can view configuration
information and the operating status of the policy on the specified interface, the
specified PVC on specified ATM interface or on all interfaces and PVC.
Example
# Display qos policy on Ethernet 10/2/0.
[3Com] display qos policy interface Ethernet 10/2/0
Interface: Ethernet10/2/0
Direction: Outbound
Policy: test
Classifier: default-class
Behavior: be
Default Queue:
Classifier: 3Com
Operator: AND
Behavior: 3Com
Marking:
Remark IP Precedence 3
Remarked: 0 (Packets)
Expedited Forwarding:
Classifier: database
Operator: AND
Behavior: database
Marking:
Remarked: 0 (Packets)
Assured Forwarding:
Bandwidth 30 (Kbps)
View
Any view
Parameter
system-defined: Behavior pre-defined by the system.
user-defined: Behavior pre-defined by the user.
behavior-name: Behavior name. If it is not specified, the information of the
behaviors pre-defined by the system or by the user will be displayed.
Description
Using the display traffic behavior command, you can display the information of
the traffic behavior configured on the router.
Example
[3Com] display traffic behavior user-defined
User Defined Behavior Information:
Behavior: test
Assured Forwarding:
Bandwidth 30 (Kbps)
Discard Method: Tail
Queue Length : 64 (Packets)
General Traffic Shape:
CIR 30000 (bps), CBS 15000 (bit), EBS 0 (bit)
Queue length 50 (Packets)
Marking:
Remark MPLS EXP 3
Behavior: 3Com
Marking:
Remark IP Precedence 3
Committed Access Rate:
CIR 20000 (bps), CBS 15000 (bit), EBS 0 (bit)
CBQ Configuration Commands 1055
View
Any view
Parameter
system-defined: Class pre-defined by the system.
user-defined: Class pre-defined by the user.
tcl-name: Class name. If it is not specified, the information of all classes
pre-defined by the system or by the user.
Description
Using the display traffic classifier command, you can view information about
class of router configuration.
Example
[3Com] display traffic classifier user-defined
User Defined Classifier Information:
Classifier: 3Com
Operator: AND
Rule(s) : if-match ip-precedence 5
Classifier: database
Operator: AND
Rule(s) : if-match acl 131
if-match inbound-interface Ethernet10/2/0
gts Syntax
gts cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size [
queue-length queue-length ] ] ]
undo gts
View
Traffic behavior view
Parameter
Description
Using the gts command, you can configure traffic shaping for a behavior. Using
the undo gts command, you can delete traffic shaping for a behavior.
A policy in which shape is used on an interface can only be applied in the output
direction of the interface.
If this command is frequently configured on the same traffic behavior, the last
configuration will overwrite the previous ones.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure TS for a behavior. The normal traffic is 38400bps. Burst traffic twice
of the normal traffic can pass initially and later the traffic is transmitted normally
when the rate is less than or equal to 38400bps. When the rate exceeds
38400bps, the traffic will enter the queue buffer and the buffer queue length is
100.
[3Com] traffic behavior database
if-match Syntax
if-match [ not ] match-criteria
undo if-match [ not ] match-criteria
View
Class view
Parameter
match-criteria: Match rule of a class, which can be acl, any, class-map,
destination-mac, inbound-interface, ip-precedence, dscp, protocol,
source-mac, mpls-exp.
Description
Using the if-match command, you can define the rule of all packets not satisfying
the specified match rule. Using the undo if-match command, you can delete the
rule of all packets not satisfying the specified match rule.
Example
# Define the class to match packets which protocol is not IP.
[3Com] traffic classifier class1
if-match { Syntax
destination-mac | if-match [not ] { destination-mac | source-mac } mac-address
source-mac }
undo if-match [not ] { destination-mac | source-mac } mac-address
View
Class view
Parameter
mac-address: MAC address.
Description
Using the if-match { destination-mac | source-mac } command, you can define
match rule of destination or source MAC address. Using the undo if-match {
destination-mac | source-mac } command, you can delete the match rule of
destination or source MAC address.
The match rules of the destination MAC address are only meaningful for the
policies of the output direction and the interface of Ethernet type.
The match rules of the source MAC address are only meaningful for the policies of
the input direction and the interface of Ethernet type.
Example
# Define that the match rule of class2 is to match the packets with the destination
MAC address 0050-ba27-bed3.
[3Com] traffic classifier class1
# Define the match rule of class2 as matching the packets with source MAC address
0050-ba27-bed2.
View
Class view
1058 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
Parameter
access-list-number: ACL number.
Description
Using the if-match acl command, you can define ACL match rule. Using the
undo if-match acl command, you can delete ACL match rule.
Example
# Define a class to match ACL101.
[3Com] traffic classifier class1
View
Class view
Parameter
none
Description
Using the if-match any command, you can define the rule matching all packets.
Using the undo if-match any command, you can delete the rule matching all
packets.
Example
# Define the rule matching all packets.
[3Com] traffic classifier class1
View
Class view
Parameter
tcl-name: Class name.
CBQ Configuration Commands 1059
Description
Using the if-match classifier command, you can define class-map match rule.
Using the undo if-match classifier command, you can delete the class-map
match rule.
This configuration method is the only one to match the traffic with both the
match-all and match-any features.
For example: classA need to match: rule1 & rule2 | rule3
traffic classifier classB operator and
if-match rule1
if-match rule2
traffic classifier classA operator or
if-match rule3
if-match classifier classB
For the related command, see traffic classifier.
Example
# Define match rule of class2 and class1 should be used. Therefore, class1 is
configured first. The match rule of class1 is ACL 101 and the IP precedence is 5.
[3Com] traffic classifier class1
# Define the packet whose class is class2, match rule is class1 and destination MAC address is
0050-BA27-BED3.
View
Class view
Parameter
dscp-value: DSCP value in the range of 0 to 63.
Description
Using the if-match dscp command, you can define IP DSCP match rule. Using the
undo if-match dscp command, you can delete IP DSCP match rule.
More than one such command can be configured under a class. They do not
overwrite one other. When each command is configured, the dscp-value will sort
the values automatically in the ascending order. Only when the specified DSCP
1060 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
values are identical with those in the rule (sequence may be different) can the
command be deleted.
More than one DSCP value can be configured and the maximum number is 8. If
multiple DSCPs of the same value are specified, the system regards them as one by
default. Relation between different DSCP values is “or”.
Example
# Define the match rule of class1 as matching the packets with the dscp value as
1, 6 or 9.
[3Com] traffic classifier class1
if-match Syntax
inbound-interface if-match [ not ] inbound-interface { interface-type interface-number }
undo if-match [ not ] inbound-interface { interface-type interface-number }
View
Class view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the if-match inbound-interface command, you can define input interface
match rule of a class. Using the undo if-match inbound-interface command,
you can delete input interface match rule of a class.
Example
# Define that the class matches the packets entering from Ethernet6/0/0.
[3Com] traffic classifier class1
View
Class view
CBQ Configuration Commands 1061
Parameter
ip-precedence-value: Precedence value in the range of 0 to 7. Multiple values can
be specified and the maximum number is 8. If multiple precedence of the same
value are specified, only one of them is taken. Relation between different DSCP
values is “or”.
Description
Using the if-match ip-precedence command, you can define IP precedence
match rule. Using the undo if-match ip-precedence command, you can delete IP
precedence match rule.
Multiple precedence values can be specified but the maximum number is 8. If the
multiple precedence values specified are the same, the system regards them as
one. Relation between different precedence values is “or”.
Example
# Define the match rule of class1 as matching the packets with the precedence
value as 1 or 6.
[3Com] traffic classifier class1
View
protocol-name Protocol name. IP is used.
Parameter
Class view
Description
Using the if-match protocol command, you can define protocol match rule.
Using the undo if-match protocol command, you can delete protocol match
rule.
Example
# Define the packet whose class match protocol is IP.
[3Com] traffic classifier class1
View
Class view
Parameter
starting-port-number: Starting RTP port number in the range of 2000 to 65535.
end-port-number: Ending RTP port numbers in the range of 2000 to 65535.
Description
Using the if-match rtp command, you can define port match rule of RTP. Using
the undo if-match rtp command, you can delete the port match rule of RTP.
This command can match RTP packets in the range of specified RTP port number,
i.e., to match packets of even UDP port numbers between
<starting-port-number> and < end-port-number >. If this command is frequently
used under a class, the last configuration will overwrite the previous ones.
Example
# Define the match rule of class1 as matching the packets whose RTP port number
is the even UDP port number between 16384 and 32767.
[3Com] traffic classifier class1
View
Interface view
Parameter
inbound: Inbound direction.
outbound: Outbound direction.
policy-name: Policy name.
Description
Using the qos apply policy command, you can attach a service policy to the
output interface. Using the undo qos apply policy command, you can delete
associated policy on an interface.
When applying the policy, the interface will be unavailable if the sum of
bandwidth specified for the classes in the policy, to ensure forwarding and
expedited forwarding, exceeds the available bandwidth on the interface. When
the available bandwidth on the interface is modified, the policy will be deleted if
CBQ Configuration Commands 1063
the sum of bandwidth specified for the classes in the policy, to ensure forwarding
and expedited forwarding, exceeds the available bandwidth on the interface. The
configurations of queue af, queue ef and queue wfq and gts are not allowed in
the input direction policy and the behaviors associated with the class.
Example
# Apply the policy 3Com in the output direction of interface Ethernet6/0/0.
[3Com-Ethernet6/0/0] qos apply policy 3Com outbound
View
System View
Parameter
policy-name: Policy name.
Description
Using the qos policy command, you can define a policy and enter policy view.
Using the undo qos policy command, you can delete a policy.
For the related commands, see classifier behavior and qos apply policy.
Example
# Define a policy named as 3Com.
[3Com] qos policy 3Com
[3Com-qospolicy-3Com]
1064 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
queue af Syntax
queue af bandwidth { bandwidth | pct percentage }
undo queue af
View
traffic behavior view
Parameter
bandwidth: Bandwidth in Kbps in the range of 8 to 1000000.
pct percentage: Percentage of the available bandwidth configured in the range of
1 to 100.
Description
Using the queue af command, you can configure the class to perform the
assured-forwarding and the minimum bandwidth used. Using the undo queue af
command, you can cancel the configuration.
When associating the class with the traffic behavior queue af belonging in the
policy, the following must be satisfied:
■ The sum of the bandwidth specified for the classes in the same policy, to
ensure forwarding (queue af) and expedited forwarding (queue ef), must be
less than or equal to the available bandwidth of the interface where the
policy is applied.
■ The sum of percentages of the bandwidth specified for the classes in the
same policy, to ensure forwarding (queue af) and expedited forwarding
(queue ef), must be less than or equal to 100.
■ The bandwidth configuration for the classes in the same policy, to ensure
forwarding (queue af) and expedited forwarding (queue ef), must adopt the
value of the same type. For example, they all adopt the absolute value form
or the percentage form.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure traffic behavior named database and configure the minimum
bandwidth of the traffic behavior to 200Kbps.
