Professional Documents
Culture Documents
Command Ref in HUAWEI
Command Ref in HUAWEI
Guide
http://www.3com.com/
Part No. 10014596-AA
Published November 2004
3Com Corporation
350 Campus Drive
Marlborough, MA
01752-3064
Copyright 2004, 3Com Corporation. All rights reserved. No part of this documentation may be
reproduced in any form or by any means or used to make any derivative work (such as translation,
transformation, or adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from
time to time without obligation on the part of 3Com Corporation to provide notification of such revision or
change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT or!LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein
are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense.
Software is delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995)
or as a commercial item as defined in FAR 2.101(a) and as such is provided with only such rights as are
provided in 3Coms standard commercial license for the Software. Technical data is provided with limited
rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is
applicable. You agree not to remove or deface any portion of any legend provided on any licensed program
or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may
not be registered in other countries.
3Com and the 3Com logo are registered trademarks of 3Com Corporation.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and
Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered
trademarks of Novell, Inc.
All other company and product names may be trademarks of the respective companies with which they are
associated.
CONTENTS
10
CONFIGURATION COMMANDS
Basic Configuration Commands
11
NETWORK PROTOCOL
IP Address Configuration Commands 413
ARP Configuration Commands 417
Static Domain Name Resolution 421
DNS Client Configuration Commands 422
DHCP Public Configuration Commands
426
DHCP Server Configuration Commands
428
DHCP Client Configuration Commands
456
DHCP Relay Configuration Commands
458
IP Performance Configuration Commands 463
IP Unicast Policy Routing Configuration Commands 490
IP Multicast Policy Routing Configuration Commands 498
IPX Configuration Commands 503
DLSw Configuration Commands 531
ROUTING PROTOCOL
Display Commands of the Routing Table 559
Static Route Configuration Commands 569
RIP Configuration Commands 571
OSPF Configuration Commands 587
BGP Configuration Commands 626
MBGP Configuration Commands 665
IP Routing Policy Configuration Commands 668
Route Capacity Configuration Commands 682
242
SECURITY
AAA Configuration Commands 813
Ethernet Type-Code Values 832
ASPF Configuration Commands 844
Firewall Configuration Commands 853
IPSec Configuration Commands 858
IKE Configuration Commands 933
PKI Configuration Commands 962
HWTACACS Configuration Commands 980
10
11
1010
12
13
1109
Conventions
This guide describes the 3Com Router 5000 Family of routers and how to install
hardware, configure and boot software, and maintain software and hardware.
This guide also provides troubleshooting and support information for your router.
This guide is intended for the system or network administrator who is responsible
for installing, configuring, using, and managing the routers. It assumes a working
knowledge of wide area network (WAN) operations and familiarity with
communication protocols that are used to interconnect WANs.
Always download the Release Notes for your product from the 3Com World Wide
Web site for the latest updates to product documentation:
http://www.3com.com
Conventions
and Table 2: list conventions that are used throughout this guide.
Notice Type
Description
Information
note
Information
that
describes
important
features or
instructions.
Caution
Information
that alerts
you to
potential
loss of data
or potential
damage to
an application, system, or
device.
Notice Type
Description
Warning
Information
that alerts
you to
potential
personal
injury.
Description
Screen displays
Keyboard
key names
If you must
press two or
more keys
simultaneously, the
key names
are linked
with a plus
sign (+), for
example:
Press
Ctrl+Alt+D
el
The words
enter and
type
Conventions
Description
When you
see the
word
enter in
this guide,
you must
type something, and
then press
Return or
Enter. Do
not press
Return or
Enter when
an instruction simply
says type.
Words in
italics
Italics are
used to:
Emphasize
a point.
Denote a
new term at
the place
where it is
defined in
the text.
Identify
menu
names,
menu commands, and
software
button
names.
Examples:
From
the Help
menu, select
Contents.
Click
OK.
10
Related
Documentation
Convention
Description
Words in
bold
Boldface
type is used
to highlight
command
names in
text. For
example,
Use the
display
user-interface command to...
The following manuals offer additional information necessary for managing your
Router 5000:
CONFIGURATION COMMANDS
clock datetime
clock timezone
command-privilege
display clipboard
display clock
display history-command
display version
header3Com
hotkey
language-mode
lock
quit
Reboot
return
super
super password
sysname
system-view
Basic Configuration
Commands
Clock Summer Times
Syntax
Clock summer-time zone_name {absolute / recurring} HH:MM:SS YYYY/MM/DD
HH:MM:SS YYYY/MM/DD HH:MM:SS
Undo clock summer-time zone.
View
User view
12
Parameter
zone_name: Name of the summer time, which is a character string of 1 to 32
characters.
absolute: Only sets the summer time of some year.
recurring: Sets the summer time of every year starting from some year.
HH:MM:SS: Time (hour/minute/second).
YYYY/MM/DD: Date (year/month/day).
Description
Using the clock summer-time command, you can set the name, and the starting
and ending time of the summer time. Using the undo clock summer-time
command, you can remove the configuration of the summer time.
After the configuration takes effect, it can be verified by using the display clock
command. Beside the time of the log or debug information will be the local time
on which the adjustment of the time zone and summer time has been made.
For related command, see clock timezone.
Example
Add one hour to the clock for the summer time z2 that starts at 06:00:00 on
2002/06/08 and ends at 06:00:00 on 2002/09/01.
<3Com> clock summer-time z2 absolute 06:00:00 2002/06/08 06:00:00 2002/09/01
01:00:00
# Add one hour to the clock each year starting from 2002 for the summer time z2
that starts at 06:00:00 on 08/06 and ends at 06:00:00 on 01/09.
<3Com> clock summer-time z2 recurring 06:00:00 2002/06/08 06:00:00 2002/09/01
01:00:00
clock datetime
Syntax
clock datetime HH:MM:SS YYYY/MM/DD
View
User view
Parameter
HH:MM:SS: Time (hour/minute/second).
YYYY/MM/DD: Date (year/month/day) in the range of 1993 to 2035.
Description
Using the clock datetime command, you can set the date and time.
13
After the configuration takes effect, it can be verified by executing the display
clock command. The time applied to the log and debug information has been
adjusted.
Example
Set the current system time to 10:20:55 2003/04/05.
<3Com> clock datetime 10:20:55 2003/04/05
clock timezone
Syntax
clock timezone zone_name { add | minus } HH:MM:SS
undo clock timezone
View
User view
Parameter
zone_name: Timezone name, which is a string of 1 to 32 characters.
add: Adds the time on the basis of Universal Time Coordinated (UTC) timezone.
minus: Reduces the time on the basis of UTC timezone.
HH:MM:SS: Time (hour/minute/second).
Description
Using the clock timezone command, you can set the information for the local
timezone. Using the undo clock timezone command, you can restore the local
timezone to the default UTC timezone.
After the configuration takes effect, you can view it by executing the display
clock command. The time applied to the log and debug information has been
adjusted according to the involved timezone and summer time.
For related command, see clock summer-time.
Example
Set the local timezone name to Z5 and set Z5 to be five hours faster than UTC
time.
<3Com> clock timezone z5 add 05:00:00
command-privilege
Syntax
command-privilege level level view view command-key
undo command-privilege view view command-key
View
System view
Parameter
level level: Command priority ranging from 0 to 3.
view view: View. The command line provides the following views:
14
Routing protocol view: Include ospf (OSPF view), rip (RIP view), bgp (BGP
view), isis (IS-IS view), etc.
Interface view: Include ethernet (FE), gigabitethernet (GE), serial (serial
interface), ce1 (cE1 interface), ce3 (E3 interface), ct1 (cT1 interface), atm
(ATM interface), pos (POS interface), virtual-template (virtual interface
template), virtual-ethernet (virtual Ethernet interface), loopback (Loopback
interface), null (Null interface), tunnel (Tunnel interface).
Refer to "Command Line Views" section in the Operation Manual for more
details.
commandkey: Command to be set.
Description
Using the command-privilege command, you can set the command level in the
specified view. Using the undo command-privilege view command, you can
remove current settings.
Command priority falls into 4 levels, access, monitor, configure and manage, that
are identified with 0 to 3. The administrator can grant certain rights to a user on
their demand so that the user can operate in the related view. When the user logs
in, the system can set the command operation rights, either, according to the
rights corresponding to the user name, or based on the rights of the
user-interface. If the two sets of rights conflict, the minimum rights will be
adopted.
By default, the command level of the ping, tracert and telnet commands is
access (level 0), the command level of the display and debugging commands is
monitor (level 1), that of configuration commands is system (level 2), and the
commands for user key setting, FTP, XMODEM, TFTP and file system operation fit
into commands of manage-level (level 3).
Example
Set the priority of the interface command to 0.
[3Com] command-privilege level 0 view system interface
display clipboard
Syntax
display clipboard
View
Any view
15
Parameter
None
Description
Using the display clipboard command, you can display the contents of clipboard.
Example
Display the contents of clipboard.
<3Com> display clipboard
-----------------clipboard ----------------ip route 10.1.0.0 255.0.0.0 eth 0
display clock
Syntax
display clock
View
Any view
Parameter
None
Description
Using the display clock command, you can display the clock status and the
configuration information.
Example
Display the current time.
<3Com> display clock
display cpu-usage
Syntax
display cpu-usage [ configuration | number [ offset ] [ verbose ] [
from-device ] ]
View
Any view
Parameter
configuration: Displays the configuration about CPU usage statistics, such as
whether CPU usage statistics is enabled, statistic period, and CPU usage alarm
thresholds.
number: Number of CPU usage statistics queries.
offset: Offset of the starting entry to be displayed to the last statistic entry.
16
display
history-command
CPU
99%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
Syntax
display history-command
View
Any view
Parameter
None
17
Description
Using the display history-command command, you can browse the history
commands.
The terminal will automatically save the history commands typed by the user, that
is, completely record the user's input (via keyboard) separated by "Enter".
For the related command, see history-command size.
Example
Display history commands.
<3Com> display history-command
show interface
show interface e 1/0/0
c
in e 1/0/0
display version
Syntax
Display version
View
Any view
Parameter
None
Description
Using the display version command, you can browse system version information.
Through viewing system version information, you will learn about the software
version in use, rack type, and the information related to the main processing board
and interface cards.
Example
Display system version information of a 3Com R1760 router.
<3Com> display version
3Com Versatile Routing Platform Software
VRP(tm) software, Version 3.30
Copyright (c) 2000-2002 3Com Corporation.
3Com Serial Router R1760
System has kept running 0weeks, 0days, 0hours, 15minutes
CPU type Powerpc8241 166Mhz
64M bytes SDRAM
8M bytes Flash Memory
Pcb
Version:001
Logic Version:001
BootROM Version:0.0
Slot0: WAN (pcb)001 (software)000 (logic)001
18
header3Com
Syntax
header [ shell | incoming | login ] text
undo header [ shell | incoming | login ]
View
System view
Parameter
login: Greeting information when login.
shell: Greeting information of the creation of a user session.
incoming: Greeting information when login to the user view.
text: Content of greeting information.
Description
Using the header command, you can set the greeting information that will be
displayed. Using the undo header command, you can remove the preset greeting
information.
When a user is logging on to a router via a terminal line, the router prompts
related information by setting the title attribute. After activating the terminal
connection, the router sends the login title to the terminal. If the user logs on to
the router successfully, the shell greeting information will be displayed.
Text takes the first English character as the start and end characters. After the end
character is input, the system will quit the interactive process automatically.
If you do not want to start the interactive process, make sure that the first and last
characters of the text are the same English character and press <Enter> directly.
Example
Configure a session creation title.
[3Com] header shell %
Enter TEXT message. End with the character '%'.
SHELL : Hello! Welcome use 3Com R1760.%
# Test the configuration.
[3Com] quit
<3Com> quit
Press RETURN to get started
SHELL : Hello! Welcome use 3Com R1760.
<3Com>
hotkey
Syntax
hotkey [ CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U ] command_text
undo hotkey [ CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U ]
19
View
System view
Parameter
CTRL_G: Specify a command for the hotkey <CTRL+G>.
CTRL_L: Specify a command for the hotkey <CTRL+L>.
CTRL_O: Specify a command for the hotkey <CTRL+O>.
CTRL_T: Specify a command for the hotkey <CTRL+T>.
CTRL_U: Specify a command for the hotkey <CTRL+U>.
command_text: The command line correlated with the hotkey.
Description
Using the hotkey command, you can correlate a command line with a hotkey.
Using the undo hotkey command, you can recover the default value of the
system.
By default, CTRL_G, CTRL_L and CTRL_O correspond to the following commands
respectively:
display current-configuration (display current configuration);
display ip routing-table (display routing table information);
undo debugging all (disable the overall debugging function, that is, disable the output of all
debugging information).
You can change the definitions on your demand. The default values for the other
hotkeys are null.
Example
Correlate the display tcp status command with the hotkey CTRL_T.
[3Com] hotkey ctrl_t display tcp status
[3Com] display hotkey
----------------- HOTKEY ----------------=Defined hotkeys=
Hotkeys Command
CTRL_G display current-configuration
CTRL_L display ip routing-table
CTRL_O undo debug all
CTRL_T display tcp status
=Undefined hotkeys=
Hotkeys Command
CTRL_U NULL
=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the current line.
CTRL_B Move the cursor one character left.
CTRL_C Stop current command function.
CTRL_D Erase current character.
CTRL_E Move the cursor to the end of the current line.
CTRL_F Move the cursor one character right.
20
language-mode
Syntax
language-mode { chinese | english }
View
User view
Parameter
None
Description
Using the language-mode command, you can switch between different
language modes of command line interface.
By default, the language mode is English.
The command line interface of the system also supports Chinese mode for
domestic users in China.
Example
Switch from English mode to Chinese mode.
<3Com> language-mode Chinese
Change language mode, confirm? [Y/N]y
% Switch to Chinese mode.
lock
Syntax
lock
View
User view
21
Parameter
None
Description
Using the lock command, you can lock the active user interface to prevent an
unauthorized user from operating the interface.
A user interface includes CON port, AUX port and VTY, etc.
After inputting the lock command, the user is prompted to enter the screensaver's
password and confirm the password. If the two passwords are the same, the
interface will be successfully locked. To enter the system once again, you must
press <Enter> first, and enter the preset password following the prompt.
Example
Log in from the CON port and lock the active user interface.
<3Com> lock
Password:
Again:
quit
Syntax
quit
View
Any view
Parameter
None
Description
Using the quit command, you can quit from the active view to a lower-level view
(if the active view is user view, you will exit the system).
Views fall into three levels; in ascending order:
and Configuration view (routing protocol view, interface view, VPDN group
view, etc).
22
Reboot
Syntax
reboot
View
User view
Parameter
None
Description
Using the reboot command, you can reboot the device.
This command produces the same effect as the power being turned on and then
off, but provides the user with a convenient method of rebooting the device from
a remote site.
The operation of this command will render the network unusable for a short
period of time, so it should be used with caution. Before rebooting the Router,
remember to save the configuration file if necessary,
Example
Reboot the device.
<3Com> reboot
System will reboot! Continue?[Y/N]
return
Syntax
return
View
Any view, except user view
Parameter
None
Description
Using the return command, you can return to user view from any other view. The
combination key <Ctrl+Z> performs the same function as the return command.
For the related command, see quit.
Example
Return to user view from system view.
[3Com] return
<3Com>
super
Syntax
super [ level ]
23
View
User view
Parameter
Level: User level ranging from 0 to 3.
Description
Using the super command, you can switch from current user level to a specified
level.
User level refers to the class of a login user. There are 4 user levels corresponding
to 4 command levels. After a user of certain level logs in, it can only use the
commands of the same or lower level.
There are 4 command levels access, monitor, configure and manage, as follows:
To prevent unauthorized users from intruding on the system, you must pass the
authentication when you are trying to switch from current user to a higher-level
user. This means that you must enter the password of the higher-level user (if the
super password [ level user-level ] { simple | cipher } line command is
configured). For the sake of security, your entered password is not directly
displayed on the screen. If you enter the correct password, you will be able to
switch to the higher-level user, or you will stay at current level. Authentication
allows three trys to switch to a higher-level user.
For the related command, see super password.
Example
<3Com> super 3
Password:
User privilege changes to 3 level, just equal or less this level's
commands can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
24
super password
Syntax
super password [ level user-level ] { simple | cipher } password
undo super password [ level user-level ]
View
System view
Parameter
user-level: User level ranging from 0 to 3.
simple: Configure simple text password.
cipher: Configure cipher text password.
password: Content of password. A simple text password is a consecutive
character string with the length no more than 16, such as 1234567. A cipher text
password has 24 characters in length, and is in the format of
"_(TT8F]Y\5SQ=^Q`MAF4<1!!".
Description
Using the super password command, you can set the password needed to
switch from a lower-level user to a higher-level user. Using the undo super
password command, you can remove the current setting.
By default, simple text password is adopted.
Example
Execute the following command in system view:
[3Com] super password level 3 simple zbr
sysname
Syntax
sysname sysname
View
System view
Parameter
sysname: Name of the router. It is a character string containing 1 to 30 characters.
Description
Using the sysname command, you can set the name of a router.
By default, a router is named "3Com".
Modification to a router's name will affect the prompt of the command line
interface. For example, if the router's name is "3Com", the prompt of user view
will be "<3Com>".
25
Example
Set the name of the router to R1760.
[3Com] sysname R1760
[R1760]
system-view
Syntax
system-view
View
User view
Parameter
None
Description
Using the system-view command, you can enter system view from current user
view.
For the related command, see quit, return.
Example
<3Com> system-view
Enter system view , return user view with Ctrl+Z.
[3Com]
vrbd
Syntax
vrbd
View
Any view
Parameter
None
Description
Using the vrbd command, you can view software version details, including product
software version and the matched platform software version.
Example
Display the internal version information.
[Router]
vrbd
26
Debugging
Syntax
debugging { all | module-name [ debug-option1 ] [ debug-option2 ] }
undo debugging { all | module-name [ debug-option1 ] [ debug-option2 ] }
View
User view
Parameter
all: Enables or disables all the debugging switches.
module-name: Module name.
debug-option: Debugging option.
Description
Using the debug command, you can enable system debugging. Using the undo
debug command, you can disable system debugging.
By default, the system disables all the debugging switches.
The router system provides a variety of debugging functions mainly for the
support technicians and senior maintenance engineers to perform network fault
diagnosis.
Enabling debugging will generate a large amount of debugging information that
can result in a decrease in system efficiency. This is especially the case when the
command debugging all is executed to enable all the debugging switches. An
extreme aftermath after doing so can be system paralysis. For these reasons, you
are recommended not to use the command debugging all. On the contrary,
using undo debugging all will bring you great convenience because you can
disable all the debugging switches at once rather than disabling them one by one.
For related command, see display debugging.
Example
Enable IP packet debugging.
28
display debugging
Syntax
display debugging [ interface interface-type interface-number] [ module-name ]
View
Any view
Parameter
module-name: Module name.
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display debugging command, you can display the enabled debugging
switches.
By default, no parameters have been defined and all the enabled debugging
switches are displayed.
For related command, see debugging.
Example
Display all the enabled debugging switches.
<3Com> display debugging
IP packet debugging switch is on.
display
diagnostic-information
Syntax
display diagnostic-information
View
Any view
Parameter
None
Description
Using the display diagnostic-information command, you can display the
operating information of all the active modules of the system and collect all the
information at one time to isolate the problem when failure occurs to the system.
In case failures occurs to the system, lots of information needs to be collected for
the convenience of isolating the problems. However, it is rather difficult for you to
collect all the information at one time because there are many display commands
involved. In this case, you can use the display diagnostic-information command
to collect the operating information of all the active modules in the system.
Debugging
29
Example
Display the technical support information.
<3Com> display diagnostic-information
------------------ display version -----------------3Com3Com Versatile Routing Platform Software
VRP 3600E Software Version VRPV3R001M06B03D003, DEBUG SOFTWARE
Copyright (c) 2000-2003 by VRP Team Beijing Institute 3Com Tech, Inc
Compiled Mar 24 2003 20:28:31 by zhaomin
------------------ display running-config -----------------#
sysname 3Com
#
------------------ display history commands -----------------display diagnostic-information
------------------ display tasks -----------------ID
Name
Priority
Status
CPU Time
1
WEIL
10
Ready
10/20
2
SYST
180
Ready
0/7
3
XMON
140
Event Sem
0/0
4
VMON
140
Event Sem
41/41
5
INFO
100
Event Sem
1/6
6
co0
100
Ready
0/3178
7
LDP
100
Event Sem
1/299
8
LAGT
100
Queue Sem
0/1
9
Clon
100
Event Sem
0/0
10
ROUT
100
Event Sem
0/172
11
FIB
100
Event Sem
0/178
12
SOCK
100
Event Sem
0/47961
13
VTYD
100
Event Sem
0/25
14
IPSP
100
Event Sem
0/537
15
IKE
100
Event Sem
1/20
16
RSA
100
Event Sem
1/94
17
RDUS
100
Delay
1/1574
18
L2TP
100
Event Sem
0/14
19
TNLM
100
Event Sem
0/0
20
AGNT
100
Event Sem
0/4904
21
TRAP
100
Queue Sem
0/0
22
MDMT
100
Queue Sem
0/3
23
NTPT
100
Delay
0/7
24
PIMT
100
Delay
0/7
25
CFM
100
Queue Sem
363/1355
26
LSPM
100
Delay
0/414
27
L2V
100
Delay
0/6
28
VRRP
100
Event Sem
0/0
------------------ display memory -----------------Slice Memory Usage:
Block Size
32
Free
960
Used
60134
Total
61094
Block Size
64
Free
275
Used
29356
Total
29631
Block Size
128
Free
9
Used
5882
Total
5891
Block Size
256
Free
8
Used
1664
Total
1672
Block Size
512
Free
1
Used
120
Total
121
Block Size 1024
Free
58
Used
157
Total
215
Block Size 2048
Free
5
Used
1547
Total
1552
Block Size 4096
Free
1
Used
67
Total
68
-----------------------------Summary-------------------------------Used(Byte) 8646848
Free
1317
Used
98927
Total 100244
30
ping
Syntax
ping [ -a X.X.X.X | -c count | -d | -h ttl_value | -i { interface-type interface-number } | ip | -n
| - p pattern | -q | -r | -s packetsize | -t timeout | -v | vpn-instance vpn-instance-name ] *
host
View
Any view
Parameter
-a X.X.X.X: Sets the source IP address where ICMP ECHO-REQUEST packets can be
sent.
Debugging
31
-c count: Times that ICMP ECHO-REQUEST packets are sent. It is ranging from 1 to
4294967295.
-d: Sets socket to DEBUG mode.
-h ttl_value: Sets the value of TTL_value, which is ranging from 1 to 255.
-i: Sets the interface for sending ICMP ECHO-REQUEST packets.
interface-type: Interface type
interface-number: Interface number
-n: Directly uses the host parameter as IP address without domain name
resolution.
-p pattern: The filling byte of ICMP ECHO-REQUEST packet in hexadecimal format,
with the value ranging from 0 to FFFFFFFF. For example, if the parameter is set to
-p ff, the entire packet will be filled with ff.
-q: Displays statistic figures rather than details.
-r: Records routes.
-s packetsize: The length of ECHO-REQUEST packet (excluding IP and ICMP
headers), which is in the range of 20 to 8100 bytes.
-t timeout: Timeout in milliseconds waiting for ECHO-RESPONSE upon completion
of sending ECHO-REQUEST, in the range from 0 to 65535.
-v: Displays the received ICMP packets other than ECHO-RESPONSE packets.
vpn-instance vpn-instance-name: Sets the vpn-instance name of MPLS VPN to
specify the VPN attribute configured in this ping command, that is, name of the
associated vpn-instance created at the local.
host: Domain name or IP address of destination host.
ip: IP protocol is used.
Description
Using the ping command, you can check the IP network connection and whether
the host is reachable.
If the above parameters have not been specified, the following default settings will
be used:
32
the ICMP packets other than ECHO-RESPONSE packets are not displayed.
reboot
Syntax
reboot
View
User view
Debugging
33
Parameter
None
Description
Using the reboot command, you can reboot the device.
This command produces the same effect as the power being turned off and then
on, but provides the user with a convenient method of rebooting the device from
a remote site.
The operation of this command will render the network unusable for a short
period of time. So it should be used with caution. Before rebooting the Router,
remember to save the configuration file if necessary,.
Example
Reboot the device.
<3Com> reboot
System will reboot! Continue?[Y/N]
tracert
Syntax
tracert [ -a X.X.X.X | -f first_TTL | -m max_TTL | -p port | -q nqueries | vpn-instance
vpn-instance-name | -w timeout ] * host
View
Any view
Parameter
-a: Specifies source IP address of the tracert packets, which is in the format of
X.X.X.X and must be the address of a local interface.
-f: Tests the correctness of the f switch with first_TTL specifying an initial TTL in
the range of 0 to the maximum TTL.
-m: Tests the correctness of the m switch with max_TTL specifying a maximum
TTL which can be any TTL larger than the initial TTL.
-p: Tests the correctness of the p switch with port being an integer specifying the
port of the destination host. There is no need to change this option in normal
circumstances.
-q: Tests the correctness of the q switch with nqueries specifying the number of
the query packets sent each time. It can be any integer larger than 0.
vpn-instance vpn-instance-name: Sets the vpn-instance name of MPLS VPN to
specify the VPN attribute configured in this tracert command, that is, name of the
associated vpn-instance created at the local.
-w timeout: Tests the correctness of the w switch with timeout specifying the
timeout time of IP packets. It is in seconds and can be any integer larger than 0.
34
HWPing Commands
35
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms
HWPing Commands
HWPing Client
Commands
count
Syntax
count times
undo count
View
HWPing test group view
Parameter
times: Number of transmitted test packets, which is in the range 1 to 15 and
defaults to 1.
Description
Using the count command, you can configure the number of packets sent for
each test. Using the undo count command, you can restore the default setting.
A test timer is started when the system sends the first test packet. In the event that
the argument times is set greater than 1, the system will continue to send the
second one upon the receipt of the acknowledgement to the first one. If receiving
no acknowledgement upon the expiration of the timer, the system will send the
second test packet and the rest of the packets all the same as required.
For the related command, see frequency.
Example
Send ten packets for each test.
[Router-administrator-icmp] count 10
datafill
Syntax
datafill string
undo datafill
View
HWPing test group view
Parameter
string: Data used for stuffing test datagrams. This argument can be a string of less
than 1024 characters in length. By default, datagrams are stuffed with characters
between 0 and 255 cyclically.
36
Description
Using the datafill command, you can configure the data used for stuffing test
datagrams. Using the undo datafill command, you can restore the default setting.
You can stuff HWPing test datagrams with any character strings. If the size of a
test datagram is smaller than that of the configured stuffing string, only a portion
of the string will be used for stuffing. If the size of the test datagrams is larger, the
string will be used cyclically for stuffing. Suppose a stuffing string, abcd is
configured. If the test datagram size is 3, only abc will be used for stuffing; if it
is 6, the string abcdab" will be used.
Example
Configure a datagram stuffing string abcd.
[Router-administrator-icmp] datafill abcd
datasize
Syntax
datasize size
undo datasize
View
HWPing test group view
Parameter
size: Test datagram size, which is in the range 20 to 65535 and defaults to 100.
Description
Using the datasize command, you can configure size of the datagrams for the test
purpose. Using the undo datasize command, you can restore the default datagram
size.
Example
Set the size of test datagrams to 50.
[Router-administrator-icmp] datasize 50
description
Syntax
description string
undo description
View
HWPing test group view
Parameter
string: Brief description of a test operation. By default, no description information
is configured.
Description
Using the description command, you can make a brief description on a test
operation. Using the undo description command, you can delete the configured
description.
HWPing Commands
37
Example
Describe a test group as icmp-test.
[Router-administrator-icmp] description icmp-test
destination-ip
Syntax
destination-ip ip-address
undo destination-ip
View
HWPing test group view
Parameter
ip-address: Destination IP address in a test.
Description
Using the destination-ip command, you can configure the destination IP address
for a test. Using the undo destination-ip command, you can remove the configure
destination IP address.
By default, no destination IP address is configured for any test.
For the related command, see destination-port.
Example
Set the destination IP address for a test to 169.254.10.3.
[Router-administrator-icmp] destination-ip 169.254.10.3
destination-port
Syntax
destination-port port-number
undo destination-port
View
HWPing test group view
Parameter
port-number: Destination port number in a test, which is in the range 1 to 65535
and defaults to 0.
Description
Using the destination-port command, you can configure the destination port for a
test. Using the undo destination-port command, you can remove the destination
port configuration.
By default, no destination port is configured for any test.
This command is configured only for DHCP, DLSw, FTP, HTTP, Jitter, TCP-private, or
UDP-private test.
For the related command, see destination-ip.
38
Example
Set the destination port to 9000 for a test.
[Router-administrator-icmp] destination-port 9000
display hwping
Syntax
display hwping { result | history | jitter } [ administrator-name operation-tag ]
View
Any view
Parameter
result: Displays the latest test result.
history: Displays the test history information.
jitter: Displays the jitter test information.
administrator-name: Name of the administrator creating a test.
operation-tag: Test operations tag.
Description
Using the display hwping command, you can display test result(s).
If you have specified a test group by specifying the arguments administrator-name
and test-operation-tag, the system will display only the test result of the group; if
not, it will display the test results of all the test groups.
For the related command, see test-enable.
Example
Display the test result of the test group whose administrator name is
administrator and operation tag is jitter.
[Router] display hwping result administrator jitter
HWPing entry(admin administrator, tag jitter) test result:
Destion ip address: 169.254.10.3
Send operation times: 50
Receive respondse times: 50
Min Round Rip Time: 2
Max Round Rip Time: 10
Average Round Rip Time: 3
Square-Sum of Round Rip Time: 651
Last complete test time: 2003-10-19 17:18:39.1
Extend result:
Disconnect operation number: 0
Operation timeout number: 0
System busy operation number: 0
Dorp operation number: 0
Operation sequence errors: 0
Operation statics errors: 0
Jitter result:
RTT Number : 50
Min Positive SD : 1
Max Positive SD : 2
HWPing Commands
Positive SD Number : 9
Positive SD Sum : 12
Positive SD Square Sum
Min Negative SD : 1
Max Negative SD : 2
Negative SD Number: 10
Negative SD Sum: 13
Negative SD Square Sum
Min Positive DS : 7
Max Positive DS: 7
Positive DS Number :1
Positive DS Sum : 7
Positive DS Square Sum
Min Negative DS :7
Max Negative DS : 7
Negative DS Number:1
Negative DS Sum: 7
Negative DS Square Sum
filename
39
: 18
: 19
:49
: 4
Syntax
filename file-name
undo filename
View
HWPing test group view
Parameter
file-name: Name of the file to be gotten from or put onto an FTP server.
Description
Using the filename command, you can configure name of the file to be gotten
from or put onto an FTP server. Using the undo filename command, you can
remove the configuration of the file name.
By default, no file name is configured.
This command applies only to FTP test.
For the related commands, see username, password, and ftp-operation.
Example
Specify the file to be gotten from or put onto an FTP server by specifying its name
config.txt".
[Router-administrator-ftp] filename config.txt
frequency
Syntax
frequency interval
undo frequency
View
HWPing test group view
40
Parameter
interval: Automatic test interval, which is in the range 0 to 65535 seconds and
defaults to 0, i.e., no automatic test.
Description
Using the frequency command, you can configure an automatic test interval.
Using the undo frequency command, you can disable automatic test.
The system automatically performs a test at intervals specified by this command,
given the argument interval is greater than 0.
For the related command, see count.
Example
Set the automatic test interval to ten seconds.
[Router-administrator-icmp] frequency 10
ftp-operation
Syntax
ftp-operation { get | put }
View
HWPing test group view
Parameter
get: Gets a file from an FTP server.
put: Sends a file to an FTP server.
Description
Using the ftp-operation command, you can configure the FTP operation done by
the system.
FTP operations include get and put, with the former being performed to obtain
files from an FTP server and the latter to send files to the FTP server.
By default, the operation of get is done.
This command applies only to FTP test.
For the related commands, see username and password.
Example
Perform FTP getting operation.
[Router-administrator-ftp] ftp-operation get
history-records
Syntax
history-records number
undo history-records
View
HWPing test group view
HWPing Commands
41
Parameter
number: Number of test results allowed to be retained, which is in the range 0 to
50 and defaults to 50.
Description
Using the history-records command, you can configure the number of test results
that the system can retain. Using the undo history-records command, you can
restore the default number of retained test results.
Example
Set the number of retained history records concerning the test group whose
administrator name is administrator" and operation tag is icmp to 10.
[Router-administrator-icmp] history-records 10
http-operation
Syntax
http-operation { get | post }
View
HWPing test group view
Parameter
get: Obtains data from an HTTP server.
post: Sends data to an HTTP server.
Description
Using the http-operation command, you can configure an HTTP operation type.
HTTP operations are divided into two types: get and post. Operations of the
former type is performed to obtain data from an HTTP server and operations of
the latter type to send data to the HTTP server.
By default, the operation of get is done.
This command applies only to HTTP test.
For the related command, see http-string.
Example
Perform get operations in HTTP tests.
[Router-administrator-http] http-operation get
http-string
Syntax
http-string url-string
undo http-string
View
HWPing test group view
42
Parameter
url-string: Uniform Resource Locator string used in HTTP. It is used by the WWW
service program to identify the location of information on the Internet. By default,
no URL is configured.
Description
Using the http-string command, you can configure an URL for an HTTP test. Using
the undo http-string command, you can delete the configured URL information.
This command applies only to HTTP test.
For the related command, see http-operation.
Example
Configure the URL /index.htm http/1.1.
[Router-administrator-http] http-string /index.htm http/1.1
hwping
Syntax
hwping administrator-name operation-tag
undo hwping administrator-name operation-tag
View
System view
Parameter
administrator-name: Specifies name of the administrator creating an HWPing test
group.
operation-tag: Test operation tag.
Description
Using the hwping command, you can create an HWPing test group.
Executing this command will allow the system to access HWPing test group view.
Example
Create an HWPing test group, given the administrator name is administrator
and the test operation tag is icmp.
[Router] hwping administrator icmp
hwping-agent enable
Syntax
hwping-agent enable
undo hwping-agent enable
View
System view
Parameter
None
HWPing Commands
43
Description
Using the hwping-agent enable command, you can enable the HWPing client
function. Using the undo hwping-agent enable command, you can disable the
HWPing client function.
Before you perform the test operations of any type, you must enable the HWPing
client function.
For the related command, see hwping-server enable.
Example
Enable HWPing Client.
[Router] hwping-agent enable
hwping-agent
max-requests
Syntax
hwping-agent max-requests max-number
undo hwping-agent max-requests
View
System view
Parameter
max-number: The allowed maximum number of concurrent tests, which is in the
range 0 to 4294967295 and defaults to 10.
Description
Using the hwping-agent max-requests command, you can set the allowed
maximum number of concurrent tests. Using the undo hwping-agent
max-requests command, you can restore the default maximum number of
concurrent tests.
Example
Set the maximum number of concurrent tests to 20.
[Router] hwping-agent max-requests 20
jitter-interval
Syntax
jitter-interval interval
undo jitter-interval
View
HWPing test group view
Parameter
interval: Packet sending interval in a jitter test, which is in the range 10 to 1000
milliseconds and defaults to 20 milliseconds.
44
Description
Using the jitter-interval command, you can set a packet sending interval for a jitter
test. Using the undo jitter-interval command, you can restore the default test
packet sending interval.
This command applies only to jitter test.
For the related command, see jitter-packetnum.
Example
Send packets at intervals of 30 milliseconds in a jitter test.
[Router-administrator-icmp] jitter-interval 30
jitter-packetnum
Syntax
jitter-packetnum number
undo jitter-packetnum
View
HWPing test group view
Parameter
number: Number of packets to be sent in a jitter test, which is in the range of 10
to 100 and defaults to 20.
Description
Using the jitter-packetnum command, you can configure the number of packets to
be sent for a jitter test. Using the undo jitter-packetnum command, you can
restore the number of packets to be sent for a jitter test to its default value.
This command applies only to jitter test.
For the related command, see jitter-interval.
Example
Send 30 packets for a test.
[Router-administrator-icmp] jitter-packetnum 30
password
Syntax
password password
undo password
View
HWPing test group view
Parameter
password: Password required for accessing an FTP server.
HWPing Commands
45
Description
Using the password command, you can configure the password required for the
login to an FTP server. Using the undo password command, you can remove the
configured password.
By default, no password is configured for the login to an FTP server.
This command applies only to FTP test.
For the related commands, see username and ftp-operation.
Example
Set the login password for accessing an FTP server to hwping.
[Router-administrator-ftp] password hwping
probe-failtimes
Syntax
probe-failtimes times
undo probe-failtimes
View
HWPing test group view
Parameter
times: Number of consecutive probe failures. It is in the range 1 to 65535 and
defaults to 1.
Description
Using the probe-failtimes command, you can configure the number of consecutive
probe failures allowed in a HWPing test before a trap is sent to the NMS. Using the
undo probe-failtimes command, you can restore the default.
A test may include multiple probes.
Example
Send a trap to the NMS after three consecutive probe failures for a HWPing test.
[Router] probe-failtimes 3
send-trap
Syntax
send-trap { all | probefailure | testcomplete | testfailure }
undo send-trap { all | probefailure | testcomplete | testfailure }
View
HWPing test group view
Parameter
probefailure: Sends traps upon test packet transmission failures.
testcomplete: Sends traps upon the completion of test.
testfailure: Sends traps upon test failures.
all: Sends traps for all the events described above.
46
Description
Using the send-trap command, you can configure the type of events that may
trigger trap sending. Using the undo send-trap command, you can remove the
configuration of the event type.
By default, no traps are sent.
Example
Send traps upon the completion of tests.
[Router-administrator-icmp] send-trap testcomplete
sendpacket passroute
Syntax
sendpacket passroute
undo sendpacket passroute
View
HWPing test group view
Parameter
None
Description
Using the sendpacket passroute command, you can enable routing table bypass.
Using the undo sendpacket passroute command, you can disable routing table
bypass.
By default, routing table bypass is disabled.
With routing table bypass, a remote host can bypass the normal routing tables and
send ICMP packets directly to a host on an attached network. If the host is not on
a directly-attached network, an error is returned. You can use this function when
pinging a local host on an interface that has no route defined.
Example
Bypass routing table when sending ICMP packets.
[Router] sendpacket passroute
source-interface
Syntax
source-interface interface-type interface-number
undo source-interface
View
HWPing test group view
Parameter
interface-type: Interface type.
interface-number: Interface number.
HWPing Commands
47
Description
Using the source-interface command, you can configure a source interface for test
packet transmission. Using the undo source-interface command, you can remove
the source interface configuration.
By default, no source interface is configured for test packet transmission.
Example
Specify Ethernet 1 as the source interface for test packet transmission.
[Router-administrator-dhcp] source-interface ethernet 1
source-ip
Syntax
source-ip ip-address
undo source-ip
View
HWPing test group view
Parameter
ip-address: Source IP address used in a test.
Description
Using the source-ip command, you can configure a source IP address for this test.
Using the undo source-ip command, you can remove the source address
configuration.
By default, IP address of the interface where test packets are to be sent is used as
the source IP address.
Example
Set the source IP address for this test to 169.254.10.2.
[Router-administrator-icmp] source-ip 169.254.10.2
source-port
Syntax
source-port port-number
undo source-port
View
HWPing test group view
Parameter
port-number: Source port number used in a test. By default, it is 0.
Description
Using the source-port command, you can configure a source port number for this
test. Using the undo source-port command, you can remove the configuration of
source port number.
48
Example
Set the source port number to 8000 for this test.
[Router-administrator-icmp] source-port 8000
test-type
Syntax
test-type type
View
HWPing test group view
Parameter
test-type: Test type, which can be one of the following keywords:
dhcp: DHCP test.
dlsw: DLSw test.
ftp: FTP connection test.
http: HTTP connection test.
icmp-echo: ICMP test.
jitter: Jitter test, performed for analyzing the delay variations in
UDP packet transmission.
snmpquery: SNMP test.
tcp-private: Tests the TCP connection of a specified port (an unknown
port).
tcp-public: Tests the TCP connection of port 7.
udp-private: Tests the UDP connection of a specified port (an unknown
port).
udp-public: Tests the UDP connection of port 7.
test-enable
Syntax
test-enable
View
HWPing test group view
Parameter
None
Description
Using the test-enable command, you can enable an HWPing test.
HWPing Commands
49
After you execute the test-enable command, the system does not display the test
result. You may view the test result information by executing the display hwping
command.
For the related command, see display hwping.
Example
Execute the HWPing test defined by the test group wgw-testicmp.
[Router-hwping-wgw-testicmp] test-enable
test-failtimes
Syntax
test-failtimes times
undo test-failtimes
View
HWPing test group view
Parameter
times: Number of consecutive test failures. It is in the range 1 to 65535 and
defaults to 1.
Description
Using the test-failtimes command, you can configure the number of consecutive
test failures allowed before a trap is sent to the NMS. Using the undo test-failtimes
command, you can restore the default.
A test may include multiple probes.
Example
Send a trap to the NMS after three consecutive test failures.
[Router] test-failtimes 3
timeout
Syntax
timeout time
undo timeout
View
HWPing test group view
Parameter
time: Timeout time, which is in the range 1 to 60 and defaults to 3 seconds.
Description
Using the timeout command, you can configure a timeout time for a test. Using
the undo timeout command, you can restore the default timeout time.
Example
Set the timeout time to ten seconds.
[Router-administrator-icmp] timeout 10
50
tos
Syntax
tos value
undo tos
View
HWPing test group view
Parameter
value: ToS field in the header of HWPing test packets, which is in the range 0 to
255. By default, ToS field is not set.
Description
Using the tos command, you can assign a value to the ToS field in the header of
HWPing test packets. Using the undo tos command, you can remove the ToS value
configuration.
In a ping command, service type is set by using the argument -o.
Example
Set the ToS field in the header of HWPing packets to one.
[Router-administrator-ftp] tos 1
ttl
Syntax
ttl number
undo ttl
View
HWPing test group view
Parameter
number: Time to Live (TTL) value or lifetime of HWPing ICMP test packets, which is
in the range 1 to 255 and defaults to 255.
Description
Using the ttl command, you can configure TTL of ICMP test packets. Using the
undo ttl command, you can restore the default TTL of ICMP test packets.
TTL is actually a hop count limit on how far a test packet can travel on a network.
In a ping command, it is defined by the argument -i.
This command applies only to ICMP test.
Example
Set the TTL of HWPing ICMP test packets to 16.
[Router-administrator-icmp] ttl 16
username
Syntax
username name
undo username
51
View
HWPing test group view
Parameter
name: Name of the user allowed to access an FTP server.
Description
Using the username command, you can configure name used for logging into an
FTP server. Using the undo username command, you can remove the username
configuration.
By default, no username is configured for accessing an FTP server.
This command applies only to FTP test.
For the related commands, see password and ftp-operation.
Example
Use "administrator" as the username for the login to an FTP server.
[Router-administrator-ftp] username administrator
vpninstance
Syntax
vpninstance name
undo vpninstance
View
HWPing test group view
Parameter
name: VPN instance name, a string of 1 to 19 characters.
Description
Using the vpninstance command, you can configure VPN instance information for
ICMP. Using the undo vpninstance command, you can remove the VPN instance
information of ICMP.
By default, no VPN instance information is configured for ICMP.
Example
Set the VPN instance name of ICMP to vpn1.
[Router] vpninstance vpn1
HWPing Server
Commands
hwping-server enable
Syntax
hwping-server enable
undo hwping-server enable
52
View
System view
Parameter
None
Description
Using the hwping-server enable command, you can enable HWPing Server. Using
the undo hwping-server enable command, you can disable HWPing Server.
By default, HWPing Server is disabled.
By far, jitter test and UDP/TCP tests of a specified port are only available for
Huaweis devices. Before performing one of the tests, you must enable HWPing
Server on the device to be tested.
You must enable the function of HWPing Server on a device in order to provide
HWPing server services.
For the related commands, see hwping-agent enable, hwping-server tcpconnet,
and hwping-server udpconnet.
Example
Enable HWPing Server.
[Router] hwping-server enable
hwping-server
tcpconnect
Syntax
hwping-server tcpconnect ip-address port-number
undo hwping-server tcpconnect ip-address port-number
View
System view
Parameter
ip-address: IP address where HWPing Server provides the TCP listening service.
port-number: Port where HWPing Server provides the TCP listening service.
Description
Using the hwping-server tcpconnect command, you can create a TCP listening
service. Using the undo hwping-server tcpconnect command, you can delete the
established TCP listening service.
If you want to use Huaweis router as the server in an HWPing test on the TCP
connection of a specified port, you must create the TCP listening service on the
server.
For the related command, see hwping-server enable.
Example
Create a TCP listening service, setting IP address to 169.254.10.2 and port number
to 9000.
[Router] hwping-server tcpconnect 169.254.10.2 9000
hwping-server udpecho
53
Syntax
hwping-server udpecho ip-address port-number
undo hwping-server udpecho ip-address port-number
View
System view
Parameter
ip-address: IP address where HWPing server implements the UDP listening service.
port-number: Port where HWPing Server provides the UDP listening service.
Description
Using the hwping-server udpecho command, you can create a UDP listening
service. Using the undo hwping-server udpecho command, you can delete the
established UDP listening service.
If you want to use Huaweis router as the server in an HWPing test on the UDP
connection of a specified port, you must create the UDP listening service on the
server.
For the related command, see hwping-server enable.
Example
Create a UDP listening service, setting IP address to 169.254.10.2 and port
number to 9000.
[Router] hwping-server udpecho 169.254.10.2 9000
Information
Processing Commands
display channel
Syntax
display channel [ channel-number | channel-name ]
View
Any view.
Parameter
channel-number: Channel number, ranging 0 to 9. That is, the system has 10
channels.
channel-name: Channel name.
Table 1 Channel names and their associated channel numbers
Channel name
Information
channel
number
channel6
channel7
54
Channel name
Information
channel
number
channel8
channel9
console
logbuffer
loghost
monitor
snmpagent
trapbuffer
Description
Using the display channel command, you can display the contents of an
information channel.
This command displays the setting states of all channels when executed without
any parameter.
Example
Display the contents of information channel 0.
<3Com> display channel 0
channel number:0, channel name:console
MODU_ID NAME ENABLE LOG LEVEL ENABLE TRAP LEVEL ENABLE DEBUG LEVEL
ffff0000 all Y warning Y
debugging Y debugging
display info-center
Syntax
display info-center
View
Any view
Parameter
None
Description
Using the display info-center command, you can display all the information
recorded in the info-center.
For related commands, see info-center enable, info-center loghost,
info-center logbuffer, info-center trapbuffer, info-center console channel,
and info-center monitor channel.
Example
Display the information recorded in the info-center.
55
display logbuffer
Syntax
display logbuffer [ size size-value | summary ] [ level level-number ] [ | [ begin | include |
exclude ] string ]
View
Any view
Parameter
size: Displays the number of information entries in the logbuffer.
size-value: The number of displayed information entries.
summary: A summary of the logbuffer.
level: Displays only the count of information entries at a specified level.
level-number: The specified level in the ranging 1 to 8.
|: Uses regular expression to filter the information for display.
begin: Displays the information beginning with the specified characters (string).
include: Displays the information including the specified characters (string).
exclude: Displays the information excluding the specified characters (string).
string: Characters of the regular expression.
Description
Using the display logbuffer command, you can display the information recorded
in the logbuffer.
56
By default, executing display logbuffer without any parameter displays all the
information in the logbuffer.
If the number of information entries in the current logging buffer is smaller than
the specified size-value, logging information of the actual entries will be displayed.
For related commands, see info-center enable, info-center logbuffer, and
display info-center.
Example
Display the information in the logging buffer.
<3Com> display logbuffer
Logging Buffer Confiuration and contents:enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 4 , channel name : logbuf
dropped messages : 0
overwritten messages : 0
current messages : 96
%8/28/2101 5:34:48-IC-7-SYS_RESTART:
System restarted -3Com Versatile Routing Platform Software
Copyright (c) 2000-2002 by VRP Team Beijing Institute 3Com Tech, Inc
%9/9/2002 15:50:36-SHELL-5-CMD:task:CFM ip:** user:** command:interface Ethernet
%11/6/2002 22:18:52-SHELL-5-CMD:task:CFM ip:** user:** command:interface Aux0
%3/15/2003 15:50:36-SHELL-5-CMD:task:CFM ip:** user:** command:controller E1 3/0
%4/1/2003 21:29:47-PHY-2-PHY: Console0: change status to up
display trapbuffer
Syntax
display trapbuffer [ size sizeval ]
View
Any view
Parameter
size: Specifies the number of information entries in the logbuffer.
sizeval: The number of displayed information entries.
Description
Using the display trapbuffer command, you can display the information
recorded in the trapbuffer.
By default, executing the command without any parameter displays all the
information in the trapbuffer.
If the number of information entries in the current trapbuffer is smaller than the
specified sizeval, the actual number of traps will be displayed.
57
info-center channel
Syntax
info-center channel channel-number name channel-name
undo info-center channel channel-number
View
System view
Parameter
channel-number: The channel number, with the value ranging from 0 to 9. That is,
the system has 10 channels.
channel-name is a channel name, with maximum length of 30 characters,
excluding -, / and \..
Description
Using the rename channel command, you can rename the information channel
numbered channel-number as channel-name.
When naming the information channels, please note that no duplicated channel
name is allowed.
Example
Name Channel 0 as "execconsole".
58
info-center console
channel
Syntax
info-center console channel { channel-number | channel-name }
undo info-center console channel
View
System view
Parameter
channel-number: Channel number, ranging 0 to 9, that is, the system has 10
channels.
channel-name: Channel name.
Description
Using the info-center console channel command, you can enable outputting
information to the console and set the information output channel. Using the
undo info-center console channel command, you can disable the current
settings.
By default, no logging information is output to the console.
This command will not become valid unless the syslog function has been enabled.
For related commands, see info-center enable and display info-center.
Example
Enable outputting information to the console and set the output channel.
[3Com] info-center console channel console
info-center enable
Syntax
info-center enable
undo info-center enable
View
System view
Parameter
None
Description
Using the info-center enable command, you can enable the info-center. Using
the undo info-center enable command, you can disable the info-center.
59
info-center logbuffer
Syntax
info-center logbuffer [ channel { channel-number | channel-name } | size buffersize ] *
undo info-center logbuffer [ channel | size ]
View
System view
Parameter
channel: Sets the channel for information output to the logbuffer.
channel-number: Channel number ranging 0 to 9. That is, the system has 10
channels.
channel-name: Channel name.
size: Sets logbuffer size.
buffersize: Size of the logbuffer (the accommodated message entries).
Description
Using the info-center logbuffer command, you can enable the logbuffer and set
the channel number for logging information output as well as the size of the
logging buffer. Using the undo info-center logbuffer command, you can cancel
the current settings.
By default, the information outputted to the logbuffer is allowed, and the
logbuffer size is 256.
Only when the info-center has been enabled will this command become effective.
By setting channel number after enabling logbuffer, you can specify informations
outbound direction.
For related commands, see info-center enable, display info-center, and
display info-center logbuffer.
60
Example
Enable the router to send information to the logbuffer and set the logbuffer size
to 50.
[3Com] info-center logbuffer size 50
info-center loghost
Syntax
info-center loghost X.X.X.X [ channel { channel-number | channel-name } | facility
local-number | language { chinese | english } ] *
undo info-center loghost X.X.X.X
View
System view
Parameter
X.X.X.X: IP address of the loghost.
channel: Information channel for the loghost.
channel-number: Channel number ranging 0 to 9. That is, the system has 10
channels.
channel-name: Channel name.
facility: Sets the recording tool of the loghost.
local-number: Recording tool of the loghost, which is ranging local0 to local7.
language: Sets the logging language.
chinese and english: Logging language which can be Chinese or English.
Description
Using the info-center loghost command, you can enable the router to output
information to the loghost. Using the undo info-center loghost command, you
can cancel the current configuration.
By default, no information is output to the loghost.
If not specified, the information channel for the loghost defaults to channel2 that
is named loghost, the loghost recording tool local-number to local7, and the
language to english.
Only when the information center has been enabled will this command become
effective.
By setting the IP address of loghost, you can specify the information outbound
direction. You can set up to 4 loghosts.
For related command, see info-center enable, and display info-center.
61
Example
Enable the router to send information to the UNIX workstation at 202.38.160.1.
[3Com] info-center loghost 202.38.160.1
info-center loghost
source
Syntax
info-center loghost source interface-type interface-number [ subinterface-type ]
undo info-center loghost source
View
System view
Parameter
interface-type: Interface types.
interface-number: Number of the interface.
subinterface-name: Subinterface types.
Description
The info-center loghost source command is used to specify the source address
for sending packets to the logging host while the undo info-center loghost
source command is used to cancel the current configuration. Undo info-center
loghost source is for the canceling of the current configuration.
When a logging message is sent out from a router, the default source address is
the IP address of the interface which has sent the logging message. If the user
wants to change the source address, he can use this command to achieve it. You
can judge which router has sent out the message by setting different source
addresses for different routers, accordingly you can also search among the
received messages.
Example
Set the IP address of Loopback0 as the source address of the logging message
packets.
[3Com] interface loopback 0
[3Com-LoopBack0] ip address 1.1.1.1 255.255.255.0
[3Com-LoopBack0] quit
[3Com] info-center loghost source loopback 0
info-center monitor
channel
Syntax
info-center monitor channel { channel-number | channel-name }
undo info-center monitor channel
View
System view
62
Parameter
channel-number: Channel number ranging 0 to 9. That is, the system has 10
channels.
channel-name: Channel name.
Description
Using the info-center monitor channel command, you can enable the router to
output information to the user terminal and set the output channel. Using the
undo info-center monitor channel command, you can cancel the current
configuration.
By default, no information is output to the user terminal.
Only when the info-center has been enabled will this command become effective.
For related commands, see info-center enable, and display info-center.
Example
Enable the router to output information to the user terminal and set the output
channel.
[3Com] info-center monitor channel monitor
info-center snmp
channel
Syntax
info-center snmp channel { channel-number | channel-name }
undo info-center snmp channel
View
System view
Parameter
channel-number: Channel number ranging 0 to 9. That is, the system has 10
channels.
channel-name: Channel name.
Description
Using the info-center snmp channel command, you can set the information
channel for snmp. Using the undo info-center snmp channel command, you
can cancel the current configuration.
By default, channel 5 is used.
For the related command, see display snmp-agent statistics.
Example
Set snmp information channel to channel 6.
63
info-center source
Syntax
info-center source { module-name | default } { channel { channel-number |
channel-name} } [ log { state { on | off } | level severity }* | trap { state { on | off } | level
severity } * | debug { state { on | off } | level severity }* ]*
undo info-center source { module-name | default } { channel { channel-number |
channel-name }
View
System view
Parameter
module-name: Module name.
default: Sets the default information record.
channel-number: Information channel number to be set.
channel-name: Information channel name to be set.
log: Log information.
trap: Alarm information.
debug: Debugging information.
on: Enables outputting information.
off: Disables outputting information.
level: Sets information level to disable the output of the information at a level
higher than the specified severity.
severity: Information level. As shown in the following table, the info-center
divides information into eight levels by severity or emergency, with a lower level
indicating a more emergent event. emergencies indicates level 0 and debugging
indicates level 7.l
Table 2 Definition of information leve
Severity level
Description
emergencies
alerts
critical
Critical errors
errors
warnings
notifications
informational
debugging
Debugging information
64
*: Indicate multiple choices can be selected. At least one choice must be selected
and all the choices can be selected at most.
Description
Using the info-center source command, you can add records to an information
channel. Using the undo info-center source command, you can remove the
records from the information channel.
For a specified module, by default,
The state of logging information output is on and the allowed information level is
informational.
The state of trapping information output is on and the allowed information level is
informational.
The state of debugging information ouput is off.
So far, the system allocates one information channel for each output direction.
They are:
The Output directionInformation channel number and the Default information
channel name
Console
0 console
2 loghost
Trapbuffer
Logbuffer
4 logbuffer
snmp
trapbuffer
5snmpagent
In addition, each information channel has a default record for which the module
name and number are default and 0xffff0000. But for different channels, the
record may have different default settings for logging information, trapping
information, and debugging information. If a module has no explicit configuration
record in the channel, the default configuration record will be used.
Example
Enable the output of log information of the IP module in the snmp channel and
the allowed highest level of the output information is emergence.
[3Com] info-center source ip channel snmpagent log level emergence
info-center timestamp
65
Syntax
info-center timestamp { trap | debugging | log } { boot | date | none }
undo info-center timestamp { trap | debugging | log }
View
System view
Parameter
trap: Trap information
debugging: Debugging information.
log: log information.
boot: Post booting time that the system experiences. It is in the format of
xxxxxx.yyyyyy, with xxxxxx being the 32 high bits and yyyyyy the 32 low bits of the
passed milliseconds.
date: Current system date and time, in the form of yyyy/mm/dd-hh:mm:ss in
Chinese and mm/dd/yyyy-hh:mm:ss in English.
none: No time stamp.
Description
Using the info-center timestamp command, you can set the time stamp format
for the output debugging/trapping/logging information. Using the undo
info-center timestamp command, you can cancel the current configuration.
By default, the date time stamp is used in information of all types.
Example
Set the time stamp format for traps to boot.
[3Com] info-center timestamp trap boot
info-center trapbuffer
Syntax
info-center trapbuffer [ channel { channel-number | channel-name } | size buffersize ] *
undo info-center trapbuffer [ channel | size ]
View
System view
Parameter
channel: Sets the channel for outputting information to the trapbuffer.
channel-number: Channel number ranging 0 to 9. That is, system has 10 channels.
66
reset logbuffer
Syntax
reset logbuffer
View
User view
Parameter
None
Description
Using the reset logbuffer command, you can clear information in the logbuffer.
Example
<3Com> reset logbuffer
reset trapbuffer
Syntax
reset trapbuffer
67
View
System view
Parameter
None
Description
Using the reset trapbuffer command, you can clear information in the trapbuffer.
Example
<3Com> reset trapbuffer
service modem-callback
Syntax
service modem-callback
undo service modem-callback
View
System view
Parameter
None
Description
Using the service modem-callback command, you can enable user callback.
Using the undo service modem-callback command, you can disable user
callback.
By default, the callback function is disabled.
Example
Enable the callback function.
[3Com] service modem-callback
terminal debugging
Syntax
terminal debugging
undo terminal debugging
View
User view
Parameter
None
68
Description
Using the terminal debugging command you can enable the terminal
debugging display function. Using the undo terminal debugging command you
can disable the function.
By default, terminal display is disabled.
For related command, see debugging.
Example
Enable terminals to display the debugging information.
<3Com> terminal debugging
terminal logging
Syntax
terminal logging
undo terminal logging
View
User view
Parameter
None
Description
Using the terminal logging command, you can enable the log display function of
terminals. Using the undo terminal logging command, you can disable log
display function of terminals.
By default, the log display function of terminals is enabled.
Example
Disable the log display function of terminals.
<3Com> undo terminal logging
terminal monitor
Syntax
terminal monitor
undo terminal monitor
View
User view
Parameter
None
69
Description
Using the terminal monitor command, you can enable terminals to display the
debugging /logging/trapping information sent by the info-center. Using the undo
terminal monitor command, you can disable terminals to display the
debugging/logging/trapping information.
By default, the display function of console users is enabled but the display function
of terminal users is disabled.
The command only affects the current terminal that inputs it. The undo terminal
monitor command is equivalent to the execution of undo terminal debugging,
undo terminal logging, and undo terminal trapping commands, that is, all
the debugging/logging/trapping information will not be displayed at the current
terminal. In the event that terminal monitor has been enabled, the terminal
debugging/undo terminal debugging, terminal logging/undo terminal
logging, and terminal trapping/undo terminal trapping commands can be
used to enable/disable the debugging/logging/trapping information.
Example
Disable terminal monitor.
<3Com> undo terminal monitor
terminal trapping
Syntax
terminal trapping
undo terminal trapping
View
User view
Parameter
None
Description
Using the terminal trapping command, you can enable the function of trap
information display at terminals. Using the undo terminal trapping command,
you can disable the function of trap information display at terminals.
By default, the system configuration is to enable the display function.
Example
Disable the trapping information display function.
<3Com> terminal trapping
70
System Operating
Management
Commands
boot bootldr
Syntax
boot bootldr filename
View
System view
Parameter
filename: File name of the booting software package.
Description
Using the boot bootldr command, you can specify the system booting file.
Example
Specify the file ibox.bin stored in the flash as the default system booting file.
[3Com] boot bootldr flash:/ibox.bin
Syntax
display alarm urgent [ time | slot | id ]
View
Any view
Parameter
time: Displays the alarms in a latest time range.
id: Displays the alarms of an ID.
slot: Displays the alarms involved a slot.
Description
Using the display alarm urgent command, you can display the stored alarms in a
specified way.
Executing the command defined without any parameter will display all the alarms.
Example
Display the stored alarms.
<3Com> display alarm urgent
Alarm ID Slot
Date
Time
Para1 Para2
2
11
00/04/01 23:55:18
2
24
2
0
display bootvar
10
12
00/04/01
00/04/04
23:55:18
10:00:14
1
0
71
24
1
Syntax
display bootvar
View
Any view
Parameter
None
Description
Using the display bootvar command, you can display file name of the boot
software package stored in the flash on RPU.
Example
Display the program configuration information of RPU.
<3Com> display bootvar
Boot file on flash is flash:/ibox.bin.
display environment
Syntax
display environment
View
Any view
Parameter
None
Description
Using the display environment command, you can display the current values
and the threshold values of the hardware system environment.
Example
Display the system environment.
<3Com> display environment
GET 3 TEMPERATUREPOINT VALUE SUCCESSFULLY
environment information:
Temperature information:
local CurrentTemperature LowLimit HighLimit
(deg c )
(deg c) (deg c )
RPU
34
0
80
VENT
31
0
80
72
display device
Syntax
display device slot-number
View
Any view
Parameter
slot-number: Slot number.
Description
Using the display device command, you can display the system hardware
configuration information, including the in-position states of MPU, NPU, interface
card, power module, and fan module, the operating state of interface card, power
module, and fan module, as well as the offline information of MPU and NPU.
Executing the command defined without parameters will display the essential
information of all the devices in position. Executing the command defined with
the parameter slot-number will display only the details on the defined slot,
including reset times and history records of the reset causes.
Example
Display the essential information of the router.
<3Com> display device
Slot # Type
Online
0
RPU
Present
6
PWR
Present
7
FAN
Present
Status
Normal
Normal
Normal
Syntax
display schedule reboot
View
Any view
Parameter
None
Description
Using the display schedule reboot command, you can check the configuration
of related parameters of the router schedule reboot terminal service.
For the related command, see reboot, schedule reboot at, schedule reboot
delay, undo schedule reboot.
73
Example
Display the configuration of the schedule reboot terminal service parameters of
the current router.
<3Com> display schedule reboot
Reboot system at 16:00:00 2002/11/1 (in 2 hours and 5 minutes).
remove slot
Syntax
remove slot slotnum
undo remove slot slotnum
View
User view
Parameter
slotnum: Slot number for the interface card
Description
Using the remove slot command, you can run pre-processing before removing an
interface card. You can also cancel a misoperation with the undo remove slot
command if you change your mind to remove the card after executing the
remove slot command. The undo remove slot command is unnecessary when
you remove a card, but insert it immediately.
For the related command, see reboot, schedule reboot at, schedule reboot
delay, undo schedule reboot.
Example
Remove the interface card at slot 3.
<3Com>remove slot 3
Syntax
reset alarm urgent
View
User view
Parameter
None
Description
Using the reset alarm urgent command, you can clear all the stored alarms.
74
Example
Clear the all the stored alarms.
<3Com> reset alarm urgent
reset slot
Syntax
reset slot slot-number
View
User view
Parameter
slot-number: The number of the slot to be reset.
Description
Using the reset slot command, you can reset the device in a specified slot.
Example
Reset the device in slot 3.
<3Com> reset slot 3
schedule reboot at
Syntax
schedule reboot at hh:mm [ yyyy/mm/dd ]
View
User view
Parameter
hh:mm: Reboot time of the router, in the format of "hour: minute" The hh ranges
from 0 to 23, and the mm ranges from 0 to 59.
yyyy/mm/dd: Reboot date of the router, in the format of "year/month/day. The
yyyy ranges from 2000 to 2099, the mm ranges from 1 to 12, and the value of dd
is related to the specific month.
Description
Using the schedule reboot at command, you can enable the timing reboot
function of the router and set the specific reboot time and date.
By default, the timing reboot router function is disabled.
If the schedule reboot at command sets specified date parameters, which
represents a data in the future, the router will be restarted in specified time, with
error not more than 1 minute.
75
If no specified date parameters are configured, two cases are involved; if the
configured time is after the current time, then the router will be restarted at the
time point of that day, or if the configured time is before the current time, the
router will be restarted at the time point of the next day.
It should be noted that the configured date should not exceed the current date
more than 30 days. In addition, after the command is configured, the system will
prompt you to input confirmation information. Only after the "Y" or the "y" is
entered can the configuration be valid. If there is related configuration before, it
will be covered directly.
Moreover, after the schedule reboot at command is configured and the system
time is adjusted by the clock command, the former configured schedule reboot at
parameter will go invalid.
For the related command, see reboot, schedule reboot delay, undo schedule
reboot, display schedule reboot.
Example
Set the router to be restarted at 22:00 that night (the current time is 15:50).
<3Com> schedule reboot at 22:00
Reboot scheduled for 22:00:00 UTC 2002/11/18 (in 6 hours and 10 minutes)
Proceed with reboot? [Y/N]:y
Syntax
schedule reboot delay { hhh:mm | mmm }
View
User view
Parameter
hhh:mm: Waiting time for rebooting a router, in the format of "hour: minute" The
hhh ranges from 0 to 720, and the mm ranges from 0 to 59.
mmm: Waiting delay for rebooting a router, in the format of "absolute minutes" .
Ranging from 0 to 43200,
Description
Using the schedule reboot delay command, you can enable the timing reboot
router function and set the waiting time.
By default, the timing reboot router function is disabled.
Two formats can be used to set the waiting delay of timing reboot router, the
format of "hour: minute" and the format of "absolute minutes". But the total
minutes should be no more than 302460 minutes, or 30 days.
After this command is configured, the system will prompt you to input
confirmation information. Only after the "Y" or the "y" is entered can the
76
upgrade
Syntax
upgrade [ bootrom | pico-code] filename
View
System view
Parameter
bootrom: Upgrades the BootROM on line .
pico-code: Upgrades the pico-code on line.
filename: The file name of the upgrade software package to be used.
Description
Using the upgrade command, you can upgrade the BootRom program,
pico-code or the logic.
Example
Upgrade the pico-code on line, given the file name of the upgrade software
package is filename.
[3Com] upgrade pico-code filename
Syntax
undo schedule reboot
View
User view
Lock-Down Commands
77
Parameter
None
Description
Using the undo schedule reboot command, you can cancel the parameter
configuration of the schedule reboot terminal service.
For the related command, see reboot, schedule reboot at, schedule reboot
delay, display schedule reboot.
Example
Cancel the timing reboot router function.
<3Com> undo schedule reboot
Lock-Down
Commands
display configure-user
Syntax
display configure-user
View
Any view
Parameter
None
Description
Using the display configure-user command, you can view information about the
user who is currently authorized to configure the equipment.
Users can configure the same equipment through the Console port, the AUX port,
the VTY interface (in cases such as Telnet and SSH) and others. If configurations by
these various means are permitted to be conducted simultaneously, the
configuration of one user is liable to overwrite others' configuration. For this
reason, the VRP requires that only one user should have right to modify
configurations of the equipment at a time. In other words, once a user is
performing configurations on the equipment, other users, including those with
higher priorities, are not permitted to configure the equipment at that very
moment, but rather wait till the user currently conducting the configurations
quitting or timed out of the system.
Example
Display information about the user who is currently authorized to configure the
equipment.
<3Com> display configure-user
78
If the adopted authentication does not require a username, the actual display shall
be:
The information of current configuration user:
34
UI
VTY 0
Delay
00:00:04
Type
Ipaddress
TEL 10.153.17.100
Username
If the login authentication otherwise requires a username, the actual display shall
be:
The information of current configuration user:
34
UI
VTY 0
Delay
00:00:05
Type
Ipaddress
TEL 10.153.17.100
Username
test
File Management
Commands
File System Commands
Syntax
cd directory
View
User view
Parameter
directory: Name of destination directory.
Description
Using the cd command, you can modify the current operating path of the router
to the specified directory.
By default, the flash memory is the operating path set when the router starts.
Example
Modify the current operating path of the router to test.
<3Com> cd test
<3Com> pwd
flash:/test
clear
Syntax
clear filename
View
User view
79
Parameter
filename: Name of file to be deleted.
Description
Using the clear command, you can delete all files from the recycle bin.
The wildcard * is available here. Using the delete command, you can only
move the target files into the recycle bin. If you want to remove them from the
recycle bin, you must use the clear command.
Example
Clear the recycle bin.
<3Com> clear flash:/p1h_logic.out
clear flash:/plh_logic.out?[Y/N]
copy
Syntax
copy filename_source filename_dest
View
User view
Parameter
filename_source: Name of the source file.
filename_dest: Name of the destination file or directory.
Description
Using the copy command, you can copy a file.
If the name of the destination file is the same with an existing directory name, the
target file will be copied to the directory. If the name of the destination file is the
same with an existing file name, the user will be prompted whether the existing
file should be overwritten.
Example
<3Com>pwd
Slave#flash:
<3Com> dir
Directory of flash:/
-rwxrwxrwx 1 noone nogroup 4316742 Oct 10 2002 10:10:10 system
drwxrwxrwx 1 noone nogroup
- Jan 01 2001 10:47:14 buckup
-rwxrwxrwx 1 noone nogroup 16 Jan 02 2001 08:53:52 private-data.t
-rwxrwxrwx 1 noone nogroup 625 Jan 02 2001 08:54:01 vrpcfg.txt
-rwxrwxrwx 1 noone nogroup
375 Jan 02 2001 08:53:13 config
-rwxrwxrwx 1 noone nogroup 524288 Jan 02 2001 11:47:39 bootromfull
7672832 bytes total (2295808 bytes free)
80
delete
Syntax
delete /unreserved filename
View
User view
Parameter
unreserved: Deletes the specified file unreservedly, and the deleted file can never
be restored.
filename: Name of the file to be deleted.
Description
Using the delete command, you can move the specified file, which can be
restored with the undelete command, to the recycle bin. If you want to delete it
from the recycle bin, you can use the reset recycle-bin filename command.
If you delete two files are in different directories but with the same filename, only
the last one will be stored in the recycle bin.
If the unreserved parameter is seleted using the delete command, the target file
cannot be restored.
The dir command does not display the information of deleted files. However, by
using the dir /all command, the information of all files under the directory,
including deleted files, will be displayed.
Example
Delete the file flash:/test/test.txt.
<3Com> delete flash:/test/test.txt
Delete flash:/test/test.txt?[Y/N]
<3Com>
dir
Syntax
dir [ /all | /h ] [ filename ]
View
User view
81
Parameter
/all: Displays all files (including the deleted files).
/h: Displays the information about the private files. This parameter is unavailable if
there is no storage device on the router.
filename: Name of the file or directory displayed.
Description
Using the dir command, you can display the information about the specified file
or directory in the router storage device.
By default, this command displays the file information under the current directory.
This command supports "*" wildcard.
The dir /all command can be used to display the information about all the files,
including the deleted files. The names of the deleted files are denoted with "[]",
for instance, [temp.cfg]. Such deleted files can be restored via the undelete
command. The reset recycle-bin command can be used to delete the file from
the recycle bin permanently.
The dir /h command can be used to display the information about the private file
under the current path. The attribute of the private file is represented by ---h.
Example
Display the information about the file flash:/test/test.txt.
<3Com> dir flash:
Directory of flash:
-rwxrwxrwx
1 noone
nogroup
4316742
system
-rwxrwxrwx
1 noone
nogroup
16
private-data.t
xt
-rwxrwxrwx
1 noone
nogroup
351
vrpcfg.txt
7672832 bytes total (3351552 bytes free)
execute
Syntax
execute filename
View
System view
Parameter
filename: Name of the batch file, ranging from 1 to 256, with a suffix of .bat.
82
Description
Using the execute command, you can execute the specified batch file.
The batch command executes the command lines in the batch file one by one.
There should be no invisible character in the batch file. If invisible characters are
found, the batch command will quit the current execution without back off
operation. The batch command does not guarantee the execution of each
command, nor does it perform hot backup itself. The forms and contents of the
commands are not restricted in the batch file.
Example
Execute the batch file test.bat in the directory of flash:/.
[3Com] execute test.bat
file prompt
Syntax
file prompt {alert | quiet }
View
System view
Parameter
alert: Enables interactive acknowledgement on the condition that data loss or
destruction may happen due to user operation (e.g., deleting a file.).
quiet: No prompt on the condition that data loss or destruction may happen due
to user operation (e.g., deleting a file.).
Description
Using the file prompt command, you can modify the prompt mode of file
operation of the router.
By default, the prompt mode is alert.
When the prompting mode of file operation is set to quiet, for the possible data
loss due to user operation (e.g., deleting a file), the system will have no prompt.
Example
Set the prompt mode of file operation to quiet.
[3Com] file prompt quiet
# Set the prompt mode of file operation to alert.
[3Com] file prompt alert
format
Syntax
format device-name
83
View
User view
Parameter
device-name: Device name.
Description
Using the format command, you can format the storage device.
Formatting will result in loss of all files on a specified storage device and these files
cannot be restored.
Example
Format flash.
<3Com> format flash:
All sectors will be erased, proceed? [Y/N]y
Format flash: completed
mkdir
Syntax
mkdir directory
View
User view
Parameter
directory: Name of directory.
Description
Using the mkdir command, you can create a directory under the specified
directory in the specified storage device.
The name of the directory to be created cannot be the same with the names of
other directories or files under the specified directory.
Example
Create a directory dd.
<3Com> mkdir dd
Created dir flash:/dd.
more
Syntax
more filename
84
View
User view
Parameter
filename: File name.
Description
Using the more command, you can display content of a specified file.
By default, the file system displays the file in the form of text, that is, the contents
of the file.
Example
Display the content of the file test.txt.
<3Com> more test.txt
AppWizard has created this test application for you.
This file contains a summary of what you will find in each of the files that make up your test
application.
Test.dsp
This file (the project file) contains information at the project level and is used to build a single
project or subproject. Other users can share the project (.dsp) file, but they should export the
makefiles locally.
move
Syntax
move filename_source filename_dest
View
User view
Parameter
filename_source: Name of the source file.
filename_dest: Name of the destination file.
Description
Using the move command, you can move a file.
If the name of the target file has the same name as an existing directory, the target
file will be moved into the directory, with the same file name. If the name of the
destination file is the same with an existing file name, the user will be prompted
whether the existing file should be overwritten.
Example
<3Com> dir
Directory of *
0 -rw- 2145123 Jul 12 2001 12:28:08 ne80.bin
1 -rw595 Jul 12 2001 10:47:50 vrpcfg.txt
pwd
Syntax
pwd
View
User view
Parameter
None
Description
Using the pwd command, you can display the current path.
If the current path has not been set, the operation will fail.
Example
Display the current path.
<3Com> pwd
flash:/test
rename
Syntax
rename filename_source filename_dest
View
User view
85
86
Parameter
filename_source: Name of the source file.
filename_dest: Name of the destination file.
Description
Using the rename command, you can rename a file.
If the name of the destination file is the same with the name of an existing
directory, the execution will fail. If the name of the destination file is the same with
an existing file, the operation will fail.
Example
<3Com> dir
Directory of *
0 -rw- 2145123 Jul 12 2001 12:28:08 ne.bin
1 -rw595 Jul 12 2001 10:47:50 vrpcfg.txt
2 drw- Jul 12 2001 19:41:20 test
3 -rw50 Jul 12 2001 20:26:48 sample.txt
6477 KBytes total (2144 KBytes free)
reset recycle-bin
Syntax
reset recycle-bin filename
View
User view
Parameter
filename: Name of the file to be deleted.
Description
Using the reset recycle-bin command, you can delete a file from the recycle bin
permanently.
This command supports "*" wildcard. The delete command only deletes a file to
the recycle bin directory. To delete a file permanently, use the reset recycle-bin
command.
Example
Delete a file from the recycle bin.
<3Com> reset recycle-bin flash:/p1h_logic.out
reset flash:/plh_logic.out?[Y/N]
rmdir
Syntax
rmdir directory
View
User view
Parameter
directory: Name of the directory.
Description
Using the rmdir command, you can delete a directory.
The directory to be deleted must be an empty one.
Example
<3Com>dir
Directory of *
0 drw- Jul 12 2001 20:23:37 subdir
1 -rw595 Jul 12 2001 20:13:19 vrpcfg.txt
6477 KBytes total (2144 KBytes free)
# Display how to delete the directory subdir.
<3Com> rmdir subdir
Rmdir subdir?[Y/N]:y
% Removed directory subdir
<3Com> dir
Directory of *
0 -rw595 Jul 12 2001 20:13:19 vrpcfg.txt
6477 KBytes total (5944 KBytes free)
undelete
Syntax
undelete filename
View
User view
Parameter
filename: Name of the file to be restored.
Description
Using the undelete command, you can restore a deleted file.
87
88
If the name of the file to be restored is the same as the name of an existing
directory, the execution will fail. If the name of this file is the same as that of an
existing file, the user will be prompted whether the existing file should be
overwritten.
Example
<3Com> dir /all
Directory of *
0 -rw595 Jul 12 2001 20:13:19
1 -rw50 Jul 12 2001 20:09:23
6477 KBytes total (2144 KBytes free)
# Restore the deleted file sample.bak.
<3Com> undelete sample.bak
Undelete flash:/test/sample.bak ?[Y/N]:y
% Undeleted file flash:/test/sample.bak
<3Com> dir /all
Directory of *
0 -rw50 Jul 12 2001 20:34:19
1 -rw595 Jul 12 2001 20:13:19
6477 KBytes total (2144 KBytes free)
vrpcfg.txt
[sample.bak]
sample.bak
vrpcfg.txt
FTP Server
Configuration
Commands
display ftp-server
Syntax
display ftp-server
View
Any view
Parameter
None
Description
Using the display ftp-server command, you can display the parameters of the
current FTP server.
After the FTP parameters are configured, this command can be used to display the
configuration results.
Example
Display the FTP parameters configured.
<3Com> display ftp-server
Ftp server is running
Max user number5
User count2
Timeout(minute)30
89
The information shown above indicates that the FTP server has started and can
support up to 5 log-on users simultaneously and now there are two log-on users
and the timeout of an FTP user is 30 minutes.
display ftp-user
Syntax
display ftp-user
View
Any view
Parameter
None
Description
Using the display ftp-user command, you can display the parameters of the
current FTP user.
Example
Display the FTP user parameter configuration.
<3Com> display ftp-user
usernamehost
porttopdiridle
3Com 10.110.3.51074c:/3Com2
The information shown above indicates that a connection between an FTP user
named 3Com and the FTP server has been established. the IP address of the
remote host is 10.110.3.5 and the remote port number is 1074. the authorization
directory is flash:/3Com and so far the user has not sent any service request to the
FTP server for 2 minutes.
ftp server enable
Syntax
ftp server enable
undo ftp server
View
System view
Parameter
None
Description
Using the ftp server enable command, you can enable the FTP server and allow
the login of FTP users. Using the undo ftp server command, you can disable the
FTP server and the login of FTP users.
By default, the FTP server is off.
90
Example
Disable the FTP server.
[3Com] undo ftp server
ftp timeout
Syntax
ftp timeout minute
undo ftp timeout
View
System view
Parameter
minute: Connection timeout in minutes, in the range of 1 to 35791. By default,
the connection timeout is 30 minutes.
Description
Using the ftp timeout command, you can set the connection timeout. Using the
undo ftp timeout command, you can restore the default connection timeout.
Once the user logs on the FTP server, he establishes a connection with the FTP
server. If an abnormal disconnection occurs or the user abnormally disrupts the
connection, FTP server is not notified and thus the connection is still on. To avoid
such a problem, the connection timeout should be set. If no command interaction
is conducted during this period, FTP will regard the connection failed and disrupt
the connection.
Example
Set the connection timeout to 36 minutes.
[3Com] ftp timeout 36
ftp update
Syntax
ftp update { fast | normal }
undo ftp update{ fast | normal }
View
System view
Parameter
fast: Fast upgrading mode.
normal: Normal upgrading mode.
91
Description
Using the ftp update command, you can set the upgrading mode. Using the
undo ftp update command, you can restore the default upgrading mode.
By default, the FTP update is in fast mode.
The FTP server updates the data of files in its flash memory in two modes, normal
and fast. When receiving files transfered by the user using the FTP command PUT.
Each of the two modes is demonstrated respectively as follows:
Fast mode: The FTP server writes the data to the flash memory after the
completion of the file transfer. This can safeguard that the files in the flash
memory of the Router will not be damaged even on abnormal occasions such as
power failure.
Normal mode: The FTP server writes the data to the flash memory during the file
transfer. This means that the occurence of some abnormal conditions such as
power failure might cause the damage of the files in the flash memory of the
Router. But the normal updating mode consumes fewer memmory.
Example
Set the FTP update mode to normal.
[Router] ftp update normal
Syntax
ascii
View
FTP client view
Parameter
None
Description
Using the ascii command, you can set the transmission data type to ASCII.
By default, the data type is set to ASCII.
Example
Set the transmission data type to ASCII.
[ftp] ascii
200 Type set to A.
92
binary
Syntax
binary
View
FTP client view
Parameter
None
Description
Using the binary command, you can set file type to support binary files
transmission.
Example
Set file type to support binary files transmission.
[ftp] binary
200 Type set to B.
bye
Syntax
bye
View
FTP client view
Parameter
None
Description
Using the bye command, you can disconnect with remote FTP server and exit to
user view.
Example
Terminate the connection with remote FTP server and exit to user view.
[ftp] bye
<3Com>
cd
Syntax
cd pathname
View
FTP client view
93
Parameter
pathname: Path name.
Description
Using the cd command, you can change the operating path on remote FTP server.
This command can be used to access another directory on FTP server.
Example
Change the operating path to d:/temp.
[ftp] cd d:/temp
cdup
Syntax
cdup
View
FTP client view
Parameter
None
Description
Using the cdup command, you can change the operating path to the upper
directory.
This command is used to exit current directory and return to an upper directory.
Example
Change the operating path to an upper directory.
[ftp] cdup
close
Syntax
close
View
FTP client view
Parameter
None
Description
Using the close command, you can terminate the connection with remote FTP
server, but remain in FTP client view.
94
This command will terminate both control connection and data connection with
the remote FTP server simultaneously.
Example
Terminate the connection with the remote FTP server and still keep in FTP client
view.
[ftp] close
[ftp]
debugging
Syntax
debugging
undo debugging
View
FTP client view
Parameter
None
Description
Using the debugging command, you can enable the debugging. Using the undo
debugging command, you can disable the debugging.
By default, the debugging of FTP client commands is disabled.
Example
Enable the debugging.
[ftp] debugging
delete
Syntax
delete remotefile
View
FTP client view
Parameter
remotefile: File name.
Description
Using the delete command, you can delete a specified file.
Example
Delete temp.c.
95
dir
Syntax
dir [ filename ] [ localfile ]
View
FTP client view
Parameter
filename: File name queried.
localfile: Local file name saved.
Description
Using the dir command, you can query a specified file.
This command displays all the files under the directory or the file queried.
Example
Query temp.c and save the query result in temp1.
[ftp] dir temp.c temp1
disconnect
Syntax
disconnect
View
FTP client view
Parameter
None
Description
Using the disconnect command, you can terminate the connection with the
remote FTP server and still keep in FTP client view.
This command will terminate both control connection and data connection with
the remote FTP server.
Example
Terminate the connection with the remote FTP server and still keep in FTP client
view.
[ftp] disconnect
[ftp]
96
ftp
Syntax
ftp [host [ port ] ]
View
User view
Parameter
host: IP address or hostname of the remote FTP server.
port: Port number of the remote FTP server.
Description
Using the ftp command, you can establish control connection with the remote FTP
server and enter FTP client view.
Example
Connect to the remote FTP server with the IP address of 1.1.1.1.
<3Com> ftp 1.1.1.1
get
Syntax
get remotefile [ localfile ]
View
FTP client view
Parameter
localfile: Local file name.
remotefile: File name on the remote FTP server.
Description
Using the get command, you can download remote files and save them locally.
By default, if the local file name is not specified, this command will consider that it
is the same with that of the file on the remote FTP server.
Example
Download temp1.c and save it as temp.c.
[ftp] get temp1.c temp.c
lcd
Syntax
lcd
View
FTP client view
Parameter
None
Description
Using the lcd command, you can get the local operating path of FTP client.
Example
Display local operating path.
[ftp] lcd
% Local directory now flash:
ls
Syntax
ls [ remotefile ] [ localfile ]
View
FTP client view
Parameter
remotefile: Remote file queried.
localfile: Local file name saved.
Description
Using the ls command, you can query a specified file.
By default, all the files will be displayed when there is no parameter.
Example
Query temp.c.
[ftp] ls temp.c
mkdir
Syntax
mkdir pathname
View
FTP client view
Parameter
pathname: Directory name.
97
98
Description
Using the mkdir command, you can establish a directory at the remote FTP server.
Example
Establish test directory at the remote FTP server.
[ftp] mkdir test
open
Syntax
open ipaddr [ port ]
View
FTP client view
Parameter
ipaddr: IP address of the remote FTP server.
port: Port number of the remote FTP server.
Description
Using the open command, you can establish control connection with the remote
FTP server.
Example
Establish FTP connection with the FTP server of the host 10.110.3.1.
[ftp] open 10.110.3.1
passive
Syntax
passive
undo passive
View
FTP client view
Parameter
None
Description
Using the passive command, you can set data transmission mode to passive
mode. Using the undo passive command, you can set data transmission mode to
active mode.
By default, the transmission mode is passive.
99
Example
Set data transmission mode to passive mode.
[ftp] passive
put
Syntax
put localfile [ remotefile ]
View
FTP client view
Parameter
localfile: Local file name.
remotefile: File name on the remote FTP server.
Description
Using the put command, you can upload a local file to the remote FTP server.
If no file name on the remote server is specified, this command will consider that it
is the same with that of the local file.
Example
Upload local file temp.c to the remote FTP server and save it as temp1.c.
[ftp] put temp.c temp1.c
pwd
Syntax
pwd
View
FTP client view
Parameter
None
Description
Using the pwd command, you can display the working directory on the remote
FTP server.
Example
Display the working directory on the remote FTP server.
[ftp] pwd
"d:/temp" is current directory.
100
quit
Syntax
quit
View
FTP client view
Parameter
None
Description
Using the quit command, you can terminate the connection with the remote FTP
server and exit to user view.
Example
Terminate the connection with the remote FTP server and exit to user view.
[ftp] quit
<3Com>
remotehelp
Syntax
remotehelp [ protocol-command ]
View
FTP client view
Parameter
protocol-command: FTP command.
Description
Using the remotehelp command, you can display the help of FTP command.
Example
Display the syntax of the command user.
[ftp] remotehelp user
214 Syntax: USER <sp> <username>
rmdir
Syntax
rmdir pathname
View
FTP client view
101
Parameter
pathname: Directory name on the remote FTP server.