[3Com] traffic behavior database
queue ef Syntax
queue ef bandwidth { bandwidth [ cbs burst ] | pct percentage }
undo queue ef
View
Traffic behavior view
CBQ Configuration Commands 1065
Parameter
bandwidth: Bandwidth in Kbps in the range of 8 to 1000000.
percentage: Percentage of available bandwidth in the range of 1 to 100.
burst: Specifies the allowed burst size in byte in the range of 32 to 2000000, By
default, burst is bandwidth*25.
Description
Using the queue ef command, you can configure expedited-forwarding packets
to the absolute priority queue and configure the maximum bandwidth. Using the
undo queue ef command, you can cancel the configuration.
The command can not be used together with queue af, queue-length, and
wred in traffic behavior view.
In the policy the default class default-class can not be associated with the traffic
behavior, queue ef, which belongs to:
■ The sum of the bandwidth specified for the classes in the same policy, to
ensure forwarding (queue af) and expedited forwarding (queue ef), must be
less than or equal to the available bandwidth of the interface where the
policy is applied.
■ The sum of percentages of the bandwidth specified for the classes in the
same policy, to ensure forwarding (queue af) and expedited forwarding
(queue ef), must be less than or equal to 100.
■ The bandwidth configuration for the classes in the same policy, to ensure
forwarding (queue af) and expedited forwarding (queue ef), must adopt the
value of the same type. For example, they all adopt the absolute value form
or the percentage form.
For the related command, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure packets to enter priority queue. The maximum bandwidth is 200Kbps
and burst is 5000 bytes by default.
[3Com] traffic behavior database
View
traffic behavior view
Parameter
total-queue-number: Number of fair queue, which can be 16, 32, 64, 128, 256,
512, 1024, 2048 and 4096 and the default value is 64.
1066 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
Description
Using the queue wfq command, you can configure the default-class to use fair
queue. Using the undo queue wfq command, you can .delete configuration.
The traffic behavior configured with the command can only be associated with the
default class. It can also be used together with commands like queue-length or
wred.
For the related command, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure WFQ for default-class and the queue number is 16.
[3Com] traffic behavior test
queue-length Syntax
queue-length queue-length
undo queue-length queue-length
View
traffic behavior view
Parameter
queue-length: The maximum threshold value of the queue in the range of 1 to
512. The default drop mode is tail drop and the queue length is 64.
Description
Using the queue-length command, you can configure maximum queue length.
Using the undo queue-length command, you can delete configuration.
This command can be used only after the queue af or queue wfq command has
been configured.
The queue-length, which has been configured, will be deleted when the undo
queue af or undo queue wfq command is executed.
The queue-length, which has been configured, will be deleted when the random
drop mode is configured via the wred command, and vise versa.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure tail drop and set the maximum queue length to 16.
CBQ Configuration Commands 1067
[3Com-behavior-database] queue-length 16
View
Traffic behavior view
Parameter
dscp-value: Preset DSCP value in the range of 0 to 63, which can be any of the
following keys: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41,
af42, af43, cs1, cs2, cs3, cs4, cs5, or cs7.
Table 3 DSCP key words and values
DSCP
Key word value(binary) DSCP value(decimal)
ef 000000 0
af11 001010 10
af12 001100 12
af13 001110 14
af21 010010 18
af22 010100 20
af23 010110 22
af31 011010 26
af32 011100 28
af33 011110 30
af41 100010 34
af42 100100 36
af43 100110 38
cs1 001000 8
cs2 010000 16
cs3 011000 24
cs4 100000 32
cs5 101000 40
cs6 110000 48
cs7 111000 56
Description
Using the remark dscp command, you can configure or delete DSCP value for a
class to identify matched packets. Using the undo remark dscp command, you
can
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
1068 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
Example
# Configure DSCP value to 6 to identify packets.
[3Com] traffic behavior database
View
Traffic behavior view
Parameter
fr-de-value: Value of the DE flag bit in the FR packet, ranging from 0 to 1.
Description
Using the remark fr-de command, you can configure the value of the DE flag bit
in the FR packet. Using the undo remark fr-de command, you can remove cancel
the value of the DE flag bit in the FR packet.
For the related command, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure the value of the DE flag bit in the FR packet as 1.
[3Com] traffic behavior database
View
Traffic behavior view
Parameter
ip-precedence-value: Preset precedence value in the range of 0 to 7.
Description
Using the remark ip-precedence command, you can configure precedence value
to identify matched packets. Using the undo set ip precedence command, you
can delete precedence value set for a class to identify matched packets.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
CBQ Configuration Commands 1069
Example
# Configure precedence value to 6 to identify packets.
[3Com] traffic behavior database
View
System view.
Parameter
behavior-name: Behavior name.
Description
Using the traffic behavior command you can define a traffic behavior and enter
the behavior view. Using the undo traffic behavior command, you can delete a
traffic behavior.
behavior-name shall not be that of the traffic behavior pre-defined by the system.
For the related command, see qos policy, qos apply policy, and classifier
behavior.
Example
# Define a traffic behavior named behavior1.
[3Com] traffic behavior behavior1
[3Com-behavior-behavior1]
View
System View
Parameter
operator and: Specifies the relation between the rules in the class as logic AND.
That is, the packet that matches all the rules belongs to this class.
operator or: Specifies the relation between the rules in the class as logic OR. That
is, the packet that matches any one of the rules belongs to this class.
Description
Using the traffic classifier command, you can define a class and enter the class
view. Using the undo traffic classifier command, you can delete a class.
For the related commands, see qos policy, qos apply policy, and classifier
behavior.
Example
# Define a class named as gold.
[3Com] traffic classifier class1
[3Com-classifier-class1]
wred Syntax
wred [ dscp | ip-precedence ]
undo wred [ dscp | ip-precedence ]
View
Traffic behavior view
Parameter
dscp: Uses DSCP value for calculating drop probability for a packet.
ip-precedence: Uses IP precedence value for calculating drop probability for a
packet.
Description
Using the wred command, you can configure drop mode as WRED. Using the
undo wred command, you can delete the configuration.
This command can be used only after the queue af command has been
configured. Wred command and queue-length command can not be used
simultaneously. Other configurations under the random drop will be deleted when
this command is deleted. When a policy is applied on an interface, the previous
WRED configuration on interface level will become ineffective.
The behavior associated with default-class can only use wred ip-precedence.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
CBQ Configuration Commands 1071
Example
# Configure WRED for a traffic behavior named database and drop probability is
calculated by IP precedence.
[3Com] traffic behavior database
[3Com-behavior-database] wred
View
Traffic behavior view
Parameter
dscp-value: DSCP value in the range of 0 to 63, which can be any of the following
keys: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43,
cs1, cs2, cs3, cs4, cs5, or cs7.
Table 4 DSCP key words and values
DSCP
Key word value(binary) DSCP value(decimal)
ef 000000 0
af11 001010 10
af12 001100 12
af13 001110 14
af21 010010 18
af22 010100 20
af23 010110 22
af31 011010 26
af32 011100 28
af33 011110 30
af41 100010 34
af42 100100 36
af43 100110 38
cs1 001000 8
cs2 010000 16
cs3 011000 24
cs4 100000 32
cs5 101000 40
cs6 110000 48
cs7 111000 56
Description
Using the wred dscp command, you can set DSCP lower-limit, upper-limit and
drop probability denominator of WRED. Using the undo wred dscp command,
you can delete the configuration.
This command can be used only after the wred dscp command has been used to
enable WRED drop mode based on DSCP.
The configuration of wred dscp will be deleted if the configuration of qos wred
is deleted.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Set the queue lower-limit to 20, upper-limit to 40 and discard probability to 15
for the packet whose DSCP is 3.
[3Com] traffic behavior database
View
Traffic behavior view
Parameter
Description
Using the wred ip-precedence command, you can set precedence lower-limit,
upper-limit and drop probability denominator of WRED.
If the wred ip-precedence command has been used to enable WRED drop mode
based on the precedence, the configuration of wred ip-precedence will be
deleted when wred is deleted.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Set lower-limit to 20, upper-limit to 40 and discard probability to 40 for the
packet with the precedence 3.
[3Com] traffic behavior database
[3Com-behavior-database] wred
wred Syntax
weighting-constant wred weighting-constant exponent
undo wred weighting-constant
View
Traffic behavior view
Parameter
exponent: Exponential in the range of 1 to 16. It is 6 by default.
Description
Using the wred weighting-constant command, you can set exponential for the
calculation of average queue length by WRED.
This command can be used only after the que af command has been configured
and the wred command has been used to enable WRED drop mode.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure exponential for calculating average queue to 6.
[3Com] traffic behavior database
View
Any view
Parameter
Description
Using the display qos rtpq interface command, you can view the queue
information of the current IP RTP Priority, including the current RTP queue depth
and number of RTP dropping packets and display the RTP priority queue
configuration and statistics on an interface or on all interfaces.
Example
# Display the queue information of the current IP RTP Priority.
[3Com] display qos rtpq interface Ethernet 10/2/0
Interface: Ethernet10/2/0
RTPQ: 0/0/0/0
View
Interface view
Parameter
percent: Percentage of the reserved bandwidth to the available bandwidth. It is in
the range of 1 to 100 and the default value is 80.
Description
Using the qos reserved-bandwidth command, you can set the maximum
reserved bandwidth percentage of the available bandwidth. Using the undo qos
reserved-bandwidth command, you can restore the default value.
Usually the bandwidth configured for the QoS queue is no more than 75 percent
of the total bandwidth for the consideration that part of the bandwidth should be
used for the controlling protocol packets, the layer 2 frame header and so on. You
are recommended to use this command with caution while modifying the
maximum preserved bandwidth.
Example
# Set the maximum reserved bandwidth allocated for RTP priority queue and WFQ
to be 80% of the available bandwidth.
[3Com-Serial1/0/0] qos reserved-bandwidth pct 80
View
Interface view
Parameter
first-rtp-port: Specifies the first UDP port number to initiate RTP messages.
last-rtp-port: Specifies the last UDP port number to initiate RTP messages.
bandwidth: Bandwidth for RTP priority queue, which is part of the maximum
reserved bandwidth in Kbps.
Description
Using the qos rtpq command, you can enable RTP queue feature on an interface
so as to reserve a real-time service for the RTP packets sent to some UDP
destination port range. Using the undo qos rtpq command, you can disable the
RTP queue feature of the interface.
In bandwidth allocation, the bandwidth for data load, IP header, UDP header and
RTP header is allocated, except that for the Layer2 frame header. Therefore, it is
obligatory to reserve 25% of the total bandwidth.
Example
# Enable IP RTP Priority on Serial 1/0/0. The starting port number is 16384. The
starting port number is 16383.The RTP packets in the range of 16384~32767 of
the destination port use 64Kbps bandwidth. If network convergence happens, the
packets will enter IP RTP Priority queue.
[3Com-Serial1/0/0] qos rtpq start-port 16384 end-port 32767 bandwidth 64
Weighted Random Early Detection Configuration Commands 1077
Weighted Random
Early Detection
Configuration
Commands
View
Any view
Parameter
Description
Using the display qos wred interface command, you can view WRED
configuration and statistics of an interface.
Example
# Display WRED configuration and statistics about the specified interface.
[3Com] display qos wred interface ethernet 6/0/0
Interface: Ethernet6/0/0
Exponent: 10 (1/1024)
-------------------------------------------------------------------------
0 0 0 10 30 10
1 0 0 100 1000 1
2 0 0 10 30 10
3 0 0 10 30 10
4 0 0 10 30 10
5 0 0 10 30 10
6 0 0 10 30 10
7 0 0 10 30 10
1078 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
View
Interface view
Parameter
None
Description
Using the qos wred command, you can apply WRED (weighed random early
detection) at an interface. Using the undo qos wred command, you can restore
the default dropping method.
WRED can only be used together with WFQ and cannot be used alone or together
with other queues. So before WRED is enabled at an interface, it is necessary to
ensure that the WFQ has been applied at the interface.
For the related commands, see qos wfq, qos wred, and display qos wred
interface.
Example
# Apply WRED at Ethernet0/0/0 interface. (Provided that WFQ has already been
applied at the interface).
[3Com-Ethernet0/0/0] qos wred
View
Interface view
Parameter
Description
Using the qos wred ip-precedence command, you can configure the minimum
threshold, maximum threshold and drop probability denominator of each
precedence in WRED. Using the undo qos wred ip-precedence command, you
can restore the default value.
WRED parameters can be set only after the command qos wred has been used to
apply WRED at the interface. And it is the average amount of packets in queue
that the threshold limits.
For the related commands, see qos wred and display qos wred interface.
Example
# Display how to set minimum threshold of the packet of precedence 3 at an
interface to 20, maximum threshold to 40 and discard probability to 15.
[3Com-Ethernet0/0/0] qos wred ip-precedence 3 low-limit 20 high-limit 40
discard-probability 15
View
Interface view
Parameter
exponent: Exponential used to calculate the average amount of packets in queues,
ranging 1 to 16. By default, exponent is 9.
Description
Using the qos wred weighting-constant command, you can set exponential
used to calculate the average length of WRED queues. Using the undo qos wred
weighting-constant command, you can restore the default value.
The WRED parameters can be set only after the command random-detect is used
to apply WRED at the interface.
For the related commands, see qos wred, and display qos wred interface.
Example
# Set the exponential used to calculate the average amount of packets in queue to
6 at Ethernet6/0/0 interface, provided that WRED has already been applied on this
interface.
[3Com-Ethernet0/0/0] qos wred weighting-constant 6
1080 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
Link Efficiency
Mechanism
Configuration
commands
IP Header
Compression
Configuration
Commands
View
User view
Parameter
None
Description
Using the debugging ppp compression iphc rtp command, you can display the
single packet information of the RTP header compression.
Example
<3Com> debugging ppp compression iphc rtp
View
User view
Parameter
None
Description
Using the debugging ppp compression iphc tcp command, you can view the
single packet information of the TCP header compression.
Example
<3Com> debugging ppp compression iphc tcp
View
Any view
IP Header Compression Configuration Commands 1081
Parameter
Description
Using the display ppp compression iphc rtp command, you can view the
statistic information of the RTP header compression.
Example
[3Com] display ppp compression iphc rtp
View
Any view
Parameter
Description
Using the display ppp compression iphc tcp command, you can view the
statistic information of the TCP header compression.
Example
[3Com] display ppp compression iphc tcp
View
Interface view
Parameter
nonstandard: Nonstandard encapsulation mode.
Description
Using the ppp compression iphc command, you can enable RTP header
compression on an interface. Using the undo ppp compression iphc command,
you can disable RTP header compression.
When the RTP header compression is enabled, the TCP header compression will
also be enabled. When the RTP header compression is disabled, the TCP header
compression will be disabled either.
The configuration will take effect only when the shutdown and undo shutdown
operations are performed on the interface. If the configuration is applied on MP,
the shutdown and undo shutdown operations should be performed on all the
MPs.
Example
None
View
Interface view
Parameter
number: The maximum connection number (from 3 to 256) of IP Header
Compression mode on the interface. By default, the number is 16.
Description
Using the ppp compression iphc rtp-connection command, you can designate
the connections number of IP Header Compression allowed on one interface.
Using the undo ppp compression iphc rtp-connection command, you can
cancel the configuration and restore the default value.
The configuration will take effect after commands shutdown and undo
shutdown have been executed on the interface. When configuring MP,
commands shutdown and undo shutdown must be executed on all MPs.
Example
None
View
Interface view
Parameter
number: The maximum connection number (from 3 to 256) of TCP compression
mode on the interface. By default, the number is 16.
Configuration Commands of LFI 1083
Description
Using the ppp compression iphc tcp-connection command, you can configure
the connection number of TCP compression mode. Using the undo ppp
compression iphc tcp-connection command, you can restore the default
connection number of TCP compression mode.
The configuration can become valid on an interface only after you perform the
shutdown and then the undo shutdown operations on the interface. If the
configuration is for MPs, you should perform the operations on all the MPs.
Example
None
View
User view
Parameter
Description
Using the reset ppp compression iphc command, you can delete the invalid
IP/UDP/RTP header compression or decompression context storage table and clear
statistic information of IP/UDP/RTP header compression.
Example
None
Configuration
Commands of LFI
View
Virtual template interface view, MP-GROUP view
Parameter
None
1084 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
Description
Using the ppp mp lfi command, you can enable LFI on the interface. Using the
undo ppp mp lfi command, you can remove LFI on the interface.
By default, the time delay of the fragment is 10ms after LFI is enabled on the
Virtual Template interface.
For the related command, see ppp mp lfi delay-per-frag.
Example
[3Com-Virtual-Template1] ppp mp lfi
View
Virtual template interface view, MP-GROUP view
Parameter
time: The maximum time delay of LFI fragment in ms in the range of 1 to 1000.
Description
Using the ppp mp lfi delay-per-frag command, you can set the maximum time
delay for transmitting a LFI (link fragment and interleave) fragment. Using the
undo ppp mp lfi delay-per-frag command, you can restore the default
maximum time delay for transmitting an LFI fragment.
By default, the time delay of the fragment is 10ms after LFI is enabled on the
Virtual Template interface.
Example
# Set the maximum time delay of LFI fragment of Virtual-Template 1 to 20ms.
[3Com-Virtual-Template1] ppp mp lfi delay-per-frag 20
View
Interface view
Parameter
Kilobits : Available bandwidth of the interface in Kbps in the range of 1 to
1000000. By default, for physical interface the value is its speed or its baud rate
and for virtual template interface the value is 64Kbps.
Frame Relay QoS 1085
Description
Using the qos max-bandwidth command, you can configure the physical
bandwidth binding the MP links. Using the undo qos max-bandwidth
command, you can remove the configuration of the bandwidth.
This command can configure the physical bandwidth binding the MP links. The
command indicates the available bandwidth of the active interface, providing the
information of the QoS module but not the actual bandwidth binding the MP
links.
For the related command, see ppp mp lfi delay-per-frag, ppp mp lfi.
Example
# Set the bandwidth of Virtual-Template 1 to 128kbps.
[3Com-Virtual-Template1] qos max-bandwidth 128
View
Frame Relay class view
Parameter
policyname: Name of the applied policy. It is a string with 1 to 31 characters.
Description
Using the apply policy outbound command, you can set the Frame Relay virtual
circuit queueing to CBQ (Class-Based Queueing). Using the undo apply policy
outbound command, you can restore the Frame Relay virtual circuit queueing to
FIFO.
Example
# Define a classifier named “class 1”.
[3Com] traffic classifier class1
[3Com-classifier-class1]
# Apply a defined policy to the Frame Relay class named “test 1” and set the
queueing of test 1 to CBQ.
cbs Syntax
cbs [ inbound | outbound ] burst-size
undo cbs [ inbound | outbound ]
View
Frame relay class view
Parameter
inbound: Sets the inbound committed burst size of the packet, valid only when
FRTP (frame relay traffic policing) is enabled on the interface.
outbound: Sets the outbound committed burst size of the packet, valid only
when FRTS (frame relay traffic shaping) is enabled on the interface.
Description
Using the cbs command, you can set the committed burst size of frame relay
virtual circuit. Using the undo cbs command, you can restore the default value.
If the packet direction is not specified upon configuration, the parameter will be
set in both inbound and outbound directions.
The committed burst size is the packet traffic that is committed to send on a frame
relay network within an interval of Tc. When there is no congestion on the
network, the frame relay network ensures this part of traffic could be sent
successfully.
For the related commands, see ebs, cir allow, and cir.
Example
# Set the committed burst size of the frame relay class named test1 as 64000 bits.
[3Com] fr class test1
cir Syntax
cir rate-limit
undo cir
Frame Relay QoS 1087
View
Frame relay class view
Parameter
rate-limit: The minimum Committed Information Rate, in bit/s, ranging from 1000
to 45000000. By default, it is 56000 bit/s.
Description
Using the cir command, you can set the Minimum Committed Information Rate of
frame relay virtual circuit. Using the undo cir command, you can restore the
default value.
The Minimum Committed Information Rate is the minimum sending rate that can
be provided by virtual circuit. It ensures that the user could still send data at this
rate upon network congestion.
Upon network congestion, DCE will send a packet with a BECN flag bit of 1 to
DTE. After DTE receives this packet, it will gradually reduce the sending rate of
virtual circuit from CIR to MinCIR. If DTE does not receive the packet with the
BECN flag bit of 1 any more within a certain period of time, it will restore the
sending rate of virtual circuit as CIR.
For the related commands, see cbs, ebs, and cir allow.
Example
# Set the MinCIR of the frame relay class named test1 as 32000 bit/s.
[3Com] fr class test1
View
Frame relay class view
Parameter
inbound: Sets the inbound Committed Information Rate (CIR) of a packet, valid
only when FRTP is enabled on the interface.
outbound: Sets the outbound CIR of a packet, valid only when FRTS is enabled
on the interface.
Description
Using the cir allow command, you can set the CIR of frame relay virtual circuit.
Using the undo cir allow command, you can restore the default value.
CIR is the sending rate that can be normally provided by a frame relay network.
When there is no congestion on the network, it ensures the user could send data
at this rate.
If packet direction is not specified upon configuration, the parameter will be set in
both inbound and outbound directions.
Example
# Set the CIR of the frame relay class that is named test1 as 64000bit/s.
[3Com] fr class test1
congestion-threshold Syntax
congestion-threshold { de | ecn } queue-percentage
undo congestion-threshold { de | ecn }
View
Frame relay class view
Parameter
de: Discards the frame relay packet whose DE flag bit is 1 upon congestion.
ecn: Processes the flag bits, BECN and FECN, of frame relay packet upon
congestion.