Description
Using the rmdir command, you can delete a specified directory on FTP server.
Example
Delete d:/temp1 directory on FTP server.
[ftp] rmdir d:/temp1
user
Syntax
user username [ password ]
View
FTP client view
Parameter
username: Logon user name.
password: Logon password.
Description
Using the user command, you can register FTP user.
Example
Log on FTP server with the user name tom and the password bjhw.
[ftp] user tom bjhw
verbose
Syntax
verbose
undo verbose
View
FTP client view
Parameter
None
Description
Using the verbose command, you can enable the verbose function to view
information from FTP server. Using the undo verbose command, you can disable
the verbose function.
102
By default, it is disabled.
Example
Enable the verbose function.
[ftp] verbose
TFTP Configuration
Commands
tftp
Syntax
tftp ip_address { get | put } source-filename [ destination-filename ]
View
User view
Parameter
p_address: IP address of TFTP server.
source-filename: Source file name.
destination-filename: Destination file name.
get: Downloads files.
put: Uploads files.
Description
Using the tftp command, you can upload files to a TFTP server or downloads files
to the local.
For related command, see tftp-server acl.
Example
Download the file vrpcfg.txt in the root directory of the TFTP server at 1.1.254.2
to the local hardware and save it as vrpcfg.bak.
<3Com> tftp 1.1.254.2 get vrpcfg.txt flash:/vrpcfg.bak
Upload the file vrpcfg.txt stored in the root directory of the flash onto the default
directory on the TFTP server at 1.1.254.2 and save the file on the server as
vrpcfg.bak.
<3Com> tftp 1.1.254.2 put flash:/vrpcfg.txt vrpcfg.bak
tftp-server acl
Syntax
tftp-server acl acl-number
103
View
System view
Parameter
acl-number: IP ACL number in the range of 1 to 99.
Description
Using the tftp-server acl command, you can set the number of ACL permitting
the access to a TFTP server.
For related command, see tftp.
Example
Set the number of ACL permitting the access to the TFTP Server to 1.
[3Com] tftp-server acl 1
Configuration Files
Management
Commands
display
current-configuration
Syntax
display current-configuration [ controller | interface interface-type [ interface-number ]
| configuration [ rip | ospf | bgp | post-config | system | user-interface ] ] [ | [begin |
include | exclude ] string ]
View
Any view
Parameter
controller: Displays the configuration of controller.
interface: Displays the configuration of the interface.
interface-type: Interface type.
interface-number: Interface number
configuration: Displays the specified configurations.
rip: Displays the RIP configuration.
ospf: Displays the OSPF configuration.
bgp: Displays the BGP configuration.
post-system: Displays the greeting message configuration.
system: Displays the system configuration.
104
105
#
#
ospf 2 router-id 1.1.1.1
#
rip
#
user-interface con 0
set authentication password simple 123456
history-command max-size 30
user-interface aux 0
user-interface vty 0 4
#
return
display
saved-configuration
Syntax
display saved-configuration
View
Any view
Parameter
None
Description
Using the display saved-configuration command, you can display the saved
router configurations, that is, the configurations that the router will apply the next
time it is booted.
For related commands, see save, reset saved-configuration, and display
current-configuration.
Example
Display the router configuration file in the storage device.
<3Com> display saved-configuration
#
sysname 3Com
#
tcp window 8
#
undo multicast igmp-all-enable
#
controller E1 3/0/0
#
interface Aux0
link-protocol ppp
#
interface Ethernet0/0/0
#
interface Serial0/0
link-protocol ppp
#
106
interface NULL0
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
display this
Syntax
display this
View
Any view
Parameter
None
Description
Using the display this command, you can display the current configurations
under this view.
Example
Display the current configuration of the view in question.
<3Com> display this
#
sysname 3Com
#
tcp window 8
#
reset
saved-configuration
Syntax
reset saved-configuration
View
User view
Parameter
None
Description
Using the reset saved-configuration command, you can erase the saved router
configuration.
You are recommended to use this command only when necessary and under the
guidance of the support technician.
107
save
Syntax
save[file-name ]
View
User view
Parameter
file-name: Filename, whose extension must be cfg
Description
Using the save command, you can save the current configuration information into
the storage device.
After you finish a set of configurations and make their functions valid, you should
save the current configuration file into the storage device.
For related commands, see reset saved-configuration, display
current-configuration, and display saved-configuration.
Example
Save the current configuration information in the default storage device.
<3Com> save
upgrade
Syntax
upgrade bootrom [ full ]
View
User view
108
Parameter
bootrom: Upgrades the BootRom program.
full: Upgrades the entire BootRom.
Description
Using the upgrade command, you can upgrade the bootrom program.
3Com Routers support online BootROM upgrade. You can upgrade the BootROM
online by extracting the BootROM program from the upgrade software package
and writing it into the BootROM.
When executing this command, you should make sure that the upgrade software
package (named bootromfull) has existed in the root directory of the flash.
Example
Upgrade the BootROM program of R1760 Router, given that the upgrade
software package has been stored in the root directory of the flash and the file
name is bootromfull.
<3Com> upgrade bootrom full
User Interface
Configuration
Commands
acl
Syntax
acl acl-number { inbound | outbound }
undo acl { inbound | outbound }
View
User interface view
Parameter
acl-number: Address access control list number.
inbound: Restricts incoming calls of a user interface.
outbound: Restricts outgoing calls of a user interface.
Description
Using the acl command, you can reference an ACL to restrict the rights of VTY
(Telnet or SSH) and other types of user interfaces in placing incoming and
outgoing calls. Using the undo acl command, you can remove the current
settings.
By default, there is no incoming or outgoing call barring.
109
authentication-mode
Syntax
authentication-mode { local | password | scheme { list | default } }
authentication-mode none
View
User interface view
Parameter
local: Performs local database authentication.
password: Performs local password authentication.
scheme: Performs AAA authorization authentication.
default: Uses the default authentication parameter.
list: Uses the authentication list.
none: Performs no authentication.
Description
Using the authentication-mode command, you can set the mode that a user
interface uses to authenticate the login users. Using the authentication-mode
none command, you can set the authentication mode to none, that is, the login
users need not undergo authentication before they access the user interface.
By default, the authentication mode is set to password for the VTY user interface
and none for other user interfaces.
For related command, see set authentication password.
Example
Enable local password authentication.
[3Com-ui0] authentication-mode password
auto-execute command
Syntax
auto-execute command command
undo auto-execute command
110
View
User interface view
Parameter
command: Command to be automatically executed.
Description
Using the auto-execute command command, you can set a command to be
automatically executed. Using the undo auto-execute command command, you
can disable the automatic execution of the command.
By default, command auto-execution is disabled.
You should be aware of the following constraints before using the auto-execute
command command:
databits
Syntax
databits { 5 | 6 | 7 | 8 }
undo databits
View
User interface view
111
Parameter
5: Five data bits.
6: Six data bits.
7: Seven data bits.
8: Eight data bits.
Description
Using the databits command, you can set user interface data bit. Using the undo
databits command, you can restore the default data bit setting.
By default, data bit is set to 8.
The configuration can take effect only when the serial interface works in the
asynchronous flow mode.
Example
Set data bit to 5.
[3Com-ui-aux0] databits 5
debugging vty
Syntax
debugging vty { fsm | negotiate }
undo debugging vty { fsm | negotiate }
View
User view
Parameter
fsm: Debugging of the Telnet state machine.
negotiate: Debugging of the VTY negotiation.
Description
Using the debugging vty command, you can enable the debugging of the VTY.
Using the undo debugging vty command you can disable the debugging of the
VTY protocol.
Example
Enable the debugging of the VTY negotiation.
<3Com> debugging vty negotiate
display user-interface
Syntax
display user-interface [ type-name ] [ number ]
112
View
Any view
Parameter
type-name: Name of user interface type.
number: Number of user interface.
Description
Using the display user-interface command, you can display the details of user
interface.
Example
Display information of user interface 0.
<3Com> display user-interface 0
Idx Type Tx/Rx
Modem Privi Auth
* 0 CON 0 9600
3 N
* : Current user-interface is active.
I : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
A: Authenticate use AAA.
L: Authenticate use local database.
N: Current user-interface need not authentication.
P: Authenticate use current UI's password.
display users
Syntax
display users [ all ]
View
Any view
Parameter
all: Displays the information of all the user interface users.
Description
Using the display users command, you can display the login information of the
users on each user interface.
Example
Execute display users on the console.
<3Com> display users
UI
Delay IPaddressUsername
* 0 CON 000:00:00
113
* 1 VTY 000:00:0910.110.101.39dd
Where,
*: Terminal line in use.
UI: The first number and the second number are respectively the absolute number
and relative number of user interface.
Username: Display the name of the user using this user-interface, namely the
username that the user uses for accessing. As AAA authentication is unavailable
yet, this item is null so far.
Delay: In minutes, it is the interval since the last input made by the user.
IP address: Displays the starting connection location, namely, IP address of the
call-in host.
flow-control
Syntax
flow-control { hardware | software | none }
undo flow-control
View
User interface view
Parameter
none: No flow control.
software: Software flow control.
hardware: Hardware flow control , only be effective to AUX port.
Description
Using the flow-control command, you can configure flow control mode. Using
the undo flow-control command, you can restore the default flow control mode.
By default, none mode is used, that is, there is no flow control.
The configuration can become effective only when the involved serial interface
works in the asynchronous flow mode.
When system is outputting, pressing <Ctrl+s> will stop the screen output, and
<Ctrl+q> will resume the screen output.
Example
Configure software flow control in user interface view.
[3Com-ui-console0] flow-control software
114
free user-interface
Syntax
free user-interface [type-name] number
View
User view
Parameter
type-name: User interface type.
number: Absolute/Relative user interface number.
Description
Using the free user-interface number command, you can clear the user
interface with the number defined by the parameter number. Using the free
user-interface type-name number command, you can clear the user interface
with the number defined by number in the user interfaces of the type defined by
type-name.
Example
Clear user-interface 0.
<3Com> free user-interface 0
history-command
max-size
Syntax
history-command max-size size-value
undo history-command max-size
View
User interface view
Parameter
size-value: History buffer size, which is in the range of 0 to 256 and defaults to 10,
that is, up to ten history commands can be stored.
Description
Using the history-command max-size command, you can set the history
command buffer size. Using the undo history-command max-size command,
you can restore the default history command buffer size.
Example
Set size of the history command buffer to 20.
[3Com-ui-console0] history-command max-size 20
idle-timeout
115
Syntax
idle-timeout minutes [ seconds ]
undo idle-timeout
View
User interface view
Parameter
minutes: Number of minutes, in the range of 0 to 35791.
seconds: Number of seconds, in the range of 0 to 59.
Description
Using the idle-timeout command, you can set time interval for timed
disconnection. Using the undo idle-timeout command, you can restore the
default time value of timed disconnection.
The time interval for timed disconnection defaults to ten minutes.
Setting the time value to 0 will disable the timed disconnection, in which case a
connection will not be cut off upon the expiration of preset time interval..
Example
Set the time interval for timed disconnection to one minute and 30 seconds.
[3Com-ui-console0] idle-timeout 1 30
modem
Syntax
modem [ call-in | both ]
undo modem [ call-in | both ]
View
User interface view
Parameter
call-in: Allows incoming calls.
both: Allows both incoming and outgoing calls.
Description
Using the modem command, you can set the incoming/outgoing call attributes
with Modem. Using the undo modem command, you can disable incoming and
outgoing calls.
By default, both incoming and outgoing calls are allowed.
116
When executed without any parameters, the modem command enables both
incoming and outgoing calls.
When executed without any parameters, the undo modem command disables
both incoming and outgoing calls.
This command is only available for the AUX interface and other asynchronous
interface, but not for Console port.
Example
Set Modem dialup at asynchronous serial ports.
[3Com-ui-tty] modem
modem auto-answer
Syntax
modem auto-answer
undo modem auto-answer
View
User interface view
Parameter
None
Description
Using the modem auto-answer command, you can set the answering mode to
auto-answer. Using the undo modem auto-answer command, you can set the
answering mode to manual answer.
By default, the answering mode is manual answer.
This command is valid for the AUX interface and other asynchronous interfaces
but not for the console interface.
When taking the modem dial-up connection approach, the user should first set
the modem parameters on the involved user interface.
Example
Set the answering mode to auto-answer.
[3Com-ui-aux0] modem auto-answer
modem timer answer
Syntax
modem timer answer seconds
undo modem timer answer
117
View
User interface view
Parameter
seconds: Timeout time in the range of 1 to 60 seconds.
Description
Using the modem timer answer command, you can set the timeout time waiting
for the carrier signal after the off-hook action for setting up an inbound
connection. Using the undo modem timer answer command, you can restore
the default waiting timeout time.
The waiting timeout time defaults to 30 seconds.
This command is valid for the AUX interface and other asynchronous interfaces
but not for the console interface.
Example
None
parity
Syntax
parity { none | even | odd | mark | space }
undo parity
View
User interface view
Parameter
none: Implements no check.
even: Implements even parity check.
odd: Implements odd parity check.
mark: Implements mark check.
space: Implements space check.
Description
Using the parity command, you can set the check bit of a user interface. Using
the undo parity command, you can restore the check mode of user interface to
none.
By default, no check is performed.
The configuration can become effective only when the involved serial interface
works in the asynchronous flow mode.
118
Example
Set the transmission check bit on AUX interface to odd parity.
[3Com-ui-aux0] parity odd
redirect
Syntax
redirect
undo redirect
View
User interface view
Parameter
None
Description
Using the redirect command, you can set the redirection function, which is only
valid for the AUX and TTY user interfaces, on an asynchronous port. Using the
undo redirect command, you can disable the rediction function on the involved
port.
By default, the system does not support redirection.
This command is only valid for the AUX and the TTY user interfaces. For example,
executing the redirect command on a TTY user interface will enable the
redirection function of the user interface.
For related commands, see telnet and display tcp status.
Example
Enable the redirection function of user interface TTY7.
[3Com-ui-tty7] redirect
screen-length
Syntax
screen-length screen-length
undo screen-length
View
User interface view
Parameter
screen-length: Number of rows displayed in a screen in the event of split screen
display, which is in the range of 0 to 512.
119
Description
Using the screen-length command, you can set the number of rows displayed in
one screen at the terminal. Using the undo screen-length command, you can
restore the number of rows in a terminal screen to 24.
By default, the number of rows in one screen is 24.
screen-length 0 indicates to disable the split screen function.
Example
Set the number of rows in one screen of the terminal to 30.
[3Com-ui-console0] screen-length 30
send
Syntax
send [ number | all | type-name number ]
View
User view
Parameter
all: Sends messages to all user interfaces.
type-name: Name of user interface type.
number: Absolute/Relative user interface number.
Description
Using the send command, you can transfer messages between user interfaces.
Using the send all command, you can send messages to all user-interfaces.
Using the send number command, you can send messages to the user interface
defined by specifying its number.
Using the send type-name number command, you can send messages to the
user interface of type-name with specified number.
Example
Send messages to the console user-interface.
<3Com> send con 0
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
Hello,good morning!
Send message? [Y/N]
set authentication
password
Syntax
set authentication password { simple | cipher } password
undo set authentication password
120
View
User interface view
Parameter
simple: Plain text password.
cipher: Encrypted password.
password: If password form is set to simple, the parameter password must be in
plain text. If the password form is set to cipher, the password can be either in
encrypted text or in plain text depending on what has been input. A plain-text
password can be a string of no more than 16 consecutive characters, 1234567 for
example. An encrypted password, however, must be of 24 characters in length
and must be in ciphertext, _(TT8F]Y\5SQ=^Q`MAF4<1!! for example.
Description
Using the set authentication password command, you can set a local
authentication password. Using the undo set authentication password
command, you can remove the local authentication password.
Regardless of whether the password format is set to plain text or ciphertext, a user
must input plain text password during the authentication.
When configuring a password, you must specify its format to simple or cipher. If
the former has been specified, the password saved in the configuration file will be
in plain text. If the latter is specified, however, the password will be displayed in
ciphertext regardless of whether the password you enter is a simple password of 1
to 16 bytes or an encrypted password of 24 bytes.
By default, Telnet users are required to undergo login password authentication
(which can be set by using the authentication-mode password command). If
no password has been configured, the following information will be displayed:
shell
Syntax
shell
undo shell
121
View
User interface view
Parameter
None
Description
Using the shell command, you can enable terminal services on a user interface.
Using the undo shell command, you can remove the current setting.
By default, the terminal services are enabled on all the user interfaces.
Some constraints are put on the undo shell command. First, CON does not
support this command. Second, if there is only AUX but no CON on a router (AUX
and CON shares the same port), the AUX will not support this command as well.
These constraints do not apply to other types of user interfaces.
Example
Disable terminal services on the virtual terminals (VTYs) 0 to 4.
[3Com] user-interface vty 0 4
[3Com-ui-vty0-4] undo shell
speed
Syntax
speed speed-value
undo speed
View
User interface view
Parameter
speed-value: Transmission rate in bps.
Description
Using the speed command, you can set the transmission rate of a user interface.
Using the undo speed command, you can restore the default transmission rate of
the user interface.
By default, the transmission rate is 9600bps.
Only when the serial interface works in asynchronous flow mode will the
configuration be effective.
The transmission rates supported by asynchronous serial interfaces include:
122
300bps
600bps
1200bps
4800bps
9600bps
19200bps
38400bps
57600bps
115200bps
Example
Set the transmission rate of the user interface to 19200bps.
[3Com-ui-vty0] speed 19200
stopbits
Syntax
stopbits { 1.5 | 1 | 2 }
undo stopbits
View
User interface view
Parameter
1.5: Sets the stop bit to 1.5.
1: Sets the stop bit to 1.
2: Sets the stop bit to 2.
Description
Using the stopbits command, you can set the stop bit of a user interface. Using
the undo stopbits command, you can restore the default stop bit of the user
interface.
By default, the stop bit is set to 1.
Only when the serial interface works in asynchronous flow mode will the
configuration be effective.
Example
Set the stop bit to 1.5.
[3Com-ui-vty0] stopbits 1.5
user privilege
123
Syntax
user privilege level level
undo user privilege level
View
User interface view
Parameter
level: Command level in the range of 0 to 3.
Description
Using the user privilege command, you can configure the command accessing
level commensurate with the users accessing the system from the current user
interface. Using the undo user privilege command, you can disable the current
setting.
By default, the default command accessing levels of CON user interface and other
user interfaces have been set to 3 and 0.
If the command accessing level assigned to a user interface conflicts with the
precedence level assigned to the used username in the granted rights, the rights
commensurate with the username will be preferred. For example, the precedence
of the user 007 allows 007 to access level-3 commands and the privilege level
assigned to the user interface VTY 0 only allows the login users to access level-2
commands. If 007 accesses the system from VTY0 in this case, it will be able to
access the commands of level-3 and lower levels.
Example
Assign the users accessing the system from the user interface with the privilege
allowing them to access level-2 commands.
[3Com-ui-vty0] user privilege level 2
After the user accesses the router from vty 0 via Telnet, the terminal will display:
<3Com>
user-interface
Syntax
user-interface [ type-keyword ] user-interface-number [ ending-user-interface-number ]
View
System view
Parameter
type-keyword: Type name of user-interface.
user-interface-number: The first user-interface to be configured.
124
debugging
ntp-service
Syntax
debugging ntp-service { access | adjustment | authentication | event | filter | packet |
parameter | refclock | selection | synchronization | validity | all }
undo debugging ntp-service { access | adjustment | authentication | event | filter |
packet | parameter | refclock | selection | synchronization | validity | all }
View
User view
Parameter
access: NTP access control debugging.
adjustment: NTP clock adjustment debugging.
all: All the NTP information debugging.
debugging ntp-service
125
display ntp-service
sessions
Syntax
display ntp-service sessions [ verbose ]
View
Any view
Parameter
verbose: Displays the detailed information of sessions.
Description
Using the display ntp-service sessions command, you can display the status of
all the sessions maintained by the local device ntp.
By default, the status of all the sessions maintained by the local device NTP is
displayed.
The command without parameter verbose will display the brief information of all
the sessions maintained by the local device NTP.
126
The command with parameter verbose will display the detailed information of all
the sessions maintained by the local device NTP.
Example
Display the brief information of all the sessions maintained by the local device NTP
<3Com> display ntp-service sessions
sourcerefidstnowpollreachdelayoffsetdis
******************************************************************
[12345]1.0.1.11LOCAL(0)316437726.1199.539.7
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
display ntp-service
status
Syntax
display ntp-service status
View
Any view
Parameter
None
Description
Using the display ntp-service status command, you can display the state
information of the NTP service.
Example
<3Com> display ntp-service status
clock status: unsynchronized
clock stratum: 16
reference clock ID: none
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Description
synchronized
unsynchronized
stratum
debugging ntp-service
127
display ntp-service
trace
Display information
Description
reference
nominal freq
actual freq
precision
reftime
Reference timestamp
offset
root delay
root disper
peer disper
Syntax
display ntp-service trace [ X.X.X.X ]
View
Any view
Parameter
X.X.X.X: The IP address of the NTP server functioning as the reference clock
source.
Description
Using the display ntp-service trace command, you can display the summary
information of each NTP time server from the local device tracing to the reference
clock source.
This command is used to trace to the reference clock source from the local device
along the time synchronous NTP server chain and display the summary
information of each NTP server.
Example
<3Com> display ntp-service trace
server4: stratum 4, offset 0.0019529, synch distance 0.144135
server3: stratum 3, offset 0.0124263, synch distance 0.115784
server2: stratum 2, offset 0.0019298, synch distance 0.011993
server1: stratum 1, offset 0.0019298, synch distance 0.011993 refid 'GPS Reciever'
The above information displays the synchronous chain of server4. It indicates that
server 4 can be synchronized to server 3, server 3 to server 2 and server 2 to server
1. Server 1 is synchronized from the reference clock source GPS Receiver.
ntp-service access
Syntax
ntp-service access { query | synchronization | server | peer } acl-number
128
View
System view
Parameter
query: Query authority is limited.
synchronization: Only the server is permitted to access.
server: Allows the server to perform access and query.
peer: Absolute access.
acl-number: IP address access list number in the range of 1 to 99.
Description
Using the ntp-service access command, you can set the access control authority
of the local device services. Using the undo ntp-service access command, you
can remove the access control authority that has been set.
By default, there is no access authority.
This command is used to set the access authority of the NTP service of the local
device. A security approach of minimum authority is provided in this manual. The
more secure approach is to perform ID authentication. When there is an access
request, this command can be used to make the matches in sequence from
minimum access authority to the maximum authority. All matches are based on
the first match. The match order is peer, server, synchronization, query.
Example
Enable the peer in No.76 access list to perform time request, query control and
time synchronization on the local device.
[3Com] ntp-service access peer 76
Enable the peer in No.28 access list to perform time request, query control on the
local device.
[3Com] ntp-service access server 28
ntp-service
authentication enable
Syntax
ntp-service authentication enable
undo ntp-service authentication enable
View
System view
debugging ntp-service
129
Parameter
None
Description
Using the ntp-service authentication enable command, you can set NTP-service
ID authentication. Using the undo ntp-service authentication enable
command, you can remove NTP-service ID authentication.
By default, no ID authentication is set.
Example
Enable NTP ID authentication.
[3Com] ntp-service authentication enable
ntp-service
authentication-keyid
Syntax
ntp-service authentication-keyid number authentication-mode md5 value
undo ntp-service authentication-keyid number
View
System view
Parameter
number: Key number in the range of 1 to 4294967295.
value: Key itself that is represented with 1 to 32 ASCII characters.
Description
Using the ntp-service authentication-keyid command, you can set NTP
authentication key. Using the undo ntp-service authentication-keyid
command, you can remove NTP authentication key.
By default, no authentication key is set.
This command is used to set NTP authentication key, which only supports MD5
authentication.
Example
Set MD5 ID authentication key. The key ID number is 10 and the key is BetterKey.
[3Com] ntp-service authentication-keyid 10 authentication-mode md5 BetterKey
ntp-service
broadcast-client
Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
130
View
Interface view
Parameter
None
Description
Using the ntp-service broadcast-client command, you can configure the NTP
broadcast client mode. Using the undo ntp-service broadcast-client command,
you can remove the NTP broadcast client mode.
By default, no NTP broadcast client service is configured.
This command is used to specify the local interface on the local device to receive
the NTP broadcast packets. The local device is run in client mode. It first listens
discreetly to the broadcast packets from the server. When the first broadcast
packet is received, the local device enables a short client/server mode to exchange
messages with the remote server in order to estimate network delay. Then it enters
the client mode to listen discreetly to the broadcast packets and synchronize the
local clock according to the coming broadcast packets.
Example
Enable the interface Ethernet 1/0/1 to receive NTP broadcast message.
[3Com] interface ethernet 1/0/1
[3Com-Ethernet1/0/1] ntp-service broadcast-client
ntp-service
broadcast-server
Syntax
ntp-service broadcast-server [ authentication-keyid keyid | version number ] *
undo ntp-service broadcast-server
View
Interface view
Parameter
authentication-keyid: Defines the ID authentication key.
keyid: Key ID number used to transmit message to broadcast clients, which is in
the range of 1 to 4294967295.
version: Defines the NTP version number.
number: NTP version number in the range of 1 to 3.
debugging ntp-service
131
Description
Using the ntp-service broadcast-server command, you can configure NTP
broadcast server mode. Using the undo ntp-service broadcast-server
command, you can remove the NTP broadcast server mode.
By default, no broadcast service is configured and the version number is 3.
This command is used to specify an interface on the local device to transmit NTP
broadcast packets. The local device is run in broadcast-server mode, which acts as
the broadcast server to transmit broadcast messages periodically to the broadcast
clients.
Example
Enable Ethernet 1/0/0 to transmit NTP broadcast packets. No.4 key is used for
encryption and NTP version number is set to 3.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet1/0/0] ntp-service broadcast-server authentication-key 4 version 3
ntp-service
max-dynamic-sessions
Syntax
ntp-service max-dynamic-sessions number
undo ntp-service max-dynamic-sessions
View
System view
Parameter
number: Number of sessions allowed to be established locally. It is in the range of
0 to (232-1).
Description
Using the ntp-service max-dynamic-sessions command, you can set the
number of sessions allowed to be established locally. Using the undo ntp-service
max-dynamic-sessions command, you can restore the default number of the
sessions.
By default, 100 sessions are allowed to be established.
Example
Set the number of sessions the local allows to establish to 50.
[3Com] ntp-service max-dynamic-sessions 50
ntp-service
multicast-client
Syntax
ntp-service multicast-client [ X.X.X.X ]
undo ntp-service multicast-client [ X.X.X.X ]
132
View
Interface view
Parameter
X.X.X.X: Multicast IP address, which is a Class D address.
Description
Using the ntp-service multicast-client command, you can configure the NTP
multicast client mode. Using the undo ntp-service multicast-client command,
you can remove the NTP multicast client mode.
By default, no multicast client service is configured and the X.X.X.X is 224.0.1.1.
This command is used to specify an interface on the local device to receive the NTP
multicast packets. The local device is run in client mode. It first listens discreetly to
the multicast packets from the server. When the first multicast packet is received,
the local device enables a short client/server mode to exchange messages with the
remote server in order to estimate network delay. Then it enters the client
(multicast-client) mode to listen discreetly to the multicast packets and synchronize
the local clock according to the coming multicast packets.
Example
Configure Ethernet 1/0/0 to receive NTP multicast packets. The multicast address
corresponding to the multicast packets is 244.0.1.1.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet1/0/0] ntp-service multicast-client 224.0.1.1
ntp-service
multicast-server
Syntax
ntp-service multicast-server [ X.X.X.X ] [ authentication-keyid keyid | ttl ttl-number |
version number ] *
undo ntp-service multicast-server [ X.X.X.X ]
View
Interface view
Parameter
X.X.X.X: Multicast IP address, which is a Class D address. The default address is
224.0.1.1.
authentication-keyid: Defines the ID authentication key.
keyid: ID number used when transmitting messages to the multicast clients in the
range of 1 to 4294967295.
ttl: Defines the life span of the multicast packet.
ttl-number: Life span of the multicast packet in the range of 1 to 255.
debugging ntp-service
133
ntp-service
refclock-master
Syntax
ntp-service refclock-master [ X.X.X.X ] [ layers-number ]
undo ntp-service refclock-master [ X.X.X.X ]
View
System view
Parameter
X.X.X.X: IP address of the reference clock 127.127.t.u.
layers-number: Specifies the stratum of the local clock, which is in the range of 1
to 15.
Description
Using the ntp-service refclock-master command, you can set the external
reference clock or the local clock to be the NTP master clock. Using the undo
ntp-service refclock-master command, you can remove the setting of the NTP
master clock.
By default, the X.X.X.X is not specified and the stratum is 1.
Setting the external reference clock or the local clock to be the NTP master clock
provides other devices with synchronous time. The X.X.X.X is the IP address
127.127.t.u of the reference clock. When no IP address is specified, the local clock
134
is the NTP master clock by default. This command can be used to specify the
stratum of the NTP master clock.
Example
Set the local device to be the NTP master clock to provide synchronous time for
other peers. The stratum is set to 3.
[3Com] ntp-service refclock-master 3
ntp-service reliable
authentication-keyid
Syntax
ntp-service reliable authentication-keyid number
undo ntp-service reliable authentication-keyid number
View
System view
Parameter
number: Key number in the range of 1 to 4294967295.
Description
Using the ntp-service reliable authentication-keyid command, you can specify
the key to be reliable. Using the undo ntp-service reliable
authentication-keyid command, you can remove the specified reliable key.
By default, no reliable authentication key is set.
If ID authentication is enabled, this command is used to specify that one or more
keys are reliable. That is, the client can only synchronize the server that provides
the reliable key. The client cannot synchronize the server that provides keys not
being reliable.
Example
Enable NTP ID authentication in MD5 encryption method. The key ID number is
37 and the key is BetterKey. The key is specified to be reliable.
[3Com] ntp-service authentication enable
[3Com] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey
[3Com] ntp-service reliable authentication-keyid 37
ntp-service
source-interface
Syntax
ntp-service source-interface {interface-type interface-number }
undo ntp-service source-interface
View
System view
debugging ntp-service
135
Parameter
interface-type: Interface type, which determines an interface along with the
interface-number.
interface-number: Interface number, which determines an interface along with the
interface-type.
Description
Using the ntp-service source-interface command, you can specify the interface
for the local end to transmit NTP messages. Using the undo ntp-service
source-interface command, you can delete the interface for the local end to
transmit NTP messages.
The source IP address is determined by the output interface.
The source IP address is the specified one when specifying the local to transmit all
the NTP messages. The IP address is obtained from the specified interface. If the
user does not want the IP addresses on other interfaces to become the destination
address responding to the messages, this command can be used to specify one
interface to send all the NTP packets.
Example
Specify the source IP address of all the NTP output packets to use the IP address
on the interface Ethernet 1/0/0.
[3Com] ntp-service source-interface ethernet 1/0/0
ntp-service unicast-peer
Syntax
ntp-service unicast-peer X.X.X.X [ version number | authentication-key keyid |
source-interface {interface-type interface-number } | priority ] *
undo ntp-service unicast-peer X.X.X.X
View
System view
Parameter
X.X.X.X: IP address of the remote server.
version: Defines the NTP version number.
number: NTP version number in the range of 1 to 3.
authentication-keyid: Defines ID authentication key.
keyid: Key ID number in the range of 1 to 4294967295, which is used when
transmitting messages to the remote server.
source-interface: Specifies the interface name.
136
ntp-service
unicast-server
Syntax
ntp-service unicast-server X.X.X.X [ version number | authentication-keyid keyid |
source-interface {interface-type interface-number } | priority ] *
undo ntp-service unicast-server X.X.X.X
View
System view
Parameter
X.X.X.X: IP address of the remote server.
version: Defines the NTP version number.
number: NTP version number in the range of 1 to 3.
authentication-keyid: Defines ID authentication key.
keyid: Key ID number in the range of 1 to 4294967295, which is used when
transmitting messages to the remote server.
137
SNMP Configuration
Commands
debugging snmp-agent
Syntax
debugging snmp-agent { header | packet | process | trap }
undo debugging snmp-agent { header | packet | process | trap }
View
User view
Parameter
header: Enables the debugging of packet information header.
packet: Enables the packet debugging.
process: Enables the process debugging of SNMP packets.
trap: Enables the debugging of Trap packets.
138
Description
Using the debugging snmp-agent command, you can enable the SNMP Agent
debugging and specify the debugging information of SNMP module. Using the
undo debugging snmp-agent command, you can remove the current settings.
By default, the SNMP Agent debugging is disabled.
Example
Enable the debugging of SNMP Agent packet information header.
<3Com> debugging snmp-agent header
display snmp-agent
Syntax
display snmp-agent { local-engineid | remote-engineid }
View
Any view
Parameter
None
Description
Using the display snmp-agent command, you can display the SNMP engine ID of
local or remote device.
The SNMP engine is the only identification of the SNMP management, and it
uniquely identifies a SNMP entity in one management domain. The SNMP engine
is an important component of the SNMP entity, completing the functions of SNMP
messages such as message dispatching, message processing, security
authentication and access control.
Example
Display the engine ID of the local device.
<3Com> display snmp-agent local-engineid
SNMP local EngineID: 000007DB7F0000013859
Syntax
display snmp-agent community [ read | write ]
View
Any view
139
Parameter
read: Displays the community name information with the read-only authority.
write: Displays the community name information with the authority of read and
write.
Description
Using the display snmp-agent community command, you can display the
currently configured community name of SNMPv1 or SNMPv2.
Example
Display the currently configured community name.
<3Com> display snmp-agent community
Community name:8040zlz
Group name:8040zlz
Storage-type: nonVolatile
Community name:8040core
Group name:8040core
Storage-type: nonVolatile
display snmp-agent
group
Syntax
display snmp-agent group [ group-name ]
View
Any view
Parameter
group-name: Specifies the group name of the SNMP information to be displayed,
ranging 1 to 32 bytes.
Description
Using the display snmp-agent group command, you can display the group
information based on USM. Without parameters, the command displays the group
information corresponding to all the specified group names, including group
name, security mode, storage types on the router etc.
Example
Display the SNMP group name and security mode.
<3Com> display snmp-agent group
Group name: v3r2
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview :<no specified>
Storage-type: nonVolatile
140
The corresponding fields displayed above are described in the following table:
Table 4 Description of display snmp-agent group fields
display snmp-agent
mib-view
Content
Description
Groupname
Readview
Writeview
Notifyview
Storage-type
Syntax
display snmp-agent mib-view [ exclude | include | viewname view-name ]
View
Any view
Parameter
exclude: Specifies to exclude the SNMP MIB view attributes displayed and set.
include: Specifies to include the SNMP MIB view attributes displayed and set.
viewname: Specifies the view name to be displayed.
Description
Using the display snmp-agent mib-view command, you can display the
currently configured MIB view.
Example
Display the currently configured MIB view.
<3Com> display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:internet
Subtree mask:
Storage-type: nonVolatile
View Type:included
View status:active
View name:ViewDefault
MIB Subtree:snmpUsmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
141
MIB Subtree:snmpModules.18
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
Description
View name
View name
MIB Subtree
MIB subtree
Storage-type
Storage type
ViewType: Included/excluded
Active
CAUTION: When the SNMP Agent is disabled, "Snmp Agent disabled" will be
displayed for all the above display commands.
display snmp-agent
statistics
Syntax
display snmp-agent statistics
View
Any view
Parameter
None
Description
Using the diplay snmp-agent statistics command, you can display the state and
statistics of SNMP.
Example
Check the statistics of SNMP communication.
<3Com> display snmp-agent statistics
0 Messages delivered to the SNMP entity
0 Messages which were for an unsupported version
0 Messages which used a SNMP community name not known
0 Messages which represented an illegal operation for the community supplied
0 ASN.1 or BER errors in the process of decoding
0 Messages passed from the SNMP entity
0 SNMP PDUs which had badValue error-status
0 SNMP PDUs which had genErr error-status
0 SNMP PDUs which had noSuchName error-status
0 SNMP PDUs which had tooBig error-status (Maximum packet size 500)
0 MIB objects retrieved successfully
0 MIB objects altered successfully
0 GetRequest-PDU accepted and processed
142
Description
Messages which were for an unsupported Number of packets with version errors
version
Messages which used an unknown
community name
Set-request PDUs accepted and processed Number of received packets that set requests
display snmp-agent
sys-info
Syntax
display snmp-agent sys-info [ contact | location | version ]*
View
Any view
Parameter
contact: Displays the contact information of the local device.
location: Displays the physical location information of the local device.
143
display snmp-agent
usm-user
Syntax
display snmp-agent usm-user [ engineid engineid | username user-name | group
group-name ] *
View
Any view
Parameter
engineid: Displays the SNMPv3 user information of the specified engine ID.
engineid-string: Character string of the engine ID.
username: Displays the information of the specified SNMPv3 user.
user-name: User name, in the range of 1 to 32 bytes.
group: Displays the user information belonging to the related SNMP group.
group-name: Group name, in the range of 1 to 32 bytes.
Description
Using the display snmp-agent usm-user command, you can display the
information about SNMP users.
An SNMP user is the remote user who executes SNMP management operation.
The snmp-agent usm-user command is used to specify the SNMP user.
Example
Display the information about all the current users.
<3Com> display snmp-agent usm-user
User name: authuser
Engine ID: 8000007DB20000000C025808 active
144
snmp-agent
Content
Description
authuser
User name
Engine ID
Active
Syntax
snmp-agent
undo snmp-agent
View
System view
Parameter
None
Description
Using the snmp-agent command, you can enable the SNMP Agent and specify
the SNMP configuration information. Using the undo snmp-agent command,
you can disable SNMP Agent.
By default, the SNMP Agent is disabled.
The snmp-agent command can be used to enable SNMP Agent, and any
configuration command of snmp-agent can also enable SNMP Agent. However,
the undo form of the corresponding command does not have the functions. It will
be invalid configuring the undo form of the command when the SNMP Agent is
not enabled.
The undo snmp-agent command is used to disable the SNMP Agent on the
condition that SNMP Agent has been enabled.
Example
Disable the operating SNMP version.
[3Com] undo snmp-agent
SNMP Agent disabled
snmp-agent community
Syntax
snmp-agent community { read | write } community-name [ [ mib-view view-name ] | [ acl
acl-number ] ]*
undo snmp-agent community community-name
145
View
System view
Parameter
read: Indicates that the community name has the read-only authority in the
specified view.
write: Indicates that the community name has the read and write authority in the
specified view.
community-name: Character string of community name.
mib-view: MIB view available for the specified community name
view-name: Name of MIB view.
acl: Sets the ACL corresponding to the community name.
acl-number: Number of the ACL, range 1 to 99.
Description
Using the snmp-agent community command, you can set the community access
name of SNMPV1 and SNMPV2C and MIB views and ACLs available for the
community name. Using the undo snmp-agent community command, you can
remove the setting.
For the related command, see snmp-agent group, snmp-agent usm-user.
Example
Set the community name to comaccess and allow read-only access with this
community name.
[3Com] snmp-agent community read comaccess
Set the community name to mgr and enable reading and writing access.
[3Com] snmp-agent community write mgr
snmp-agent group
Syntax
snmp-agent group { v1 | v2c } group-name { [ read read-view ] | [ write write-view ] | [
notify notify-view ] } [ acl acl-number ]
undo snmp-agent group { v1 | v2c } group-name
snmp-agent group v3 group-name [ authentication | privacy ] { [ read read-view ] | [
write write-view ] | [ notify notify-view ] } [ acl acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
146
View
System view
Parameter
v1: V1 security mode the user uses.
v2c: V2C security mode the user uses.
v3: V3 security mode the user uses.
group-name: Group name, in the range of 1 to 32 bytes.
authentication: Performs authentication of the packet without encryption.
privacy: Performs authentication and encryption of the packet.
read: Enables the setting of read-only view.
read-view: Name of the read-only view, in the range of 1 to 32 bytes.
write: Enables the setting of reading and writing view.
write-view: Name of the reading and writing view, in the range of 1 to 32 bytes.
notify: Enables the setting of notify view.
notify-view: Name of the notify view , in the range of 1 to 32 bytes.
acl: Sets the list of access view.
acl-number: Standard access list, in the range of 1 to 99.
Description
Using the snmp-agent group command, you can configure a new SNMP group,
i.e., to map the SNMP user to the SNMP view. Using the undo snmp-agent
group command, you can delete a specified SNMP group.
By default, the snmp-agent group group-name v3 command adopts the
method of not authenticating and encrypting.
For the related command, see snmp-agent mib-view, snmp-agent usm-user.
Example
Create an SNMPv3 group known as Johngroup.
[3Com] snmp-agent group v3 Johngroup
snmp-agent
local-engineid
Syntax
snmp-agent local-engineid engineid
undo snmp-agent local-engineid
147
View
System view
Parameter
engineid: Character string of engine ID. It must be a hexadecimal number with
the length of 5 to 32.
Description
Using the snmp-agent local-engineid command, you can configure an ID for
the local SNMP engine on the router. Using the undo snmp-agent
local-engineid command, you can remove the current settings.
By default, the engine ID is "enterprise number + equipment information" of the
company. Each device determines the equipment information. It can be either the
IP address, MAC address or the device defined hexadecimal number string.
For the related command, see snmp-agent usm-user.
Example
Configure the name of the local equipment as 12345.
[3Com] snmp-agent local-engineid 12345
snmp-agent mib-view
Syntax
snmp-agent mib-view { included | excluded } view-name oid-tree
undo snmp-agent mib-view view-name
View
System view
Parameter
view-name: Name of the view.
oid-tree: OID MIB subtree for the Mib object subtree, which can be a character
string of the variable OID or a character string of variable name. For example, it
can be character strings such as 1.4.5.3.1 and system character strings or use "*"
as wildcard, for example, 1.4.5.*.*.1.
included: Indicates to include the MIB subtree.
excluded: Indicates to exclude the MIB subtree.
Description
Using the snmp-agent mib-view command, you can create or update the
information about a view. Using the undo snmp-agent mib-view command,
you can delete the view information.
148
snmp-agent packet
max-size
Syntax
snmp-agent packet max-size byte-count
undo snmp-agent packet max-size
View
System view
Parameter
byte-count: The maximum length of the SNMP packets that Agent can
receive/send, in the range of 484 to 17940 bytes. The default value is 1500 bytes.
Description
Using the snmp-agent packet max-size command, you can set the maximum
length of the SNMP message packets that Agent can receive/forward. Using the
undo snmp-agent packet max-size command, you can remove the current
setting.
Example
Set the maximum length of the SNMP packet that Agent can receive/forward to
1042 bytes.
[3Com] snmp-agent packet max-size 1042
snmp-agent sys-info
Syntax
snmp-agent sys-info { contact sysContact | location sysLocation | version { { v1 | v2c | v3
} * | all } }
undo snmp-agent sys-info { contact | location | version { { v1 | v2c | v3 } * | all } }
View
System view
Parameter
contact: Sets the system maintenance contact information.
149
snmp-agent target-host
Syntax
snmp-agent target-host trap address udp-domain X.X.X.X [ udp-port port-number ]
params securityname security-string [ v1 | v2c | v3 { authentication | privacy } ]
undo snmp-agent target-host X.X.X.X securityname security-string
View
System view
Parameter
trap: Specifies the host as the trap host.
150
address: Specifies the address of the destination host where the SNMP message
transmits.
udp-domain: Specifies that the transmission domain of the destination host is
based on UDP.
X.X.X.X: IP address of the host.
udp-port: Specifies the port.
port-number: Specifies the port number that receives the trap packet.
params: Specifies the information of the logging host that generates SNMP
messages.
securityname: Specifies the community name of SNMPV1, V2C or the username of
SNMPV3.
security-string: Community name of SNMPV1, V2C or the username of SNMPV3,
in the range of 1 to 32 bytes.
v1: SNMPV1.
v2c: SNMPv2c.
v3: SNMPV3.
authentication: Performs authentication with the packet without encryption.
privacy: Performs both authentication and encryption with the packet.