Description
Using the congestion-threshold command, you can enable congestion
management function of frame relay virtual circuit. Using the undo
congestion-threshold command, you can disable this function.
When the percentage of current queue length to the total queue length of virtual
circuit exceeds the set congestion threshold, it will be regarded that congestion
occurs on the virtual circuit and congestion management will be performed on
packets on virtual circuit.
Example
# Set to begin to discard the frame relay packet whose DE flag bit is 1 concerning
the frame relay class named test1 when the current queue length of virtual circuit
exceeds 80% of the total length.
[3Com] fr class test1
[3Com-fr-class-test1] congestion-threshold de 80
cq Syntax
cq cql list-number
undo cq
View
FR class view
Parameter
cql list-number: Number of custom queue, from 1 to 16 available.
Description
Using the cq command, you can set the queue type of the FR virtual circuit to be
custom queue, while using undo cq, you can restore the type to be FIFO.
The value will be refreshed if this command is repeatedly applied to one same FR
class.
Example
# Apply the custom queue 10 to the FR class test1:
[3Com] fr class test1
[3Com-fr-class-test1] cq cql 10
View
Any view.
Parameter
dlci-number: DLCI number, ranging from 16 to 1007. The detailed information will
be displayed when specifying the parameter.
1090 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
Description
Using the display fr fragment-info command, you can view the frame relay
fragment information.
Example
# View frame relay fragment information of all the interfaces.
<3Com> display fr fragment-info
Type : FRF11
Size : 80
Pre-fragment:
Fragmented:
Assembled :
in pkts : 0 in bytes :0
Dropped :
Out-of-sequence pkts: 0
Table 5 Output information description of the display fr fragment-info command
Item Description
interface Interface
dlci DLCI number
type Fragment type
size Fragment size
in/out/drop Number of received fragment packets/number of sent fragment
packets/number of discarded fragment packets
Pre-fragment: Number of packets and bytes to send before fragmented
Fragmented : Number of fragments received and sent counted in packet and
byte.
Frame Relay QoS 1091
Item Description
Assembled : Number of assembled fragments
Out-of-sequence Number of out-of-sequence fragments
fragment :
View
Any view
Parameter
Description
Using the display mfr command, you can view configuration and status
information of the FR route to confirm the correctness of the configuration.
Example
# View configuration and state information of all frame relay bundles and frame
relay
Item Description
Switch-Name the name of PVC used for switching
Interface The first denotes local interface and the second denotes remote
interface
DLCI local and remote VC identifier
State Linkage status
View
Any view
Parameter
Description
Using the display qos policy interface command, you can view information
about CBQ application on the interface.
Example
# Display the information about CBQ application of the virtual circuit with DLCI of
10 on Serial1/0/0.
<3Com> display qos policy interface serial 1/0/0 dlci 100
MFR4/0/0, DLCI 25
Direction: Outbound
Policy: xujin
Class: default-class
Behavior:
Default Queue:
Class: xujin
Behavior:
Assured Forwarding:
Bandwidth 10 (Kbps)
ebs Syntax
ebs [ inbound | outbound ] excess-burst-size
undo ebs [ inbound | outbound ]
View
Frame relay class view
Parameter
inbound: Sets inbound excess burst size of the packet, valid only when FRTP is
enabled on the interface.
outbound: Sets outbound excess burst size of the packet, valid only when FRTS is
enabled on the interface.
Description
Using the ebs command, you can set excess burst size of frame relay virtual circuit.
Using the undo ebs command, you can restore the default value.
Excess burst size (EBS) is the maximum of the part that packet traffic exceeds the
committed burst size (CBS) within an interval of Tc. When congestion occurs on
the network, this part of excess traffic will be first discarded.
When this command is used, the set EBS value will be valid in both inbound and
outbound directions if the parameters inbound and outbound are not specified.
For the related commands, see cbs, cir allow, and cir.
Example
# Set the excess burst size of the frame relay class named test1 as 32000 bits.
[3Com] fr class test1
View
Frame relay class view
Parameter
queue-size: FIFO queue length, namely, the maximum number of packets that can
be held by the queue, ranging from 1 to 1024. By default, it is 40.
Description
Using the fifo queue-length command, you can set the FIFO queue length of
frame relay virtual circuit. Using the undo fifo queue-length command, you can
restore the default value.
When the router serves as DCE for switching, the FIFO queue length of DLCI can
be set if FRTS has been applied to DLCI.
Example
#Set the FIFO queue of the frame relay class named test1 to hold 80 packets at
most.
[3Com] fr class test1
fr class Syntax
fr class class-name
undo fr class class-name
View
System view
Parameter
class-name: Class name, with 30 characters at most.
Description
Using the fr class command, you can create a frame relay class and enter frame
relay class view. Using the undo fr class command, you can delete a specified
frame relay class.
Only after associating a frame relay class with an interface or virtual circuit and
enabling the frame relay QoS function on the corresponding interface, can the set
frame relay class parameter take effect.
When a frame relay class is deleted, the association between all interfaces or DLCIs
and the frame relay class will be released.
Example
# Create a frame relay class named test1.
[3Com] fr class test1
[3Com-fr-class-test1]
fr congestion-threshold Syntax
fr congestion-threshold { de | ecn } queue-percentage
undo fr congestion-threshold { de | ecn }
View
Frame relay interface view, MFR interface view
Parameter
de: Discards the frame relay packet whose DE flag bit is 1 when congestion
occurs.
ecn: Processes the BECN and FECN flag bits of frame relay packets when
congestion occurs.
Description
Using the fr congestion-threshold command, you can enable congestion
management function of a frame relay interface. Using the undo fr
congestion-threshold command, you can disable this function.
The command can only be used for frame relay DCE interfaces or NNI interfaces.
Example
# Set to begin to process the flag bit of a frame relay packet when the interface
queue length exceeds 80% of the total length.
[3Com-Serial4/1/2] fr congestion-threshold de 80
fr de del Syntax
fr de del list-number dlci dlci-number
undo fr de del list-number dlci dlci-number
1096 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
View
Frame relay interface view, MFR interface view
Parameter
Description
Using the fr de del command, you can apply a DE rule list to the specified frame
relay virtual circuit. Using the undo fr de del command, you can delete a DE rule
list from virtual circuit.
After a DE rule list is applied to frame relay virtual circuit, those packets that match
the rule list will have their DE flag set to 1.
For the related commands, see fr del inbound-interface and fr del protocol.
Example
# Apply DE rule list 3 to the DLCI 100 of the interface Serial 4/1/2.
[3Com-Serial4/1/2] fr de del 3 dlci 100
View
System view
Parameter
Description
Using the fr del inbound-interface command, you can configure an
interface-based DE rule list. For the packet received from the specified interface, if
it is forwarded from the router as a frame relay packet, its DE flag bit will be set as
1 before being forwarded. Using the undo fr del inbound-interface command,
you can delete the specified DE rule from a DE rule list.
New rules can be added to a DE rule list by using this command repeatedly. At
most, 100 rules can be configured in a DE rule list. To delete a DE rule list, you
should first delete all DE rules in it.
Example
# Add a rule to DE rule list 1. For the packet received from the interface Serial
4/1/2, if it is needed to be forwarded by encapsulating frame relay protocol, flag
the DE flag bit of the packet as 1 before forwarding.
[3Com] fr del 1 inbound-interface serial 4/1/2
View
System view
Parameter
less-than bytes: IP packets whose length is less than bytes. bytes ranges from 0 to
65535.
greater-than bytes: IP packets whose length is greater than bytes. bytes ranges
from 0 to 65535.
tcp ports: IP packets whose source or destination TCP port number are ports.
udp ports: IP packets whose source or destination UDP port number are ports.
Description
Using the fr del protocol ip command, you can configure an IP-based DE rule list.
The DE flag bit of the frame relay packet encapsulated with an IP packet matching
the specified rule will be flagged as 1. Using the undo fr del protocol ip
command, you can delete the specified DE rule from a DE rule list.
New rules can be added to a DE rule list by using this command repeatedly. At
most, 100 rules can be configured in a DE rule list. The undo form of this
command can once delete one DE rule only. To delete a DE rule list, you must
delete all DE rules in it.
Example
# Add a rule to DE rule list 1. For all frame relay packets encapsulated with IP
packets, flag their DE flag bits as 1.
[3Com] fr del 1 protocol ip
fr pvc-pq Syntax
fr pvc-pq [ top-limit middle-limit normal-limit bottom-limit ]
undo fr pvc-pq
View
Frame relay interface view, MFR interface view
Parameter
Description
Using the fr pvc-pq command, you can set the queue type of a frame relay
interface as PVC PQ (PVC Priority Queueing) and set queue length, i.e. the
maximum number of packets that can be held by a queue for each queue. Using
the undo fr pvc-pq command, you can restore the queue type of the interface
into FIFO.
After FRTS is enabled on an interface, the queue type of the interface can only be
FIFO or PVC PQ.
PVC PQ is a new queue mechanism of FRTS. Similar to PQ, it also has four queue
types: top, middle, normal and bottom, with queue priority decreasing in turn.
Configure the queue of PVC PQ that DLCI enters in frame relay class. When
congestion occurs on an interface, different DLCIs enter different PVC PQs. When
sending data, according to queue priority, data in higher priority queues will be
sent before lower priority queues.
Frame Relay QoS 1099
Example
# Set the queue type of the interface Serial 2/0/0 as PVC PQ.
[3Com-Serial2/0/0] fr pvc-pq
fr traffic-policing Syntax
fr traffic-policing
undo fr traffic-policing
View
Frame relay interface view, MFR interface view
Parameter
None
Description
Using the fr traffic-policing command, you can enable FRTP function. Using the
undo fr traffic-policing command, you can disable FRTP function.
When configuring traffic policing for an inbound interface, you must first set the
DCE as a frame relay switching by using the fr switching command.
Example
# Enable the traffic policing function on the interface Serial 2/0/0.
[3Com-Serial2/0/0] fr traffic-policing
fr traffic-shaping Syntax
fr traffic-shaping
undo fr traffic-shaping
View
Frame relay interface view, MFR interface view
Parameter
None
Description
Using the fr traffic-shaping command, you can enable FRTS function. Using the
undo fr traffic-shaping command, you can disable FRTS function.
The FRTS function is applied to the outbound interface of a router, generally used
at the DTE end of a frame relay network.
Example
# Enable FRTS on the serial interface Serial 2/0/0.
[3Com-Serial2/0/0] fr traffic-shaping
fragment Syntax
fragment [ fragment-size ]
undo fragment [ fragment-size ]
View
Frame relay class view
Parameter
fragment-size: Size of a fragment, in byte, ranging from 16 to 1600. By default,
the fragment size is of 45 bytes.
Description
Using the fragment command, you can enable the fragmentation function on
frame relay virtual circuit. Using the undo fragment command, you can disable
this function.