Description
Using the snmp-agent target-host command, you can set the destination that
receives the SNMP notification. Using the undo snmp-agent target-host
command, you can remove the host that receives the SNMP notification.
For the related command, see snmp-agent trap enable, snmp-agent trap
source, snmp-agent trap life.
Example
Enable to send SNMP Trap packets to 10.1.1.1, using the community name of
comaccess.
[3Com] snmp-agent trap enable snmp
[3Com] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname
comaccess
151
Send SNMP Trap packets to 10.1.1.1, using the community name of public.
[3Com] snmp-agent trap enable standard
[3Com] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname
public
Syntax
snmp-agent trap enable [ trap-type [ trap-list ] ]
undo snmp-agent trap enable [ trap-type [ trap-list ] ]
View
System view
Parameter
trap-type: Enables the trap packet of this type.
trap-list: The parameter list corresponding to the trap packets of trap-type.
Description
Using the snmp-agent trap enable command, you can enable the device to send
Trap packets and set the trap or notification parameters. Using the undo
snmp-agent trap enable command, you can remove the current setting.
By default, sending Trap packets is enabled.
The snmp-agent trap enable command indicates to allow sending all types of
SNMP Trap packets of all the modules, when there is no parameter.
The snmp-agent trap enable command should be used in cooperation with the
snmp-agent target-host command. The snmp-agent target-host command is
used to specify the hosts to which the Trap information will be sent. To send Trap
information, the user should configure at least one snmp-agent target-host
command.
The module trap-type forwarding the Trap packets can be snmp, bgp and vrrp
(VRRP Trap packets).
Types of packets that SNMP modules can send include authentication, coldstart,
linkdown, linkup and warmstart.
For the related command, see snmp-agent target-host, snmp-agent
trap-source, snmp-agent trap-timeout.
Example
Allow sending the Trap packets, which fail to perform SNMP authentication, to
10.1.1.1. The trap packets are in the form of V2C with the community name of
public.
[3Com] snmp-agent trap enable snmp authentication
152
Enable to send all types of BGP Trap packets to 10.1.1.1. The trap packets are in
the form of V3 with the community name of super. The packets are authenticated
but not encrypted.
[3Com] snmp-agent trap enable bgp
[3Com] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname
super v3 authentication
Syntax
snmp-agent trap life seconds
undo snmp-agent trap life
View
System view
Parameter
seconds: Timeout in seconds, ranging 1 to 2592000 with the default value as 120
seconds.
Description
Using the snmp-agent trap life command, you can set the conservation time of
the Trap packet and the Trap packets exceeding the time will be dropped. Using
the undo snmp-agent trap life command, you can remove the current setting.
If the conservation time for the Trap packets the system has configured is seconds.
The Trap packets over the conservation time will be discarded without being sent
or conserved.
For the related command, see snmp-agent trap enable, snmp-agent
target-host.
Example
Set the timeout of the Trap packet to 60 seconds.
[3Com] snmp-agent trap-life 60
snmp-agent trap
queue-size
Syntax
snmp-agent trap queue-size size
undo snmp-agent trap queue-size
View
System view
153
Parameter
size: Length of the message queue, ranging 1 to 1000.
Description
Using the snmp-agent trap queue-size command, you can set the length of the
message queue of the Trap packet sent to the destination host. Using the undo
snmp-agent trap queue-size command, you can cancel the setting.
By default, the length is 100.
For the related command, see snmp-agent trap enable, snmp-agent
target-host, snmp-agent trap life.
Example
Set the length of the message queue of the host forwarding the Trap packet to
200.
[3Com] snmp-agent trap queue-size 200
Syntax
snmp-agent trap source interface-type interface-number [ subinterface-type ]
undo snmp-agent trap source
View
System view
Parameter
interface-type: Interface type.
interface-number: Interface number.
subinterface-name: Subinterface type.
Description
Using the snmp-agent trap source command, you can specify the source
address from which Trap will be sent. Using the undo snmp-agent trap source
command, you can remove the Trap source address.
There is always a Trap address when the SNMP Trap message is being sent from a
server, no matter from which interface it is sent. This command can be used to
trace a special event.
For the related command, see snmp-agent trap enable, snmp-agent
target-host.
154
Example
Specify the IP address of the Ethernet interface 1/0/0 as the source address of Trap
packet.
[3Com] snmp-agent trap source ethernet 1/0/0
snmp-agent usm-user
Syntax
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
snmp-agent usm-user v3 user-name group-name [ [ authentication-mode { md5 | sha }
auth-password ] [ privacy des56 priv-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string
}
View
System view
Parameter
v1: V1 security mode the user uses.
v2c: V2C security mode the user uses.
v3: V3 security mode the user uses.
user-name: User name, in the range of 1 to 32 bytes.
group-name: Group name the user is corresponding to, in the range of 1 to 32
bytes.
authentication-mode: Specifies the security level as requiring authentication.
md5: Specifies the authentication protocol as HMAC-MD5-96.
sha: Specifies the authentication protocol as HMAC-SHA-96.
auth-password: Authentication password, which is a character string in the range
of 1 to 64 bytes.
privacy: Specifies the security level as encrypted.
des56: Specifies the encryption protocol as DES.
priv-password: Encryption password, which is a character string in the range of 1
to 64 bytes.
acl: Sets the list of access view.
acl-number: Standard access list, in the range of 1 to 99.
local: Indicates the local entity user.
155
Terminal Service
Commands
Terminal Service of
Telnet
debugging telnet
Syntax
debugging telnet
undo debugging telnet
View
User view
Parameter
None
Description
Using the debugging telnet command, you can enable the debugging for Telnet
connection. Using the undo debugging telnet command, you can disable the
debugging for Telnet connection.
By default, the debugging for Telnet connection is disabled.
156
Syntax
display tcp status
View
Any view
Parameter
None
Description
Using the display tcp status command, you can display all TCP connections
currently established with the router.
This command is used to display all TCP connections currently established with the
router. Compared with display users, the display tcp status command can display
more information about Telnet clients and servers.
The information that this command can display includes: the local address of TCP
connection, local port number, external address, external port number, and
connection state.
For the related command, see telnet.
Example
<3Com> display tcp status
TCPCB Local Address
Foreign Address
129.102.100.142 23
129.102.001.092
028ca414 0.0.0.0.23
0.0.0.0.0
State
ESTABLISHED
LISTEN
The above shown information indicates: one TCP connection has been set up. the
local IP address of the TCP connection is 129.102.100.142 with the local port
number as 23, and the remote IP address is 129.102.001.92, and there is also a
local server process monitoring the No. 23 port.
telnet
Syntax
telnet [ vpn-instance vpn-instance-name ] host-ip-address [ service-port ]
View
User view
Parameter
vpn-instance vpn-instance-name: Sets the vpn-instance name of MPLS VPN.
157
SSH Configuration
Commands
debugging rsa
Syntax
debugging rsa
undo debugging rsa
View
User view
Parameter
None
Description
Using the debugging rsa command, you can send the detailed information about
each process and packet structure of RSA algorithm to the information center in
debugging form and to debug certain user-interface separately. Using the undo
debugging rsa command, you can disable the debugging.
By default, the debugging is disabled.
158
For the related command, see rsa local-key-pair create, rsa local-key-pair
destroy.
Example
Enable the RSA debugging.
<3Com> debugging rsa
Syntax
debugging ssh server { VTY index | all }
undo debugging ssh server { VTY index | all }
View
User view
Parameter
index: Debugged SSH channel. In default, its value ranges from 0 to 4 and is
limited by VTY number.
all: All SSH channels.
Description
Using the debugging ssh server command, you can send the information about
negotiation process regulated by SSH1.5 protocol to information center as
debugging formation and to debug certain user-interface separately. Using the
undo debugging ssh server command, you can disable the debugging.
By default, the debugging is disabled.
For the related command, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.
Example
Print debugging information when running SSH.
[3Com] debugging ssh server vty 0
00:23:20: SSH0: starting SSH control process
00:23:20: SSH0: sent protocol version id SSH-1.5-3Com-1.25
00:23:20: SSH0: protocol version id is - SSH-1.5-1.2.26
00:23:20: SSH0: SSH_SMSG_PUBLIC_KEY msg
00:23:21: SSH0: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03
00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished
00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished
Syntax
display rsa local-key-pair public
159
View
Any view
Parameter
None
Description
Using the display rsa local-key-pair public command, you can display the public
key of host key pair of server and server key pair. If no key is generated, the system
will prompt that no key is found, e.g., RSA keys not found.
For the related command, see rsa local-key-pair create.
Example
<3Com> display rsa local-key-pair public
% Key pair was generated at: 12:26:33 UTC 2002/4/4
Key name: rtvrp_Host
Usage: Encryption Key
Key Data:
30470240 AF7DB1D0 DA78944F 53B7B59B 40D425D0 DC9C57D2 A60916C2 1F165807
08B84DDB 5F4DB8E7 A115B74E 2D41D96C AC61D276 AA027E41 DD48DE64 696E0934
EB872805 02030100 01
% Key pair was generated at: 12:26:45 UTC 2002/4/4
Key name: rtvrp_Server
Usage: Encryption Key
Key Data:
30670260 C05280D9 BA0D56C8 7BE43379 8634CDE7 83ABA9A2 3F36280E 25995487
4FF6AD7A 0E57871C 761E6D92 9914D8C5 CC577388 5B580B94 C2172C8F 36039EED
160A0478 651DED3A 9CCF1AAD D800AAF2 DF7FBEC4 A13ADA59 9E738319 AF366B8B
519D39F5 02030100 01
display rsa
peer-public-key
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameter
brief: Displays the brief information of all the remote public key.
keyname: Specifies the key name to be displayed. It is the continuous character
string, 0< length value<64.
Description
Using the display rsa peer-public-key command, you can display the specified
RSA public key. If there is no public key specified, all public keys will be displayed.
For the related command, see rsa local-key-pair create.
160
Example
<3Com> display rsa peer-public-key
Address
Bits Name
1023 abcd
1024 hq
1024 wn1
1024 hq_all
[3Com] display rsa peer-public-key name abcd
Key name:abcd
Key address:
Data:
30818602 8180739A 291ABDA7 04F5D93D C8FDF84C 42746319 91C164B0 DF178C55
FA833591 C7D47D53 81D09CE8 2913D7ED F9C08511 D83CA4ED 2B30B809 808EB0D1
F52D045D E40861B7 4A0E1355 23CCD74C AC61F8E5 8C452B2F 3F2DA0DC C48E3306
367FE187 BDD94401 8B3B69F3 CBB0A573 202C16BB 2FC1ACF3 EC8F828D 55A36F1C
DDC4BB45 504F0201 25
Syntax
display ssh server { status | session }
View
Any view
Parameter
status: Displays the SSH status information.
session: Displays SSH session information.
Description
Using the display ssh server command, you can display the SSH status or
session.
For the related command, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.
Example
Display SSH status and configuration parameters.
[3Com]display ssh server status
SSH version : 1.5
SSH connection timeout : 60 seconds
SSH server key generating interval : 1 hours
SSH Authentication retries : 3 times
Display SSH session respectively.
[3Com] display ssh server session
ConnectionVersionEncryptionStateUsername
VTY0
1.5
DESSession started3Com
VTY3
1.5
DESSession startedrouter
peer-public-key end
161
Syntax
peer-public-key end
View
Public key view
Parameter
None
Description
Using the peer-public-key end command, you can return to the system view
from the public key view.
For the related command, see rsa peer-public-key and public-key-code begin.
Example
Exit public view and save the configuration.
[3Com] rsa peer-public-key 3Com003
[3Com-rsa-public-key] peer-public-key end
[3Com]
display ssh
user-information
Syntax
display ssh user-information [ username ]
View
Any view
Parameter
username: Valid SSH user name defined by AAA.
Description
Using the display ssh user-information command, you can display the
information about current SSH user including user name, corresponding key name
and user authentication mode. If you specify the username parameter, then the
information about the specified user will be displayed.
For the related command, see ssh user username assign rsa-key, ssh user
username authentication-type.
Example
Display the user information.
[3Com] display ssh user-information
Username
user-public-key-name
authentication-type
Jin
jin rsa
hanqi1
816pubpassword
1024
file3rsa
162
4000
hq_rsaall
hanqi_rsa hq_rsa
rsa
hanqi_all hq_all
all
protocol inbound
Syntax
protocol inbound { all | ssh | telnet | pad }
View
User interface view of VTY type
Parameter
all: Supports all the protocols, including Telnet and SSH.
ssh: Only supports SSH, not support Telnet.
telnet: Only supports Telnet, not support SSH.
pad: Only supports pad protocol.
Description
Using the protocol inbound command, you can specify the protocols supported
by the current user interface.
By default, the system supports all the protocols, that is, Telnet and SSH.
When the command is used to specify the protocols supported by the current user
interface and SSH is enabled, SSH is still unavailable if the rsa key of the local
router is not configured. The configuration result will take effect at the next login
request.
If SSH is configured as the protocols supported by the current user interface, you
should configure the corresponding authentication method as
authentication-mode local or authentication-mode scheme default (using AAA) to
ensure the successful login. If the authentication method is configured as
authentication-mode password and authentication-mode none, the configuration
of protocol inbound ssh will fail.
For the related command, see user-interface vty.
Example
Disable the Telnet function of vty0 to vty4 and only support the SSH function.
[3Com] user-interface vty 0 4
[3Com-ui-vty0-4] protocol inbound ssh
Disable the Telnet function of vty0 and only support the SSH function.
[3Com] user-interface vty 0
[3Com-ui-vty0] protocol inbound ssh
public-key-code begin
Syntax
public-key-code begin
163
View
Public key view
Parameter
None
Description
Using the public-key-code begin command, you can enter the edit view of
public key.
Before using this command, you must use the rsa peer-public-key command to
specify one key name. After the public-key-code begin command is input, the
system enters the edit view of public key and you can input the key data. When
the key data are input, the space can exist between characters and you can press
enter key to continue the data input. The public key configured must be the hex
character ring coded according to public key format. The public key is generated
in stochastic mode by the client software supporting SSH.
For the related command, see rsa peer-public-key, public-key-code end.
Example
Enter the edit view of public key and to input key.
[3Com] rsa peer-public-key 3Com003
[3Com-rsa-public-key] public-key-code begin
[3Com-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[3Com-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[3Com-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[3Com-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[3Com-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[3Com-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[3Com-key-code] public-key-code end
public-key-code end
Syntax
public-key-code end
View
Public key edit view
Parameter
None
Description
Using the public-key-code end command, you can quit public key edit view to
public key view and to save the public key configured by the user. In addition, to
quit public key view to public key chain view.
164
After this command is executed, the edit process of public key will be ended.
Before saving the public key, the system will check the validity of key. If there are
illegal characters in the public key character string configured by the user, the
system will display relevant prompt information that illegal characters are input.
The public key configured by the user will be discarded so this configuration fails.
If the public key configured is valid, it will be saved in public key chain table of
client.
For the related command, see rsa peer-public-key, public-key-code begin.
Example
Quit and save the configuration.
[3Com-rsa-key-code] public-key-code end
[3Com-rsa-public-key]
Syntax
rsa local-key-pair create
View
System view
Parameter
None
Description
Using the rsa local-key-pair create command, you can generate the local RSA
host key pair and server key pair.
When this command is used to configure, the system will give alarm and prompt
that former key will be replaced if RSA key has existed. The view of generated key
pair is router name+ server and router name+ host, e.g., 3Com_host and
3Com_server. This command will not be stored in configuration file.
After this command is input, the system will prompt you to enter the digit of host
key. The digit of server key pair should differ from that of host key pair in 128
digits at least. The minimum length of server key pair and host key pair is 512
digits and the maximum length is 2048 digits. If there has been key pair, the user
should confirm whether to change it.
The primary operation to accomplish SSH login is to configure and generate local
RSA key pair. Before performing other SSH configurations, you must accomplish
the configuration of the rsa local-key-pair create command to generate local
key pair. It is necessary to execute this command only once and it is unnecessary to
execute again after the router restarts.
For the related command, see rsa local-key-pair destroy.
165
Example
Configure and generate local host key pair and server key pair.
[3Com] rsa local-key-pair create
The name for the keys will be: rtvrp_Host
% You already have RSA keys defined for rtvrp_Host
% Do you really want to replace them? [yes/no]:y
Choose the size of the key modulus in the range of 512 to 2048 for your Keys.
Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]:512
Generating keys...
.....++++++++++++
........................++++++++++++
..........++++++++
............................++++++++
[3Com]
rsa local-key-pair
destroy
Syntax
rsa local-key-pair destroy
View
System view
Parameter
None
Description
Using the rsa local-key-pair destroy command, you can remove all RSA keys of
server (including host key pair and server key pair).
After this command is input, you should confirm whether to remove all RSA keys
of server. This command is not stored in configuration file.
For the related command, see rsa local-key-pair create.
Example
Remove all keys of server.
[3Com] rsa local-key-pair destroy
% Keys to be removed are named rtvrp_Host .
% Do you really want to remove these keys? [yes/no]:y
[3Com]
rsa peer-public-key
Syntax
rsa peer-public-key key-name
View
System view
166
Parameter
None
Description
Using the rsa peer-public-key command, you can enter the view of public key
view.
After the command is input, the system will enter the view of public key view. This
command can be used to configure the public key of client with the
public-key-code begin command together. The public key of client is generated
in stochastic mode by the client software. Please use the client software
supporting SSH1.5.
For the related command, see public-key-code begin, public-key-code end.
Example
Enter the public key view.
[3Com] rsa peer-public-key 3Com002
[3Com-rsa-public]
ssh server
authentication-retries
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Parameter
times: Specifies the authentication re-try times, 1<=re-try times<=5.
Description
Using the ssh server authentication-retries command, you can set the SSH
connection authentication re-try times to enable it in next login. Using the undo
ssh server authentication-retries command, you can restore the default value
of SSH connection authentication retry times.
By default, the re-try times are 3.
For the related command, see display ssh sever.
Example
Specify the re-try times for registration authentication as 4.
[3Com] ssh server authentication-retries 4
167
Syntax
ssh server rekey-interval hours
undo ssh server rekey-interval
View
System view
Parameter
hours: Updates period. It ranges from 1 to 24 in hour. 0 cannot be input for this
parameter.
Description
Using the ssh server rekey-interval command, you can set the update times of
server key. Using the undo ssh server rekey-interval command, you can cancel
the current settings.
By default, the server key is not updated.
For the related command, see display ssh sever.
Example
Set the update interval of server key to 3 hours.
[3Com] ssh server rekey-interval 3
[3Com]
Syntax
ssh server timeout seconds
undo ssh server timeout
View
System view
Parameter
seconds: Specifies the login time-out time. It ranges from 1 to 120 seconds.
Description
Using the ssh server timeout command, you can set the time-out time of SSH
connection authentication to make it valid in next login. Using the undo ssh
server timeout command, you can restore the default value of time-out time of
SSH connection authentication.
By default, the time-out time is 60 seconds.
For the related command, see display ssh sever.
168
Example
Set the login time-out time to 80 seconds.
[3Com] ssh server timeout 80
ssh user assign
Syntax
ssh user username assign rsa-key keyname
undo ssh user username assign rsa-key
View
System view
Parameter
keyname: Configured public key name of client. It is the continuous character
string, 0< length value 32.
username: Valid SSH user name defined by AAA module.
Description
Using the ssh user assign command, you can assign one existing public key
(keyname) for the user (username). Using the undo ssh user assign command,
you can delete the relationship between the user and its public key.
When the system assigns public key for the user, the system will regard the public
key assigned last if the user has been assign a public key.
AAA module takes charge of the creation and deletion of local system users.
When AAA module creates one user of SSH type, it will notice SSH and SSH will
add the user into user set maintained by it. When AAA module deletes any one
user, it will notice SSH and SSH will match the user in its user name set. SSH will
delete the user from the user set if it finds the match of the user in user name set.
The new configured user public key will be valid in next login.
For the related command, see display ssh user-information.
Example
Assign key key1 for the user smith.
[3Com] ssh user smith assign rsa-key key1
[3Com]
ssh user
authentication-type
Syntax
ssh user username authentication-type { password | rsa | all }
undo ssh user username authentication-type { password | rsa | all }
169
View
System view
Parameter
password: Forces to specify the authentication mode of the user as password.
rsa: Forces to specify the authentication mode of the user as RSA.
all: Specifies the authentication mode of the user as either password or RSA.
Description
Using the ssh user authentication-type command, you can specify the
authentication method for a special user. Using the undo ssh user
authentication-type command, you can restore the default mode that login is
always denied.
By default, the system will always deny the login.
The authentication mode must be specified for the new user, or the user will not
be able to login. The new configured authentication mode will take effect in next
login.
For the related command, see display ssh user-information.
Example
Specify the authentication mode as password for the user smith.
[3Com] ssh user smith authentication-type password
[3Com3Com]
170
INTERFACE MANAGEMENT
COMMANDS
3
Interface
Management
Commands
debugging physical
Syntax
debugging physical { all | error | cell | packet } interface interface-type interface-number
undo debugging physical { all | error | cell | packet } interface interface-type
interface-number
View
User view
Parameter
all: Enables alarming of all levels.
error: Enables error-level alarming.
cell: Enables cell-level alarming.
packet: Enables packet-level alarming.
interface interface-type interface-number: Specifies interface type and number.
Description
Using the debugging physical command, you can enable alarming for a
specified interface. Using the undo debugging physical command, you can
disable alarming for a specified interface.
Example
None
description
Syntax
description interface-description
undo description
View
Interface view
172
Parameter
interface-description: Character string describing the router interface, which is
allowed to comprise no more than 80 characters. By default, the description string
is 3Com Router, xxxxxx interface.
Description
Using the description command, you can set the interface description. Using the
undo description command, you can restore the default interface description.
This command has no special purpose or function other than identifying an
interface.
For related command, see display interface.
Example
Change the description of the Ethernet interface Ethernet 0/0/0 to 3Com Router
Ethernet interface.
[3com]interface ethernet 0/0/0
[3com-Ethernet0/0/0]description 3Com Router ethernet interface
display interface
Syntax
display interface type number [ .sub-number ]
View
Any view
Parameter
type: Interface type which is used along with number to identify an interface.
number: Interface number which is used along with type for identifying an
interface.
sub-number: Subinterface number.
Description
Using the display interface command, you can display the current running state
and other information of an interface.
Executing this command will display the following information:
173
interface
Field
Description
Serial0 is up
line protocol is up
Syntax
interface type number [ .sub-number ]
undo interface type number [ .sub-number ]
View
System view
174
Parameter
type: Interface type. The following table lists the interfaces that VRP supports so
far.
number: Interface number. VRP numbers the interfaces separately by interface
type, with the numbers of each type of interfaces begin at 0 or 1.
sub-number: Subinterface number, which is separated from the main interface
number by a dot (.).
Description
Using the interface command, you can enter the specified interface view or
create a logical interface or subinterface. Using the undo interface command,
you can delete a specified logical interface or subinterface.
Table 2 Interfaces supported by VRP
Interface
Description
Attribute
ATM
ATM interface
Physical interface
AUX
AUX interface
Physical interface
Analogmodem
Physical interface
Async
Physical interface
Bri
Physical interface
Bridge-Template
Logical interface
Dialer
Dialer interface
Logical interface
Ethernet
Ethernet interface
Physical interface
Logic-Channel
Logic-channel interface
Logical interface
Loopback
Loopback interface
Logical interface
NULL
Null interface
Logical interface
MFR
Logical interface
Serial
Physical interface
Virtual-Ethernet
VE interface
Logical interface
Virtual-Template
Virtual-template interface
Logical interface
Tunnel
Tunnel interface
Logical interface
175
Syntax
reset counters interface [ type number ]
View
User view
Parameter
type: Interface type which is used along with number for identifying an interface.
number: Interface number which is used along with type for identifying an
interface.
Description
Using the reset counters interface command, you can clear the statistics of the
transmitted and received packets on an interface.
If no interface has been specified, the statistics about the transmitted and received
packets on all the interfaces are cleared.
To count the traffic size on an interface within a specific period, you must clear the
existing statistics about the transmitted and received packets on the interface
before taking a new count.
For a related command, see display interface.
Example
Clear the statistics about the transmitted and received packets on Serial 0/0/0.
<3com> reset counters interface serial 0/0/0
176
shutdown
Syntax
shutdown
undo shutdown
View
Interface view
Parameter
None
Description
Using the shutdown command, you can shut down an interface. Using the undo
shutdown command, you can enable an interface.
This command takes effect not only on physical interfaces but also on tunnel and
MFR interfaces.
In some circumstances, such as when you are modifying the operating parameters
of an interface, the modification do not take effect immediately. Rather, you must
shut down the interface and re-enable it.
For a related command, see display interface.
Example
Shut down Ethernet 0/0/0.
[3com-Ethernet0/0/0]shutdown
% Interface Ethernet0/0/0 is down
% Interface Ethernet0/0/0 changed state to DOWN
% Line protocol ip on interface Ethernet0/0/0, changed state to DOWN
Fundamental Ethernet
Interface
Configuration
Commands
display interface
ethernet
Syntax
display interface ethernet interface-number
View
Any view
Parameter
interface-number: Interface number. If no interface has been specified, the
configuration and state information of all the interfaces will be displayed.
177
Description
Using the display interface ethernet command, you can view the configuration
parameters, current running state, and some other information of an Ethernet
interface.
Example
View the state information of the Ethernet interface 2/0/0.
<3com> display interface ethernet 2/0/0
Ethernet2/0/0 current state : UP
Line protocol current state : UP
Description : 3Com Routers, Ethernet0/0 Interface
The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 172.31.29.103/16
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0.fc06.3085
Media type is twisted pair, loopback not set, promiscuous mode not set
100Mb/s-speed mode,Full-duplex mode,link type is autonegotiation
Output flow-control is unsupported, input flow-control is unsupported
Output queue : (Urgent queue : Size/Length/Discards) 0/500/0
Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0
Last 5 minutes input rate 227.13 bytes/sec, 2.67 packets/sec
Last 5 minutes output rate 0.00 bytes/sec, 0.00 packets/sec
Input: 542665 packets, 47721004 bytes
271460 broadcasts, 271205 multicasts
0 errors, 0 runts, 0 giants,
0 CRC, 0 align errors, 0 overruns,
0 dribbles, 0 aborts, 0 no buffers
Output:0 packets, 0 bytes
0 errors, 0 underruns, 0 collisions
0 deferred
duplex
Syntax
duplex { full | half | negotiation }
undo duplex
View
Ethernet interface view
Parameter
full: Sets the Ethernet interface to work in full duplex mode.
half: Sets the Ethernet interface to work in half duplex mode.
negotiation: Sets the Ethernet interface to work in auto-negotiation mode.
Description
Using the duplex command, you can set the operating mode of the 100Base-TX
FE interface. Using the undo duplex command, you can restore the default
operating mode of the Ethernet interface.
178
loopback
Syntax
loopback
undo loopback
View
Ethernet interface view
Parameter
None
Description
Using the loopback command, you can enable an Ethernet interface to perform
loopback. Using the undo loopback command, you can disable loopback.
By default, the Ethernet interface is disabled to perform loopback.
You must enable the Ethernet interface to perform loopback only for the purpose
of testing some special functions.
Example
Enable the Ethernet interface to perform loopback.
[3com-Ethernet0/0/0]loopback
mtu
Syntax
mtu size
undo mtu
179
View
Ethernet interface view
Parameter
size: MTU size on the Ethernet interface, which is in bytes. It is in the range of 46
to 1500 if the adopted frame format is Ethernet_II.
Description
Using the mtu command, you can set the maximum transmission unit (MTU) of
the Ethernet interface. Using the undo mtu command, you can restore the
default configuration.
MTU defaults to 1500 if the adopted frame format is Ethernet_II.
The MTU setting of an Ethernet interface can affect the assembly and
fragmentation of IP packets on the interface.
For a related command, see display interface.
Example
Set MTU of the Ethernet interface to 1492.
[3com-Ethernet0/0/0]mtu 1492
speed
Syntax
speed { 10 | 100 | negotiation }
undo speed
View
Ethernet interface view
Parameter
10: Forces the FE interface to work in 10Base-T (at 10Mbps) mode.
100: Forces the FE interface to work in 100Base-TX (100Mbps) mode.
negotiation: Sets the FE interface to work in auto-negotiation mode.
Description
Using the speed command, you can set the operating speed of the FE interface.
Using the undo speed command, you can restore the default operating speed of
the FE interface.
By default, the FE interface operates in auto-negotiation mode.
Before setting the FE interface to work in auto-negotiation mode, you must make
sure that the connected remote end has been working in auto-negotiation mode.
180
If this cannot be guaranteed, the two parties should use the forced setting for
operating consistency.
For related commands, see duplex and display interface.
Example
Set the FE interface to work in 10Base-T mode.
[3com-Ethernet0/0/0]speed 10
Fundamental WAN
Interface
Configuration
Commands
async mode
Syntax
async mode { protocol | flow }
View
Asynchronous serial interface view, AUX interface view
Parameter
protocol: Protocol mode, with which the local end directly adopts the configured
link layer protocol parameters to set up a link with the remote end after setting up
a physical link.
flow: Flow mode, which is also known as interactive mode. With this approach,
the two ends set up a link by interacting with each other upon the setup of a
physical link. Specifically, the calling party sends the configuration commands to
the called party (it is equal to the operation of manually inputting configuration
commands at the remote end), sets the link layer protocol operating parameters of
the called party, and then sets up the link. This approach is normally adopted in
the event of man-machine interaction.
Description
Using the async mode command, you can set the operating mode of an
asynchronous serial interface.
By default, the asynchronous serial interface is working in protocol mode and the
AUX interface in flow mode.
For related command, see modem.
Example
Set the asynchronous serial interface to work in flow mode.
[3com-Serial0/0/0]async mode flow
baudrate
181
Syntax
baudrate baudrate
View
Serial interface view
Parameter
baudrate: Baud rate of serial interface in bps. It is in the range of 300 to 115200
for an asynchronous serial interface and 1200 to 2048000 for a synchronous serial
interface.
Description
Using the baudrate command, you can set the baud rate for a serial interface.
By default, the baud rate is 9600 bps on the asynchronous serial interface and
64000 bps on a synchronous serial interface.
Following are the baud rates available for the asynchronous serial interface.
300 bps, 600 bps, 1200 bps, 2400 bps, 4800 bps, 9600 bps, 19200 bps,
38400 bps, 57600 bps, 115200 bps.
Following are the baud rates available for the synchronous serial interface.
1200 bps, 2400 bps, 4800 bps, 9600 bps, 19200 bps, 38400 bps, 57600
bps, 64000 bps, 72000 bps, 115200 bps, 128000 bps, 384000 bps,
2048000 bps.
The baud rate range available for the synchronous serial interface depends on the
applied physical electric specifications.
182
Example
Set the baudrate of the asynchronous serial interface to 115200bps.
[3com-Serial0/0/0]baudrate 115200
clock
Syntax
clock { dceclk | dteclk1 | dteclk2 | dteclk3 | dteclk4 }
View
Serial interface view
Parameter
dceclk: Sets the interface clock selection mode to DCE clock.
dteclk1: Sets the interface clock selection mode to DTE clock option 1.
dteclk2: Sets the interface clock selection mode to DTE clock option 2.
dteclk3: Sets the interface clock selection mode to DTE clock option 3.
dteclk4: Sets the interface clock selection mode to DTE clock option 4.
Description
Using the clock command, you can set the clock selection mode for a
synchronous serial interface.
By default, dceclk (providing clock to the DTE device) and dteclk3 are selected for
the synchronous serial interfaces at the DCE side and the DTE side.
Different operating clocks are selected for the synchronous serial interfaces
working as DTE and DCE, as shown in the following figure.
TxClk
DCE
RxClk
DTE
In the figure, TxClk represents transmitting clock and RxClk receiving clock.
As a DCE device is required to provide clock for the remote DTE device, you must
select DCEclk as the operating clock for the synchronous serial interface working
as DCE.
Working as DTE, the synchronous serial interface must accept the clock provided
by the remote DCE. As transmitting and receiving clocks of synchronization
devices are independent, the receiving clock of a DTE device can be either the
183
Description
DTEclk1
DTEclk2
DTEclk3
DTEclk4
In the table, the clock ahead of = is the DTE clock and the one after is the DCE
clock.
Example
Set the synchronous serial interface working as DTE to use the clock selection
option DTEclk2.
[3com-Serial0/0/0]clock dteclk2
code nrzi
Syntax
code nrzi
undo code
View
Synchronous serial interface view
Parameter
None
Description
Using the code nrzi command, you can set the digital signal coding format to
None-Return-to-Zero-Inverse (NRZI) for a synchronous serial interface. Using the
undo code command, you can restore the digital coding format of the
synchronous serial interface to NRZ.
The digital signal coding format defaults to NRZ on the synchronous serial
interface.
Example
Set the digital signal coding format to NRZI on the synchronous serial interface.
[3com-Serial0/0/0]code nrzi
184
detect
Syntax
1 Asynchronous serial interface
detect dsr-dtr
undo detect dsr-dtr
2 Synchronous serial interface
detect { dcd | dsr-dtr }
undo detect { dcd | dsr-dtr }
View
Synchronous serial interface view, asynchronous serial interface view
Parameter
dsr-dtr: Detects DSR and DTR signals of DSU/CSU.
dcd: Detects the DCD signal of the DSU/CSU on the serial interface.
Description
Using the detect command, you can enable data carrier detection as well as level
detection on a serial interface. Using the undo detect command, you can disable
data carrier detection as well as level detection on the serial interface.
By default, serial interfaces are enabled to make data carrier and level detection.
If this function has been disabled on a serial interface, the system will not detect
the DCD and DSR/DTR signals when determining the state (UP or DOWN) of the
serial interface.
Example
Disable the serial interface to make data carrier detection.
[3com-Serial0/0/0]undo detect dcd
idle-mark
Syntax
idle-mark
undo idle-mark
View
Synchronous serial interface view
Parameter
None
185
Description
Using the idle-mark command, you can set the line idle-mark of the synchronous
serial interface to FF. Using the undo idle-mark command, you can restore the
line idle-mark of the synchronous serial interface to 7E.
Line idle-mark of synchronous serial interfaces defaults to 7E.
In normal circumstances, the synchronous serial interface uses the code 7E to
identify the idle state of the line. However, there are still some devices that use
FF (that is, the high level of all 1s) to make the identification. For the sake of
compatibility in this case, it is necessary to configure the line idle-mark of the
synchronous serial interface.
Example
Set the line idle-mark of the synchronous serial interface to FF.
[3com-Serial0/0/0]idle-mark
invert transmit-clock
Syntax
invert transmit-clock
undo invert transmit-clock
View
Serial interface view
Parameter
None
Description
Using the invert transmit-clock command, you can enable the inverting of the
transmit-clock signal of the synchronous serial interface at the DTE side. Using the
undo invert transmit-clock command, you can disable inverting the signal.
By default, transmit-clock signal inversion is disabled on the synchronous serial
interface at DTE side.
In some special cases, for the purpose of eliminating the half-period delay of the
clock on the line, you may make the configuration to make the system invert the
transmit-clock signal of the synchronous serial interface at the DTE side. This
command can take effect only on some specific DCE devices. Clock inversion is
unnecessary for general applications.
For related commands, see physical-mode and clock.
Example
Invert the transmit-clock of the synchronous serial interface at DTE side.
[3com-Serial0/0/0]invert transmit-clock
186
loopback
Syntax
loopback
undo loopback
View
Serial interface view
Parameter
None
Description
Using the loopback command, you can enable a serial interface to perform
loopback. Using the undo loopback command, you can disable the serial
interface to perform loopback.
By default, loopback of the serial interface is disabled.
It is necessary for you to enable the serial interface to perform loopback only for
the purpose of testing some special functions.
Example
Enable the serial interface to perform loopback.
[3com-Serial0/0/0]loopback
mtu
Syntax
mtu size
undo mtu
View
Serial interface view
Parameter
size: MTU size on the serial interface, which is in the range of 128 to 1500 bytes
and defaults to 1500.
Description
Using the mtu command, you can set the MTU of a serial interface. Using the
undo mtu command, you can restore the default setting.
The MTU setting of a serial interface can affect the assembly and fragmentation of
IP packets on the interface.
Example
Set MTU of the serial interface to 1200.
187
[3com-Serial0/0/0]mtu 1200
physical-mode
Syntax
physical-mode { sync | async }
View
Serial interface view
Parameter
sync: Sets the synchronous/asynchronous serial interface to work in synchronous
mode.
async: Sets the synchronous/asynchronous serial interface to work in
asynchronous mode.
Description
Using the physical-mode command, you can set the operating mode of a
synchronous/asynchronous serial interface.
By default, the synchronous/asynchronous serial interface is working in
synchronous mode.
Example
Set the synchronous/asynchronous serial interface to work in asynchronous mode.
[3com-Serial0/0/0]physical-mode async
Fundamental CE1/PRI
Interface
Configuration
Commands
channel-set
Syntax
channel-set set-number timeslot-list range
undo channel-set set-number
View
CE1/PRI interface view
Parameter
set-number: The number of the channel set formed by bundling the timeslots on
the interface, which is in the range of 0 to 30.
range: The number of the timeslots that are bundled, which is in the range of 1 to
31. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
188
Make the same configuration on the CE1/PRI interface on the remote router.
[3com-E1 3/0/0]channel-set 0 timeslot-list 1,2,5,10-15,18
clock
Syntax
clock { master | slave }
undo clock
View
CE1/PRI interface view
Parameter
master: Adopts the internal clock mode.
slave: Adopts the line clock mode.
189
Description
Using the clock command, you can set the clock mode on a CE1/PRI interface.
Using the undo clock command, you can restore the default clock mode on the
interface.
By default, the CE1/PRI interface adopts the line clock mode (slave).
When a CE1/PRI interface is working as DCE, chose the internal clock for it, that is,
master clock mode. When it is working as DTE, chose the line clock, that is, slave
clock mode for it.
Example
Set the clock mode of the CE1/PRI interface to internal clock (master) mode.
[3com-E1 3/0/0]clock master
code
Syntax
code { ami | hdb3 }
undo code
View
CE1/PRI interface view
Parameter
ami: Adopts Alternate Mark Inversion (AMI) line code format.
hdb3: Adopts High Density Bipolar 3 (HDB3) line code format. This parameter is
only significant for a CE1/PRI interface.
Description
Using the code command, you can set the line code format for a CE1/PRI
interface. Using the undo code command, you can restore the default line code
format of the interface.
The line code format of CE1/PRI interface defaults to hdb3.
You should keep the line code format of the interface in consistency with that
used by the remote device.
Example
Set the line code format of the interface E1 3/0/0 to ami.
[3com-E1 3/0/0]code ami
controller e1
Syntax
controller e1 number
190
View
System view
Parameter
number: The CE1/PRI interface number.
Description
Using the controller e1 command, you can enter a CE1/PRI interface view.
Example
Enter the view of the interface E1 3/0/0.
[3com]controller E1 3/0/0
[3com-E1 3/0/0]
display controller e1
Syntax
display controller [ e1 number ]
View
Any view
Parameter
number: Interface number.
Description
Using the display controller e1 command, you can display the information
related to a CE1/PRI interface.
Executing this command will display the following information:
Example
Display the information related to the E1 interface.
[3com]display controller E1 3/0/0
E1 1-0 is down.
Applique type is Channelized E1 - 75 OHM unbalanced
Framing is NO-CRC4, Line Code is HDB3, Source Clock is slave.
Alarm State is Loss of Frame Alignment.
frame-format
191
Syntax
frame-format { crc4 | no-crc4 }
undo frame-format
View
loopback
Syntax
loopback { local | remote }
undo loopback
View
CE1/PRI interface view
Parameter
local: Enables the interface to perform local loopback.
remote: Enables the interface to perform remote loopback.
Description
Using the loopback command, you can enable a CE1/PRI interface to perform
loopback. Using the undo loopback command, you can disable the CE1/PRI
interface to perform loopback.
By default, the interface is disabled to perform loopback in any form.
192
Loopback is used to check the condition of interface or cable. This function should
be disabled when they are in normal operation.
If a serial interface formed by bundling timeslots of the CT1/PRI interface is
encapsulated with PPP and is set to perform loopback, it is normal for the state of
the link layer protocol to be reported as DOWN.
Example
Set the interface E1 3/0/0 to perform local loopback.
[3com-E1 3/0/0]loopback local
pri-set
Syntax
pri-set timeslot-list [ range ]
undo pri-set
View
CE1/PRI interface view
Parameter
range: The number of the timeslots that are bundled, which is in the range of 1 to
31. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.
Description
Using the pri-set command, you can bundle the timeslots of a CE1/PRI interface
into a pri-set. Using the undo pri-set command, you can remove the timeslot
bundle.
By default, no timeslots are bundled into pri-set.
When perform pri-set bundling on a CE1/PRI interface, you should note that you
are not allowed to bundle only timeslot 16, as it will be used as the D channel for
transmitting signals. Attempts to bundle only timeslot 16 will fail.
In a pri-set formed by bundling the timeslots of a CE1/PRI interface, timeslot 0 is
used for Frame Synchronization Control (FSC), timeslot 16 as a D channel for
signaling transmission, and other timeslots as B channels for data transmission.
You may bundle the timeslots except for timeslot 0 into a pri-set (as the D channel,
timeslot 16 is automatically bundled). The logic features of this pri-set will be the
same like those of an ISDN PRI interface. If no timeslots are specified for bundling,
all the timeslots except for timeslot 0 will be bundled into an interface similar to an
ISDN PRI interface in the form of 30B+D.
The system will automatically create a serial interface after the operation of
timeslot bundling on the interface. This serial interface has the same logic features
193
of ISDN PRI interface. The serial interface is numbered in the form of serial
number:15. Where, number is the maximum serial interface number plus 1.
Only one timeslot bundling mode can be supported on one CE1/PRI interface
during a time period. In other words, this command cannot be used together with
the channel-set command.
For a related command, see channel-set.
Example
Bundle the timeslots 1, 2, and 8-12 of the CE1/PRI interface into a pri-set.
[3com-E1 3/0/0]pri-set timeslot-list 1,2,8-12
using
Syntax
using { ce1 | e1 }
undo using
View
CE1/PRI interface view
Parameter
e1: In E1 mode
ce1: In CE1/PRI mode
Description
Using the using command, you can configure the operating mode for a CE1/PRI
interface. Using the undo using command, you can restore the default operating
mode.
By default, the CE1/PRI interface is working in CE1/PRI mode.
A CE1/PRI interface can work in either E1 mode (also called non-channelized
mode) or CE1/PRI mode (that is, channelized mode).
A CE1/PRI interface in E1 mode equals an interface of 2 Mbps data bandwidth, on
which, no timeslots are divided. Its logic features are the same like those of a
synchronous serial interface. When working in CE1/PRI mode, it is physically
divided into 32 timeslots numbered from 0 to 31. Among them, timeslot 0 is used
for transmitting the Frame Synchronization Control information. This interface can
work as either a CE1 interface or a PRI interface.
After the CE1/PRI interface is enabled to work in E1 mode by using the using e1
command, the system will automatically create a serial interface numbered serial
interface-number:0. The interface-number starts from the maximum serial
interface number plus 1t.
194
Example
Set the CE1/PRI interface to work in E1 mode.
[3com-E1 3/0/0]using e1
Fundamental CT1/PRI
Interface
Configuration
Commands
cable
Syntax
cable { long { 0db | -7.5db | -15db | -22.5db } | short { 133ft | 266ft | 399ft | 533ft | 655ft } }
undo cable
View
CT1/PRI interface view
Parameter
long: Matches a 655-feet and longer transmission line. The options for this
parameter include 0db, -7.5db, -15db and -22.5db. The attenuation parameter is
selected depending on the signal quality received at the receiving end. In this case,
no external CSU is needed.
short: Matches a transmission cable under 655 feet. The options for this
parameter include 133ft, 266ft, 399ft, 533ft and 655ft. The length parameter is
selected depending on the actual length of the transmission line.