Example
# Configure fragment size as 128 in the frame relay class named test1.
[3Com] fr class test1
fr-class Syntax
fr-class class-name
undo fr-class class-name
View
Frame relay interface view, DLCI view
Parameter
class-name: Name of a frame relay class, in the form of character string, with a
length ranging from 1 to 30.
Frame Relay QoS 1101
Description
Using the fr-class command, you can associate a frame relay class with the current
frame relay virtual circuit or frame relay interface. Using the undo fr-class
command, you can remove the association between a frame relay class and the
frame relay virtual circuit or frame relay interface.
By default, there is no association between a frame relay class and the frame relay
virtual circuit or frame relay interface.
If the specified frame relay class does not exist, the command will first create a
frame relay class before associating the frame relay class with the current virtual
circuit or interface. If the specified frame relay class does exist, the command will
associate the frame relay class with the current virtual circuit or interface without
creating a new frame relay class.
The undo form of this command only removes the association between a
specified frame relay class and a virtual circuit or an interface rather than deleting
the real frame relay class. To delete a frame relay class, use the undo fr class
command.
After a frame relay class is associated with an interface, all virtual circuits on the
interface will inherit the frame relay QoS parameter of this frame relay class.
Example
# Associate the frame relay class named test1 with the frame relay virtual circuit
whose DLCI is 200.
[3Com] interface serial 4/0/1
pq Syntax
pq pql list-number
undo pq
View
Frame relay class view
Parameter
pql list-number: Group number of Priority Queueing, ranging from 1 to 16.
Description
Using the pq command, you can set the queue type of frame relay virtual circuit as
Priority Queueing. Using the undo pq command, you can restore the queue type
of virtual circuit to FIFO.
Example
# Apply the group10 of Priority Queueing to the frame relay class named test1.
[3Com] fr class test1
[3Com-fr-class-test1] pq pql 10
pvc-pq Syntax
pvc-pq { top | middle | normal | bottom }
undo pvc-pq
View
Frame relay class view
Parameter
top: Sets the top PVC PQ , namely, top priority queue, to accept the packets from
the VC.
middle: Sets the middle PVC PQ , namely, middle priority queue, to accept the
packets.
normal: Sets the normal PVC PQ , namely, normal priority queue, to accept the
packets.
bottom: Sets the normal PVC PQ , namely, normal priority queue, to accept the
packets.
Description
Using the pvc-pq command, you can set the type of the PVC PQ that packets sent
by frame relay virtual circuit enter. Using the undo pvc-pq command, you can
restore the default PVC PQ type.
By default, the packets sent by frame relay virtual circuit enter into the normal
PVC PQ.
PVC PQ falls into four groups, top, middle, normal and bottom. PVC PQ is relative
to DLCI. After the queue of an interface is set as PVC PQ, packets on each virtual
circuit can enter only one type of PVC PQ.
Example
# Set packets sent by virtual circuit which is associated with the frame relay class
named test1 to enter top PVC PQ.
[3Com-fr-class-one] pvc-pq top
rtpq Syntax
rtpq start-port min-dest-port end-port max-dest-port bandwidth bandwidth
undo rtpq
Parameter
View
Frame relay class view
Description
Using the rtpq command, you can configure to apply Realtime Transport Protocol
Priority Queue (RTP Priority Queue). Using the undo rtpq command, you can
remove the application.
The application of a frame relay class configured with RTPQ to a PVC results in the
creation of a strict priority queue on the PVC. Packets in the port range specified
by RTPQ of the destination UDP port will enter RTPQ. When congestion occurs in
the virtual circuit the packets in the queue will be sent with preference without
exceeding the configured bandwidth. When congestion does not occur in the
virtual circuit, the RTP packets in the specified port range can occupy the available
bandwidth on the virtual circuit. Generally, the UDP port range used by VoIP can
be configured as from 16384 to 32767.
Example
# Configure RTP priority queue on the frame relay class named test1 with a
bandwidth of 20kbit/s.
[3Com] fr class test1
traffic-shaping Syntax
adaptation traffic-shaping adaptation { becn percentage | interface-congestion number }
undo traffic-shaping adaptation { becn | interface-congestion }
View
FR class view
1104 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
Parameter
Description
Using the traffic-shaping adaptation command, you can enable the adaptive
traffic shaping function of FR. Using the undo traffic-shaping adaptation
command, you can disable this function.
Example
# Enable the FR traffic shaping function, by adjusting the packets with the BECN
flag.
[3Com] fr class test1
wfq Syntax
wfq [ congestive-discard-threshold [ dynamic-queues ] ]
undo wfq
View
FR class view
Parameter
dynamic-queues: Total number of queues, the value can be one of 16, 32, 64,
128, 256, 512, 1024, 2048 and 4096, with the defaut of 256.
Description
Using the wfq command, you can set the queue type of the VC to be WFQ. Using
the undo wfq command, you can restore the queue type to FIFO.
Example
# Apply WFQ to the FR class test1.
MPLS QoS Configuration Commands 1105
View
Class view
Parameter
mpls-experimental-value: EXP value in the range of 0 to 7.
Description
Using the if-match mpls-exp command, you can configure the rule of exp
domain matching MPLS. Using the undo if-match mpls-exp command, you can
delete the rule of exp domain matching MPLS.
Example
# Define the class to match the packet whose exp is 3 or 4.
[3Com-classifier-database] if-match mpls-exp 3 4
View
System view
Parameter
Description
Using the qos cql protocol mpls-exp command, you can configure classification
rule based on the MPLS protocol, Using the undo qos cql protocol mpls-exp
command, you can delete the corresponding classification rule.
The system matches packets in the sequence that rules are configured. When the
packet is found to match a rule, the entire searching process comes to an end.
For the same group-number, this command can be used repeatedly to establish
multiple types of classification rules for IP packets.
Example
# Configure classification rule based on the MPLS protocol and sets EXP value of
MPLS to 1.
[3Com] qos cql 10 protocol mpls-exp 1 experimental 1
View
System view
Parameter
Description
Using the qos pql protocol mpls-exp command, you can establish the
classification rule based on MPLS protocol. Using the undo qos pql protocol
mpls-exp command, you can delete corresponding classification rules.
The system matches packets in the sequence that rules are configured. When the
packet is found to match a rule, the entire searching process comes to an end.
For the same group-number, this command can be used repeatedly to establish
several types of classification rules for IP packets.
Example
# Establish the classification rule based on MPLS protocol and sets the EXP value of
MPLS to 5.
[3Com] qos pql 10 protocol mpls-exp top 5
MPLS QoS Configuration Commands 1107
View
Traffic behavior view
Parameter
mpls-experimental-value: Preset exp value of MPLS in the range of 0 to 7.
Description
Using the remark mpls-exp command, you can configure or delete MPLS EXP
value to identify matched packets, Using the undo remark mpls-exp command,
you can delete configuration.
For the related commands, see traffic classifier, qos policy, and classifier
behavior.
Example
# Configure a policy named as 3Com, configures traffic behavior named database
in policy and set value of MPLS EXP 0.
[3Com] qos policy 3Com
Backup Center
Configuration
Commands
View
User view
Parameter
event: Enables the event information debugging.
Description
Using the debugging standby event command, you can enable the information
debugging of backup center. Using the undo debugging standby event
command, you can disable the information debugging of backup center.
Example
# Enable the event debugging of backup center.
[3Com] debugging standby event
View
Any view
Description
Using the display standby flow command, you can display the traffic statistics of
the main interface participating in standby load balancing.
Example
# Set Serial1/0/0, Serial0/0/0 and Logic-channel0 to the standby interfaces of
Serial3/0/0.
# Display the traffic statistics of the main interface participating standby load
balancing.
Interfacename :Serial3/0/0
Flow-interval(s) : 100
LastInOctets : 868168
LastOutOctets : 1818667
InFlow(Octets) : 50070
OutFlow(Octets) : 100088
BandWidth(b/s) :9000
UsedBandWidth(b/s) : 8000
The contents of the display information are explained in the following table:
Table 1 Output information description of the display standby flow command
Field Description
Flow-interval(s) Interval at which traffic of the main interface is checked
LastInOctets Accumulated octets received on the main interface until the time
of last check.
LastOutOctets Accumulated octets sent on the main interface until the time of
last check.
InFlow(Octets) Accumulated octets received on the main interface during last
interval.
OutFlow(Octets) Accumulated octets sent on the main interface during last interval.
BandWidth(b/s) Bandwidth of the main interface
UsedBandWidth(b/s) Actual bandwidth of the interface during last interval
View
Any view
Backup Center Configuration Commands 1111
Description
Using the display standby state command, you can display the interface state
and standby state of the main interface and standby interfaces, and the priority,
standby state flag and standby load state of the standby interfaces.
The interface state of a standby interface includes UP, DOWN and STANDBY.
The standby state of the main interface includes MUP, MUPDELAY, MDOWN,
MDOWNDELAY and MDESERT.
Example
# Set Serial1/0/0, Serial0/0/0 and Logic-channel0 to the standby interfaces of
Serial3/0/0.
# Display the interface state and standby state of the main interface and standby
interfaces, and the priority, standby state flag and standby load state of the
standby interfaces.
Logic-channel0 UP UPDELAY BU 20
Backup-flag meaning:
View
Interface view
Parameter
number: Interface bandwidth ranging from 0 to 4000000KB. By default, it is 0.
Description
When the main interface participates in standby load balancing, the backup center
will use the main interface's standby bandwidth configured by the user
preferentially. If not found, it gets the main interface bandwidth provided by the
system automatically. If it fails, it will ask the user to configure a standby
bandwidth for the main interface.
Example
# Set Serial1/0/0 to the standby interface of Serial0/0/0.
View
Interface view
Parameter
Description
Using the standby interface command, you can configure a certain physical
interface as a standby interface for the main interface. Using the undo standby
interface command, you can cancel a specified standby interface.
Example
# Specify Serial 1/0/0 whose priority value is 50 as the standby interfaces for Serial
0/0/0.
[3Com-Serial0/0/0] standby interface serial1/0/0 50
View
Interface view
Parameter
Description
Using the standby threshold command, you can configure the standby load
balancing for an interface or a logic channel. Using the undo standby threshold
command, you can cancel the standby load balancing of an interface or a logic
channel.
This command should be configured on the main interface of the backup center.
When the traffic on all the active interfaces of the backup center reaches the set
upper limit, the available standby interface with the highest priority will be
enabled. When the total traffic on all the active interfaces of the backup center is
lower than the set lower limit, the standby interface with the lowest priority will be
disabled.
Example
# Configure standby load balancing on interface Serial 0/0/0.
[3Com-Serial0/0/0] standby threshold 80 50
View
Interface view
Parameter
enable-delay: Delay for the standby interface to switch to the main interface. It
ranges from 0 to 65535 seconds.
Description
Using the standby timer delay command, you can set the delay for the
main/standby interface switchover. Using the undo standby timer delay
command, you can recover the default delay value.
Example
# Specify Serial0/0/0 to use Serial1/0/0 as its standby interface and set the delay for
main/standby switchover to 10 seconds.