Description
Using the cable command, you can set cable attenuation and length on a CT1/PRI
interface to match the distance of the transmission line. Using the undo cable
command, you can restore the default value
The transmission cable attenuation that the CT1/PRI interface matches defaults to
long 0db.
This command is mainly used to configure the signal waveform for transmission to
satisfy various transmitting needs. In practice, the signal quality received by the
receiving end determines whether this command will be used. If the signal quality
is relatively good, use the default setting. In this case, the CT1/PRI interface does
not need an external CSU device.
Example
Set the length of the transmission cable that the CT1/PRI interface matches to 133
feet.
[3com-T1 1/0/0] cable short 133ft
channel-set
195
Syntax
channel-set set-number timeslot-list range [ speed { 56k | 64k } ]
undo channel-set set-number
View
CT1/PRI interface view
Parameter
set-number: The number of the channel-set formed by bundling the timeslots of
the interface, which is in the range of 0 to 23.
range: The number of the timeslots that are bundled, which is in the range of 1 to
24. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.
speed { 56k | 64k }: The speed of the timeslot bundle, which is in Kbps. If 56k is
selected, the timeslots will be bundled into N x 56 Kbps bundles, and if 64k is
selected, the timeslots will be bundled into N x 64 Kbps bundles. By default, the
system uses 64k.
Description
Using the channel-set command, you can bundle some timeslots of a CT1/PRI
interface into a channel-set. Using the undo channel-set command, you can
remove the specified channel-set.
By default, no timeslots are bundled into channel-sets.
A CT1/PRI interface is physically divided into 24 timeslots numbered from 1
through 24. In actual applications, all the timeslots can be bundled into multiple
channel-sets and the system will automatically create a serial interface for each
set. This serial interface has the same logic features of synchronous serial interface.
The serial interface is numbered in the form of serial interface-number:set-number.
Where, interface-number starts from the maximum serial interface number plus 1,
and set-number is the number of the channel-set.
Only one timeslot bundling mode can be supported on one CT1/PRI interface
during a time period. In other words, this command cannot be used together with
the pri-set command.
For a related command, see pri-set.
Example
Bundle the timeslots 1, 2, 5, 10-15and 18 of the CE1/PRI interface into
channel-set 0.
[3com-T1 1/0/0]channel-set 0 timeslot-list 1,2,5,10-15,18
196
clock
Syntax
clock { master | slave }
undo clock
View
CT1/PRI interface view
Parameter
master: Adopts the internal clock mode.
slave: Adopts the line clock mode.
Description
Using the clock command, you can set the clock mode on a CT1/PRI interface.
Using the undo clock command, you can restore the default clock mode on the
interface.
By default, the CE1/PRI interface adopts the line clock mode (slave).
When a CT1/PRI interface is working as DCE, chose the internal clock for it, that is,
master clock mode. When it is working as DTE, chose the line clock, that is, the
slave clock mode for it.
Example
Set the clock mode of the CT1/PRI interface to internal clock (master) mode.
[3com-T1 1/0/0] clock master
code
Syntax
code { ami | b8zs }
undo code
View
CT1/PRI interface view
Parameter
ami: Adopts the AMI line code format.
b8zs: Adopts the Bipolar with 8-Zero Substitution (b8zs) line code format.
Description
Using the code command, you can set the line code format for a CT1/PRI
interface. Using the undo code command, you can restore the default line code
format of the interface.
The line code format of CT1/PRI interface defaults to b8zs.
197
You should keep the line code format of the interface consistent with the one
used by the remote device.
Example
Set the line code format of the interface T1 1/0/0 to ami.
[3com-T1 1/0/0] code ami
controller t1
Syntax
controller t1 number
View
System view
Parameter
number: The CT1/PRI interface number.
Description
Using the controller t1 command, you can enter a CT1/PRI interface view.
Example
Enter the view of the interface T1 1/00.
[3com]controller t1 1/0/0
[3com-T1 1/0/0]
display controller t1
Syntax
display controller t1 number
View
Any view
Parameter
number: Interface number.
Description
Using the display controller t1 command, you can display the information
related to a CT1/PRI interface. All T1 interfaces will be displayed if no parameter is
selected.
Executing this command will display the following information:
198
Example
Display the information related to the T1 interface.
[3com]display controller t1 1/0/0
frame-format
Syntax
frame-format { sf | esf }
undo frame-format
View
CT1/PRI interface view
Parameter
sf: Sets the frame format of CT1/PRI interface to Super Frame (SF).
esf: Sets the frame format of CT1/PRI interface to Extended Super Frame (ESF).
Description
Using the frame-format command, you can set the frame format on a CT1/PRI
interface. Using the undo frame-format command, you can restore to the
default frame format on the interface.
The frame format on the CT1/PRI interface defaults to ESF.
A CT1/PRI interface supports two frame formats, that is, SF and ESF. In SF format,
multiple frames can share the same FSC and signaling information, so that more
significant bits can be used for transmitting user data. In practice, a system should
be tested often. The application of ESF makes it possible for the system to provide
the services while it is being tested.
Example
Set the frame format of T1 1/0/0 to SF.
[3com-T1 1/0/0]frame-format sf
loopback
Syntax
loopback { local | remote }
undo loopback
View
CT1/PRI interface view
Parameter
local: Enables the CT1/PRI interface to perform local loopback.
199
pri-set
Syntax
pri-set [ timeslot-list range ]
undo pri-set
View
CT1/PRI interface view
Parameter
range: The number of the timeslots that are bundled, which is in the range of 1 to
24. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.
Description
Using the pri-set command, you can bundle the timeslots of a CT1/PRI interface
into a pri-set. Using the undo pri-set command, you can remove the timeslot
bundle.
By default, no timeslots are bundled into pri-set.
When performing pri-set bundling on a CT1/PRI interface, you should note that
you are not allowed to bundle only timeslot 24, because it is the D channel for
transmitting signals. Attempts to bundle only timeslot 24 will fail.
In a pri-set formed by bundling the timeslots of a CT1/PRI interface, timeslot 24 is
used as D channel for signaling transmission, and other timeslots as B channels for
data transmission. All the timeslots can be randomly bundled into a pri-set (as a D
200
channel, timeslot 24 is automatically bundled). The logic features of this pri-set will
be the same as those of an ISDN PRI interface. If no timeslots are specified for
bundling, all the timeslots will be bundled into an interface similar to an ISDN PRI
interface in the form of 23B+D.
The system will automatically create a serial interface after the operation of
timeslot bundling on the interface. This serial interface has the same logic features
as an ISDN PRI interface. The serial interface is numbered in the form of serial
number:23, in which number starts from the maximum serial interface number
plus 1.
Only one timeslot bundling mode can be supported on one CE1/PRI interface
during a time period. In other words, this command cannot be used together with
the channel-set command.
For a related command, see channel-set.
Example
Bundle the timeslots 1, 2, and 8-12 of the CT1/PRI interface into a pri-set.
[3com-T1 1/0/0]pri-set timeslot-list 1,2,8-12
E1-F Interface
Configuration
Commands
display fe1 serial
Syntax
display fe1 [ serial serial-number ]
View
Any view
Parameter
serial serial-number: Interface type and number. If no interface is specified, the
information of all the E1-F interfaces will be displayed.
Description
Using the display fe1 serial command, you can view the configuration and state
of E1-F interface.
If the specified interface is a serial interface rather than an E1-F interface, the
system will display the error prompt The serial is not a factional interface.
Example
Display the information of the E1-F interface.
[3com] display fe1
Serial4/0/0
201
fe1 clock
Item
Description
Framing
Line Code
Clock
Alarm State
Alarm information
Syntax
fe1 clock { master | slave }
undo fe1 clock
View
E1-F interface view
Parameter
master: Internal clock is used.
slave: Line clock is used.
Description
Using the fe1 clock command, you can configure clock used by an E1-F interface.
Using the undo fe1 clock command, you can restore the default clock of the
interface.
By default, the interfaces use the slave clock.
For an E1-F interface used as DCE, master clock should be used. If the interface is
used as DTE, however, the slave clock should be used.
Example
Set the E1-F interface to use internal clock.
[3com-Serial0/0/0] fe1 clock master
fe1 code
Syntax
fe1 code { ami | hdb3 }
undo fe1 code
View
E1-F interface view
202
Parameter
ami: Adopts AMI line code format.
hdb3: Adopts HDB3 line code format.
Description
Using the fe1 code command, you can configure line code format for an E1-F
interface. Using the undo fe1 code command, you can restore the default line
code format of interface.
By default, E1-F interfaces adopt hdb3.
The line code of an interface should be set consistent with that of the peer.
Example
Set the line code format of the E1-F interface to AMI.
[3com-Serial0/0/0] fe1 code ami
fe1 frame-format
Syntax
fe1 frame-format { crc4 | no-crc4 }
undo fe1 frame-format
View
E1-F interface view
Parameter
crc4: Adopts CRC4 as the framing format for the E1-F interface.
no-crc4: Adopts no-CRC4 as the framing format for the E1-F interface..
Description
Using the fe1 frame-format command, you can configure the framing format for
an E1-F interface. Using the undo fe1 frame-format command, you can restore
the default framing format of the interface.
By default, E1-F interfaces use no-crc4.
Example
Set the framing format for the E1-F interface to CRC4.
[3com-Serial0/0/0] fe1 frame-format crc4
fe1 loopback
Syntax
fe1 loopback { local | remote }
undo fe1 loopback [ local | remote ]
203
View
E1-F interface view
Parameter
local: Places the interface in local loopback.
remote: Places the interface in remote loopback.
Description
Using the fe1 loopback command, you can configure an E1-F interface in local or
remote loopback. Using the undo fe1 loopback command, you can disable the
local and remote loopback on the interface.
By default, the interfaces are not placed in local or remote loopback.
Local loopback and remote loopback are used for testing the state of interface or
cable itself. These functions should be disabled in normal cases. On an interface,
using this command, but with different arguments, can enable local loopback and
remote loopback, but these two functions cannot be enabled at the same time.
Example
Place the E1-F interface in local loopback.
[3com-Serial0/0/0] fe1 loopback local
fe1 timeslot-list
Syntax
fe1 timeslot-list { all | range }
undo fe1 timeslot-list
View
E1-F interface view
Parameter
all: Binds all the time slots on an interface, the interface rate will become 31 X
64kbps (that is, 1984kbps) after binding.
range: Time slots participating in the binding operation, it is in the range of 1 to
31. When specifying time slots for binding, you can configure a single time slot by
using the form of number, the time slots in a range by using the form of
number1-number2, or multiple time slots by using the form of number1,
number2-number3.
Description
Using the fe1 timeslot-list command, you can configure the time slots that will
participate in the binding operation on an E1-F interface. Using the undo fe1
timeslot-list command, you can restore the default setting of time slot binding.
204
By default, all the time slots on an E1-F interface are bound. That is, the E1-F
interface rate defaults to 1984kbps.
Time slot binding operation on an E1-F interface will result in changing of
interface rate. For example, after the user binds the time slots 1 through 10, the
interface rate will become 10 X 64kbps.
If an E1-F interface is working in unframed mode, the fe1 timeslot-list command
cannot be configured.
For related commands, see fe1 unframed.
Example
Bind the time slots 1, 2, 5, 10 through 15, and 18 on the E1-F interface.
[3com-Serial0/0/0] fe1 timeslot-list 1,2,5,10-15,18
fe1 unframed
Syntax
fe1 unframed
undo fe1 unframed
View
E1-F interface view
Parameter
None
Description
Using the fe1 unframed command, you can configure an E1-F interface to work
in unframed mode. Using the undo fe1 unframed command, you can configure
the E1-F interface to work in framed mode.
By default, E1-F interfaces work in framed mode.
When it works in unframed mode, it is a non-timeslots interface of 2048kbps data
bandwidth. In this case, it is logically equivalent to a synchronous serial interface.
When it works in framed mode, however, it is physically divided into 32 time slots
numbered in the range of 0 to 31, and time slot 0 is used for transmitting
synchronization information.
For related commands, see fe1 timeslot-list.
Example
Set the E1-F interface to work in unframed mode.
[3com-Serial0/0/0] fe1 unframed
205
T1-F Interface
Configuration
Commands
ft1 cable
Syntax
ft1 cable { long decibel | short length }
undo ft1 cable
View
T1-F interface view
Parameter
long decibel: Matches the transmission line longer than 655 feet. The argument
decibel can take 0db, -7.5db, -15db, or -22.5db, depending on the signal quality
at the receiving end. In this case, no external CSU is required.
short length: Matches transmission line shorter than 655 feet. The argument
length can take 133ft, 266ft, 399ft, 533ft, and 655ft, depending on the length of
transmission line.
Description
Using the ft1 cable command, you can configure attenuation or length of the
transmission line matched a T1-F interface. Using the undo ft1cable command,
you can restore the default setting.
By default, the transmission line attenuation matched T1-F interfaces is long 0db.
This command is mainly used for configuring the signal waveform required for
different types of transmission. In practice, you can decide whether to use this
command according to the signal quality at the receiving end. If the signal quality
is acceptable, the default setting can be used.
Example
Set the length of the transmission line matched the T1-F interface to 133 feet.
[3com-Serial0/0/0] ft1 cable short 133ft
Syntax
display ft1 [ serial serial-number ]
View
Any view
Parameter
serial serial-number: Interface type and number. If no interface is specified, the
information of all the T1-F interfaces will be displayed.
206
Description
Using the display ft1 serial command, you can view the configuration and state
of T1-F interface.
If the specified interface is a serial interface rather than a T1-F interface, the
system will display the error prompt The serial is not a factional interface.
Example
Display the information of the T1-F interface.
[3com] display ft1
Serial4/0/0
Fractional T1, status is down.
Work mode is framed - 100 OHM balanced.
Framing : ESF, Line Code is B8ZS, Clock : Slave.
Alarm State : Loss-of-Signal.
ft1 clock
Item
Description
Framing
Line Code
Clock
Alarm State
Alarm information
Syntax
ft1 clock { master | slave }
undo ft1 clock
View
T1-F interface view
Parameter
master: Internal clock is used.
slave: Line clock is used.
Description
Using the ft1 clock command, you can configure the clock used by an E1-F or
T1-F interface. Using the undo ft1 clock command, you can restore the default
clock of the interface.
By default, the interfaces use the slave clock.
For a T1-F interface used as DCE, master clock should be used. If the interface is
used as DTE, however, the slave clock should be used.
Example
Set the T1-F interface to use internal clock.
207
ft1 code
Syntax
ft1 code { ami | b8zs }
undo ft1 code
View
T1-F interface view
Parameter
ami: Adopts AMI line code format.
b8zs: Adopts B8ZS line code format.
Description
Using the ft1 code command, you can configure the line code format for a T1-F
interface. Using the undo ft1 code command, you can restore the default line
code format of interface.
By default, T1-F interfaces adopt b8zs.
The line code of an interface should be set in consistency with that of the peer.
Example
Set the line code format of the T1-F interface to AMI.
[3com-Serial0/0/0] ft1 code ami
ft1 frame-format
Syntax
ft1 frame-format { sf | esf }
undo ft1 frame-format
View
T1-F interface view
Parameter
sf: Adopts SF as the framing format for the T1-F interface.
esf: Adopts ESF as the framing format for the T1-F interface.
Description
Using the ft1 frame-format command, you can configure the framing format for
a T1-F interface. Using the undo ft1 frame-format command, you can restore
the default framing format of the interface.
By default, T1-F interfaces use esf.
208
T1-F interfaces support SF and ESF. In SF, multiple frames can share the same frame
synchronization and signaling information, so that more significant bits can be
used for transmitting user data. In practice, the system test is often required. The
application of ESF technology can ensure normal service when system test is being
carried out.
Example
Set the framing format for the T1-F interface to SF.
[3com-Serial0/0/0] ft1 frame-format sf
ft1 loopback
Syntax
ft1 loopback { local | remote }
undo ft1 loopback [ local | remote ]
View
T1-F interface view
Parameter
local: Places the interface in local loopback.
remote: Places the interface in remote loopback.
Description
Using the ft1 loopback command, you can configure a T1-F interface in local or
remote loopback. Using the undo ft1 loopback command, you can disable the
local and remote loopback on the interface.
By default, the interfaces are not placed in local or remote loopback.
Local loopback and remote loopback are used for testing the state of interface or
cable itself. These functions should be disabled in normal cases. On an interface,
using this command but with different arguments can respectively enable local
loopback and remote loopback, but these two functions cannot be enabled at the
same time.
Example
Place the T1-F interface in local loopback.
[3com-Serial0/0/0] ft1 loopback local
ft1 timeslot-list
Syntax
ft1 timeslot-list { all | range } [ speed { 56 | 64 } ]
undo ft1 timeslot-list
T1-F interface view
209
Parameter
all: Binds all the time slots on an interface. The interface rate will become 24 X
64kbps (that is, 1536kbps) after binding.
range: Time slots participating in the binding operation. It is in the range of 1 to
24. When specifying time slots for binding, you can configure a single time slot by
using the form of number, the time slots in a range by using the form of
number1-number2, or multiple time slots by using the form of number1,
number2-number3.
speed { 56 | 64 }: Speed in kbps, which is used for time slot binding. If the
argument 56 is used, timeslots will be bound into N X 56kbps. If the argument 64
is used, timeslots will be bound into N X 64kbps.
Description
Using the ft1 timeslot-list command, you can configure the time slots that will
participate in the binding operation on a T1-F interface. Using the undo ft1
timeslot-list command, you can restore the default setting of time slot binding.
By default, all the time slots on a T1-F interface are bound. That is, the T1-F
interface rate defaults to 1536kbps.
When performing time slot binding on a T1-F interface, the speed assigned to a
time slot defaults to 64kbps.
The time slot binding operation on a T1-F interface results in a change of interface
rate. For example, after the user binds the time slots 1 through 10, the interface
rate becomes 10 X 64kbps (or 10 X 56 kbps).
Example
Bind the time slots 1, 2, 5, 10 through 15, and 18 on the T1-F interface.
[3com-Serial0/0/0] ft1 timeslot-list 1,2,5,10-15,18
Fundamental CE3
Interface
Configuration
Commands
clock
Syntax
clock { master | slave }
undo clock
View
CE3 interface view
Parameter
master: Adopts the internal clock mode.
210
controller e3
Syntax
controller e3 interface-number
View
System view
Parameter
interface-number: CE3 interface number.
Description
Using the controller e3 command, you can enter the CE3 interface view.
For related command, see display controller e3.
Example
Enter the view of the interface E3 1/0/0.
[3com]controller e3 1/0/0
[3com-E3 1/0/0]
display controller e3
Syntax
display controller e3 interface-number
View
Any view
211
Parameter
interface-number: CE3 interface number.
Description
Using the display controller e3 command, you can view the state information of
a CE3 interface.
In addition to the state information of the CE3 interface, the command can display
the information of each E1 line on the CE3 interface if the interface is working in
CE3 mode.
Example
Display the information related to the interface E3 1/0/0.
[3com]display controller e3 1/0/0
E3 1/0/0 is up
Description : 3Com Routers, E3 1/0 Interface
Applique type is CE3 - 75 OHM unbalanced Frame-format G751, line code HDB3, clock slave,
national-bit 1,loopback not set
Alarm: none
ERROR: 0 BPV, 0 EXZ, 0 FrmErr, 0 FEBE
E3-0 CE1 1 is up
Frame-format NO-CRC4, clock master, loopback not set
E3-0 CE1 2 is up
Frame-format NO-CRC4, clock slave, loopback local
E3-0 CE1 3 is up
Frame-format NO-CRC4, clock slave, loopback remote
E3-0 CE1 4 is up
Frame-format CRC4, clock slave, loopback not set
E3-0 CE1 5 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 6 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 7 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 8 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 9 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 10 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 11 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 12 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 13 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 14 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 15 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 16 is up
Frame-format NO-CRC4, clock slave, loopback not set
212
e1 channel-set
Syntax
e1 line-number channel-set set-number timeslot-list range
undo e1 line-number channel-set set-number
View
CE3 interface view
Parameter
line-number: E1 line number in the range of 1 to 16.
set-number: The number of the channel-set formed by bundling the timeslots of
E1 line, which is in the range of 0 to 30.
range: The number of the timeslots that are bundled, which is in the range of 1 to
31. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.
Description
Using the e1 channel-set command, you can bundle the timeslots of an E1 line.
Using the undo e1 channel-set command, you can remove the timeslot bundle.
By default, no timeslots are bundled into channel-sets.
A CE3 interface can be channelized into 64Kbps lines and the timeslots of each E1
line can be bundled up to 31 channels.
When an E1 line operates at framed (CE1) mode, you can bundle the timeslots on
it. The system will automatically create a serial interface numbered serial number /
line-number:set-number. For example, the serial interface created by the
channel-set 0 of the first e1 line on E3 7/0 will be numbered 7/0/1:0. This interface
can operate at N x 64 Kbps and has the same logic features of a synchronous serial
interface on which you make other configurations.
For related command, see e1 unframed.
Example
Bundle a 128Kbps serial interface on the first E1 line on the interface E3 1/0/0.
[3com-E3 1/0/0]e1 1 channel-set 1 timeslot-list 1,2
e1 set clock
Syntax
e1 line-number set clock { master | slave }
undo e1 line-number set clock
View
CE3 interface view
213
Parameter
line-number: E1 line number in the range of 1 to 16.
master: Adopts the internal clock mode.
slave: Adopts the line clock mode.
Description
Using the e1 set clock command, you can set the clock mode for an E1 line on a
CE3 interface. Using the undo e1 clock command, you can restore the default
setting.
By defaults, the E1 lines on a CE3 interface adopt line clock.
The E1 lines on a CE3 interface working in channelized mode are allowed to use
separate clocks.
Example
Configure the first E1 line on the E3 interface to adopt line clock mode.
[3com-E3 1/0/0]e1 1 set clock slave
e1 set frame-format
Syntax
e1 line-number set frame-format { crc4 | no-crc4 }
undo e1 line-number set frame-format
View
CE3 interface view
Parameter
line-number: E1 line number in the range of 1 to 16.
crc4: The frame format adopted by an E1 line is crc4.
no-crc4: The frame format adopted by an E1 line is no-crc4.
Description
Using the e1 set frame-format command, you can configure the frame format
for an E1 line. Using the undo e1 set frame-format command, you can restore
the default setting.
By default, the frame format no-crc4 is used for E1 line.
Only if an E1 line is working in framed format (which can be set by using the undo
e1 unframed command) can this command be configured.
For related command, see e1 unframed.
214
Example
Configure the first E1 line on the E3 interface to adopt the frame format crc4.
[3com-E3 1/0/0]e1 1 set frame-format crc4
e1 set loopback
Syntax
e1 line-number set loopback { local | remote }
undo e1 line-number set loopback
View
CE3 interface view
Parameter
line-number: E1 line number in the range of 1 to 16.
local: Enables E1 line to perform local loopback.
remote: Enables E1 line to perform remote loopback.
Description
Using the e1 set loopback command, you can set the loopback mode of an E1
line on an E3 interface. Using the undo e1 set loopback command, you can
disable the E1 line to loop back.
By default, E1 lines are disabled to loop back.
If an E1 line encapsulated with PPP has been set to perform loopback, it is normal
for the state of the link layer protocol to be reported as DOWN.
Example
Set the loopback mode of the first E1 line on the E3 interface to local.
[3com-E3 1/0/0]e1 1 set loopback local
e1 shutdown
Syntax
e1 line-number shutdown
undo e1 line-number shutdown
View
CE3 interface view
Parameter
line-number: E1 line number in the range of 1 to 16.
215
Description
Using the e1 shutdown command, you can shut down an E1 line on the CE3
interface. Using the undo e1 shutdown command, you can enable the E1 line.
By default, E1 line is enabled.
This command will affect not only the specified E1 line but also the serial
interfaces formed by bundling the timeslots of the E1 line. Executing the e1
shutdown command on the specified E1 line will shut down all these serial
interfaces and the data transmission and receiving will be stopped as a result.
Likewise, executing the undo e1 shutdown command will re-enable all these
serial interfaces.
Example
Shut down the first E1 line on the E3 interface.
[3com-E3 1/0/0]e1 1 shutdown
e1 unframed
Syntax
e1 line-number unframed
undo e1 line-number unframed
View
CE3 interface view
Parameter
line-number: E1 line number in the range of 1 to 16.
Description
Using the e1 unframed command, you can set an E1 line on a CE3 interface to
work in unframed mode (E1 mode). Using the undo e1 unframed command, you
can set the E1 line on the CE3 interface to work in framed mode (CE1 mode).
By default, E1 lines are working in framed mode.
An E1 line in unframed mode does not contain the frame control information and
cannot be divided into timeslots. Naturally, no timeslot bundling can be performed
on it. In this case, the system automatically creates a serial interface numbered
serial number / line-number:0 for it. This interface operates at 2048 Kbps and has
the same logic features of a synchronous serial interface on which you can make
other configurations.
For related command, see e1 channel-set.
Example
Set the first E1 line on the E3 interface to work in unframed mode.
[3com-E3 1/0/0]e1 1 unframed
216
loopback
Syntax
loopback { local | payload | remote }
undo loopback
View
CE3 interface view
Parameter
local: Enables the CE3 interface to perform local loopback.
payload: Places the CE3 interface in an remote payload loopback. Data passes the
framer in this case and will be looped back after payload is generated.
remote: Enables the CE3 interface to perform remote loopback. Data does not go
through the framer in this case and will be looped back before the payload has
been generated.
Description
Using the loopback command, you can configure the loopback mode of a CE3
interface. Using the undo loopback command, you can disable the CE3 interface
to perform loopback.
By default, loopback is disabled on the CE3 interface.
It is necessary for you to enable the CE3 interface to perform loopback only for the
purpose of testing some special functions.
If a CE3 interface encapsulated with PPP has been set to perform loopback, it is
normal for the state of the link layer protocol to be reported as DOWN.
Example
Enable the interface E3 1/0/0 to perform local loopback.
[3com-E3 1/0/0] loopback local
national-bit
Syntax
national-bit { 0 | 1 }
undo national-bit
View
CE3 interface view
Parameter
0: Sets the national bit of the CE3 interface to 0.
1: Sets the national bit of the CE3 interface to 1.
217
Description
Using the national-bit command, you can configure national bit for a CE3
interface. Using the undo national-bit command, you can restore the default
setting.
The national bit of CE3 interface defaults to 1.
It is necessary to set the national bit of an E3 interface to 0 only in some special
circumstances.
For the related command, see controller e3.
Example
Set the national bit of the interface E3 1/0/0 to 0.
[3com-E3 1/0/0] national-bit 0
using
Syntax
using { e3 | ce3 }
undo using
View
CE3 interface view
Parameter
e3: Sets the CE3 interface to work in unchannelized mode.
ce3: Sets the CE3 interface to work in channelized mode.
Description
Using the using command, you can configure the operating mode of a CE3
interface. Using the undo using command, you can restore the default setting.
By default, the CE3 interface is working in channelized mode.
Only when the CE3 interface is working in channelized mode can you configure
the E1 lines on it.
When the CE3 interface is working in unchannelized mode, the system
automatically creates a serial interface numbered serial number / 0:0 for it. This
interface operates at 34.368 Mbps and has the same logic features of a
synchronous serial interface on which you can make other configurations.
For related command, see controller e3.
Example
Configure the interface E3 1/0/0 to work in unchannelized mode.
[3com-E3 1/0/0]using e3
218
Fundamental CT3
Interface
Configuration
Commands
cable
Syntax
cable feet
undo cable
View
CT3 interface view
Parameter
feet: Cable length in the range of 0 to 450 feet.
Description
Using the cable command, you can configure the length of the cable with which a
CT3 interface is connected. Using the undo cable command, you can restore the
default length of the cable with which the CT3 interface is connected.
The parameter feet defaults to 49.
The length of the cable for CT3 interface connection refers to the distance
between the router and the cable distribution rack.
Example
Set the cable length to 50 feet for the interface T3 1/0/0.
[3com-T3 1/0/0]cable 50
clock
Syntax
clock { master | slave }
undo clock
View
CT3 interface view
Parameter
master: Adopts the internal clock mode.
slave: Adopts the line clock mode.
219
Description
Using the clock command, you can set the clock mode on a CT3 interface. Using
the undo clock command, you can restore the default clock mode on the
interface.
By default, the CT3 interface adopts the line clock mode (slave).
The clock is selected depending on the connected remote device. If it is a
transmission device, the local end will use the line clock.
If the CT3 interfaces on the two routers are directly connected, one router should
use the internal clock whereas the other router uses the line clock.
Example
Configure the CT3 interface with internal clock.
[3com-T3 1/0/0]clock master
controller t3
Syntax
controller t3 interface-number
View
System view
Parameter
interface-number: CT3 interface number.
Description
Using the controller t3 command, you can enter the CT3 interface view.
For the related command, see display controller t3.
Example
Enter the view of the interface T3 1/0/0.
[3com]controller t3 1/0/0
[3com-T3 1/0/0]
crc
Syntax
crc { 16 | 32 | no-crc}
undo crc
View
Synchronous serial interface view
220
Parameter
16: Adopt 16-bit CRC.
32: Adopt 32-bit CRC.
no-crc: Adopt no CRC.
Description
Using the crc command, you can configure CRC mode of the serial interface
formed by CT3. Using the undo crc command, you can restore the default setting.
By default, 16-bit CRC is used.
For the related commands, see t1 channel-set, t1 unframed, and using.
Example
Apply 32-bit CRC to the serial interface formed by the interface T3 1/0/0 in
unchannelized mode.
[3com-Serial1/0/0:0] crc 32
frame-format
Syntax
frame-format { c-bit | m23 }
undo frame-format
View
CT3 interface view
Parameter
c-bit: Sets the frame format to C-bit.
m23: Sets the frame format to m23.
Description
Using the frame-format command, you can configure the frame format used by
a CT3 interface. Using the undo frame-format command, you can restore the
default frame format used by the CT3 interface.
By default, the CT3 interface adopts the C-bit frame format.
Example
Set the frame format of the interface T3 1/0/0 to m23.
[3com-T3 1/0/0] frame-format m23
loopback
Syntax
loopback { local | payload | remote }
221
undo loopback
View
CT3 interface view
Parameter
local: Enables the CT3 interface to perform local loopback.
payload: Places the CT3 interface in an external payload loop. Data passes the
framer in this case and will be looped back after payload is generated.
remote: Enables the CT3 interface to perform remote loopback. Data does not go
through the framer in this case and will be looped back before the payload has
been generated.
Description
Using the loopback command, you can configure the loopback mode of a CT3
interface. Using the undo loopback command, you can disable the CT3 interface
to perform loopback.
By default, loopback is disabled on the CT3 interface.
Loopback is usually used for some special detection. It should not be enabled in
normal working condition.
If a CT3 interface encapsulated with PPP has been set to perform loopback, it is
normal for the state of its link layer protocol to be reported as DOWN.
Example
Enable the interface T3 1/0/0 to perform local loopback.
[3com-T3 1/0/0]loopback local
t1 channel-set
Syntax
t1 line-number channel-set set-number timeslot-list range [ speed { 56k | 64k } ]
undo t1 line-number channel-set set-number
View
CT3 interface view
Parameter
line-number: T1 line number in the range of 1 to 28.
set-number: The number of the channel-set formed by bundling the timeslots of
T1 line, which is in the range of 0 to 23.
range: The number of the timeslots that are bundled, which is in the range of 1 to
24. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
222
t1 set clock
Syntax
t1 line-number set clock { master | slave }
undo t1 line-number set clock
View
CT3 interface view
Parameter
line-number: T1 line number in the range of 1 to 28.
master: Adopts the internal clock.
slave: Adopts the line clock.
Description
Using the t1 set clock command, you can set the clock mode for a T1 line on a
CT3 interface. Using the undo e1 clock command, you can restore the default
setting.
By defaults, the T1 lines on a CT3 interface adopt line clock.
The E1 lines on a CE3 interface working in channelized mode are allowed to use
separate clocks.
223
Example
Configure the first T1 line on the T3 interface to adopt line clock.
[3com-T3 1/0/0]t1 1 set clock slave
t1 set frame-format
Syntax
t1 line-number set frame-format { esf | sf }
undo t1 line-number set frame-format
View
CT3 interface view
Parameter
line-number: T1 line number in the range of 1 to 28.
esf: Set the T1 line to use the Extended Super Frame (ESF) format.
sf: Set the T1 line to use the Super Frame (SF) format.
Description
Using the t1 set frame-format command, you can configure the frame format of
T1 line. Using the undo t1 set frame-format command, you can restore the
default setting.
By default, the frame format of T1 line is esf.
Only if a T1 line is working in framed format (which can be set by using the undo
t1 unframed command) can this command be configured.
For the related commands, see t1 set unframed and using.
Example
Adopt the frame format SF for the first T1 line on the T3 interface.
[3com-T3 1/0/0]t1 1 set frame-format sf
t1 set loopback
Syntax
t1 line-number set loopback { local | remote }
undo t1 line-number set loopback
View
CT3 interface view
Parameter
line-number: T1 line number in the range of 1 to 28.
224
t1 shutdown
Syntax
t1 line-number shutdown
undo t1 line-number shutdown
View
CT3 interface view
Parameter
line-number: T1 line number in the range of 1 to 28.
Description
Using the t1 shutdown command, you can shut down a T1 line on the CT3
interface. Using the undo t1 shutdown command, you can enable the T1 line.
By default, T1 line is enabled.
This command will affect not only the specified T1 line but also the serial
interfaces formed by bundling the timeslots of the T1 line. Executing the t1
shutdown command on the specified T1 line will shut down all these serial
interfaces and the data transmission and receiving will be stopped as a result.
Likewise, executing the undo t1 shutdown command will re-enable all these
serial interfaces.
Example
Shut down the first T1 line on the T3 interface.
225
t1 unframed
Syntax
t1 line-number unframed [ speed { 56k | 64k } ]
undo t1 line-number unframed
View
CT3 interface view
Parameter
line-number: T1 line number in the range of 1 to 28.
speed: Timeslot bundling mode. If 56k is selected, the timeslots will be bundled
into N x 56Kbps. If 64k is selected, the timeslots will be bundled into N x 64 Kbps.
Speed defaults to 64k.
Description
Using the t1 unframed command, you can set a T1 line on a CT3 interface to
work in unframed mode (T1 mode). Using the undo t1 unframed command, you
can set the T1 line on the CT3 interface to work in framed mode (CT1 mode).
By default, T1 lines are working in framed mode.
A T1 line in unframed mode does not contain the frame control information and
cannot be divided into timeslots. Naturally, no timeslot bundling can be performed
on it. In this case, the system automatically creates a serial interface numbered
serial number / line-number:0 for it. This interface operates at 1544 Kbps and has
the same logic features of a synchronous serial interface on which you can make
other configurations.
For the related command, see t1 channel-set.
Example
Set the first T1 line on the T3 interface to work in unframed mode.
[3com-T3 1/0/0]t1 1 unframed
using
Syntax
using { t3 | ct3 }
View
CT3 interface view
Parameter
t3: Sets the CT3 interface to work in unchannelized mode.
ct3: Sets the CT3 interface to work in channelized mode.
226
Description
Using the using command, you can configure the operating mode of a CT3
interface. Using the undo using command, you can restore the default setting.
By default, the CT3 interface is working in channelized mode.
Only when the CT3 interface is working in channelized mode can you configure
the T1 lines on it.
When the CT3 interface is working in unchannelized mode, the system
automatically creates a serial interface numbered serial number / 0:0 for it. This
interface operates at 44.736 Mbps and has the same logic features of a
synchronous serial interface on which you can make other configurations.
Example
Configure the interface T3 1/0/0 to work in unchannelized mode.
[3com-T3 1/0/0]using t3
display controller t3
Syntax
display controller t3 interface-number
View
Any view
Parameter
interface-number: CT3 interface number.
Description
Using the display controller t3 command, you can view the state information of
a CT3 interface.
In addition to the state information of the CT3 interface, the command can display
the information of each T1 line on the CT3 interface if the interface is working in
CT3 mode.
Example
Display the information related to the interface T3 1/0/0.
[3com]display controller t3 1/0/0
T3 1/0/0 is down
Description : 3Com Routers, T3 1/0 Interface
Frame-format C-BIT Parity, line code B3ZS, cable 49 feet, clock slave, loopback not set
Alarm: none
ERROR: 0 BiPolarViolation, 0 EXcessiveZero, 1 FrameError
0 ParityBitError, 0 C-BitParityBitError, 0 FarEndBlockError
227
Syntax
cable { long | short }
undo cable
View
ATM T3 Interface view
Parameter
long: Long distance mode. Cable length ranges from 151 to 500 meters.
short: Short distance mode. Cable length ranges from 0 to 150 meters.
Description
Using the cable command, you can configure the cable mode of the ATM T3
cable, to set the distance between the router and the cable distribution frame.
Using the undo cable command, you can restore the default setting.
By default, short distance mode is used.
Example
Set the cable length mode of ATM T3 1/0/0 to long.
<3com> system-view
[3com] interface atm 1/0/0
[3com-Atm1/0/0] cable long
clock
Syntax
clock { master | slave }
undo clock
View
ATM E3/T3 interface view.
Parameter
master: Sets the clock mode of ATM E3/T3 to master mode.
slave: Sets the clock mode of ATM E3/T3 to slave mode.
Description
Using the clock command, you can set the clock mode of ATM E3/T3 interface.
Using the undo clock command, you can restore the default setting.
228
Syntax
display interface atm [ interface-number ]
View
Any view
Parameter
interface-number: Interface number of ATM E3/T3.
Description
Using the display interface atm command, you can view the configuration and
status of ATM E3/T3 interface. If no interface-number is specified, the system will
display the configuration and status of all ATM interfaces.
Example
View the configuration and status of ATM E3/T3 interface 1/1/0.
<3com> display interface atm 1/1/0
frame-format
Syntax
frame-format { g832-adm | g751-adm | g751-plcp }
frame-format { cbit-adm | cbit-plcp | m23-adm | m23-plcp }
undo frame-format
View
ATM E3/T3 interface view
Parameter
g832-adm: Configures frame format of ATM E3 as G.823 ATM direct mapping.
g751-adm: Configures frame format of ATM E3 as G.751 ATM direct mapping.
g751-plcp: Configures frame format of ATM E3 as G.751 Physical Layer
Convergence Protocol (PLCP).
cbit-adm: Configures frame format of ATM T3 as C-bit ATM direct mapping.
229
loopback
Syntax
loopback { cell | local | payload | remote }
undo loopback
View
ATM E3/T3 interface view
Parameter
cell: Internal cell loopback
local: Internal loopback.
payload: External payload loopback.
remote: External line loopback.
Description
Using the loopback command, you can enable the loopback function of the
interface. Using the undo loopback command, you can disable the loopback
function.
By default, loopback is disabled.
Example
Enable external payload loopback of ATM E3/T3 interface 2/0/0.
<3com> system-view
[3com] interface atm 2/0/0
230
scramble
Syntax
scramble
undo scramble
View
ATM E3/T3 interface view
Parameter
None
Description
Using the scramble command, you can enable scrambling function of ATM E3/T3
interface. Using the undo scramble command, you can disable the scrambling
function.
By default, the scrambling function of ATM E3/T3 interface is enabled.
The scramble command is used to enable the scramble and descramble function
on payload, with no influence on the cell header.
Example
Disable the scramble function of ATM E3/T3 interface 2/0/0.
<3com> system-view
[3com] interface atm 2/0/0
[3com-Atm2/0/0] undo scramble
ATM OC-3c/STM-1
Interface
Configuration
Commands
clock
Syntax
clock { master | slave }
undo clock
View
ATM interface view
Parameter
master: Adopts the internal clock mode.
slave: Adopts the line clock mode.
231
Description
Using the clock command, you can set the clock mode on an ATM interface.
Using the undo clock command, you can restore the default clock mode on the
interface.
By default, the ATM interface adopts the slave clock.
When an ATM interface is working as DCE, choose the master clock mode. When
it is working as DTE, choose the slave clock mode for it. When ATM interfaces of
two routers are directly connected by fiber, one end should be configured with the
master clock mode and the other with the slave clock mode.
Example
Adopt the master clock on the ATM interface 4/0/0.
<3com> system-view
[3com] interface atm 4/0/0
[3com-Atm4/0/0] clock master
Syntax
display interface atm [ interface-number ]
View
Any view
Parameter
interface-number: Interface number. If no interface has been specified, the
configuration and state information of all the ATM interfaces will be displayed.
Description
Using the display interface atm command, you can view the configuration and
state information of ATM OC-3c/STM-1 interface(s).
Example
View the configuration and state information of the ATM interface 4/0/0.
<3com> display interface atm 4/0/0
frame-format
Syntax
frame-format { sdh | sonet }
undo frame-format
View
ATM interface view
232
Parameter
sdh: Sets the frame format to SDH STM-1.
sonet: Sets the frame format to SONET OC-3.
Description
Using the frame-format command, you can set the frame format of ATM
OC-3c/STM-1 interface. Using the undo frame-format command, you can
restore the default setting.
The frame format on the ATM OC-3c/STM-1 interface defaults to SONET.
Example
Set the frame format on the ATM OC-3c/STM-1 interface to SDH.
[3com-Atm4/0/0] frame-format sdh
loopback
Syntax
loopback { cell | local | remote }
undo loopback
View
ATM interface view
Parameter
cell: Enables the ATM interface to perform cell loopback.
local: Enables the ATM interface to perform local loopback.
remote: Enables the ATM interface to perform the remote loopback.
Description
Using the loopback command, you can enable the loopback function on an ATM
OC-3c/STM-1 interface. Using the undo loopback command, you can disable the
loopback function.
By default, loopback function is disabled.
It is necessary for you to enable the interface to perform loopback only for the
purpose of testing some special functions. You should not enable the loopback
function when the interface is providing normal services.
Example
Enable the ATM interface to perform local loopback.
[3com-Atm4/0/0] loopback local
scramble
233
Syntax
scramble
undo scramble
View
ATM interface view
Parameter
None
Description
Using the scramble command, you can enable an undo scramble to scramble the
payload on ATM OC-3c/STM-1 interface. Using the undo scramble command,
you can disable the scrambling function.
By default, the ATM OC-3c/STM-1 interface is enabled to scramble the payload.
Executing the scramble command will make an interface to scramble and
descramble the payload but will not affect the cell headers.
Example
Disable the ATM interface to scramble the payload.
[3com-Atm4/0/0] undo scramble
ADSL Interface
Configuration
Commands
activate
Syntax
activate
undo activate
View
ADSL interface view
Parameter
None
Description
Using the activate command, you can activate an ADSL interface. Using the undo
activate command, you can deactivate an ADSL interface.
By default, the ADSL interface is active.
234
Before an ADSL port can operate services, you must activate it. ACTIVATE in this
particular context refers to the training conducted between an ADSL central office
and a remote ATU-R. The activation procedure will be specified in compliance with
the ADSL standard, channel mode, uplink and downlink speeds, and the noise
tolerance specified in the line configuration template. It will test the line distance
and state, make the central office and the remote device make negotiation, and
confirm whether the normal operation is allowed in the these conditions. If the
training succeeds, the central office and the remote device can set up a
communication connection for transporting services between them. This process is
also called port activation. This connection will disappear upon the deactivation of
the ADSL port. To transport new services, you must re-activate the port.
This command is used to manually activate/deactivate an ADSL line for the
purpose of testing and troubleshooting.
The commands activate/undo activate and shutdown/undo shutdown are
different because the former can only take effect on ADSL lines.
You should note that ADSL is always online, which is different from DCC.