Backup Center Configuration Commands 1115
View
Interface view
Parameter
interval-time: Interval at which the traffic is checked. It ranges from 30 seconds to
600 seconds and is defaulted to 30 seconds.
Description
Using the standby timer flow-check command, you can configure the interval at
which the main interface's traffic is checked. Using the undo standby timer
flow-check command, you can recover the default interval for traffic checking.
When the main interface participates in standby load balancing, the backup center
automatically checks the traffic of the main interface at the interval configured
with this command.
Example
# Set Serial1/0/0 to the standby interface of Serial0/0/0.
VRRP Configuration
Commands
View
User view
Parameter
Description
Using the debugging vrrp command, you can enable debugging for VRRP. Using
the undo debugging vrrp command, you can disable VRRP debugging.
Example
# Enable the VRRP packet debugging.
[3Com] debugging vrrp packet
View
Any view
Parameter
interface-name: Interface name that must be an Ethernet Interface.
virtual-router-ID: Standby group number.
Description
Using the display vrrp command, you can view the status information of VRRP.
Example
# Display all standby group information of the router.
<3Com> display vrrp
state : Master
Virtual IP : 202.38.160.111
Priority : 150
Timer : 1
state : Backup
Virtual IP : 202.38.160.100
Priority : 100
Timer : 1
state : Backup
Virtual IP : 10.10.10.10
10.10.10.11
Priority : 150
Timer : 1
state : Master
Virtual IP : 202.38.160.111
Priority : 150
Timer : 1
state : Backup
Virtual IP : 202.38.160.100
Priority : 100
Timer : 1
state : Master
Virtual IP : 202.38.160.111
Priority : 150
Timer : 1
vrrp Syntax
authentication-mode
vrrp authentication-mode { md5 key | simple key }
View
Interface view
Parameter
key: Authentication key. The length of the authentication key is 8 bytes or smaller.
Description
Using the vrrp authentication-mode command, you can configure
authentication type and authentication key of VRRP standby group. Using the
undo vrrp authentication-mode command, you can cancel the VRRP
authentication.
This command is used to set the authentication type and authentication key for all
the VRRP standby groups on an interface, as the protocol requires the standby
groups of an interface to use the same authentication type and authentication key.
In addition, the members of a standby group should have the same authentication
type and authentication key.
Example
# Set the authentication types and authentication keys of all VRRP standby groups
on interface Ethernet 0/2/0.
[3Com-Ethernet0/2/0] vrrp authentication-mode simple 3Com
View
Interface view
Parameter
virtual-router-ID: Virtual Router ID, namely, VRRP standby group number, ranging
from 1 to 255.
delay-value: Delay time in seconds with a value ranging from 0 to 255. By default,
a router is in preemption mode with the delay as 0.
Description
Using the vrrp vrid preempt-mode command, you can configure the
preemption mode and delay time of routers in a standby group. Using the undo
vrrp vrid preempt-mode command, you can cancel the preemption mode and
delay time of routers in a standby group.
If a router with a higher priority is needed to actively preempt as the MASTER, the
router should be set to preemption mode. If a longer time is needed for
preemption, the delay time can be set. When a router is set to non-preemption
mode, the delay value will be set to 0 automatically.
Example
# Set a standby group to preemption mode.
[3Com-Ethernet0/2/0] vrrp vrid 1 preempt-mode
View
Interface view
Parameter
priority-value: Priority value of the router in standby group, in the range from 1 to
254. By default, the priority is 100.
Description
Using the vrrp vrid priority command, you can configure the priority of a router
in the standby group. Using the undo vrrp vrid priority command, you can
restore the default value of priority.
Priority determines the position of a router in the standby group. A higher priority
means that the router has more possibility to become MASTER. Priority 0 is
reserved for some special usage by the system and 255 is reserved for IP address
owner.
Example
# Set the priority of a router in standby group 1 to 150.
[3Com-Ethernet0/2/0] vrrp vrid 1 priority 150
View
Interface view
Parameter
Description
Using the vrrp vrid timer-advertise command, you can configure the timer of
the standby group. Using the undo vrrp vrid timer-advertise command, you
can restore the default value of the timer.
This command can be used to set the interval at which the MASTER sends VRRP
packets.
VRRP Configuration Commands 1121
Example
# Set the interval at which the MASTER in standby group 1 sends VRRP packet to 5
seconds.
[3Com-Ethernet0/2/0] vrrp vrid 1 timer advertise 5
View
Interface view
Parameter
value-reduced: Value by which the priority is reduced. It ranges from 1 to 255 and
is defaulted to 10.
Description
Using the vrrp vrid track command, you can configure an interface to be
tracked. Using the undo vrrp vrid track command, you can cancel the tracking.
Interface monitoring function of VRRP better expands the backup function so that
the backup function can be provided not only when a router fails but also when
certain network interface is DOWN. After this command is configured, if the
monitored interface is DOWN, the priority of the router will reduce and the priority
of other member in the standby group will become the highest. As a result, the
router with the highest priority will become the new MASTER so as to achieve
backup function. Configuration of monitored interface for a router as IP address
owner is forbidden.
Example
# Set and monitor the interface Serial 0/0/0.
[3Com-Ethernet0/2/0] vrrp vrid 1 track serial0/0/0 reduced 50
View
Interface view
1122 CHAPTER 12: BACKUP CENTER CONFIGURATION COMMANDS
Parameter
Description
Using the vrrp vrid virtual-ip command, you can add a virtual IP address. Using
the undo vrrp vrid virtual-ip command, you can cancel a virtual IP address.
This command is used to establish a standby group and can also be used to add
virtual IP address to an existing standby group. At most 16 virtual IP addresses can
be added to a standby group. The undo vrrp vrid virtual-ip command can be
used to delete an existing standby group or delete a certain virtual address in the
standby group. If the addresses of a standby group have all been deleted, the
system will automatically delete the standby group.
Example
# Create a standby group.
[3Com-Ethernet0/2/0] vrrp vrid 1 virtual-ip 10.10.10.10
DCC Configuration
Commands
View
Any view
Parameter
Description
Using the debugging dialer command, you can enable DCC debugging.
Example
None
View
Dialer interface view
Parameter
number: Number of dialer bundle, ranging from 1 to 255.
Description
Using the dialer bundle command, you can configure a dialer bundle used by a
dialer interface. Using the undo dialer bundle command, you can disassociate
the dialer bundle from the dialer interface.
By default, the Resource-Shared DCC is not enabled, and the dialer bundle is not
specified.
This command can be applied only on a dialer interface for configuring the dialer
bundle that the interface will use. Furthermore, a dialer interface can only use a
1124 CHAPTER 13: DCC CONFIGURATION COMMANDS
dialer bundle. This command can be used to specify a dialer bundle used by a
dialer interface, no matter what link-protocol, PPP or Frame Relay, runs on the
interface.
Example
# Configure the interface Dialer1 to use dialer bundle3, in which the interface
Serial0 is included.
[3Com-Dialer1] dialer bundle 3
View
Physical interface view
Parameter
priority: Priority of the physical interface in the dialer bundle, ranges from 1 to
255. The physical interface with higher priority will be used first. This is an optional
parameter. By default, priority is 1.
Description
Using the dialer bundle-member command, you can configure a physical
interface included in a dialer bundle in the Resource-Shared DCC application.
Using the undo dialer bundle-member command, you can remove the physical
interface from the dialer bundle.
This command can only be applied to a physical interface, which can be assigned
to multiple dialer bundles.
To enable the B channel of ISDN interface (BRI or PRI) to configure its link layer
protocol dynamically in terms of the Dialer interface it belongs to, link layer
protocol that the interface uses should be specified as PPP.
Example
# Make Bri1/0/0 a member of dialer bundle1 and dialer bundle2, and assigns it a
priority of 50.
[3Com] interface bri 1/0/0
View
Physical or dialer interface view
Parameter
user: Calls back according to the parameter user hostname configured in the
dialer route command.
Description
Using the dialer callback-center command, you can enable the callback server
function. Using the undo dialer callback-center command, you can disable the
callback server function of a router.
This command must be configured at the server end when PPP is used to
implement callback.
The parameter user indicates that DCC will call back according to the parameter
configured in the dialer route command. The parameter dial-number indicates
that DCC will call back the remote end according to the callback-number
configured in the local-user command.
When both user and dial-number are applied concurrently, the router will first
attempt to place a return call according to the first parameter. If the callback
attempt fails, it will try the second parameter for callback.
For related commands, see ppp callback, ppp authentication-mode.
Example
# Configure a remote username and set the router to call the user back.
[3Com] local-user 3Comb password simple 3Comb
View
Physical or dialer interface view
Parameter
remote-number: Used for matching the remote incoming call number. The
character “*” represents any character.
callback: When calling back the server end, the incoming number will match with
the dialer call-in command containing this keyword and originate a callback.
Description
Using the dialer call-in command, you can enable ISDN callback according to
ISDN caller ID. Using the undo dialer call-in command, you can cancel the
configuration.
This command must be configured at the server end when ISDN caller ID is applied
for callback. In Resource-Shared DCC, because both PPP and frame relay protocols
are supported to be encapsulated on dialer interface, ISDN interface can
encapsulate link layer protocol dynamically according to corresponding dialer
interface.
The caller first searches the corresponding dialer interface by matching the caller
number with the dialer number command. The dialer call-in command is used
to preprocess the ISDN call-in number so as to determine whether the user with
this number can be permitted to access. If the PBX switch does not provide the
caller number, refuse the call directly.
Example
# Configure the router to call back the calling number 8810152.
[3Com-Bri0/0/0] dialer route ip 100.1.1.2 8810152
View
Physical interface view
DCC Configuration Commands 1127
Parameter
number: Number of the dialer circular group, and a physical interface belongs to
this specified group, ranges from 0 to 1023. This number is defined through the
interface dialer command.
Description
Using the dialer circular-group command, you can add the physical interface to
a dialer circular group specified here. Using the undo dialer circular-group
command, you can cancel the configuration.
By default, the physical interface is not a member of any dialer circular group.
One physical interface can only be added to one dialer circular group, which may
contain multiple physical interfaces. When a call is originated on a dialer interface,
the highest priority physical interfaces in the circular group on the dialer interface
will place the call.
Example
# Assign Serial1/0/0 and Serial2/0/0 to dialer circular group1.
[3Com-Serial1/0/0] dialer circular-group 1
View
Physical or dialer interface view
Parameter
None
Description
Using the dialer enable-circular command, you can enable Circular DCC. Using
the undo dialer enable-circular command, you can disable Circular DCC.
By default, Circular DCC is enabled on the ISDN interfaces and disabled on other
interfaces.
The user must use this command to enable it before using Circular DCC.