Therefore, after the device is booted, the ADSL interface will automatically enable
the activation task and enter the active state. It will stay active as long as the line is
in good condition. The router tests the line performance at a regular interval and
will automatically deactivate the line and perform a new training and re-activation
once it finds out that the line performance has deteriorated.
Example
Deactivate the ADSL interface.
[3com-Atm1/0]undo activate
adsl standard
Syntax
adsl standard { auto | gdmt | glite | t1413 }
undo adsl standard
View
ADSL interface view
Parameter
auto: Auto-sensing mode.
gdmt: Adopts the G.DMT(G992.1) standard.
glite: Adopts the G.Lite (G992.2) standard.
t1413: Adopts the T1.413 standard.
Description
Using the adsl standard command, you can set the standard applied to an ADSL
interface. Using the undo adsl standard command, you can restore the default
standard used by the ADSL interface.
235
adsl tx_attenuation
Syntax
adsl tx_attenuation attenuation
undo adsl tx_attenuation
236
View
ADSL interface view
Parameter
attenuation: Attenuation value, in the range of 0~12. By default, it is 0.
Description
Using the adsl tx_attenuation command, you can set attenuation value for ADSL
transmit power. Using the undo adsl tx_attenuation command, you can restore
the default value.
Example
[3com-Atm1/0/0] adsl tx_attenuation 10
Syntax
display dsl configuration interface atm interface-number
View
Any view
Parameter
interface-number: Interface number.
Description
Using the display dsl configuration command, you can display the actual ADSL
configuration information.
Example
Display the actual ADSL configuration information.
[3com-Atm1/0]display dsl configuration interface atm 1/0
Line Params Set by User
Standard:
T1.413
Annex:
A
Framing:
3
Coding Gain(dB):
Auto
Tx Pow Attn(dB):
0
Bit-Swap:
disable
LinkCheck:
Enable
Actual Config
Near End
Far End
Standard:
T1.413
T1.413
Trellis Coding:
Enable
Enable
Framing:
3
3
Vendor ID:
0x0039
0x0004
AS0 (DS)
LS0(US)
Rate(Bytes):
238
26
Rate(kbps):
7616
832
Latency:
Intlv
Intlv
FEC(fast):
0
0
S/D/R(Inlv):
1/64/16
8/8/16
DMT Bits Allocation Per Bin (Up/Down Bits:249/2148)
00: 0 0 0 0 0 0 7 8 a a a a 8 a b c c c b b b b b b 9 9 a a 9 8 8 0
20: 0 0 0 0 2 2 2 3 4 4 5 6 6 7 7 8 8 8 8 8 9 9 a a a a a a a 8 9 a
40: 0 a a a a b b b b b a b b b b b b b b b b b b b b b b b b b b b
60: b b b b b b b b b b b b b b b b b b b a 9 4 a b b b b b b b b b
80: b b b b b b b b b b b b b b b b b b b b b b b b b b b b b b b b
a0: b b b a b a b a b b a b b b b b a a b a a b b a a a a a a a a a
c0: a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a
e0: a 9 9 a 9 9 9 9 9 9 8 9 9 9 9 9 9 9 9 9 8 8 8 8 8 7 7 7 7 6 6 6
Description
The following
information appears
after the link is
activated.
Actual Config
Actual operating
parameters after the
link is activated
Rate(kbps)
Syntax
display dsl status interface atm interface-number
View
Any view
Parameter
interface-number: Interface number.
Description
Using the display dsl status command, you can display the DSL state
information.
Example
Display the ADSL state information of the interface 1/0/0.
[3com-Atm1/0/0]display dsl status interface atm 1/0/0
State of driver/chipsets
Phy Op State: Active
Xcvr Op State: Data Mode
Active Params
Near End
Far End
SNR Margin(dB):
16.0
3.0
237
238
Attenuation(dB):
Coding Gain(dB):
Tx Power(dBm):
Tx Bin Number:
Rate(kbps):
Adsl Count
SEF(sef):
LOS(los):
RSI(fec-I):
RSF(fec-F):
CRCI(crc-I):
CRCF(crc-F):
ATM Count
NCDI(ncd-I):
NCDF(ncd-F):
OCDI(ocd-I):
OCDF(ocd-F):
HECI(hec-I):
HECF(hec-F):
Adsl Defects
Overall:
SEF(sef):
LOS(LOS):
ATM Defects
NCDI(ncd-I):
NCDF(ncd-F):
LCDI(lcd-I):
LCDF(lcd-F):
1.0
2.0
5.5
8.3
21.7
25
219
832
7616
Near End
Far End
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Description
State of driver/chipsets
Phy
Xcvr
Syntax
display dsl version interface atm interface-number
239
View
Any view
Parameter
interface-number: Interface number.
Description
Using the display dsl version command, you can display the DSL version
information and the supported capabilities.
Example
Display the ADSL version information.
[3com-Atm1/0/0]display dsl version interface atm 1/0/0
Adsl board chipset and version info
Dsl Line Type:
Adsl Over Pots
Dsl Line Type:
Adsl Over Pots
ATM SAR Device:
0x823614f1
ATM SAR Revision:
0x02
Chipset Vendor:
GSPN
FW Release:
T7941
Revision:
1
DSP Version:
0
AFE Version:
0
PCB Version:
0.0
CPLD Version:
1.0
Driver Version:
2.0
Hardware Version:
1.0
Adsl Capability
ANSI T1.413 Issue 2: Supported
ITU G992.1 ANNEX A: Supported
ITU G992.2
: Supported
Fundamental Logical
Interface
Configuration
Commands
Sub-Interface
Configuration
Commands
interface
Syntax
interface interface-type interface-number.subinterface-number [ p2mp | p2p ]
undo interface interface-type interface-number.subinterface-number
View
System view
240
Parameter
interface-type: Type of interface
interface-number: Number of interface, including slot number, card number, and
port number.
subinterface-number: Number of sub-interface, ranging from 0 to 4096.
p2mp: Configures type of sub-interface as point to multipoint
p2p: Configures type of sub-interface as point to point
Description
Using the interface command, you can create sub-interface of point to multipoint
or point to point types. Using the undo interface command, you can delete
specified sub-interface.
By default, the type of sub-interface is point to multipoint.
Presently, point to multipoint or point to point sub-interface can be configured to
ATM interface, interface with frame relay or X.25 as its link layer protocol type. In
contrast, sub-interface of Ethernet is of broadcast type.
Up to 1024 sub-interfaces can be created for one main-interface.
Example
Create a sub-interface on ATM interface 2/0/0.
<3com> system-view
[3com] interface atm 2/0/0.1
[3com-Atm2/0/0.1]
interface ethernet
Syntax
interface ethernet interface-number.subinterface-number
undo interface ethernet interface-number.subinterface-number
View
System view
Parameter
interface-number: Number of interface, including slot number, card number, and
port number.
subinterface-number: Number of sub-interface, ranging from 0 to 4096.
Logic-Channel Interface
241
Description
Using the interface ethernet command, you can create Ethernet sub-interface.
Using the undo interface ethernet command, you can delete specified Ethernet
sub-interface.
Ethernet sub-interface is used for VLAN configuration. For a detailed configuration
procedure for VLAN, refer to the section Link Layer Protocol chapter in the 3Com
Router Configuration Guide.
Up to 256 sub-interfaces can be created for one Ethernet interface.
Example
Create a sub-interface on Ethernet interface 1/0/0.
[3com] interface ethernet 1/0/0.1
[3com-Ethernet1/0/0.1]
Logic-Channel
Interface
interface logic-channel
Syntax
interface logic-channel interface-number
undo interface logic-channel interface-number
View
System view
Parameter
interface-number: Number of logic-channel, in range of 0~1023.
Description
Using the interface logic-channel command, you can create logic-channel
interface. Using the undo interface ethernet command, you can delete
logic-channel interface.
Once it is created, a logic-channel interface stays in UP state until it is deleted.
Example
Create the logic-channel interface 100.
[3com] interface logic-channel 100
[3com-Logic-Channel100]
242
Configuration
Command of Virtual
Template and Virtual
Access Interface
broadcast-limit link
Syntax
broadcast-limit link number
undo broadcast-limit link
View
Virtual template view
Parameter
number: Maximum link number that the virtual template supports for sending
multicast or broadcast packets, ranging from 0 to 128. The default value is 30.
Description
Using the broadcast-limit link command, you can configure the maximum link
number that virtual template supports for sending multicast or broadcast packets.
Using the undo broadcast-limit link command, you can restore the default
configuration.
When there are many links on a virtual template, sending multicast or broadcast
packets from each link may influence the function of the system. In this case, the
broadcast-limit link command can be used as a limitation, so that multicast or
broadcast packets are discarded if the link number exceeds the limitation.
Example
Configure maximum link number of virtual template 1 supporting sending
multicast or broadcast packet to be 100.
[3com] interface virtual-template 1
[3com-Virtual-Template1] broadcast-limit link 100
display interface
virtual-template
Syntax
display interface virtual-template [ number ]
View
Any view
Parameter
virtual-template: Virtual template.
number: Number of virtual template, ranging from 0 to 1023. The state of all
virtual template will be displayed, if this parameter is not specified.
243
Description
Using the display interface virtual-template command, you can view the status
information of virtual template.
Example
View the state of specified virtual template.
<3com> display interface virtual-template 1
display virtual-access
Syntax
display virtual-access [ slot slot-number | vt vt-number | user user-name | peer
peer-address | va-number ]
View
Any view
Parameter
slot-number: Slot number of virtual access interface.
vt-number: Virtual template number of virtual access interface.
user-name: Login username of virtual access interface.
peer-address: Peer end address of virtual access interface.
va-number: Sequence number of virtual access interface.
State information of all virtual access interfaces will be displayed, if no parameter
is specified.
Description
Using the display virtual-access command, you can view the state information
of virtual access interface.
Example
View state information of all virtual access interfaces.
<3com> display virtual-access
interface
virtual-template
Syntax
interface virtual-template number
undo interface virtual-template number
View
System view
244
Parameter
number: Number of virtual template, ranging from 0 to 1023.
Description
Using the interface virtual-template command, you can create virtual template
or enter existing virtual template view. Using the undo interface
virtual-template command, you can delete specified virtual template.
A virtual template should be created before the creation of a virtual access
interface, and should be closed after the virtual access interface has been closed
and will not be reused.
In deleting the virtual template, make sure that all its derived virtual access
interfaces have been removed and this virtual template is not in use any more.
Example
Create virtual template 10.
[3com] interface virtual-template 10
[3com-Virtual-Template10]
MP-group Interface
Configuration
Command
display interface
mp-group
Syntax
display interface mp-group [ number ]
View
Any view
Parameter
number: Number of MP-group interface. If the number of the interface is not
specified, status information of all MP-group interfaces is displayed.
Description
Using the display interface mp-group command, you can view the status of
MP-group interface.
Example
View status information of MP-group interface.
<3com> display interface mp-group
interface mp-group
Syntax
interface mp-group number
245
View
System view
Parameter
number: Number of a MP-group interface. The sequence number ranges from 0
to 1023 so, at most, 1024 MP-group interfaces are supported by one interface
card.
Description
Using the interface mp-group command, you can create a MP-group interface.
Using the undo interface mp-group command, you can delete specified
MP-group interface.
This command is used in concert with the ppp mp mp-group command. Either
MP-group interface or interface added in MP group can be configured first.
Example
Create MP-group interface 3/0/0.
[3com] interface mp-group 3/0/0
[3com-mp-group 3/0/0]
ppp mp mp-group
Syntax
ppp mp mp-group number
undo ppp mp mp-group number
View
Interface view
Parameter
number: Number of MP-group interface
Description
Using the ppp mp mp-group command, you can add the current interface to a
specified MP group. Using the undo ppp mp mp-group command, you can
remove the current interface from a specified MP group.
This command is used with the interface mp-group command. Either MP-group
interface or interface added in MP group can be configured first.
It should be noted that the interface added to an MP group must be consistent
with the slot of the MP-group interface.
In addition, the interface added to an MP group must be a physical interface.
Tunnel interfaces do not support this command.
246
Example
Add serial port 3/0/0 to MP group 3.
[3com] interface serial 3/0/0
[3com-Serial3/0/0] ppp mp mp-group 3/0/0
Virtual Ethernet
Interface
Configuration
Command
display interface
virtual-ethernet
Syntax
display interface virtual-ethernet [ number ]
View
Any view
Parameter
number: Number of virtual Ethernet interfaces, with sequence number ranging
from 0 to 1023. If the number of interfaces is not specified, the status of all virtual
Ethernet interfaces will be displayed.
Description
Using the display interface virtual-ethernet command, you can view status of a
virtual Ethernet interface.
Example
View the status information of virtual Ethernet interface 1/0/0.
<3com> display interface virtual-ethernet 1/0/0
interface
virtual-ethernet
Syntax
interface virtual-ethernet number
undo interface virtual-ethernet number
View
System view
Parameter
number: Number of virtual Ethernet interface, with sequence number ranging
from 0 to 1023.
247
Description
Using the interface virtual-ethernet command, you can create a virtual Ethernet
interface. Using the undo interface virtual-ethernet command, you can delete
the specified virtual Ethernet interface.
Virtual Ethernet interface is mainly applied to PPPoEoA and IPoEoA.
Example
Create virtual Ethernet interface 12 on interface card 0 of slot 6.
[3com] interface virtual-ethernet 6/0/12
[3com-Virtual-Ethernet6/0/12]
mac-address
Syntax
mac-address H-H-H
undo mac-address
View
Virtual Ethernet interface view
Parameter
H-H-H: Mac address of virtual Ethernet interface, in the form of hex character
string.
Description
Using the mac-address command, you can configure the Mac address of a virtual
Ethernet interface. Using the undo mac-address command, you can restore the
default configuration.
By default, for a virtual Ethernet interface created on VIU, its MAC address is the
same as the MAC address of Ethernet interface carried by VIU itself.
For a virtual Ethernet interface created on RSU, its MAC address is 0 by default.
Example
Configure the MAC address of virtual Ethernet interface 10/0/0.
[3com] interface virtual-ethernet 10/0/0
[3com-Virtual-Ethernet10/0/0] mac-address 1000-1000-1000
248
Configuration
Command of
Loopback Interface
and Null Interface
display interface
loopback
Syntax
display interface loopback [ number ]
View
Any view
Parameter
number: Number of Loopback interface, which must be an existing one. If
number of interface is not specified, status of all created loopback interface will be
displayed.
Description
Using the display interface loopback command, you can view status of the
loopback interface.
For the related command, see interface loopback.
Example
View status information of specified Loopback interface.
<3com> display interface loopback 6
LoopBack6 current state : UP
Line protocol current state :UP
Description : 3Com Routers, LoopBack6 Interface
The Maximum Transmit Unit is 1536
Internet Address is 10.10.1.1/8
Syntax
display interface null [ 0 ]
View
Any view
Parameter
0: Number of Null interface, fixed as 0.
Description
Using the display interface null command, you can view status of Null interface.
The parameter does not affect the execution result.
For a related command, see interface null.
249
Example
View status information of Null0 interface.
<3com> display interface null 0
NULL0 current state : UP
Line protocol current state :UP (spoofing)
Physical is NULL DEV
Description : 3Com Routers, NULL0 Interface
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
5 minutes input rate 0 bytes/sec, 0 packets/sec
5 minutes output rate 0 bytes/sec, 0 packets/sec
0 packets input, 0 bytes, 0 drops
0 packets output, 0 bytes, 0 drops
interface loopback
Syntax
interface loopback number
undo interface loopback number
View
System view
Parameter
number: Number of Loopback interface, ranging from 0 to 1023.
Description
Using the interface loopback command, you can create a Loopback interface or
enter Loopback interface view. Using the undo interface loopback command,
you can delete a specified Loopback interface.
After a Loopback interface is created, it always keeps up state, and bears loopback
feature, so it is often used to improve the reliability of configuration.
For the related command, see display interface loopback.
Example
Create Loopback interface 5.
[3com] interface loopback 5
[3com-LoopBack5]
interface null
Syntax
interface null 0
View
System view
250
Parameter
none
Description
Using the interface null command, you can enter the Null interface view.
There is only one Null interface, fixed as null0, which is fixed, and cannot be
deactivated or deleted.
For the related command, see display interface null.
Example
Enter view of Null0 interface.
[3com] interface null 0
[3com-NULL0]
PPP and MP
Configuration
Commands
display ppp mp
Syntax
display ppp mp [ interface interface-type interface-num ]
View
Any view
Parameter
interface-type interface-num: Used to specify the interface to be viewed.
Description
Using the display ppp mp command, you can view all the interface information
and statistics of MP.
For the related commands, see link-protocol ppp and ppp mp.
Example
Display the MP interface information.
<3Com> display ppp mp
Template is Virtual-Template1
Bundle, quid0, 1 member, slot 3, Master link is Virtual-Template1:0
0 lost fragments, 0 reordered, 0 unassigned, sequence 0/0 rcvd/sent
The bundled son channels are: Serial3/0/0
Description
Template is Virtual-Template1
Virtual-template interface
Bundle quid0
Bundle name
1 member
slot 3
Bundled in slot 3
Master link
0 lost fragments
Lost fragments
0 reordered
0 unassigned
Unassigned fragments
252
Description
Syntax
ip tcp vjcompress
undo ip tcp vjcompress
View
Interface view
Parameter
None
Description
Using the ip tcp vjcompress command, you can enable a PPP interface to
compress the VJ TCP header. Using the undo ip tcp vjcompress command, you
can disable the PPP interface to compress the VJ TCP header.
If the VJ TCP header is permitted to compress at the PPP interface, the interface at
the opposite end shall also permit to compress the VJ TCP header. This command
is only used in the centralized environment.
By default, the VJ TCP header is disabled to compress at the PPP interface.
Example
The VJ TCP header is permitted to compress at the PPP interface
[3Com-dialer0] ip tcp vjcompress
link-protocol ppp
Syntax
link-protocol ppp
View
VT view or Dialer view
Parameter
None
253
Description
Using the link-protocol ppp command, you can configure the link-layer protocol
encapsulated on the interface as PPP.
By default, the link-layer protocol for interface encapsulation is PPP.
PPP is a link-layer protocol bearing network-layer packets over the point-to-point
link. It defines a whole set of protocols including LCP (link control protocol), NCP
(network-layer control protocol), PAP (Password Authentication Protocol) and
CHAP (Challenge Handshake Authentication Protocol). It is widely used for it
supports user authentication, easy scalability and
synchronization/asynchronization.
For the related command, see display interface.
Example
Configure PPP encapsulation on interface Serial 0/0/0.
[3Com--Dialer0] link-protocol ppp
mp binding-mode
Syntax
ppp mp binding-mode { authentication | both | descriptor }
undo ppp mp binding-mode
View
System view
Parameter
authentication: Performs the MP binding according to the authentication user
name of PPP.
both: Performs the MP binding based on both the authentication user name of
PPP and the terminal identifier.
descriptor: Performs the MP binding according to the terminal identifier.
Description
Using the ppp mp binding-mode command, you can set the MP binding
condition. Using the undo ppp mp binding-mode command, you can restore
the default value of the MP binding condition.
By default, it performs the MP binding based on both the authentication user
name of PPP and the terminal identifier.
User name is the peer one received by the PPP link performing the PAP or CHAP
authentication, while the terminal identifier, as a unique flag of a Router, is the
peer one received in performing the LCP negotiation. The system can perform the
MP binding base on the received user name and terminal identifier, and then the
254
interfaces with the identical user name or the same terminal identifier is bound
together.
For the related command, see ppp mp user.
Example
Perform the MP binding only based on the user name of the PPP authentication.
[3Com] ppp mp binding-mode authentication
Syntax
ppp accounting scheme { default | scheme -name }
undo ppp accounting
View
Interface view
Parameter
default: Indicates that the default accounting method list is adopted.
scheme -name: Accounting method list, indicating that which method list is
adopted for accounting.
Description
Using the ppp accounting scheme command, you can set accounting for PPP
user. Using the undo ppp accounting command, you can disable the accounting
.
By default, no ppp accounting is performed.
After PPP authentication succeeds, AAA will begin to charge the peer user. The
command is used to configure the accounting method list. Please refer to AAA
Configuration for the detailed method list configuration.
For the related commands, see ppp authentication-mode and aaa
authentication-scheme ppp.
Example
Configure to adopt the default accounting method list for accounting on Serial
0/0/0.
[3Com-Serial0/0/0] ppp accounting scheme default
ppp
authentication-mode
Syntax
ppp authentication-mode { chap | pap } [ call-in ] [ scheme { default | scheme -name } ]
undo ppp authentication-mode
255
View
Interface view
Parameter
One of chap and pap should be selected.
call-in: Authenticates the peer only when the remote user calls in.
default and scheme-name: indicates the authentication algorithm lists configured
by user while authenticating. For detailed description, refer to AAA section.
Description
Using the ppp authentication-mode command, you can set the local PPP
authentication algorithm for the peer router. Using the undo ppp
authentication-mode command, you can cancel the configuration, i.e. no
authentication.
By default, no authentication is performed.
There are two PPP authentication algorithms they are:
Syntax
ppp chap password { simple | cipher } password
undo ppp chap password
View
Interface view
256
Parameter
password: Password.
simple or cipher: Passwords in plain text or in encrypted text.
Description
Using the ppp chap password command, you can configure the default CHAP
password while performing CHAP authentication. Using the undo ppp chap
password command, you can cancel the configuration.
While configuring CHAP authentication, you should configure the local password
to be the same as the user password at the other end.
For the related commands, see ppp authentication-mode chap and local-user.
Example
Set the user password as 3Com in plain text when the local router perform the
authentication via CHAP.
[3Com-Serial1/0/0] ppp chap password simple 3Com
Syntax
ppp chap user username
undo ppp chap user
View
Interface view
Parameter
username: User name of CHAP authentication, which is the one sent to the peer
equipment to be authenticated.
Description
Using the ppp chap user command, you can configure the user name when
performing the CHAP authentication. Using the undo ppp chap user command,
you can delete the existing configuration.
By default, the user name of the CHAP authentication is blank.
While configuring CHAP authentication, you should configure the username of
each end as the local_user of the peer end, and configure the corresponding
password accordingly.
For the related commands, see ppp authentication-mode and local-user.
257
Example
Configure the local user name as Root when CHAP authentication is performed on
interface Serial0/0/0.
[3Com-Serial1/0/0] ppp chap user Root
Syntax
ppp compression iphc [ nonstandard | rtp-connections rtp-connections | tcp-connections
tcp-connections ]
View
Interface view
Parameter
nonstandard: uses the nonstandard mode in compressing the IP/UDP/RTP header
rtp-connections rtp-connections: sets the maximum rtp-connections of the iphc
function, its value ranges from 3 to 1000.
tcp-connections tcp-connections: sets the maximum number of tcp-connections
of the iphc function, its value ranges from 3 to 256.
Description
Using the ppp compression iphc command, you can enable the iphc.
For the related command, see link-protocol ppp.
Example
None
ppp compression stac-lzs
Syntax
ppp compression stac-lzs
undo ppp compression stac-lzs
View
Interface view
Parameter
None
Description
Using the ppp compression stac-lzs command, you can set the PPP protocol to
use the Stac compression algorithm. Using the undo ppp compression stac-lzs
command, you can disable the compression at the relevant interface.
By default, compression is disabled.
258
When stac-lzs compression is configured on the interface, the data frame size can
be reduced through data compression without losing the data. However, this
configuration will add load to the router. It is recommended that this function be
disabled when the router has already been overloaded. In addition, only when
stac-lzs is configured at both ends of a point-to-point link, will this link support the
stac-lzs compression.
For the related command, see link-protocol ppp.
Example
Configure stac-lzs compression on the local router.
[3Com-Serial0/0/0] ppp compression stac-lzs
Syntax
ppp ipcp dns { primary-dns-address [ secondary-dns-address ] | admit-any }
undo ppp ipcp dns { primary-dns-address [ secondary-dns-address ] | admit-any }
View
Interface view
Parameter
primary-dns-address: Address of the primary DNS server.
secondary-dns-address: Address of the secondary DNS server.
admit-any: Accepts any DNS address requested by the peer.
Description
Using the ppp dns command, you can enable the Router to provide the DNS
address for the peer. Using the undo ppp dns command, you can disable this
process.
By default, the Router does not provide the DNS address for the peer.
When other devices are connected with the Router (e.g. PC is connected to the
Router by dialing up) via the PPP protocol, the Router can assign the DNS address
to the peer equipment after the negotiation. Thus, the peer equipment can
directly access the network via the domain name.
If you connect the Router with your PC, you can use the command winipcfg or
ipconfig /all on your PC to view the DNS address provided by the Router.
For the related commands, see ppp authenticationmode pap and local-user.
Example
Configure the primary DNS address of the local Router as 100.1.1.1, and the
secondary DNS address as 100.1.1.2.
259
ppp mp
Syntax
ppp mp
undo ppp mp
View
Interface view
Parameter
None
Description
Using the ppp mp command, you can enable the interface encapsulated with PPP
to operate in the MP mode. Using the undo ppp mp command, you can enable
the interface to operate in the Single PPP mode.
By default, the interface encapsulated with PPP operates in the Single PPP mode.
To increase the bandwidth, multiple PPP links can be bound to form a logical MP
interface. For this purpose, it is necessary to specify a virtual-template in system
view. MP can be configured and used only at the physical interfaces which can
encapsulate PPP. To enable MP, you must configure the ppp mp command and the
PAP or CHAP authentication at the physical interface.
For the related commands, see link-protocol ppp, ppp mp user, and interface
virtual-template.
Example
Configure the PPP encapsulated interface Serial0/0/0 to work in MP mode.
[3Com-Serial1/0/0] ppp mp
ppp mp lfi
Syntax
ppp mp lfi [ delay-per-frag max-delay ]
undo ppp mp lfi [ delay-per-frag ]
View
Virtual template interface view
Parameter
max-delay: Maximum delay in millisecond, its value ranges from 1 to 1000.
260
Description
Using the ppp mp lfi command, you can configure the link fragmentation and
interleaving features. Using the undo ppp mp lfi command, you can restore the
default configuration.
By default, the value of number is 10.
Example
Set a maximum delay of 100 milliseconds for per fragmentation.
[3Com-Virtual-Template0] ppp mp lfi delay-per-frag 100
ppp mp max-bind
Syntax
ppp mp max-bind max-bind-num
undo ppp mp max-bind
View
Virtual template interface view
Parameter
max-bind-num: Indicates maximum number of links which can be bound, in the
range from 1 to 128.
Description
Using the ppp mp max-bind command, you can configure maximum number of
bound links of MP. Using the undo ppp mp max-bind command, you can restore
the default configuration.
By default, its value is 16.
Normally, it is not necessary to configure the parameter, which should be
performed under the guidance of technical engineers when necessary. Such a
configuration may have impact on the performance of PPP. If it is necessary to bind
more than 16 PPP channels, the parameter max-bind-num can be changed.
If a VIU board reports failure in MP removing links, it is possible that the maximum
binding number is smaller than the actually configured one. Make sure that the
maximum binding number should be larger than the actual one.
For the related command, see ppp mp.
Example
Set the maximum number of bound links to 12.
[3Com-Virtual-Template10] ppp mp max-bind 12
ppp mp min-fragment
261
Syntax
ppp mp min-fragment size
undo ppp mp min-fragment
View
Virtual template interface view
Parameter
size: Minimum packet size for MP outgoing packet fragmentating. When the MP
outgoing packet is smaller than this value, fragmentating is avoided. When the MP
packet is larger than this value, fragment is involved. It is in byte in the range from
128 to 1500.
Description
Using the ppp mp min-fragment command, you can set the minimum packet
size when MP outgoing packets begin to be fragmented in multiple-link binding.
Using the undo ppp mp min-fragment command, you can restore the default
setting.
By default, it is 128.
If the small packet fragmentating is not expected, this command can be used to
set larger packet size value of the MP packet fragment.
For the related command, see ppp mp.
Example
Set the minimum packet of the MP packet fragmentating to 500 bytes.
[3Com-Virtual-Template10] ppp mp min-fragment 500
ppp mp user
Syntax
ppp mp user username bind virtual-template number
undo ppp mp user username
View
System view
Parameter
username: User name
number: Virtual-template number.
Description
Using the ppp mp user command, you can configure MP binds based on the
username. Using the undo ppp mp user command, you can cancel MP binds.
262
Local IP address and the IP address (or IP address pool) assigned to the peer
PPP
ppp mp virtual-template
Syntax
ppp mp virtual-template [ number ]
undo ppp mp
View
Interface view
Parameter
number: Configures the virtual template number to be bound by the interface,
which ranges from 0 to 1023.
Description
Using the ppp mp virtual-template command, you can configure the virtual
template number to be bound by the interface. Using the undo ppp mp
command, you can disable the MP binding of the interface.
By default, the MP binding of the interface is disabled, and the interface works in
ordinary PPP mode.
This command specifies the virtual template number to be bound on the interface.
The interface using this command to perform the MP binding needs not
configuring PAP or CHAP authentication. Two or more interfaces with the same
virtual template number is bound directly together. Moreover, this command is
mutually exclusive with the ppp mp command. That is, only one of the two
commands can be configured on a same interface.
For the related commands, see link-protocol ppp and interface
virtual-template.
263
Example
Configure the PPP encapsulated interface Serial0/0/0 to work in MP view.
[3Com-Serial0/0/0] ppp mp virtual-template 1
Syntax
ppp pap local-user username password { simple | cipher } password
undo ppp pap local-user
View
Interface view
Parameter
username: Username sent.
password: Password sent.
simple: Password in plain text.
cipher: Password in encrypted text.
Description
Using the ppp pap local-user command, you can configure the username and
password sent by the local router when it is authenticated by the peer router via
the PAP method. Using the undo ppp pap local-user command, you can disable
the configuration.
By default, when the local router is authenticated by the peer router via the PAP
method, both the username and the password sent by the local router are empty.
When the local router is authenticated via the PAP method by the peer router, the
username and password sent by the local router must be the same as the user and
password of the peer router.
For the related commands, see ppp authentication pap-mode and local-user.
Example
Set the username of the local router authenticated by the peer end via the PAP
method as 3Com and the password as 3Com.
[3Com-Serial1/0/0] ppp pap local-user 3Com password simple 3Com
Syntax
ppp timer hold seconds
undo ppp timer hold
264
View
Serial interface view
Parameter
seconds: Time interval for the interface to send keepalive packet in second. The
value ranges from 0 to 32767 and defaults to 10.
Description
Using the ppp timer hold command, you can set the timer to send keepalive
packet, while using the undo ppp timer hold command, you can restore the
default value.
For the very slow data links, the seconds parameter must not be set too small.
Because the long datagram can only be transferred totally after a long time, the
transfer of keepalive datagram is delayed. The data link would be regarded to be
broken if the interface has not received the keepalive packet from the other end
for many keepalive periods. So if the keepalive time is set for a very long time, the
datalink would be considered to be broken by the other end, and then be closed.
The keepalive time must be set same at the two end of a ppp link.
For the related command, see display interface.
Example
Set the PPP timer hold to 20 seconds.
[3Com-Serial1/0/0] ppp timer hold 20
Syntax
ppp timer negotiate seconds
undo ppp timer negotiate
View
Interface view
Parameter
seconds: Time of negotiation timeout in seconds. During the PPP negotiation, if
the local end does not receive the response packet of the peer end, PPP will resend
the last packet. The time ranges from 1 to 10 seconds.
Description
Using the ppp timer negotiate command, you can set the PPP negotiation
timeout, while using the undo ppp timer negotiate command, you can restore
the default value.
By default, the PPP timeout is 3 seconds.
265
PPPoE Server
Configuration
Commands
display pppoe-server
session
Syntax
display pppoe-server session { all | packet | statistics interface interface-type
interface-number }
View
Any view
Parameter
all: Displays all information of each PPPoE session.
packet: Displays packet statistics of each PPPoE session.
statistics: Displays the statistics information of PPPoE sessions over an interface.
interface-type interface-number: Specifies an interface.
Description
Using the display pppoe-server session command, you can view the status and
statistics of PPPoE session.
For the related commands, see link-protocol ppp and pppoe-server bind.
Example
View all the session information of PPPoE.
<3Com> display pppoe-server session all
SID Intf
State OIntf
RemMAC
LocMAC
2 Virtual-Template1:0 UP Ethernet0/2/0 0050.ba22.7369 00e0.fc08.f4de
Description
SID
Session Identifier
Intf
State
State of sessions
OIntf
RemMAC
LocMAC
Local MAC
266
OutP
16
OutO OutD
343 0
pppoe-server bind
virtual-template
Field
Description
InP
InO
InD
OutP
OutO
OutD
Syntax
pppoe-server bind virtual-template number
undo pppoe-server bind
View
Interface view
Parameter
number: Number of the virtual-template for access to PPPoE, and its value ranges
from 0 to 1023.
Description
Using the pppoe-server bind virtual-template command, you can enable
PPPoE on the virtual-template specified by the Ethernet interface. Using the undo
pppoe-server bind command, you can disable PPPoE protocol on the relevant
interface.
By default, PPPoE protocol is disabled.
For the related command, see link-protocol ppp.
Example
Enable PPPoE on virtual-template 1 of Ethernet interface Ethernet1/0/0.
[3Com-Ethernet1/0/0] pppoe-server bind virtual-template 1
pppoe-server
max-sessions local-mac
Syntax
pppoe-server max-sessions local-mac number
undo pppoe-server max-sessions local-mac
View
System view
267
Parameter
number: Maximum number of sessions that can be established at a local MAC
address, which ranges from 1 to 4069.
Description
Using the pppoe-server max-sessions local-mac command, you can set the
maximum number of PPPoE sessions that can be established at a local MAC
address. Using the undo pppoe-server max-sessions local-mac command, you
can restore the default configuration.
By default, the value of number is 1000.
For the related commands, see pppoe-server max-sessions remote-mac and
pppoe-server max-sessions total.
Example
Set the maximum number of PPPoE sessions that can be established at a local
MAC address to 50.
[3Com] pppoe-server max-sessions local-mac 50
pppoe-server
max-sessions
remote-mac
Syntax
pppoe-server max-sessions remote-mac number
undo pppoe-server max-sessions remote-mac
View
System view
Parameter
number: Maximum number of PPPoE sessions that can be established at a peer
MAC address, which ranges from 1 to 4096.
Description
Using the pppoe-server max-sessions remote-mac command, you can set the
maximum number of PPPoE sessions that can be established at a peer MAC
address. Using the undo pppoe-server max-sessions remote-mac command,
you can restore the default configuration.
By default, the value of number is 1000.
For the related commands, see pppoe-server max-sessions local-mac and
pppoe-server max-sessions total.
Example
Display how to set the maximum number of PPPoE sessions that can be
established at a remote MAC address to 50.
268
pppoe-server
max-sessions total
Syntax
pppoe-server max-sessions total number
undo pppoe-server max-sessions total
View
System view
Parameter
number: maximum number of PPPoE sessions that the system can establish,
which ranges from 1 to 65535.
Description
Using the pppoe-server max-sessions total command, you can set the
maximum number of PPPoE sessions that the system can establish. Using the
undo pppoe-server max-sessions total command, you can restore the default
configuration.
By default, the value of number is 4096.
For the related commands, see pppoe-server max-sessions remote-mac and
pppoe-server max-sessions local-mac.
Example
Set the maximum number of PPPoE sessions established by the system to 3000.
[3Com] pppoe-server max-sessions total 3000
PPPoE Client
Configuration
Commands
debugging pppoe-client
Syntax
debugging pppoe-client option [ interface type number ]
View
User view and system view
Parameter
option: PPPoE Client debugging switch type, see the following table for more
details.
269
interface type number: Interface type and number, used to enable the debugging
switch of the specified interface. If no interface is specified, the system will enable
the debugging switch of all interfaces.
Table 4 PPPoE Client debugging switch type and explanation
Debugging switch
type
Explanation
all
data
error
event
packet
verbose
Description
The command debugging pppoe-client is used to enable PPPoE Client debugging
switch.
Example
None
display pppoe-server
session
Syntax
display pppoe-client session { summary | packet } [ dial-bundle-number number ]
View
Any view
Parameter
summary: Displays the summary of PPPoE session.
packet: Displays the statistics of PPPoE session data packet.
dial-bundle-number number: Displays the statistics of the specified PPPoE session.
If PPPoE session is not specified, the system will display the statistics of all PPPoE
sessions.
Description
The command display pppoe-client session is used to display the status and
statistics of PPPoE session.
Example
Display the summary of PPPoE session.
[3Com]display pppoe-client session summary
PPPoE Client Session:
270
Client-MAC
Server-MAC
State
Eth0
Eth0
For more details of the display information, see the following table.
Table 5 Explanation of display pppoe-client session summary
Field
Explanation
ID
Server-MAC
Client-MAC
Dialer
Bundle
Intf
State
For more details of the display information, see the following table.
Table 6 Explanation of the information displayed by pppoe-client session packet
pppoe-client
Field
Explanation
SID
InP
InO
InD
OutP
OutO
OutD
Syntax
pppoe-client dial-bundle-number number [ no-hostuniq ] [ idle-timeout seconds [
queue-length packets ] ]
undo pppoe-client dial-bundle-number number
View
Ethernet interface view or virtual Ethernet interface view
271
Parameter
dial-bundle-number number: Dialer Bundle number corresponding to PPPoE
session, and its value ranges from 1 to 255.The parameter number can be used to
identify a PPPoE session, or as a PPPoE session.
no-hostuniq: The call originated from PPPoE Client does not carry the Host-Uniq
field. By default, no no-hostuniq parameter is configured, i.e. PPPoE session works
in permanent online mode by default.
idle-timeout seconds: Idle time of PPPoE session in seconds, and its value ranges
from 1 to 65535. If the parameter is not configured, PPPoE session will work in
permanent online mode. Otherwise, it will works in packet trigger mode.
queue-length packets: packet number cached in the system before PPPoE session
is established, its value ranges from 1 to 100.Only after idle-timeout is configured
will the parameter be enabled. By default, packets is 10.
Description
Using the pppoe-client command, you can establish a PPPoE session and specify
the Dialer Bundle corresponding to the session. Using the undo pppoe-client
command, you can delete a PPPoE session.
By default, no PPPoE session is configured.
Multiple PPPoE sessions can be configured at one Ethernet interface, i.e. one
Ethernet interface might simultaneously belong to multiple Dialer Bundles.
However, one Dialer Bundle only has one Ethernet interface. PPPoE session and
Dialer Bundle are one-to-one. If the Dialer Bundle at a certain Dialer has had one
Ethernet interface used by PPPoE, any other interfaces cannot be added to this
Dialer Bundle. Likewise, if Dialer Bundle has had interfaces other than the PPPoE
Ethernet interface, this Dialer Bundle can also not be added to the Ethernet
interface used by PPPoE Client.
When PPPoE session works in permanent online mode, and the physical lines go
UP, the Router will immediately initiate PPPoE call to establish PPPoE session. This
PPPoE connection will exist constantly unless users use the command undo
pppoe-client to delete PPPoE session. When PPPoE session works in packet
trigger mode, the Router will not initiate PPPoE call to establish PPPoE session
unless it has data to transmit. If there is no data transmission on the PPPoE link
within seconds, the Router will automatically terminate PPPoE session. Only after it
has new data to transmit, PPPoE session will be re-established.
For the related command, see reset pppoe-client.
Example
Create a PPPoE session on the interface Ethernet 0/0/0.
[3Com-Ethernet0/0/0]pppoe-client dial-bundle-number 1
reset pppoe-client
Syntax
reset pppoe-client { all | dial-bundle-number number }
272
View
User view
Parameter
all: Clears all PPPoE sessions.
dial-bundle-number number: Dialer Bundle number, its value ranges from 1 to
255. Used to clear the PPPoE session corresponding to Dialer Bundle.
Description
Using the reset pppoe-client command, you can terminate PPPoE session and
re-initiate the connection later.
If PPPoE session in permanent online mode is terminated using the command
reset pppoe-client, the Router will automatically re-establish PPPoE session in
sixteen seconds. If PPPoE session is terminated in packet trigger mode using the
command reset pppoe-client, the Router will not re-establish PPPoE session
unless it has data to transmit.
For the related command, see pppoe-client.
Example
Clear all PPPoE sessions, and re-initiate PPPoE session later.
<3Com>reset pppoe-client all
VLAN Configuration
Commands
display vlan interface
Syntax
display vlan interface interface-type interface-num
View
Any view
Parameter
interface-type interface-num: Specifies the interface. At present, the interface
types supported include Ethernet interface and Gigabit Ethernet interface, and it
only supports sub-interface.
Description
Using the display vlan interface command, you can view VLAN configuration
information on a certain interface (only supporting sub-interface).
273
Example
Display the VLAN configuration information at the Ethernet interface 2/0/0.1.
<3Com> display vlan interface ethernet 2/0/0.1
encapsulation isl vid 60
display vlan
max-packet-process
Syntax
display vlan max-packet-process vid
View
Any view
Parameter
vid: VLAN ID, used to identify a VLAN.
Description
Using the display vlan max-packet-process command, you can view the
maximum number of processed packets configured on a certain VLAN per second.
For the related command, see max-packet-process.
Example
Display the maximum number of processed packets configured on the VLAN 10.
<3Com> display vlan max-packet-process 10
Max Packet Process Count for Vid 10 is 300000
Syntax
display vlan statistics interface interface-type interface-num protocol { arp | ip }
View
Any view
Parameter
interface-type interface-num: Used to specify the interface. At present, the
interface types supported include Ethernet interface and Gigabit Ethernet
interface, and it only supports sub-interface.
arp: packet type is ARP.
ip: packet type is IP.
Description
Using the display vlan statistics interface command, you can view the packet
statistics on a certain VLAN.
For the related command, see reset vlan statistics interface.
274
Example
Display the VLAN statistics on Ethernet subinterface 2/0/0.1.
<3Com> display vlan statistics interface ethernet 0/2/0.1
Packets Discarded
:0
Packets forwarded to IP/ARP module : 0
Packets forwarded by VLAN module: 0
Syntax
display vlan statistics vid vid
View
Any view
Parameter
vid: VLAN ID, used to identify a VLAN.
Description
Using the display vlan statistics vid command, you can view the packet statistics
on a certain VLAN, e.g. the received packet number and the sent packet number.
For the related command, see reset vlan statistics interface.
Example
Display the packet statistics on VLAN 10.
<3Com> display vlan statistics vid 10
Packets received: 53
Packets transmitted: 14
max-packet-process
Syntax
max-packet-process count vid
undo max-packet-process vid
View
System view
Parameter
count: Maximum number of processed packets.
vid: VLAN ID, used to identify a VLAN.
Description
Using the max-packet-process command, you can set the maximum number of
processed packets per second on a certain VLAN. Using the undo
max-packet-process command, you can restore it to the default setting.
275
Syntax
reset vlan statistics interface interface-type interface-number
View
User view
Parameter
interface-type interface-num: Used to specify the interface. At present, the
interface types supported include Ethernet interface and Gigabit Ethernet
interface, and it only supports sub-interface.
Description
Using the reset vlan statistics interface command, you can clear VLAN statistics
on a certain interface.
For the related command, see show vlan statistics interface.
Example
Clear the VLAN statistics on Ethernet subinterface 2/0/0.1.
<3Com> reset vlan statistics interface ethernet 2/0/0.1
Syntax
reset vlan statistics vid vid
View
User view
Parameter
vid: VLAN ID, used to identify a VLAN.
276
Description
Using the reset vlan statistics vid command, you can clear the VLAN statistics.
For the related command, see display vlan statistics vid.
Example
Clear the statistics with VLAN ID 10.
<3Com> reset vlan statistics vid 10
vlan-type dot1q
Syntax
vlan-type dot1q vid vid
View
Interface view
Parameter
vid: VLAN ID, used to identify a VLAN, its value ranges from 1 to 4094.