Example
# Enable Circular DCC on Serial 0/0/0.
[3Com-Serial0/0/0] dialer enable-circular
View
Physical or dialer interface view
Parameter
number: Number of the ISDN B channel configured to be a leased line. If the
channel is on a BRI interface, the range is from 1 to 2. If it is on a CE1/PRI
interface, the range is from 0 to 30. If it is on an E1/PRI interface, range is from 0
to 30. If it is on a CT1/PRI interface, range is from 0 to 23.
Description
Using the dialer isdn-leased command, you can configure an ISDN B channel
(can be either the channel on a BRI or PRI interface) to be the leased line. Using the
undo dialer isdn-leased command, you can cancel the setting.
The user can configure any ISDN B channel to be the leased line without affecting
the settings of other B channels.
Example
# Configure the first B channel on the interface Bri0/0/0 to be the leased line.
[3Com-Bri0/0/0] dialer isdn-leased 1
View
Dialer interface view
Parameter
group-number: Dialer Listen group number, ranging from 1 to 255.
Description
Using the dialer listen-group command, you can enable the Dialer Listen
function on the AUX interface. Using the undo dialer listen-group command,
you can disable the Dialer Listen function on the AUX interface.
Example
# Enable Dialer Listen on Dialer0.
DCC Configuration Commands 1129
View
Dialer interface view
Parameter
Description
Using the dialer listen-rule command, you can configure the destination
network address to be monitored. Using the undo dialer listen-rule command,
you can delete a listen rule, together with the network address.
Example
# Configure the destination network address to be monitored on Dialer0.
[3Com-Dialer0] dialer listen-rule 12 ip 202.38.160.1 255.255.255.0
View
Physical or dialer interface view
Parameter
dial-number: Dial number for calling a remote end.
Description
Using the dialer number command, you can configure a dial number for placing
a call to a single remote end. Using the undo dialer number command, you can
cancel the configured dial number.
This command is used when the dialer interface of Circular DCC serves as caller
end and the dialer originates calls to only one destination address or the default
address. This command is only valid after at least one of the following
requirements is satisfied:
■ Or the next hop address that sends packets cannot be found in the
corresponding dialer route command.
When dialer interfaces of Resource-Shared DCC run link protocol of PPP, the
remote user names, which are obtained via PPP authentication and configured
with dialer user respectively, will decide which dialer interface will receive the
incoming call. In this case, dialer user must be configured, and dialer number
can be configured optionally.
When dialer interfaces run link protocol of Frame Relay, the calling numbers,
which are received from the incoming call and configured with dialer number
respectively, will decide which dialer interface will receive the incoming call. In this
case, dialer number must be configured, and dialer user can be configured
optionally.
1) If dialer-group command is not configured, DCC will not dial even if dialer
number command is configured.
2) When using Resource-Shared DCC, the same dialer number can be configured
on different dialer interfaces at the calling side; but it is not the case at the called
side; otherwise, the call will fail. When using Circular DCC, the same dialer number
can be configured on different dialer interfaces at the calling side, and it is the
same to the called side.
Example
# Set the dialer number for dialer1 calling the remote end to “11111”.
[3Com] interface dialer 1
View
Physical interface view
Parameter
priority: Indicates the priority level for a physical interface which belongs to a dialer
circular group, ranging from 1 to 127. By default, the priority is 1.
Description
Using the dialer priority command, you can configure a priority for a physical
interface in a dialer circular group in the Circular DCC configuration. Using the
undo dialer priority command, you can restore the default priority.
This command sets the order in which the available physical interfaces in a dialer
circular group are used. The physical interfaces with higher priority will be used
first.
DCC Configuration Commands 1131
Example
# Set the priority of Serial 3/0/0 in dialer circular group0 to 5.
[3Com-Serial3/0/0] dialer circular-group 0
View
Physical or dialer interface view
Parameter
packets: Indicates the packet numbers buffered on this interface, ranging from 1
to 100. By default, the value of max-threshold is 30.
Description
Using the dialer queue-length command, you can configure the number of
packets, which comply with the "permit" statement, that can be buffered before
a link is set up. Using the undo dialer queue-length command, you can restore
the default number of the packets that can be buffered.
In the link establishing process, the packets which comply with the "permit"
statement are held in the buffer queue to wait for transmission as soon as the link
is set up. The setting of packets decides the queue length.
Example
# Configure that 10 packets are buffered on Serial1/0/0.
[3Com-Serial1/0/0] dialer queue-length 10
View
Physical or dialer interface view
Parameter
user hostname: Remote user name, which is optionally specified for authentication
implemented when receiving calls.
1132 CHAPTER 13: DCC CONFIGURATION COMMANDS
autodial: If this parameter is defined in a dialer route, the router will automatically
attempt to dial according to the dialer route at a certain interval. The interval is set
in the dialer autodial-interval command, which is 300 seconds by default.
Description
Using the dialer route command, you can configure to originate calls to one or
multiple remote ends or to receive calls from multiple remote ends on a DCC
interface. Using the undo dialer route command, you can cancel a dialer route.
To originate a call, the parameter dial-number should be used. If the user keyword
is used, PPP authentication should be configured.
The user can configure multiple dialer routes for a dial port or a destination
address.
Example
# Set the remote end to be called on Serial 0/0/0.
[3Com-Serial0/0/0] dialer route ip 131.108.2.5 user ZZZ 14155553434
View
Dialer interface view
Parameter
traffic-percentage: Percentage of the actual traffic on the link over the bandwidth,
ranges from 1 to 99.
in-out: Calculates the larger one of the inbound traffic and the outbound traffic in
the actual traffic calculation.
Description
Using the dialer threshold command, you can configure the traffic threshold of a
link on the DCC interface so that another link can be enabled to call the same
destination address when the ratio of traffic on all connected links on the DCC
interface to the available bandwidth exceeds the preset percentage. Using the
undo dialer threshold command, you can restore the default value.
If the ratio of the traffic on a link of a DCC interface to the bandwidth exceeds a
defined threshold, the second link will be enabled to implement MP binding with
the first one. When the ratio of traffic on the two links to the bandwidth exceeds
a defined threshold, the third link will be enabled, so on and so forth. On the
contrary, when the ratio of the traffic on N (N is an integer greater than or equal to
2) links to the bandwidth of N-1 links is less than a defined threshold, a link will be
disabled. In Circular DCC, this command is used on the interfaces corresponding
to the dialer circular-group (including ISDN BRI/PRI interfaces and dialer
interfaces). In Resource-Shared DCC, this dialer threshold command is applied to
dialer interface only. In addition, this command must be used together with the
ppp mp command.
Example
# Set the traffic threshold on Dialer1 to 80%.
[3Com-Dialer1] dialer threshold 80
View
Physical or dialer interface view
Parameter
seconds: Interval before the next call attempt, ranging from 1 to 604800 in units
of second. The default interval is 300 seconds.
Description
Using the dialer timer autodial command, you can configure the automatic
dialing interval of DCC. Using the undo dialer timer autodial command, you
can resume the default interval.
This command should be used together with the auto-dial keyword in the dialer
route command. DCC will automatically attempt to dial every seconds secconds
until the connection is established. The automatic dialing function is independent
of the trigger with data packets. The established connection will not be
automatically cut for timeout. That is, the configuration of the dialer timer idle
command does not affect it.
Example
# Set the DCC automatic calling interval on Serial0/0/0 to 60 seconds.
[3Com-Serial0/0/0] dialer timer autodial 60
View
Physical or dialer interface view
Parameter
Seconds: Idle interval when contention occurs, ranges from 0 to 65535 seconds.
By default, the idle interval is 20 seconds.
Description
Using the dialer timer compete command, you can configure an idle interval for
an interface after call contention occurs on the interface. Using the undo dialer
timer compete command, you can restore the default interval.
Example
# Set timer idle and timer compete respectively to 50 seconds and 10 seconds on
Serial 0/0/0.
[3Com-Serial0/0/0] dialer timer idle 50
View
Physical or dialer interface view
Parameter
seconds: Interval for originating the next call, ranges from 5 to 65535 seconds. By
default, the interval is 20 seconds.
Description
Using the dialer timer enable command, you can configure an interval for the
next call attempt on an interface after the link is disconnected. Using the undo
dialer timer enable command, you can restore the default interval.
DCC Configuration Commands 1135
Example
# Set the interval for DCC to make the next call attempt to 5 seconds.
[3Com-Serial0/0/0] dialer timer enable 5
View
Physical or dialer interface view
Parameter
seconds: Time that a link is allowed to be idle, ranges from 0 to 65535 seconds. By
default, seconds is 120 seconds.
Description
Using the dialer timer idle command, you can configure the interval that a link is
allowed to be idle (in other words, the interval, when there are no packets which
comply with the “permit” statements transmitted) after a call has been set up on
the interface. Using the undo dialer timer idle command, you can restore the
default duration.
After a link is set up, the timer idle timer will take effect. If no interesting packets
are transmitted on the link within the specified time, DCC will automatically
disconnect the link. If timer idle is set to 0, the link will never be disconnected,
regardless of whether there are no packets which comply with the “permit”
statements to be transmitted over the link or not.
Example
# Set the timer idle on the interface Serial 0/0/0 to 50 seconds.
[3Com-Serial0/0/0] dialer timer idle 50
View
Physical or dialer interface view
Parameter
seconds: Delay for disconnecting the backup interface, ranging from 0 to 65535 in
units of second. It defaults to 0 second (that is, cut the backup link without delay.)
Description
Using the dialer timer listen-disable command, you can set the delay for
disconnecting the backup interface. Using the undo dialer timer listen-disable
command, you can resume the default delay.
1136 CHAPTER 13: DCC CONFIGURATION COMMANDS
Example
# Set the delay for disconnecting the backup interface on Serial0/0/0 to 5 seconds.
View
Physical or dialer interface view
Parameter
seconds: Waiting time in seconds, ranges from 0 to 65535. By default, the time
waiting for a call connection is 60 seconds.
Description
Using the dialer timer wait-carrier command, you can configure the timeout
time of wait-carrier timer. Using the undo dialer timer wait-carrier command,
you can restore the default time of the timer.
Wait-carrier timer begins to time after the DCC call is initiated. If the call
connection fails to be set up within the timeout time of this timer, the call will be
terminated.
If the connection for a call is not established within the specified time, DCC will
terminate the call.
Example
# Set the maximum duration of the time that Serial 0/0/0 waits for call to establish
to be 100 seconds.
[3Com-Serial0/0/0] dialer timer wait-carrier 100
View
Dialer interface view
Parameter
username: Remote user name for PPP authentication, which is a string of 1 to 31
characters.
Description
Using the dialer user command, you can configure remote user name for
authenticating the requests when calls are received. Using the undo dialer user
command, you can cancel the remote user name.
DCC Configuration Commands 1137
When dialer interfaces run link protocol of PPP, the remote user name, which are
obtained via PPP authentication and configured with dialer user respectively, will
decide which dialer interface will receive the incoming call.
When dialer interfaces run link protocol of Frame Relay, the calling number, which
are received from incoming call and configured with dialer number respectively,
will decide which dialer interface will receive the incoming call. In this case, dialer
number must be configured, and dialer user can be configured optionally.