Description
Using the vlan-type dot1q command, you can set the encapsulation types on the
sub-interface.
By default, there is no encapsulation on the subinterface, nor VLAN ID related to
the subinterface.
For the related command, see display vlan interface.
Example
Set the Ethernet sub-interface 2/0/0.1 to be related to VLAN ID 60, and its
encapsulation format is dot1q.
[3Com-Ethernet2/0/0.1] vlan-type dot1q vid 60
ISDN Configuration
Commands
debugging isdn
Syntax
debugging isdn { cc | q921 | q931 | spid } [ interface type number ]
undo debugging isdn { cc | q921 | q931| spid } [ interface type number ]
View
User view
277
Parameter
cc: Enables ISDN CC module debugging.
q921: Enables Q.921 debugging.
q931: Enables ISDN Q.931 module debugging.
spid: Enables SPID debugging for the BRI interfaces running the NI protocol.
interface type number: Interface type and number. You can enable ISDN signaling
debugging on an interface by specifying its type and number. If no interface has
been specified, the system will enable ISDN signaling debugging on all the ISDN
interfaces.
Description
Using the debugging isdn command, you can enable ISDN debugging. Using the
undo debugging isdn command, you can disable ISDN debugging.
You must enable terminal debugging first before ISDN debugging can take effect.
Example
Enable CC debugging.
<3Com> debugging isdn cc
Disable CC debugging.
<3Com> undo debugging isdn cc
display isdn
active-channel
Syntax
display isdn active-channel [ interface type number ]
View
Any view
Parameter
interface type number: Interface type and number.
Description
Using the display isdn active-channel command, you can view the active call
information on ISDN interfaces. If no interface has been specified, the system will
display the active call information on all the ISDN interfaces.
The displayed information can help you with ISDN call troubleshooting.
Example
Display the active call information on the interface bri 0/0/0.
[3Com] display isdn active-channel interface bri 0/0/0
278
Bri0/0/0 :
------------------------------------------------------------Channel Call
Call Calling Calling
Called Called
Info
Property Type Number Subaddress Number Subaddress
B1
Digital Out 8810124
B2
Analog
In 8810118 380
8810150 2201
-------------------------------------------------------------
Syntax
display isdn call-info [ interface type number ]
View
Any view
Parameter
interface type number: Interface type and number.
Description
Using the display isdn call-info command, you can view the current states of
ISDN interfaces. If no interface has been specified, the system will display the
current states of all the ISDN interfaces.
Executing this command will output the state of each layer of the ISDN protocol
on one or all interfaces, including the information of Q.921, Q.931 and CC
modules. You may make troubleshooting based on the output information.
For the related command, see display interfaces.
Example
Display the current states of all ISDN interfaces.
[3Com]display isdn call-info
Bri0/0/0:
Link Layer: TEI = NONE, State = TEI_UNASSIGNED
Network Layer: 0 connection(s)
Serial0/0/0:15:
Link Layer: TEI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Network Layer: 1 connection(s)
Connection 1:
CCIndex: 0x0000, State: Active, CES: 1, Channel: 0x00000002
Calling_Num[:Sub]: 003
Called_Num[:Sub]: 002
Description
Bri0/0/0
279
Description
CCIndex
Call index
State
Call state
Channel
Channel map
Calling_Num[:Sub]
Called_Num[:Sub]
Disabling an interface will clear all the statistic data related to the interface and
new counting will be started.
display isdn call-record
Syntax
display isdn call-record [ interface type number ]
View
Any view
Parameter
interface type number: Displays only the call history of the specified interface.
Description
Using the display isdn call-record command, you can view the information of
ISDN call history.
Executing this command will display information of the calls activated in the last
15 minutes, but the number of retained entries is limited to 100.
Example
Display the information of ISDN call history.
[3Com] display isdn call-record
Call Calling Called Start
Stop
Seconds
Type Number Number Time
Time
Used
--------------------------------------------------------------------In 10660016 10660016
11:23:09 0
In 10660022 10660022 03-07-05 11:23:09 0
Out 660016
03-07-05 11:23:01 03-07-05 11:23:04 3
Out 660022
03-07-05 11:23:01 03-07-05 11:23:04 3
In 10660016 10660016 03-07-05 11:23:01 03-07-05 11:23:04 3
In 10660022 10660022 03-07-05 11:23:01 03-07-05 11:23:04 3
Syntax
display isdn parameters { protocol | interface type number }
View
Any view
03-07-05
280
Parameter
protocol: ISDN protocol type, which can be DSS1, NTT, NI, ETSI, ANSI or AT&T.
interface type number: ISDN interface type and number.
Description
Using the display isdn parameters command, you can view the system
parameters at layers 2 and 3 of the ISDN protocol, such as the durations of system
timers and frame size.
If only ISDN protocol is specified, the system will display the default system
parameters of ISDN.
For the related command, see display interfaces.
Example
Display the system parameters of the ISDN protocol DSS1.
[3Com] display isdn parameters dss1
DSS1 ISDN layer 2 system parameters:
T200(sec) T202(sec) T203(sec) N200 K(Bri)
1
2
10
3
1
DSS1 ISDN layer 3 system timers:
Timer-Number
Value(sec)
T301
240
T302
15
T303
4
T304
30
T305
30
T308
4
T309
90
T310
40
T313
4
T314
4
T316
120
T317
10
T318
4
T319
4
T321
30
T322
4
K(Pri)
7
Description
T200(sec)
T202(sec)
T203(sec)
The maximum link idle time (in seconds) of the ISDN L2 protocol
N200
K(Bri)
K(Pri)
Timer-Number
ISDN L3 timer
281
Item
Description
Value(sec)
Syntax
display isdn spid [ interface type number ]
View
Any view
Parameter
interface type number: ISDN interface type and number.
Description
Using the display isdn spid command, you can view the related information of
SPID on the BRI interface running the NI protocol.
You may execute this command to view the SPID type, SPID value and some other
information when ISDN is running. Executing this command without specifying an
interface, you may view the related information of SPI on all the SPID-supported
BRI interfaces. Alternatively, you may view the information only on one interface
by specifying its type and number.
Example
Display the related information of SPID on the NI-supported interface bri 0/0/0.
[3Com] display isdn spid interface bri 0/0/0
Interface bri 0/0/0:
SPID Type : AUTO
SPID B1 :
SPID Num: 124345
Neg State : SPID_ASSIGNED
Init State: INIT_NULL
SPID B2 :
SPID Num: 45645754
Neg State : SPID_ASSIGNED
Init State: INIT_NULL
SPID timer : 30 seconds
SPID resend: 2
Description
SPID Type
SPID B1
SPID Num
282
isdn bch-local-manage
Item
Description
Neg State
Init State
SPID B2
SPID timer
SPID resend
Syntax
isdn bch-local-manage
undo isdn bch-local-manage
View
ISDN interface view
Parameter
None
Description
Using the isdn bch-local-manage command, you can enable local ISDN B
channel management. Using the undo isdn bch-local-manage command, you
can disable the setting.
It is very important to put appropriate control on the B channels used for calls in
process, especially in the PRI mode. Proper channel management can improve call
efficiency and reduce call loss. Normally, the centralized B channel management
provided by exchanges can work well. For this reason, you are recommended to
adopt the management function provided by exchanges in most cases, despite the
ISDN module can provide the channel management function as well.
Example
Enable local ISDN B channel management.
[3Com-Bri2/0/0] isdn bch-local-manage
isdn bch-select-way
Syntax
isdn bch-select-way { ascending | descending}
View
ISDN interface view
283
Parameter
ascending: Selects B channels in ascending order.
descending: Selects B channels in descending order.
Description
Using the isdn bch-select-way command, you can set a B channel selection
method.
By default, B channels are selected in ascending order.
Example
Configure B channel selection method on the interface Bri2/0/0 to descending
order.
[3Com-Bri2/0/0] isdn bch-select-way descending
isdn caller-number
Syntax
isdn caller-number caller-number
undo isdn caller-number
View
ISDN interface view
Parameter
caller-number: Caller number that an incoming ISDN call can carry, which is a
character string of 1 to 24 characters.
Description
Using the isdn caller-number command, you can configure the range of the
numbers that the router can receive. Using the undo isdn caller-number
command, you can delete the configured caller number.
Example
Configure the router to receive only the incoming calls from the caller numbers
with 400.
[3Com-Serial0/0/0:15] isdn caller-number 400
isdn calling
Syntax
isdn calling calling-number
undo isdn calling
View
ISDN interface view
284
Parameter
calling-number: Calling number.
Description
Using the isdn calling command, you can have the messages from a calling party
to a called party carry the calling number. Using the undo isdn calling command,
you can delete calling number in the messages that a calling party transmitted.
This command mainly applies on BRI interfaces. If a calling party has configured
this command on its BRI interface, the call party will be able to see the calling
number by viewing the call history information.
Example
Configure the message from a calling party to a called party on interface Bri0/0/0
to carry calling number.
[3Com-Bri0/0/0] isdn calling 8060170
isdn
check-called-number
Syntax
isdn check-called-number check-index called-party-number [ : subaddress ]
undo isdn check-called-number check-index
View
ISDN BRI Interface view, ISDN PRI Interface view
Parameter
check-index: Called number or subaddress checking index, which is in the range of
1 to 3.
called-party-number: Called number, a string comprising 1 to 20 digits.
subaddress: Subaddress, which is a string comprising digits and/or case-insensitive
English letters and is 1 to 20 characters in length.
Description
Using the isdn check-called-number command, you can configure the called
number or subaddress that the system should verify when receiving a digital call.
Using the undo isdn check-called-number command, you can remove the
configuration.
By default, the system does not check the called number or subaddress carried by
incoming digital calls.
This command is used for setting the examined item when a digital call is received.
If a subaddress is specified, the system will deny an incoming digital call if the
calling party sends a wrong subaddress or does not send at all.
285
Example
Check whether the called number carried by incoming digital calls is 66668888 on
the interface Bri 0/0/0.
[3Com-Bri0/0/0] isdn check-called-number 1 66668888 : 123
isdn crlength
Syntax
isdn crlength call-reference-length
undo isdn crlength
View
ISDN interface view
Parameter
call-reference-length: ISDN call reference length, which can be one or two bytes.
Description
Using the isdn crlength command, you can set length of the call reference used
when a call is placed on an ISDN interface. Using the undo isdn crlength
command, you can restore the default ISDN call reference length on the interface.
Call reference is equal to the sequence number that the protocol assigns to each
call. It is one or two bytes in length and can be used cyclically.
When the router receives a call from a remote device, it can automatically identify
the length of the call reference. However, some devices on the network do not
have such capability. In the event that the router is required to place calls to such a
device connected to it, you must configure the router to use the same call
reference length configured on the connected device.
By default, the call reference length is two bytes for E1 PRI and T1 PRI interfaces
and one byte for BRI interfaces.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
Example
Set the call reference length carried by the ISDN messages on the PRI interface
serial0/0/0:15 to 1 byte.
[3Com-serial0/0/0:15] isdn crlength 1
Syntax
isdn ignore connect-ack
286
View
ISDN interface view
Parameter
None
Description
Using the isdn ignore connect-ack command, you can configure the router to
switch the ISDN protocol state to ACTIVE to start the data and voice service
communications after sending a CONNECT message without having to wait for a
CONNECT ACK message. Using the undo isdn ignore connect-ack command,
you can restore the default setting.
By default, in the event that the router is communicating with an exchange, the
ISDN protocol must wait for the CONNECT ACK message in response to the
CONNECT message before it can switch to the ACTIVE state to start data and
voice service communications.
In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
Example
Set the call process on the BRI interface 0/0/0 to proceed to the ACTIVE state
without waiting for CONNECT ACK messages.
[3Com-Bri0/0/0] isdn ignore connect-ack
Syntax
isdn ignore hlc
undo isdn ignore hlc
View
ISDN interface view
Parameter
None
287
Description
Using the isdn ignore hlc command, you can disable ISDN to carry the higher
layer compatibility (HLC) information element in the SETUP messages sent when
placing voice calls. Using the undo isdn ignore hlc command, you can configure
ISDN to carry the HLC information element in SETUP messages.
By default, HLC information element is carried in SETUP messages when placing
voice calls.
In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
Example
Configure ISDN to carry the HLC information element in the SETUP messages for
the voice calls placed on the Bri interface 0/0/0.
[3Com-Bri0/0/0] isdn ignore hlc
Syntax
isdn ignore llc
undo isdn ignore llc
View
ISDN interface view
Parameter
None
Description
Using the isdn ignore llc command, you can disable ISDN to carry the Lower
Layer Compatibility (LLC) information element in the SETUP messages sent when
placing voice calls. Using the undo isdn ignore llc command, you can configure
ISDN to carry the LLC information element in SETUP messages.
By default, LLC information element is carried in SETUP messages when placing
voice calls.
In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
288
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
Example
Disable ISDN to carry the LLC information element in the SETUP messages for the
voice calls placed on the interface Bri 0/0/0.
[3Com-Bri0/0/0] isdn ignore llc
isdn ignore
sending-complete
Syntax
isdn ignore sending-complete [ incoming | outgoing ]
undo isdn ignore sending-complete [ incoming | outgoing ]
View
ISDN interface view
Parameter
incoming: Ignores the Sending Complete Information Element in SETUP messages
with respect to incoming calls.
outgoing: Sends SETUP messages without the Sending Complete Information
Element with respect to outgoing calls.
Description
Using the isdn ignore sending-complete command, you can configure the ISDN
protocol to ignore the processing on the Sending Complete Information Element.
Using the undo isdn ignore sending-complete command, you can restore the
default setting.
By default, in the event that the router is communicating with an exchange, the
ISDN protocol checks whether the received SETUP messages carry the Sending
Complete Information Element with respect to incoming calls and carries the
Sending Complete Information Element in SETUP messages with respect to
outgoing calls.
In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
You can configure this command on an interface only when the ISDN protocol
running on the interface is DSS1 or ETSI.
289
Example
Ignore the Sending Complete Information Element in the received SETUP
messages.
[3Com-Bri0/0/0] isdn ignore sending-complete incoming
isdn L3-timer
Syntax
isdn L3-timer timer-name time-interval
undo isdn L3-timer { timer-name | all }
View
ISDN interface view
Parameter
timer-name: Name of a L3 timer of the ISDN protocol.
time-interval: Timer duration, which can take on one of the values listed in the
following table.
all: Restores the default durations of all the L3 timers.
Table 10 Description of Q931 timers
timer-name
Value range
(in units)
t301
30 ~ 1200
240
t302
5 ~ 60
15
t303
2 ~ 10
t304
10 ~ 60
30
t305
4 ~ 30
30
t308
2 ~ 10
t309
10 ~ 180
90
t310
10 ~ 180
40
t313
2 ~ 10
t316
2 ~ 180
120
t322
2 ~ 10
Description
Using the isdn L3-timer command, you can configure the duration of an ISDN L3
timer. Using the undo isdn L3-timer command, you can restore the default
duration of the ISDN L3 timer on the interface.
290
You can view the default durations of the L3 timers in the ISDN protocol by
executing the display isdn parameters command.
Example
Set the duration of the L3 timer T301 on the interface Bri 0/0/0 to 160 seconds.
[3Com-Bri0/0/0] isdn l3-timer t301 160
isdn number-property
Syntax
isdn number-property number-property [ calling | called ]
undo isdn number-property [ calling | called ]
View
ISDN interface view
Parameter
number-property: Type and number scheme of ISDN numbers. The argument takes
on a hex value in the range of 0 to FF. When it is expressed in 8 bits, bits 1 through
4 represent the code scheme, bits 5 through 7 represent the code type, and bit 8 is
reserved. The following table lists the possible number type and code schemes. For
more information, see the related protocol for reference.
The undefined bits in all the protocols are reserved for other purposes.
Table 11
Field (Bit)
value
Definition
Type
Code scheme
Protocol
ANSI
0
0
0
User-specified
1
0
0
0
1
Unknown/user-specified
0
0
AT&T
Unknown
0
International
number
0
National
number
1
Subscriber
number
0
Unknown
291
292
Table 11
Protocol
Field (Bit)
value
Definition
ISDN/telephony
numbering loan
(
Recommendatio
n E.164/E.163)
Private
DSS1
numbering plan
0
0
Unknown
0
1
International number
0
0
National number
0
1
Network specific number
1
0
Subscriber number
1
0
Abbreviated number
1
1
Reserved for extension
Unknown
ISDN/telephony numbering
plan( Recommendation
E.164)
Table 11
Protocol
Field (Bit)
value
Definition
National standard
numbering plan
ETSI
0
0
0
Unknown
0
0
1
International number
1
0
0
National number
1
0
1
1
0
Subscriber number
1
1
0
Abbreviated number
1
1
1
Unknown
0
0
293
294
Table 11
Protocol
Field (Bit)
value
Definition
NI
Unknown
number in
Unknown
numbering plan
International
number in ISDN
numbering plan
(Rec. E.164)
National
number in ISDN
numbering plan
(Rec. E.164)
Network specific
number in
private
numbering plan
295
Table 11
Protocol
Field (Bit)
value
Definition
Local (directory)
number in ISDN
numbering plan
(Rec. E.164)
Abbreviated
NTT
number in
private
numbering plan
0
0
Unknown
0
0
National number
0
1
Network specific number
1
0
Subscriber number
Unknown
ISDN/telephony numbering
plan( Recommendation
E.164)
296
By default, the number type and code scheme are respectively unknown and ISDN
for both ISDN calling numbers and called numbers, and the number-property
representing them is 01 in hex format.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
Example
Set both number type and code scheme of ISDN calling numbers on the interface
Bri 0/0/0 to unknown.
[3Com-Bri0/0/0] isdn number-property 0 calling
isdn overlap-sending
Syntax
isdn overlap-sending [ digits ]
undo isdn overlap-sending
View
ISDN interface view
Parameter
digits: The number of the digits, which is sent each time in overlap-sending mode
and is in the range of 1 to 15.By default, digits are 10.
Description
Using the isdn overlap-sending command, you can set the system to send the
called number information in the overlap mode on the ISDN interface. Using the
undo isdn overlap-sending command, you can set the system to send the called
information in full mode.
In "overlap-sending mode, the digits of each called number will be sent
separately and the number of the digits sent each time can be set using this
command.
In "full-sending" mode, all the digits of each called number will be collected and
sent at a time.
By default, full-sending mode applies.
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
297
Overlap-sending is only suitable for four ISDN protocols: ANSI, DSS1, ETSI, and NI.
Example
Apply the overlap-sending function on the interface Bri0/0/0 and set the number
of digits allowed to be sent each time to 12 digits.
[3Com-Bri0/0/0] isdn overlap-sending 12
isdn pri-slipwnd-size
Syntax
isdn pri-slipwnd-size window-size
isdn pri-slipwnd-size default
View
Interface view
Parameter
window-size: Slide window size in the range of 5 to 14. By default, the slide
window size on PRI interfaces is 7.
Description
Using the isdn pri-slipwnd-size command, you can set the slide window size on
a PRI interface. Using the isdn pri-slipwnd-size default command, you can
restore the default slide window size on the PRI interface.
Example
Configure the slide window size on the interface e1 0/0/0 to 10.
[3Com] controller e1 0/0/0
[3Com-E1 0/0/0] using
[3Com-E1 0/0] pri-set
[3Com-Serial0/0/0:15] isdn pri-slipwnd-size 10
isdn protocol-type
Syntax
isdn protocol-type protocol
View
ISDN interface view
Parameter
protocol: ISDN protocol, which can be DSS1, NTT, NI, ETSI, ANSI, or AT&T.
Description
Using the isdn protocol-type command, you can set the ISDN protocol to be run
on an ISDN interface.
By default, both BRI and PRI interfaces run the ISDN protocol DSS1.
298
You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
You are allowed to configure:
ANSI ISDN on BRI and T1 PRI interfaces;
AT&T ISDN on T1 PRI interfaces;
DSS1 ISDN on BRI, E1 PRI, and T1 PRI interfaces;
ETSI ISDN on BRI, E1 PRI, and T1 PRI interfaces;
NI (National ISDN) on BRI interfaces;
NTT ISDN on BRI and T1 PRI interfaces.
Example
Apply ISDN ETSI on the interface Bri0/0/0.
[3Com-Bri0/0/0] isdn protocol-type etsi
isdn send-restart
Syntax
isdn send-restart
undo isdn send-restart
View
System view
Parameter
None
Description
Using the isdn send-restart command, you can set restart mark in a distributed
system (6000/3000 DSL Family routers), so that the MPU will control the PRI
interface to send RESTART message after re-establishing a link. Using the undo
isdn send-restart command, you can remove the restart mark.
This command is invalid for the MCU in a centralized system, 6000/3000 DSL
Family Routers for example.
Example
Enable the MCU to automatically send RESTART messages to interface boards
automatically.
299
Syntax
isdn spid auto_trigger
View
ISDN BRI interface view
Parameter
None
Description
Using the isdn spid auto_trigger command, you can enable SPID
auto-negotiation once on the BRI interface running the NI protocol.
On a BRI interface compliant with the North American ISDN protocol, the router
can place a call only after SPID negotiation or initialization. SPID information can
be obtained via static configuration or dynamic negotiation. You may manually
trigger a new SPID negotiation request by executing this command if the SPID
negotiation in dynamic negotiation fails or just for the purpose of testing.
By default, a BRI interface does not originate a SPID negotiation request unless
triggered by a call.
This command applies only on the BRI interface running the NI protocol.
Example
Manually trigger a new SPID negotiation request on the interface bri0/0/0.
[3Com-bri0/0/0] isdn spid auto_trigger
Syntax
isdn spid nit
undo isdn spid nit
View
ISDN BRI interface view
Parameter
None
300
Description
Using the isdn spid nit command, you can set the SPID processing mode to NIT
(Not Initial Terminal) on an NI-compliant BRI interface. Using the undo isdn spid
nit command, you can disable the NIT mode on the BRI interface.
By default, NIT mode does not apply on BRI interfaces. Instead, static SPID or
dynamic SPID negotiation is applied.
On an NI-compliant BRI interface, calls can be placed only after the SPID
negotiation or initialization is finished. When the router is communicating with an
NI-compliant exchange that does not support SPID negotiation, you can use this
command to set the SPID processing mode on the router to NIT and the ISDN will
ignore ISPID negotiation and initialization.
This command applies only on NI-compliant BRI interfaces.
Example
Ignore SPID negotiation and initialization on the interface bri0/0/0, i.e., adopting
the NIT mode.
[3Com-bri0/0/0] isdn spid nit
Syntax
isdn spid timer seconds
undo isdn spid timer
View
ISDN BRI interface view
Parameter
seconds: Duration of the SPID timer, which is in the range of 1 to 255 seconds,
and defaults to 30 seconds.
Description
Using the isdn spid timer command, you can set the duration of the timer TSPID
for an NI-compliant BRI interface to timer_length. Using the undo isdn spid
timer command, you can restore the default duration of the timer TSPID for the
NI-compliant BRI interface.
On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. SPID information
can be obtained via static configuration or dynamic negotiation. The timer TSPID is
started when the terminal originates a negotiation or initialization request by
sending the INFORMATION message. You can use this command to modify the
duration of TSPID.
This command applies only on NI-compliant BRI interfaces.
301
Example
Set the duration of TSPID on the interface bri0/0/0 to 50 seconds.
[3Com-bri0/0/0] isdn spid timer 50
Syntax
isdn spid service [audio | data | speech]
undo isdn spid service
View
ISDN BRI interface view
Parameter
audio: Supports audio service.
data: Supports data service.
speech: Supports voice service.
Description
Using the isdn spid service command, you can configure the service types that
must be supported in SPI negotiation on the BRI interface adopting NI protocol.
Using the undo isdn spid service command, you can delete he service types that
must be supported in SPI negotiation on the BRI interface adopting NI protocol.
There are three types of services, you can select any one of them or none. None
means all services are supported. By default, SPID needs to support data and voice
service simultaneously.
Generally, as for the BRI interface adopting North America ISDN protocol, you
need to negotiate or initialize SPID before originate a call. During negotiation,
SPCS may send multiple SPIDs and carry the service types supported by the SPID,
therefore, the router needs to choose a proper SPID according to the local service
type.
This command can only be applied on the BRI interface adopting NI protocol.
Example
Set the service type supported by BRI interface to data and voice.
[3Com-bri0] isdn spid service data
[3Com-bri0/0] isdn spid service speech
Syntax
isdn spid resend times
undo isdn spid resend
302
View
ISDN BRI interface view
Parameter
times: An integer in the range of 1 to 255 times, which defaults to 1.
Description
Using the isdn spid resend command, you can set the number of INFORMATION
message retransmission attempts for SPID negotiation or initialization on an
NI-compliant BRI interface. Using the undo isdn spid resend command, you can
restore the default number of INFORMATION message retransmission attempts on
the interface.
On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. The timer TSPID
is started when the terminal originates a negotiation or initialization request by
sending the INFORMATION message. If the terminal does not receive any response
upon the expiration of TSPID, it will retransmit the INFORMAITON message. You
can use this command to modify the number of INFORMATION message
retransmission attempts.
This command applies only on NI-compliant BRI interfaces.
Example
Set the allowed number of INFORMATION retransmission attempts to five.
[3Com-bri0/0/0] isdn spid resend 5
isdn spid1
Syntax
isdn spid1 spid
undo isdn spid1
View
ISDN BRI interface view
Parameter
spid: String comprising 1 to 20 digits.
Description
Using the isdn spid1 command, you can configure SPID information for the B1
channel on an NI-compliant BRI interface. Using the undo isdn spid1 command,
you can remove the SPID information of the B1 channel on the interface.
On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. SPID information
can be obtained via static configuration or dynamic negotiation. Only after SPID
303
information is configured for the B1 channel on the BRI interface can the system
makes the L3 initialization to place calls normally.
By default, SPID for the B1 channel on a BRI interface is null.
This command applies only on NI-compliant BRI interfaces.
Example
Set SPID to 012345 for the B1 channel on the interface bri0/0/0.
[3Com-bri0/0/0] isdn spid1 012345
isdn spid2
Syntax
isdn spid2 spid
undo isdn spid2
View
ISDN BRI interface view
Parameter
spid: String comprising 1 to 20 digits.
Description
Using the isdn spid2 command, you can configure SPID information for the B1
channel on an NI-compliant BRI interface. Using the undo isdn spid2 command,
you can remove the SPID information of the B1 channel on the interface.
On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. SPID information
can be obtained via static configuration or dynamic negotiation. Only after SPID
information is configured for the B2 channel on the BRI interface can the system
makes the L3 initialization to place calls normally.
By default, SPID for the B2 channel on a BRI interface is null.
This command applies only on NI-compliant BRI interfaces.
Example
Set SPID to 012345 for the B2 channel on the interface bri0/0/0.
[3Com-bri0/0/0] isdn spid2 012345
isdn statistics
Syntax
isdn statistics { clear | continue | display [ flow ] | start | stop }
View
ISDN interface view
304
Parameter
clear: Clears the statistics.
continue: Continues counting.
display: Displays the statistics.
display flow: Displays the statistic information about message flows.
start: Starts counting.
stop: Stops counting.
Description
Using the isdn statistics command, you can have the system make statistics on
the information received and transmitted at an ISDN interface.
By default, no statistics is made on the information transmitted and received at
interfaces.
You can input the isdn statistics start command in the view of an interface to
start making statistics on the messages received and transmitted at the interface,
isdn statistics display command to view the statistic information, isdn statistics
continue to continue the effort in making statistics, isdn statistics display flow to
view the statistics in the form of flow, and isdn statistics stop to stop making
statistics.
Example
Display statistics information on the PRI interface.
[3Com-serial0/0/0:15] isdn statistics display
Q.931 message received and sent out on current port:
CALL_PROC
Send(0)
Recv(6)
SETUP
Send(6)
Recv(13)
CONN
Send(13)
Recv(5)
SETUP_ACK
Send(0)
Recv(6)
CONNECT_ACK
Send(5)
Recv(13)
DISCONNECT
Send(3)
Recv(16)
RELEASE
Send(1)
Recv(18)
RELEASE_COM
Send(18)
Recv(1)
SLIP Configuration
Commands
debugging slip
Syntax
debugging slip { event | error | packet | all }
View
User view
305
Parameter
packet: Enables packet debugging output switch.
Description
Using the debugging slip command, you can enable the debugging switch of the
SLIP protocol.
Example
None
link-protocol slip
Syntax
link-protocol slip
View
Interface view
Parameter
None
Description
Using the link-protocol slip command, you can set the link layer protocol of the
interface as SLIP.
By default, the link-layer protocol for interface is PPP.
P2P link can use simpler link layer protocol SLIP(Serial Line IP), which is mainly used
to run TCP/IP on the P2P serial port. SLIP is only used for the asynchronous link.
SLIP only defines the start and end identifiers of frame, so as to intercept IP packet
on the serial line. Compared with PPP, SLIP has no address concept, negotiation
process, differentiation of packet types (so only one network protocol can be
supported at the same time) and error correction function.
The link layer protocol of the interface shall be consistent with that of the peer
interface.
Example
Configure the link layer protocol on the interface Serial0/0/0 as SLIP.
[3Com-Serial0/0/0] link-protocol slip
HDLC Configuration
Commands
link-protocol hdlc
Syntax
link-protocol hdlc
306
View
Interface view
Parameter
None
Description
Using the link-protocol hdlc command, you can configure the interface
encapsulation as HDLC. HDLC is a link layer protocol and can bear network layer
protocols, such as IP and IPX.
By default, the interface is encapsulated with PPP.
For the related commands, see timer hold and display interface.
Example
Configure HDLC encapsulation on interface Serial1/0/0.
[3Com-Serial1/0/0] link-protocol hdlc
timer hold
Syntax
timer hold seconds
undo timer hold
View
Interface view
Parameter
seconds: Value of the polling interval. The value is in the range from 0 to 32767 in
seconds. 0 indicates that the link detection function is disabled.
Description
Using the timer hold command, you can set the polling interval. Using the undo
timer hold command, you can restore the default value of the polling interval.
By default, the value of seconds is 10 seconds.
The polling interval should be set to equal at the two ends of the data link. A zero
polling interval set in both ends will close the polling operation of the data link.
For the related command, see display interface.
Example
Set the value of polling interval on interface Serial1/0/0 to 100 seconds.
[3Com-Serial1/0/0] timer hold 100
307
Frame Relay
Configuration
Commands
debugging fr
Syntax
debugging fr { all | inarp | compress | congestion | de | event | fragment | lmi | mfr control
| packet | transmit-rate } [ interface interface-type interface-number [ dlci dlci-number ] ]
undo debugging fr { all | inarp | compress | congestion | de | event | fragment | ipc | lmi |
mfr control | packet | transmit-rate } [ interface interface-type interface-number [ dlci
dlci-number ] ]
View
User view
Parameter
all: All frame relay information debugging.
arp: Information debugging of frame relay address resolution protocol. When this
parameter is in use, DLCI can be specified.
compress: Information debugging of frame relay compression.
congestion: Information debugging of frame relay traffic congestion
management.
de: DE information debugging of FRTS.
event: Information debugging of frame relay event. When this parameter is
used, no interface can be specified.
fragment: Information debugging of frame relay fragment. When this parameter
is in use, DLCI must be specified.
lmi: Information debugging of frame relay LMI (Local Management Interface)
protocol.
mfr control: Information debugging of multilink frame relay bundle and bundle
link.
packet: Information debugging of frame relay packet. When this parameter is in
use, DLCI can be specified.
transmit-rate: Information debugging of FRTS transmit rate.
interface-type: Interface type.
interface-number: Interface number, in 3-dimension form (slot number/card
number/interface number).
dlci dlci-number: DLCI number of virtual circuit, ranging from 16 to 1007.
308
Description
Using the debugging fr command, you can enable frame relay information
debugging. Using the undo debugging fr command, you can disable frame relay
information debugging.
By default, frame relay information debugging is disabled.
For multilink frame relay, if the information debugging of multilink frame relay
bundle and bundle link (mfr control) are enabled, the sent/received bundle link
controlling information and status change of bundle link will be displayed.
If FRTS function is enabled, the change of frame relay sending rate can be seen
after the transmit rate information debugging (transmit-rate) is enabled.
The enabling of frame relay information debugging greatly affects system
performance, so this command should be used cautiously.
Example
Enable frame relay compression debugging of all interfaces.
<3Com> debugging fr compress
Enable debugging of the bundle interface MFR1/0/0, supposing several links have
been bundle on it.
<3Com> debugging fr mfr control interface mfr1/0/0serial3/0/2(Out):
MFR msg=Add_link, Length=28, Link=serial5/1/0, BL state=Add_sent
e1 00 01 01 07 4d 46 52 30 00 02 0c 53 65 72 69 61 6c 32 3a
serial3/0/2(In):
MFR msg=Add_link, Length=30, Link=serial5/1/0, BL state=Add_sent
e1 00 01 01 09 6b 70 6c 6b 70 6c 00 02 0c 53 65 72 69 61 6c
serial3/0/2(Out):
MFR msg=Add_link_ack, Length=28, Link=serial5/1/0, BL state=Add_rx
e1 00 02 01 07 4d 46 52 30 00 02 0c 53 65 72 69 61 6c 32 3a
serial3/0/2(Out):
MFR msg=Hello, Length=9, Link=serial5/1/0, BL state=Up
e1 00 05 03 06 43 4b 01 f6
serial3/0/2(In):
MFR msg=Hello_ack, Length=9, Link=serial5/1/0, BL state=Up
e1 00 05 03 06 2f f7 00 a5
display fr compress
309
Syntax
display fr compress [ interface interface-type interface-number ]
View
Any view.
Parameter
interface-type: Interface type.
interface-number: Interface number, in 3-dimension form: slot number/card
number/interface number.
Description
Using the display fr compress command, you can view the statistics information
of the frame relay compression. If no interface is specified, the DLCI statistics
information of all the interfaces will be displayed.
For the related command, see fr compression frf9.
Example
View the frame relay compression statistics information of MFR interface 4/0/0.
<3Com> display fr compress interface mfr 4/0/0
MFR4/0/0 -DLCI:25
uncompressed bytes xmt/rcv 0/0
compressed bytes xmt/rcv 0/0
1 min avg ratio xmt/rcv 0.000/0.000 5 min avg ratio xmt/rcv 0.000/0.000
display fr dlci-switch
Syntax
display fr dlci-switch [ interface interface-type interface-num ]
View
Any view
Parameter
interface-type: Type of the interface.
interface-number: Number of the interface, including slot-number/ card-number/
port-number.
The specified interface can only be main interface. Information of all interfaces will
be displayed without specifying interface.
Description
Using the display fr dlci-switch command, you can view the information of the
configured FR switching to check if the frame relay switching of a user is correctly
configured.
For the related command, see fr dlci-switch.
310
Example
View the information of the configured FR switching.
<3Com> display fr dlci-switch
Status Interface(Dlci) < -----> Interface(Dlci)
Inactive Serial0/1/1:10(100)
Serial1/1/0:10(100)
Table 12 Description of the output information of command display fr dlci-switch
display fr inarp-info
Item
Description
Status
Syntax
display fr inarp-info [ interface interface-type interface-num ]
View
Any view
Parameter
interface-type interface-num: Used to specify the interface to be viewed. Only
the main interface can be specified here. The information of all interfaces will be
displayed for the command without specifying an interface.
Description
Using the display fr inarp-info command, you can view the packet statistics of
the FR inverse address resolution protocol.
The packets of FR inverse ARP include the address resolution request packet and
address resolution reply packet. According to the output information via this
command, you can diagnose if the inverse ARP operates normally.
For the related command, see fr inarp.
Example
Display the packet statistics of the FR inverse address resolution protocol.
<3Com> display fr inarp-info
interface Serial1/1/1:1:
dlci type size
in/out/drop
200 FRF12(ETE) 80
0/0/0
T
Table 13 Output information description
Item
Description
interface
Current interface
dlci
DLCI number
type
Fragment type
size
Fragment size
311
display fr interface
Item
Description
in/out/drop
Received/transmitted/dropped fragments
Syntax
display fr interface interface-type interface-num
View
Any view
Parameter
interface-type interface-num: Used to specify the interface to be viewed. The
specified interface can be a main interface or a sub-interface. The whole
information will be displayed for the command without specifying an interface.
Description
Using the display fr interface command, you can view the FR status, which is
helpful for you to perform fault diagnosis.
For the related command, see display interface.
Example
Display the FR protocol status.
<3Com> display fr interface
Serial1/0/0, DTE, physical up, protocol up
Serial1/0/0.1, multi-point, protocol up
Serial1/0/0.2, point-to-point, protocol down
Serial2/0/0, DCE, physical down, protocol down
This command displays the protocol status of each interface encapsulated with FR.
The above information indicates that: Frame Relay interface type of Serial1/0/0 is
DTE. Physical layer protocol and link layer protocol of Serial1/0/0 are activated.
display fr lmi-info
Syntax
display fr lmi-info [ interface interface-type interface-num ]
View
Any view
Parameter
interface-type interface-num: Used to specify the interface to be viewed. The
whole information will be displayed for the command without specifying an
interface.
312
Description
Using the display fr lmi-info command, you can view the statistics of LMI
protocol frame.
The LMI protocol is used to maintain the current frame relay link, including the
status enquiry packet and status packet. The displayed information helps you to
diagnose the faults.
For the related command, see fr interface-type.
Example
Display the statistics of LMI protocol frame.
<3Com> display fr lmi-info
Frame relay LMI statistics for interface Serial1/0/0(DTE)
T391DTE = 10 (keepalive 10)
N391DTE = 6, N392DTE = 3, N393DTE = 4
out status enquiry = 96, in status = 85
status timeout = 3, discarded messages = 3
Frame relay LMI statistics for interface Serial2/0/0 (DCE, ANSI)
T391DTE = 0 (no keepalive)
T392DCE = 15, N392DCE = 3, N393DCE = 4
in status enquiry = 0, out status = 0
status enquiry timeout = 0, discarded messages = 0
Syntax
display fr map-info [ interface interface-type interface-num ]
View
Any view
Parameter
interface-type interface-num: Used to specify the interface to be viewed. The
specified interface can be a main interface or a sub-interface. The whole
information will be displayed for the command without specifying an interface.
Description
Using the display fr map-info command, you can view the FR address mapping
table.
313
The displayed information via the command indicates whether the static mapping
configured by a user is correct and whether the dynamic address mapping
operates normally.
For the related commands, see fr map ip and fr inarp.
Example
Display Frame Relay address mapping table.
<3Com> display fr map-info
Map Statistics for interface Serial1/0/2 (DTE)
DLCI = 100, IP INARP 100.100.1.1, Serial1/0/2
create time = 2002/10/21 14:48:44, status = ACTIVE
encapsulation = ietf, vlink = 14, broadcast
DLCI = 200, IP INARP 100.100.1.1, Serial1/0/2
create time = 2002/10/21 14:34:42, status = ACTIVE
encapsulation = ietf, vlink = 0, broadcast
DLCI = 300, IP 1.1.1.1, Serial1/0/2
create time = 2002/10/21 15:03:35, status = ACTIVE
encapsulation = ietf, vlink = 15
The above indicates the information of each MAP configured with Frame Relay
protocol.
For example, as for the first address mapping, the mapping indicates that PVC
(DLCI=100) on Serial1/0/2 establishes the address mapping with the peer end (IP
address is 100.100.1.1) through Inverse ARP. The time of creating the mapping is
2002/10/21 14:48:44, and its status is active. Encapsulation format is IETF, and
broadcast packet is available.
display fr pvc-info
Syntax
display fr pvc-info [ interface interface-type interface-num ]
View
Any view
Parameter
interface-type interface-num: Used to specify the interface to be viewed. The
specified interface can be a main interface or a sub-interface. The whole
information will be displayed for the command without specifying an interface.
Description
Using the display fr pvc-info command, you can view the FR PVC table.
This command displays the statistics of the FR PVC status and receiving/sending
data on this VC.
For the related command, see fr dlci.
314
Example
Display the FR PVC table.
<3Com> display fr pvc-info
PVC statistics for interface Serial1/0/0 (DTE, physical UP)
DLCI = 100, USAGE = UNUSED (0000), INTERFACE = Serial1/0/0
create time = 2000/04/01 23:55:39, status = active
in BECN = 0, in FECN = 0
in packets = 0, in bytes = 0
out packets = 0, out bytes = 0
DLCI = 102, USAGE = LOCAL (0010), INTERFACE = Serial1/0/0.1
create time = 2000/04/01 23:56:14, status = active
in BECN = 0, in FECN = 0
in packets = 0, in bytes = 0
out packets = 0, out bytes = 0
The information listed above shows various information about the FR PVC.
The above information indicates that: The PVC (DLCI=100) is the one (UNUSED)
obtained through negotiating with the peer end via LMI. It is configured on
Serial1/0/0. Establishing time is 2000/04/01 23:55:39. PVC status is active. The
packets received of Forward Explicit Congestion Notifications (FECN) and
Backward Explicit Congestion Notifications (BECN) are both 0. Received/sent
frames are 0. Received/sent bytes are 0.
display fr statistics
Syntax
display fr statistics [ interface interface-type interface-num ]
View
Any view
Parameter
interface-type interface-num: Used to specify the interface to be viewed. Only
the main interface can be specified here. The information of all interfaces will be
displayed for the command without specifying an interface.
Description
Using the display fr statistics command, you can view the current Frame Relay
statistics about receiving and sending packets.
The output information of this command can help the user to perform FR traffic
statistics and fault diagnosis.
For the related command, see display interface.
Example
Display the Frame Relay statistics about receiving and sending packets.
<3Com> display fr statistics
Frame relay packet statistics for interface Serial1/0/0 (DTE)
315
The above information displays Frame Relay statistics about receiving and sending
packets.
For instance, it is known from the above information that the Frame Relay
interface type of Serial1/0/0 is DTE. Received packets are 84. Received bytes are
1333. Sent packets are 92. Sent bytes are 1217. Discarded packets in received
ones are 13. Discarded packets in sent ones are 0.
display interface mfr
Syntax
display interface mfr [interface-number .sub-number]
View
Any view
Parameter
interface-number: Interface number, in 3-dimension form (slot number/card
number/interface number).
Sub-number: sub-interface number.
Description
This command is used to display the information of FR interface, including the
statistical information.
Example
To view the configuration and status information of MFR interface 4/0/123
<3Com> display interface mfr 4/0/123
MFR4/0/123 current state : UP
Line protocol current state : UP
Description : 3Com, 3Com Series, MFR4/0/123 Interface
The Maximum Transmit Unit is 1500
Internet Address is 12.12.12.2/16
link-protocol is FRAME-RELAY IETF
LMI DLCI is 0, LMI type is Q.933a, frame relay DTE
LMI status enquiry sent 435, LMI status received 435
LMI status timeout 0, LMI message discarded 0
FIFO queuing: (Outbound queue:Size/Length/Discards)
FIFO: 0/75/0
5 minutes input rate 0 bytes/sec, 0 packets/sec
5 minutes output rate 0 bytes/sec, 0 packets/sec
1058 packets input, 832389 bytes, 0 drops
619 packets output, 828190 bytes, 0 drops
316
display mfr
Syntax
display mfr [ interface interface-type interface-number | verbose ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number, in 3-dimension form (slot number/card
number/interface number).
verbose: Displays detailed statistics information, including the number of
controlling packets sent and received.
Description
Using the display mfr command, you can view configuration and statistics
information of multilink frame relay bundle and bundle link. If no bundle or
bundle link is specified, information of all bundles and bundle links will be
displayed.
For the related command, see link-protocol fr mfr and interface mfr.
Example
View configuration and state information of all frame relay bundles and frame
relay bundle links.