For related commands, see ppp pap local-user, ppp chap user.
Example
# Set the remote username to “RouterB”.
[3Com-Dialer3] dialer user RouterB
dialer-group Syntax
dialer-group group-number
undo dialer-group
View
Physical or dialer interface view
Parameter
group-number: sequence number of dialer access number, ranges from 1 to 255.
This group is set through the dialer-rule command.
Description
Using the dialer-group command, you can configure access control on the
packets transmitted on a DCC interface and place the interface in an access
control group. Using the undo dialer-group command, you can cancel the
interface from united with the access control group.
This command is used for associating a physical interface with an access control
group. Through the dialer-rule command, the user can associate an access
control group with the acl command. A DCC interface can only be the member of
an access control group. If it is configured to be a member of another access
control group, this configuration will replace the previous one.
Example
# Add Serial0/0/0 interface to access control group 1.
1138 CHAPTER 13: DCC CONFIGURATION COMMANDS
[3Com-Serial1/0/0] dialer-group 1
dialer-rule Syntax
dialer-rule dialer-group { protocol-name { permit | deny } | acl acl-number }
undo dialer-rule dialer-group
View
System view
Parameter
dialer-group: Indicates the number of access control group, which is related to the
parameter group-number in dialer-group command in the DCC interface view.
acl acl-number: Number of the access control list to which the access control
group corresponds.
Description
Using the dialer-rule command, you can configure the conditions of the data
packet that can trigger a DCC call. Using the undo dialer-rule command, you can
cancel the setting.
By default, no conditions of packet-triggering DCC calls are set for dial interfaces.
This command is used to set the DCC call packet-triggering control to which an
access control group corresponds. And a dial interface can be placed in an access
control group through the dialer-group command. Thereby, the DCC call’s
packet-triggering on the DCC interface can be controlled.
If an access control group cannot find the corresponding dialer-rule, DCC will
regard the packets as packets which do not comply with the “permit” conditions
in ACL rule and just drop them. No DCC call will be originated.
Example
# Set a dialer-rule.
[3Com] acl number 101
[3Com-acl-adv-101] quit
[3Com-Serial1/0/0] dialer-group 1
View
Any view
Parameter
Description
Using the display dialer interface command, you can view the information of
DCC interface.
For related commands, see dialer timer idle, dialer timer compete, dialer
timer wait-for-carrier, dialer timer enable.
Example
# Display the information on the DCC interface Dialer 1.
[3Com] display dialer interface serial1/0/0
Dial Interface:Serial0/0
Dialer Route:
NextHop_address Dialer_Numbers
131.108.2.5 14155553434
Dialer Timers(Secs):
Idle:50 Wait-for-Carrier:100
View
Any view
Parameter
number: Interface number in the range of 0 to 1023.
1140 CHAPTER 13: DCC CONFIGURATION COMMANDS
Description
Using the interface dialer command, you can create a dialer circular group for
the Circular DCC, or configure a dialer interface for the Resource-Shared DCC.
Using the undo interface dialer command, you can cancel the existing setting.
In Resource-Shared DCC, any dialer interface can use the services provided by
multiple physical interfaces, and individual physical interfaces can provide services
for multiple dialer interfaces at the same time. Therefore, authentication must be
configured on these physical interfaces, so as to use the user name of a dial-in
party to locate the corresponding dialer interface for the call. In this mode,
physical interfaces and dialer interfaces are dynamically bound. Furthermore, a
dialer interface can only call a destination address, which will be specified in the
dialer number command.
The physical interfaces in Circular DCC and Resource-Shared DCC do not use
individual network addresses. Instead, they use the addresses of the corresponding
dialer interfaces.
Example
# Define a dialer interface dialer 1.
[3Com] interface dialer 1
flow-interval Syntax
flow-interval interval
undo flow-interval
View
System view
Parameter
interval: Flow-interval, in second, ranging from 1 to 1500. By default, it is 20
seconds.
Description
Using the flow-interval command, you can configure flow interval. Using the
undo flow-interval command, you can restore the default value of flow interval.
This command takes effect only on DCC flow trigger dial-up.
Example
# Configure the flow-interval to 3 seconds.
[3Com] flow-interval 3
View
Physical or dialer interface view
Parameter
Description
Using the ppp callback command, you can enable an interface to send or accept
PPP callback requests. Using the undo ppp callback command, you can disable
the interface to send or accept PPP callback requests.
The callback function can be used to save the communication cost for the calling
party in the case that the calling party pays the charge for calls.
Example
# Enable accepting callback request on Serial0/0/0 interface.
[3Com-Serial0/0/0] ppp callback server
View
Physical or dialer interface view
Parameter
dial-number: Dial number for a Windows NT server to call back the router.
Description
Using the ppp callback ntstring command, you can configure the dial number
required for a Windows NT server to call back the router. Using the undo ppp
callback ntstring command, you can cancel the configured callback dial number.
When a router functions as the callback server to call a Windows NT server, this
command should be configured if the server needs the router to send the callback
number.
Example
# Set the dial number for a Windows NT server to call back the router to “2489”.
[3Com-Dialer1] ppp callback NTString 2489
1142 CHAPTER 13: DCC CONFIGURATION COMMANDS
Modem Configuration
Commands
View
User views
Parameter
None
Description
Using the debugging modem command, you can enable Modem debugging.
According to the information output after executing this command, the user can
make sure whether the correct Modem script has been specified for a particular
event.
Example
None
modem Syntax
Modern [both/call-in]
undo modern [both/call-in]
View
User-interface view
Parameter
Description
Using the modem command, you can enable receiving incoming calls or sending
outgoing calls on the interface. Using the undo modem command, you can
disable receiving incoming calls or sending outgoing calls on the interface.
By default, both incoming and outgoing Modem calls are permitted on the
interfaces.
This command can be used to set the authority of Modem dial-in and dial-out on
an interface.
Example
# Enable receiving incoming Modem calls on interface u-tty1..
[3Com-ui-tty1] modem call-in
Modem Configuration Commands 1143
View
User interface view
Parameter
None
Description
Using the modem auto-answer command, you can configure the external
Modem connected to the asynchronous interface to operate in auto-answer
mode. Using the undo modem auto-answer command, you can restore the
external Modem connected to the asynchronous interface to operate in non-auto
answer mode.
Execute this command according to the current answer state of the Modem
externally connected to the router. If the Modem is in auto-answer mode (AA LED
of the Modem lights), the modem auto-answer command must be executed in
the corresponding interface view. If it is in non-auto answer mode, execute the
undo modem auto-answer command.
Rather than changing the Modem state, the execution of this command only
shows the answer mode of Modem. The user should determine whether to
execute the modem auto-answer command according to the answer mode (AA
LED) of the current external Modem.
Example
# Set the Modem externally connected to the asynchronous serial interface Serial0
to operate auto-answer mode.
[3Com-Serial0]modem auto-answer
View
User interface view
Parameter
script-name: Name of Modem script.
1144 CHAPTER 13: DCC CONFIGURATION COMMANDS
Description
Using the script trigger connect command, you can configure the Modem script
that will be executed once an incoming call connection is established. Using the
undo script trigger connect command, you can cancel this feature.
If this command is configured, the specified script will be executed anytime when
an incoming call connection is established.
For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger logout, script trigger dial, script trigger init.
Example
# Specify the script “example” to be executed anytime an incoming call
connection is established.
[3Com-ui-tty1] script trigger connect example
View
User interface view
Parameter
script-name: Name of Modem script.
Description
Using the script trigger dial command, you can configure the Modem script that
is used for DCC dialing. Using the undo script trigger dial command, you can
cancel the feature.
If this command is configured, the specified script will be executed for DCC
dialing.
For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger logout, script trigger init.
Example
# Specify the script “example” to be used for DCC dialing.
[3Com-ui-tty1] script trigger dial example
View
User interface view
Parameter
script-name: Name of Modem script.
Description
Using the script trigger init command, you can configure the Modem script that
will be executed when the system is powered on or rebooted. Using the undo
script trigger init command, you can cancel this feature.
If this command is configured, the specified Modem script will be executed for
initializing the asynchronous device connected to the interface when the system is
powered on or rebooted.
For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger dial, script trigger logout.
Example
# Set the system to execute “example” when the system is powered on or
rebooted.
[3Com-ui-tty1] script trigger init example
View
User interface view
Parameter
script-name: Name of Modem script.
Description
Using the script trigger login command, you can configure the Modem script
that will be executed when an outgoing call connection is successfully established.
Using the undo script trigger login command, you can cancel this feature.
If this command is configured, the specified script will start to be executed anytime
when an outgoing call connection is established. This script can be the registration
information on a remote system. For example, when a router is connected to a
remote UNIX server, we can log in to the remote UNIX server using this script
through sending login information and password to the UNIX server.
Example
# Specify the script “example” to be executed anytime an outgoing call
connection is established.
[3Com-ui-tty1] script trigger login example
View
User-interface view
Parameter
script-name: Name of Modem script.
Description
Using the script trigger logout command, you can configure the Modem script
that is executed when a link is reset. Using the undo script trigger logout
command, you can cancel this feature.
If this command is configured, the specified Modem script will be executed when
a link is reset. For example, reset the Modem when the call on the interface is
down.
For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger dial, script trigger init.
Example
# Specify the Modem script that will be executed when the link is reset.
[3Com] script-string drop-line "" +++ OK ATH OK "ATS0=1" OK
script-string Syntax
script-string script-name script-content
undo script-string script-name
View
System view
Parameter
Description
Using the script-string command, you can configure a Modem script. Using the
undo script-string command, you can cancel the Modem script.
3Com series routers provide the Modem script, which is mainly used for:
waiting for the receiving string, which is valid till a new TIMEOUT is set in
the same script. For its meanings, refer to the following table.
Table 1 Script keywords
Keyword Description
ABORT receive-string The string following ABORT will be compared with the string
sent from a Modem or a remote DTE device for a full match.
Multiple ABORT entries can be configured for a script, and all
of them take effect in the whole script execution period.
TIMEOUT seconds The digit following TIMEOUT is used to set the timeout
interval that the device waits for receiving strings. If no
expected strings are received within the interval, the execution
of the script will be failed. Once being set, the setting will be
valid till a new TIMEOUT is set.
For related commands, see sendat, start-chat, script trigger login, script
trigger connect, script trigger logout, script trigger dial, script trigger init.
Modem Configuration Commands 1149
Example
# Define a Modem script.
[3Com]script-string example "" AT OK ATS0=1 OK
start-script Syntax
start-script script-namet-name
View
User view
Parameter
Description
Using the start-script command, you can configure executing the specified
Modem script on an interface.
This command provides the user with means of instantly executing the Modem
script. If another script is being executed on the corresponding interface, this
command will not be executed and an error will be reported.
Example
# Execute the specified Modem script “example” on the interface 1.
<3Com> start-script example 1
1150 CHAPTER 13: DCC CONFIGURATION COMMANDS