<3Com-Serial4/1/2>display mfr
Bundle interface:MFR4/1/0, Bundle state = down, Bundle class = A,
fragment disabled
Bundle BID = MFR4/1/0
Number of bundle links = 0, Peer's bundle-id =
Bundle links:
Bundle interface:MFR4/1/1, Bundle state = down, Bundle class = A,
fragment disabled
Bundle BID = MFR4/1/1
Number of bundle links = 1, Peer's bundle-id =
Bundle links:
Serial4/1/1, PHY state = up, link state : add sent,
LID : Serial4/1/1
317
Description
Bundle interface
Bundle
Bundle state
Bundle class
fragment disabled
Bundle BID
Bundle identifier
Number of bundle
links
Peer's bundle-id
Bundle links
PHY state
Link state
LID
Add_link
The Add_link_rej
Remove_link
packet is used to notify
the peer that an
Add_link packet has
been rejected.
Number of Remove_link
packets sent and received
The Remove_link packet is used to notify the peer that the local
node is removing a bundle link from the bundle.
318
Description
Remove_link_ack
The
Hello
Remove_link_ack
packet is used to notify
the peer that a
Remove_link packet
has been received.
Number of Hello
packets sent and
received.
Hello_ack
The Hello_ack
outgoing pak dropped
packet is used to notify
the peer that a Hello
packet has been
received.
Number of discarded
packets that are sent
Number of discarded
packets that are
received
Cause code
inconsistent bundle: The peer has associated the bundle with another bundle,
thus making inconsistent BID.
none: The link is in normal bundle link idle: The peer bundle link is idle, which generally occurs when the
state.
peer bundle interface is disabled.
ack timer expiry: The
loopback detected: Loopback is enabled on the physical line of local bundle
current link state is caused link.
by the timeout of the local
T-ack timer.
other: Other reasons, such unexpected Add_link: The add_link message is received when
as LID error.
the bundle link is in up state. This case may occur when the line
protocol is ready for being enabled and will disappear once the
connection is created.
Ack timer
Hello timer
Current count
Peer LID
fr compression frf9
319
Syntax
fr compression frf9
undo fr compression
View
Frame relay interface view
Parameter
None
Description
Using the fr compression frf9 command, you can enable frame relay
compression function. Using the undo fr compression command, you can
disable frame relay compression function.
By default, frame relay compression function is disabled.
This command is only valid for point-to-point interfaces. In other words, it is used
for frame relay sub-interfaces of point-to-point type.
Only when the frame relay packets type of the interface is IETF, can frame relay
compression take effect. When this command is configured, the system will
automatically change the packet type of the interface into IETF if the frame relay
packets type of an interface is not IETF.
For the related command, see fr map.
Example
Enable frame relay compression on the point-to-point frame relay sub-interface
Serial4/1/3.1.
[3Com] interface serial 4/1/3.1 p2p
[3Com-Serial4/1/3.1] fr compression frf9
fr compression iphc
Syntax
fr compression iphc
undo fr compression iphc
View
Frame Relay interface view
Parameter
None
320
Description
Using the fr compression iphc command, you can enable the IP header
compression. Using the undo fr compression iphc command, you can disable
the function.
By default, the Frame Relay compression function is disabled.
For the related command, see fr map.
Example
Configure the Frame Relay interface Serial 4/1/0 to adopt IP header compression.
[3Com-Serial4/1/0] fr compression iphc
fr dlci
Syntax
fr dlci dlci
undo fr dlci dlci
View
Interface view
Parameter
dlci: Virtual circuit number allocated for Frame Relay interface. The range of the
number is 16 to 1007. 0 to 15 and 1008 to 1023 are reserved by the protocol for
special purpose.
Description
Using the fr dlci command, you can configure the virtual circuit for Frame Relay
interface. Using the undo fr dlci command, you can cancel the configuration.
When the Frame Relay interface type is DCE or NNI, it is necessary to manually
configure virtual circuit for interface (either main interface or sub-interface). When
the Frame Relay interface type is DTE, if the interface is main interface, the system
will automatically configure the virtual circuit according to the peer device.
For the related command, see fr interface-type.
Example
Assign a virtual circuit with DLCI 100 to Frame Relay sub-interface Serial1/0/0.1.
[3Com-Serial1/0/0.1] fr dlci 100
fr dlci-switch
Syntax
fr dlci-switch in-dlci interface interface-type interface-number dlci out-dlci
undo fr dlci-switch in-dlci
321
View
Frame relay interface view and MFR interface view
Parameter
in-dlci: DLCI assigned to an interface to receive datagram, ranging from 16 to
1007.
interface-type: Interface type.
interface-number: Interface number, in 3-dimension form (slot number/card
number/interface number).
out-dlci: DLCI of the specified interface where the packet is forwarded, ranging
from 16 to 1007.
Description
Using the fr dlci-switch command, you can configure a static route for frame
relay PVC switching. Using the undo fr dlci-switch command, you can delete a
static route for frame relay PVC switching.
By default, no static route for frame relay PVC switching is configured.
Before the static route of frame relay PVC is configured, it is necessary to enable
the frame relay PVC switching first by using the command fr switching.
The type of the interface for forwarding packets can be either a frame relay
interface or an MFR interface. If Tunnel interface is specified as the forwarding
interface, the frame relay packets over IP can be realized.
For the related command, see fr switching.
Example
Configure a static route that allows packets on the link with DLCI of 100 on
Seiral1/0/0 to be forwarded via the link with DLCI of 200 on interface Serial2/0/0.
[3Com-Serial1/0/0] fr dlci-switch 100 interface serial2/0/0 dlci 200
Configure a static route that allows packets on the link with DLCI of 200 on
Seiral4/1/2 to be forwarded via the link with DLCI of 300 on Tunnel interface
Serial4/0/0.
[3Com-Serial4/1/2] fr dlci-switch 200 interface Tunnel4/0/0 dlci 300
fr inarp
Syntax
fr inarp [ ip ] [ dlci ]
undo fr inarp [ ip ] [ dlci ]
View
Interface view
322
Parameter
Ip: Indicates that the inverse address resolution is performed on the ip network
protocol.
dlci: Data link connection identifier number, i.e., virtual circuit number, indicating
that the inverse address resolution is performed for this DLCI number only.
Description
Using the fr inarp command, you can enable the inverse address resolution of
Frame Relay. Using the undo fr inarp command, you can disable this function.
By default, system permits enabling the Frame Relay inverse address resolution.
When the Frame Relay sends data over the interface, it is necessary to map the
network address to the DLCI numbers. Such a map can be specified manually or
can be completed via the function of automatic inverse address resolution.
Automatic inverse address resolution can be started by using the command.
If it is expected to enable the inverse address resolution function of all PVCs, the
command without any parameters is adopted.
If it is expected to enable the inverse address resolution function in the specified
data link, the command with dlci parameter is adopted.
For the related commands, see fr map, reset fr inarp, and display fr map-info.
Example
Enable the inverse address resolution at all PVCs of the Frame Relay interface
Serial1/0/0.
[3Com-Serial1/0/0] fr inarp
fr interface-type
Syntax
fr interface-type { dce | dte | nni }
undo fr interface-type
View
Interface view
Parameter
dte, dce and nni: Three types of Frame Relay interfaces.
Description
Using the fr interface-type command, you can set the Frame Relay interface
type. Using the undo fr interface-type command, you can restore the default
Frame Relay interface type.
By default, the frame relay interface type is DTE
323
In Frame Relay, there are two communicating parties, the user side and network
side. The user side is called Data Terminal Equipment (DTE), and the network side
is called Data Communications Equipment (DCE). In a Frame Relay network, the
interface between the Frame Relay switches is Network-to-Network Interface
(NNI), and the corresponding interface adopts the NNI operating view. If the device
is used as Frame Relay switching, the Frame Relay interface should operate in the
NNI view or DCE mode. NE16E/08E/05 routers support the three modes.
In NE16E/08E/05 routers, while configuring the Frame Relay interface type as DCE
or NNI, it is unnecessary to perform the fr switching command in the System
view. Please notice that this is different from Cisco.
For the related command, see link-protocol fr.
Example
Set the type of the frame relay interface Serial1/0/0 to DCE.
[3Com] interface Serial1/0/0
[3Com-Serial1/0/0] fr interface-type dce
fr iphc
Syntax
fr iphc { nonstandard | rtp-connections number1 | tcp-connections number2 | tcp-include
}
undo fr iphc { nonstandard | rtp-connections number1 | tcp-connections number2 |
tcp-include }
View
Frame relay interface view and MFR interface view
Parameter
nonstandard: Nonstandard compatible compression format.
rtp-connections number1: The number of RTP compression connections, ranging
from 3 to 255. By default, the number of RTP compression connections is 256.
tcp-connections number2: The number of TCP compression connections, ranging
from 3 to 255. By default, the number of TCP compression connections is 256.
tcp-include: Includes TCP header compression when performing RTP
compression.
Description
Using the fr iphc command, you can enable IP header compression function,
including RTP/TCP header compression. Using the undo fr iphc command, you
can disable this function.
For the related configuration, see fr map ip.
324
Example
Configure the number of RTP compression connections as 200 on the frame relay
Serial1/0/0.
[3Com-Serial1/0/0] fr iphc rtp-connections 200
fr lmi n391dte
Syntax
fr lmi n391dte n391-value
undo fr lmi n391dte
View
Interface view
Parameter
Status counter of the PVC. The range of the value is 1 to 255.
Description
Using the fr lmi n391dte command, you can configure N391 parameter at the
DTE side. Using the undo fr lmi n391dte command, you can restore the default
value.
By default, its value is 6.
The DTE sends a Status-Enquiry packet at regular interval set by T391 to the DCE.
There are two types of Status-Enquiry packets: link integrity authentication packet
and link status enquiry packet. The N391 parameter defines the ratio of sending
the two types of packets, that is, link integrity authentication packets: link status
enquiry packets = (N391 - 1): 1.
For the related command, see fr interface-type.
Example
Set DTE as the operating mode of Frame Relay interface Serial1/0/0, and the
counter value of the PVC status to 10.
[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] fr lmi n391dte 10
fr lmi n392dce
Syntax
fr lmi n392dce n392-value
undo fr lmi n392dce
View
Interface view
325
Parameter
n392-value: Error threshold, which ranges from 1 to 10.
Description
Using the fr lmi n392dce command, you can set N392 parameter at the DCE side.
Using the undo fr lmi n392dce command, you can restore the default
configuration.
By default, the parameter value is 3.
The DCE requires the DTE to send a Status-Enquiry packet at regular interval (set
by T392). If the DCE does not receive the Status-Enquiry packet within a period of
time, it will record the error by adding 1 to the error count. If the errors exceed the
threshold, the DCE would consider the physical channels and all the DLCIs to be
unavailable.
N392 and N393 together define the error threshold. N393 defines the event
number observed and N392 defines the error threshold of that number (N393).
That is, if number of errors that occurred to the DCE reaches N392 in N393 events,
DCE will consider the errors have reached the threshold and declare the physical
channels and all DLCIs to be unavailable.
N392 should be less than N393.
For the related commands, see fr interface-type and fr lmi n393dce.
Example
Set the operation of frame relay interface Serial1/0/0 as DCE mode and sets N392
to 5 and N393 to 6.
[3Com] interface Serial1/0/0
[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dce
[3Com-Serial1/0/0] fr lmi n392dce 5
[3Com-Serial1/0/0] fr lmi n393dce 6
fr lmi n392dte
Syntax
fr lmi n392dte n392-value
undo fr lmi n392dte
View
Interface view
Parameter
n392-value: Error threshold, which ranges from 1 to 10.
326
Description
Using the fr lmi n392dte command, you can set N392 parameter at the DTE side.
Using the undo fr lmi n392dte command, you can restore the default
configuration.
By default, the parameter is 3.
The DTE sends a Status-Enquiry packet at a regular interval to the DCE to inquire
the link status. On receiving this packet, the DCE will immediately send a
Status-Response packet. If the DTE does not receive the response packet in the
specified time, it will record the error by adding 1 to the error count. If the errors
exceed the threshold, the DTE will consider that the physical channels and all the
DLCIs to be unavailable.
N392 and N393 together define the error threshold. N393 indicates the event
number observed and N392 indicates the error threshold of that number (N393).
That is, if N392 errors occurred in N393 Status-Enquiry packets in the DTE, the DTE
would consider that the error has exceeded the threshold and declare the physical
channels and all DLCIs to be unavailable.
N392 at DTE side should be less than N393 at DTE side.
For the related commands, see fr interface-type and fr lmi n393dte.
Example
Set the operation of frame relay interface Serial1/0/0 as the DTE mode and sets
N392 to 5 and N393 to 6.
[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] fr lmi n392dte 5
[3Com-Serial1/0/0] fr lmi n393dte 6
fr lmi n393dce
Syntax
fr lmi n393dce n393-value
undo fr lmi n393dce
View
Interface view
Parameter
Event counter. The range of the value is 1~10.
Description
Using the fr lmi n393dce command, you can set the N393 parameter at the DCE
side. Using the undo fr lmi n393dce command, you can restore the default
configuration.
By default, the parameter value is 4.
327
The DCE requires the DTE to send a Status-Enquiry packet at a regular interval (set
by T392). If the DCE does not receive the Status-Enquiry packet, it will record the
error by adding 1 to the error count. If the errors exceed the threshold, the DCE
would consider the physical channels and all the DLCIs to be unavailable.
N392 and N393 together define the error threshold. N393 defines the event
number observed and N392 defines the error threshold of that number (N393).
That is, if the number of errors that occurred to the DCE reach N392 in N393
events, DCE will consider the errors have reached the threshold and declare the
physical channels and all DLCIs to be unavailable.
N392 at DCE side should be less than N393 at DCE side.
For the related commands, see fr interface-type and fr lmi n392dce.
Example
Set the operation of frame relay interface Serial1/0/0 as DCE mode and sets N392
to 5 and N393 to 6.
[3Com] interface Serial1/0/0
[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dce
[3Com-Serial1/0/0] fr lmi n392dce 5
[3Com-Serial1/0/0] fr lmi n393dce 6
fr lmi n393dte
Syntax
fr lmi n393dte n393-value
undo fr lmi n393dte
View
Interface view
Parameter
Event counter. The range of the value is 1~10.
Description
Using the fr lmi n393dte command, you can set N393 parameter at the DTE side.
Using the undo fr lmi n393dte command, you can restore the default
configuration.
By default, the parameter value is 4.
The DTE sends a Status-Enquiry packet at a regular interval to the DCE to inquire
the link status. On receiving this packet, the DCE will immediately send a
Status-Response packet. If the DTE does not receive the response packet in the
specified time, it will record the error by adding 1 to the error count. If the errors
exceed the threshold, the DTE will consider that the physical channels and all the
DLCIs to be unavailable.
328
N392 and N393 together define the error threshold. N393 indicates the event
number observed and N392 indicates the error threshold of that number (N393).
That is, if N392 errors occurred in N393 Status-Enquiry packets in the DTE, the DTE
would consider that the error count has exceeded the threshold and declare the
physical channels and all DLCIs to be unavailable.
N392 at DTE side should be less than N393 at DTE side.
For the related commands, see fr interface-type and fr lmi n392dte.
Example
Set the operation of frame relay interface Serial1/0/0 as the DTE mode and sets
N392 to 5 and N393 to 6.
[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] fr lmi n392dte 5
[3Com-Serial1/0/0] fr lmi n393dte 6
fr lmi t392dce
Syntax
fr lmi t392dce t392-value
undo fr lmi t392dce
View
Interface view
Parameter
t392-value: Value of the polling timer. The range of the value is 5 to 30, in
seconds.
Description
Using the fr lmi t392dce command, you can set T392 parameter at the DCE side.
Using the undo fr lmi t392dce command, you can restore the default
configuration.
By default, the parameter value is 15s.
This parameter defines the maximum time for DCE waiting for a Status-Enquiry.
T392 at DCE side should be greater than T391 at DTE side.
For the related command, see fr interface-type.
Example
Set the frame relay interface Serial1/0/0 to operate in DCE mode and set T392 to
10s.
[3Com] interface Serial1/0/0
[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dce
329
fr lmi type
Syntax
fr lmi type { ansi | nonstandard | q933a }
undo fr lmi type
View
Interface view
Parameter
ansi: Standard LMI protocol type of ANSI T1.617 Appendix D.
nonstandard: Nonstandard compatible LMI protocol type.
q933a: Standard LMI protocol type of Q.933 Appendix A.
Description
Using the fr lmi type command, you can configure the Frame Relay LMI protocol
type. Using the undo fr lmi type command, you can restore to the default value
of LMI protocol type.
By default, the LMI protocol type is q933a.
The NE16E/08E/05 routers usually support three LMI protocols, namely, Q.933
Appendix A, ANSI T1.617 Appendix D and Nonstandard compatible LMI protocol.
For the related command, see display interface.
Example
Set the FR LIMI type of Serial1/0/0 to nonstandard.
[3Com-Serial1/0/0] fr lmi type nonstandard
fr map ip
Syntax
fr map ip { protocol-address [ ip-mask ] | default } dlci [ broadcast ] [ nonstandard | ietf ]
undo fr map ip { protocol-address | default } dlci
View
Interface view
Parameter
protocol-address: Peer protocol address.
ip-mask: IP mask used to establish a network segment map.
dlci: local virtual circuit number, and the range of the value is 16 to 1007.
330
fr switch
Syntax
fr switch name [ interface interface-type interface-number dlci dlci1 interface
interface-type interface-number dlci dlci2 ]
undo fr switch name
View
System view
Parameter
name: Name of PVC used for frame relay switching, consisting of 30 characters at
most.
interface interface-type interface-number dlci dlci: DLCI number at both ends of
PVC as well as the type and number of its interface. The peer can be specified as
Tunnel interface.
331
Description
Using the fr switch command, you can create a PVC used for frame relay
switching and enter frame relay switching view. Using the undo fr switch
command, you can delete a specified PVC.
By default, there is no PVC used for frame relay switching.
The interface for forwarding packets can be either a frame relay interface or an
MFR interface. If Tunnel interface is specified as the forwarding interface, frame
relay packets over IP can thus be realized.
In frame relay switching view, the shutdown/undo shutdown operation can be
executed on a PVC.
If a PVC used for switching has been configured, its interface and DLCI cannot be
changed any longer. To change them, you must delete the defined PVC used for
switching first.
For the related commands, see display fr pvc-info, fr dlci-switch, fr switching,
and fr dlci.
Example
Create a PVC named pvc1 on the DCE serving as the switch, which is from the
DCLI 100 of serial interface 0/0/0 to the DLCI 200 of serial interface 1/0/0.
[3Com] fr switching
[3Com] fr switch pvc1 interface serial 0/0/0 dlci 100 interface serial 1/0/0 dlci 200
[3Com-fr-switching-pvc1]
fr switching
Syntax
fr switching
undo fr switching
View
System view
Parameter
None
Description
Using the fr switching command, you can enable frame relay PVC switching.
Using the undo fr switching command, you can disable frame relay PVC
switching.
By default, no FR switching is enabled.
The command is used to enable Frame Relay PVC switching.
332
Example
Enable PVC switching on FR interface.
[3Com] fr switching
interface mfr
Syntax
interface mfr interface-number [ .subnumber]
undo interface mfr interface-number [ .subnumber ]
View
System view
Parameter
interface-number: Interface number of a multilink frame relay bundle, including
slot number/card number/interface number, in which interface number ranges
from 0 to 1023.
subnumber: Sub-interface number of a multilink frame relay bundle, ranging
from 0 to 4095.
Description
Using the interface mfr command, you can create a multilink frame relay bundle
interface or sub-interface and enter the corresponding interface view. Using the
undo interface mfr command, you can delete a specified multilink frame relay
bundle interface or sub-interface.
By default, there is no multilink frame relay interface or sub-interface.
Before using the undo interface mfr command to delete an MFR interface, you
must delete all physical interfaces from the MFR interface.
Before an MFR sub-interface is created, the MFR interface must be created first.
For the related commands, see link-protocol fr mfr and mfr bundle-name.
Example
Create a multilink frame relay bundle interface with a point-to-multipoint
sub-interface.
[3Com] interface mfr 4/0/123
[3Com-MFR4/0/123] quit
[3Com] interface mfr 4/0/123.1
[3Com-MFR4/0/123.1]
link-protocol fr
Syntax
link-protocol fr [ nonstandard | ietf ]
333
View
Interface view
Parameter
nonstandard: Nonstandard compatible encapsulation format.
ietf: Default encapsulation format according to the Internet Engineering Task
Force (IETF) standard.
Description
Using the link-protocol fr command, you can encapsulate interface link layer
protocol as Frame Relay.
By default, the link-layer protocol encapsulated on the interface is PPP, and the
frame relay encapsulation format is IETF.
In VRP, the Frame Relay encapsulation can be either ietf or nonstandard
compatible encapsulation (nonstandard). IETF encapsulation conforms to
RFC1490, that is, it supports the IETF standard.
For the related command, see display interface.
Example
Configure Frame Relay encapsulation on interface Serial1/0/0 and select the
nonstandard encapsulation compatible format.
[3Com-Serial1/0/0] link-protocol fr nonstandard
link-protocol fr mfr
Syntax
link-protocol fr mfr interface-number
View
Interface view
Parameter
interface-number: Interface number, in 3-dimension form (slot number/card
number/interface number).
Description
Using the link-protocol fr mfr command, you can configure the current physical
interface as a multilink frame relay bundle link and bundle it onto a specified MFR
interface.
By default, there is no multilink frame relay bundle link.
When this command is configured, the specified MFR interface must exist. A
maximum of 16 physical interfaces can be bundled onto an MFR interface.
334
mfr bundle-name
Syntax
mfr bundle-name [ name ]
undo mfr bundle-name [ name ]
View
MFR interface view
Parameter
name: Bundle identification, in the form of character string, with a length ranging
from 1 to 49.
Description
Using the mfr bundle-name command, you can set frame relay bundle
identification (BID). Using the undo mfr bundle-name command, you can
restore the default value.
By default, BID is in the form of mfr + frame relay bundle number, such as
mfr4/0/123.
Each multilink frame relay bundle has a BID, which is only significant at the local.
Therefore, the BIDs at both ends of the link can be the same.
When changing the BID of an interface, you must execute the shutdown/undo
shutdown command on the interface to make the new BID valid.
For the related command, see mfr link-name.
Example
Set the frame relay link BID to bundle1.
[3Com-MFR4/0/123] mfr bundle-name bundle1
mfr fragment
Syntax
mfr fragment
undo mfr fragment
335
View
MFR interface view
Parameter
None
Description
Using the mfr fragment command, you can enable fragmentation of a multilink
frame relay bundle. Using the undo mfr fragment command, you can disable the
function.
By default, the fragmentation of a multilink frame relay bundle is disabled.
For the related commands, see mfr fragment-size and mfr window-size.
Example
Enable fragmentation on the MFR interface 4/0/123.
[3Com] interface mfr 4/0/123
[3Com-MFR4/0/123] mfr fragment
mfr fragment-size
Syntax
mfr fragment-size bytes
undo mfr fragment-size
View
Frame relay interface view and MFR interface view
Parameter
bytes: Fragment size, in bytes, ranging from 60 to 1500.
Description
Using the mfr fragment-size command, you can configure the maximum
fragment size allowed on a frame relay bundle link. Using the undo mfr
fragment-size command, you can restore the default setting.
By default, the maximum fragment size allowed on a frame relay bundle link is of
300 bytes.
The priority of the fragment size configured in frame relay interface view is higher
than that of the one configured in MFR interface view.
For the related commands, see mfr fragment and mfr window-size.
Example
Configure the maximum fragment size allowed on the multilink frame relay
bundle link Serial4/1/2 to be 70 bytes.
336
mfr link-name
Syntax
mfr link-name [ name ]
undo mfr link-name [ name ]
View
Frame relay interface view
Parameter
name: Name of a bundle link identification, in the form of character string,
ranging from 1 to 49.
Description
Using the mfr link-name command, you can set the frame relay bundle link
identification (LID). Using the undo mfr link-name command, you can restore the
default setting.
By default, LID is the name of the corresponding physical interface.
The peer equipment identifies a frame relay bundle link via LID or associates the
bundle link with a frame relay bundle by using LID. LID is locally valid; therefore,
the LIDs at both ends of a link can be the same.
When changing the bundle LID on an interface, you must execute the
shutdown/undo shutdown command on the interface to make the new bundle
LID valid.
For the related command, see mfr bundle-name.
Example
Set the bundle LID of the multilink frame relay bundle link Serial4/1/2 to be bl1.
[3Com-Serial4/1/2] mfr link-name bl1
mfr retry
Syntax
mfr retry number
undo mfr retry
View
Frame relay interface view
Parameter
number: The maximum times that a bundle link can resend hello messages,
ranging from 1 to 5. By default, it is twice.
337
Description
Using the mfr retry command, you can set the maximum times that a frame relay
bundle link can resend hello message when waiting for a hello acknowledgement
message. Using the undo mfr retry command, you can restore the default
setting.
If the times that a bundle link resends hello message reach the maximum without
receiving acknowledgement from the peer, the system will regard the link protocol
on the bundle link to be malfunctioning.
Only after the link-protocol fr mfr command is used to associate a frame relay
bundle link interface with a frame relay bundle, can this command be configured.
For the related commands, see mfr timer ack and mfr timer hello.
Example
Set the bundle link Serial4/1/2 to resend hello message for 3 times at most.
[3Com-Serial4/1/2] mfr retry 3
Syntax
mfr timer ack seconds
undo mfr timer ack
View
Frame relay interface view
Parameter
seconds: Time of waiting for hello acknowledgment message before resending
hello message, in second, ranging from 1 to 10. By default, it is 4 seconds.
Description
Using the mfr timer ack command, you can set the time of waiting for hello
acknowledgment message before frame relay bundle link resends hello message.
Using the undo mfr timer ack command, you can restore the default setting.
For the related commands, see mfr timer hello and mfr retry.
Example
Set the frame relay bundle link Serial4/1/2 to wait for 6 seconds before resending
hello message.
[3Com-Serial4/1/2] link-protocol fr mfr 4/0/123
[3Com-Serial4/1/2] mfr timer ack 6
Syntax
mfr timer hello [ seconds ]
338
View
Frame relay interface view
Parameter
seconds: Interval for a bundle link to send hello message, in seconds, ranging from
1 to 180. By default, it is 10 seconds.
Description
Using the mfr timer hello command, you can set the interval for a frame relay
bundle link to send hello message. Using the undo mfr timer hello command,
you can restore the default setting.
Both ends of a frame relay bundle link periodically send hello message to the peer
end. After the peer receives the hello message, it will response hello
acknowledgement message.
For the related commands, see mfr timer ack and mfr retry.
Example
Set the bundle link Serial4/1/2 to send hello message once every 15 seconds.
[3Com-Serial4/1/2] mfr timer hello 15
mfr window-size
Syntax
mfr window-size number
undo mfr window-size
View
MFR interface view
Parameter
number: Number of fragments, ranging from 1 to 16.
Description
Using the mfr window-size command, you can configure the number of
fragments that can be held by the window used in sliding window algorithm
when multilink frame relay reassembles received fragments.
By default, the size of a sliding window is equal to the number of physical
interfaces of an MFR bundle.
For the related commands, see interface mfr, mfr fragment, and mfr
fragment-size.
339
Example
Set the size of the sliding window of the MFR bundle interface MFR4/0/123 to be
8.
[3Com-MFR4/0/123] mfr window-size 8
shutdown
Syntax
shutdown
undo shutdown
View
Frame relay switching view
Description
Using the shutdown command, you can disable any current switching PVCs.
Using the undo shutdown command, you can enable any current switching
PVCs.
By default, switching PVC is enabled.
Example
Disable all the current switching PVCs.
[3Com] fr switch pvc1 interface serial 1/0/0 dlci 100 interface serial 2/0/0 dlci 200
[3Com-fr-switching-pvc1] shutdown
reset fr inarp
Syntax
reset fr inarp
View
User view
Parameter
None
Description
Using the reset fr inarp command, you can clear the address mapping
established by inverse ARP.
In some special cases, for example, when the network architecture changes, the
dynamic address maps originally established will become invalid. hence it is
necessary to establish them again. Users can use this command to clear all the
dynamic address maps.
For the related command, see fr inarp.
340
Example
Clear all the Frame Relay dynamic address maps.
[3Com] reset fr inarp
timer hold
Syntax
timer hold seconds
undo timer hold
View
Interface view
Parameter
seconds: value of polling timer, which ranges from 0 to 32767 in seconds. 0
indicates that the LMI protocol is disabled.
Description
Using the timer hold command, you can configure the polling timer at the DTE
side. Using the undo timer hold command, you can restore its default value.
By default, the parameter is 10 seconds.
The parameter defines the interval of Status-Enquiry packet sent by DTE.
For the related commands, see fr interface-type and fr lmi t392dce.
Example
Configure that Frame Relay interface serial1/0/0 to work in DTE mode, and set the
value of polling timer to 15 seconds.
[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] timer hold 15
ATM Configuration
Commands
atm-class
Syntax
atm-class atm-class-name
undo atm-class atm-class-name
View
Interface view and PVC view
341
Parameter
atm-class-name: Name of ATM-Class.
Description
Using the atm-class command, you can apply a set of parameters (which are
defined in ATM-Class) to an ATM interface or a PVC. Using the undo atm-class
command, you can delete the specified ATM-Class.
For the related command, see atm class.
Example
Apply an ATM-Class named "main" to the interface Atm1/0/0.
[3Com-Atm1/0/0] atm-class main
atm class
Syntax
atm class atm-class-name
undo atm class atm-class-name
View
System view
Parameter
atm-class-name: Name of ATM-Class.
Description
Using the atm class command, you can create an ATM-Class and enter the
ATM-Class view. Using the undo atm class command, you can delete the
specified ATM-Class.
An ATM-Class is a group of predefined parameters that can be used for ATM
interface or PVC.
For the related command, see atm-class.
Example
Create an ATM-Class named "main".
[3Com] atm class main
clock
Syntax
clock { master | slave }
undo clock
342
View
ATM master interface view
Parameter
master: Specify ATM interface to use the internal transmission clock signal.
slave: Restore the line clock signal.
Description
Using the clock command, you can specify ATM interface to use internal
transmission clock signal. Using the undo clock command, you can restore the
usage of network clock signal.
By default, ATM interface uses the network clock signal. This clock signal is usually
provided by the device which provides ATM interfaces.
When two network devices are directly connected in the back-to-back method
through the ATM interfaces, this command is used to set the internal transmission
clock at the ATM interface of one device.
Although this command is valid on both ATM main interface and sub-interface, it
can only be used in ATM main interface view and there is not this command in
ATM sub-interface view.
For the related command, see display atm interface.
Example
Specify ATM interface Atm1/0/0 to use the internal transmission clock.
[3Com-Atm1/0/0] clock master
Syntax
debugging atm all
undo debugging atm all
View
User view
Parameter
None
Description
Using the debugging atm all command, you can enable all the debugging
switches of ATM. Using the undo debugging atm all command, you can disable
the debugging.
By default, all the ATM debugging switches are disabled.
343
Because the use of this command can lead to a mass of output information, this
may cause that users cannot control network devices through terminals and the
efficiency of packet transmitting and receiving may be greatly damaged.
For the related commands, see debugging atm error, debugging atm event,
and debugging atm packet.
debugging atm error
Syntax
debugging atm error [ interface { interface-name | interface-type interface-num } [ pvc {
pvc-name | vpi/vci } ] ]
undo debugging atm error [ interface { interface-name | interface-type interface-num } [
pvc { pvc-name | vpi/vci } ] ]
View
User view
Parameter
interface-name: ATM interface name. For detailed naming rules, please refer to
the Interface Configuration chapter in this manual. If it is not specified, all the
error debugging of ATM are enabled (including global debugging, interface-level
debugging and PVC-level debugging).
interface-type: Interface type, which can determine an ATM interface together
with interface-num.
interface-num: Interface number, which can determine an ATM interface together
with interface-type.
pvc-name: PVC name, optional. If no PVC name and VPI/VCI pair are specified, all
the error debugging of the PVC will be enabled.
vpi/vci: VPI/VCI pair, optional. For more details, please refer to Parameter
Description in the pvc command.
Description
Using the debugging atm error command, you can enable the error debugging
of ATM. Using the undo debugging atm error command, you can disable the
debugging.
By default, all the ATM error debugging switches are disabled.
The interface-name parameter is actually composed of interface-type and
interface-num. The difference of using them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name.
For the related commands, see display debugging and debugging atm all.
Example
Enable all the error debugging of ATM.
344
Syntax
debugging atm event [ interface { interface-name | interface-type interface-num } [ pvc
{ pvc-name | vpi/vci } ] ]
undo debugging atm event [ interface { interface-name | interface-type interface-num }
[ pvc { pvc-name |[ vpi/vci ] | vpi/vci } ] ]
View
User view
Parameter
interface-name: ATM interface name. For detailed naming rules, please refer to
Interface Configuration part of this manual. If it is not specified, all the event
debugging of ATM is enabled by default (including global debugging,
interface-level debugging and PVC-level debugging).
interface-type: Interface type, which can determine an ATM interface together
with interface-num.
interface-num: Interface number, which can determine an ATM interface together
with interface-type.
pvc-name: PVC name, optional. If no PVC name and no VPI/VCI pair are specified,
all the event debugging of PVC will be enabled.
vpi/vci: VPI/VCI pair, optional. For more details, please refer to Parameter
Description in the pvc command.
Description
Using the debugging atm event command, you can enable the event debugging
of ATM. Using the undo debugging atm event command, you can disable the
debugging.
By default, all the debugging of ATM event is disabled.
The interface-name parameter is actually composed of interface-type and
interface-num. The difference of using them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name.
This command is used to enable all the debugging of events that happen at the
ATM interface or a PVC, which can be used to trace some essential events of the
system. Such information may be helpful for detecting network faults.
Example
The example is a case to enable the debugging of ATM events and display the
results.
Enable all the event debugging of ATM.
345
Syntax
debugging atm packet [ interface { interface-name | interface-type interface-num } [ pvc
{ pvc-name [ vpi/vci ] | vpi/vci } ] ]
undo debugging atm packet [ interface { interface-name | interface-type interface-num
} [ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ]
View
User view
Parameter
interface-name: ATM interface name, optional. For detailed naming rules, please
refer to Interface Configuration part of this manual. If it is not specified, all the
packet debugging of ATM are enabled by default (including global debugging,
interface-level debugging and PVC-level debugging).
interface-type: Interface type, which can determine an ATM interface together
with interface-num.
interface-num: Interface number, which can determine an ATM interface together
with interface-type.
pvc-name: PVC name, optional. If no PVC name and no VPI/VCI pair are specified,
all the packet debugging of PVC will be enabled.
vpi/vci: VPI/VCI pair, optional. For more details, please refer to Parameter
Description in the pvc command.
Description
Using the debugging atm packet command, you can enable the packet
debugging of ATM. Using the undo debugging atm packet command, you can
disable the debugging.
By default, all the debugging of ATM packet is disabled.
The interface-name parameter is actually composed of interface-type and
interface-num. The difference between them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name.
After the packet switch is enabled, the detailed information about
receiving/sending packets at the ATM interface or PVC will be displayed. This will
be very helpful for system troubleshooting.
The received packets will display all the information about received frames , which
can indicate whether the sending side correctly encapsulates these frames. This
will be greatly helpful for the network device detection.
Packet debug information displays the PDU byte information in hex, through
which technical support personnel or engineers can locate some system errors.
346
Since the use of this command can lead to a mass of output information during
each packet receiving and transmitting, this may cause that users cannot control
network devices through their terminals, and thus greatly affect the efficiency of
packet transmitting and receiving.
Example
The example is a case to enable the debugging of ATM packet and display the
results.
Enable all the packet debugging of ATM.
<3Com> debugging atm packet
*515396.229644-atm-8-debug8:
*515396.229710-atm-8-debug8:
*515396.229812-atm-8-debug8:
*515396.232644-atm-8-debug8:
*515396.232710-atm-8-debug8:
*515396.232812-atm-8-debug8:
It indicates that PPP packets are being output from PVC 1/32 of Atm1/0/0.
display atm class
Syntax
display atm class [ atm-class-name ]
View
Any view
Parameter
atm-class-name: ATM-Class name.
Description
Using the display atm class command, you can view the information about
ATM-Class. By default, if no ATM-Class name is specified, the information of all
ATM-Class is displayed.
For the related command, see atm class.
Example
Display the information about the ATM-Class named "main" in devices.
<3Com> display atm class main
347
Syntax
display atm interface [ interface-name | interface-type interface-num ]
View
Any view
Parameter
interface-name: ATM interface name. For detailed naming rules, please refer to
Interface Configuration part of this manual. If it is not specified, all the
information about ATM interface will be displayed by default.
interface-type: Interface type, which can determine an ATM interface together
with interface-num.
interface-num: Interface number, which can determine an ATM interface together
with interface-type.
Description
Using the display atm interface command, you can locate the problems
efficiently and get detailed information related to ATM configuration.
The interface-name parameter is actually composed of interface-type and
interface-num. The difference between them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name. When the interface is the main interface, the
information of all interfaces (including sub-interface) at the interface will be
displayed.
For the related command, see display atm.
Example
Display the information about ATM interface atm4/0/0.
<3Com> display atm interface atm 4/0/0
348
Syntax
display atm map-info [ interface { interface-name | interface-type interface-num } [ pvc {
pvc-name | vpi/vci } ] ]
View
Any view
Parameter
interface-name: ATM interface name. For detailed naming rules, please refer to
Interface Configuration part of this manual. If it is not specified, all the
information about the higher layer mapping table of ATM interface will be
displayed by default.
interface-type: Interface type, which can determine an ATM interface together
with interface-num.
interface-num: Interface number, which can determine an ATM interface together
with interface-type.
pvc-name: PVC name, optional parameter. If no PVC name and no VPI/VCI pair are
specified, the information of the higher layer protocol mapping table about all
PVCs within specified ATM interface will be displayed by default.
vpi/vci: VPI/VCI pair, optional. For more details, please refer to Parameter
Description in the pvc command.
Description
Using the display atm map-info command, you can view the information about
the upper layer protocol mapping table of ATM.
The interface-name parameter is actually composed of interface-type and
interface-num. The difference between them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name.
For the related commands, see map ip, map ppp, and map bridge.
Example
Display the information about the upper layer protocol mapping table of all ATM
interfaces.
349
Syntax
display atm pvc-group [ interface { interface-name | interface-type interface-num } [ pvc
{ pvc-name [ vpi/vci ] | vpi/vci } ] ]
View
Any view
Parameter
interface-name: ATM interface name. The detailed naming rules can be
determined according to the actual-configured network device type. If it is not
specified, all the information about PVC-Group of ATM interface will be displayed
by default.
interface-type: Interface type, which can determine an ATM interface together
with interface-num.
interface-num: Interface number, which can determine an ATM interface together
with interface-type.
pvc-name: PVC name, optional. If no PVC name and no VPI/VCI pair are specified,
the information about all PVC-Groups within the specified ATM interface will be
displayed by default.
vpi/vci: VPI/VCI pair, optional. For more details, please refer to Parameter
description in the pvc command.
Description
Using the display atm pvc-group command, you can view the information about
PVC-Group.
350
GROUP
The explanation on the above messages is as follows (Taking the first record as an
example, and the last four records can refer to the following explanation.):
PVC with VPI/VCI pair as 1/32, its has been activated (UP) and the name is
"3Com". The AAL encapsulation type is SNAP. The application type is IPoA. The
interface is ATM main interface: Slot number is 1, adapter number is 1 and the
interface number is 0. The PVC-Group is created based on PVC "1/32".
display atm pvc-info
Syntax
display atm pvc-info [ interface { interface-name | interface-type interface-num } [ pvc {
pvc-name [ vpi/vci ] | vpi/vci } ] ]
View
Any view
Parameter
interface-name: ATM interface name. For detailed naming rules, please refer to
Interface Configuration part of this manual. If it is not specified, all the
information about PVC of ATM interface will be displayed by default.
interface-type: Interface type, which can determine an ATM interface together
with interface-num.
interface-num: Interface number, which can determine an ATM interface together
with interface-type.
pvc-name: PVC name, optional parameter. If no PVC name and no VPI/VCI pair are
specified, the information about all PVCs within the specified ATM interface will
be displayed by default.
351
vpi/vci: VPI/VCI pair, optional. For more details, please refer to Parameter
Description in the pvc command.
Description
Using the display atm pvc-info command, you can view the information about
PVC.
The interface-name parameter is actually composed of interface-type and
interface-num. The difference between them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name.
For the related command, see pvc.
Example
Display the information about PVC of all ATM interfaces.
<3Com> display atm pvc-info
The explanation on the above messages is as follows (Taking the first record as an
example, and the last four records can refer to the following explanation.):
PVC with VPI/VCI pair as 1/32, its has been activated (UP) and the name is
"3Com". The index number is 1. The AAL encapsulation type is SNAP. The
application type is IPoA. The interface is ATM main interface: Slot number is 1,
adapter number is 0 and the interface number is 0.
encapsulation
Syntax
encapsulation aal5-encap
undo encapsulation
View
PVC view
Parameter
aal5-encap: AAL5 encapsulation type, its possible values are as follows:
352
Description
Using the encapsulation command, you can specify ATM AAL5 encapsulation
type for PVC. Using the undo encapsulation command, you can restore the
default encapsulation.
By default, aal5snap encapsulation is adopted.
Only aal5snap encapsulation supports InARP protocol. InARP is not supported
when aal5mux and aal5nlpid encapsulations are adopted.
To change the encapsulation type for PVC to aal5mux or aal5nlpid, InARP must be
deleted first.
In addition, some types of encapsulations may not support some applications
method (one or more of IPoA, IPoEoA, PPPoA and PPPoEoA). When such cases
appear, the system will give a prompt.
Example
The two examples can both specify AAL5 encapsulation type of PVC as aal5snap.
Display how to specify AAL5 encapsulation type of PVC 1/32 as aal5snap.
[3Com-atm-pvc-Atm1/0/0-1/32] encapsulation aal5snap
interface atm
Syntax
interface atm interface-num
interface atm interface-number.subinterface-num [ multi-point | point-to-point ]
undo interface atm interface-number.subinterface-num
View
System view
Parameter
Interface number: ATM master interface number. For detailed numbering rules,
please refer to Interface Configuration part of this manual.
subinterface number: ATM sub-interface number. For detailed numbering rules,
please refer to Interface Configuration part of this manual..
multi-point | point-to-point: Sub-interface connection type.
353
Description
Using the interface atm command, you can create an ATM sub-interface or enter
an ATM interface view. Using the undo interface atm command, you can delete
an ATM sub-interface.
By default, the connection type of sub-interface is multi-point.
ATM sub-interface has two connection types: multi-point and point-to-point.
Multiple PVCs can be created at the sub-interface of multi-point connection type,
but only one PVC can be created at the sub-interface of point-to-point type.
For the related command, see display atm interface.
Example
The two examples display how to enter the ATM main interface or create/enter the
ATM sub-interface.
Enter the main interface Atm1/0/0.
[3Com] interface atm 1/0/0
ip-precedence
Syntax
ip-precedence{ pvc-name [ vpi/vci ] | vpi/vci } { min [ max ] | default }
undo ip-precedence{ pvc-name [ vpi/vci ] | vpi/vci }
View
ATM PVC-Group view
Parameter
pvc-name: PVC name, whose maximum length is 16 characters (case insensitive).
It should be unique at ATM interface. And it shouldn't be legal VPI/VCI pair. For
example, "1/20" cannot be a PVC name. The PVC corresponding to pvc-name
must have already been created.
vpi/vci: vpi is ATM Virtual Path Identifier (VPI), which ranges from 0 to 255; vci is
ATM Virtual Channel Identifier (VCI) , which ranges from 0 to 2047. Usually, the
vci values from 0 to 31 are reserved for special usage and cannot be used. PVC
corresponding to vpi/vci must have already been created.
min: Minimum preference of IP packets carried by the PVC.
max: Maximum preference of IP packets carried by the PVC.
default: Packets carried by the PVC with default preference.
354
Description
Using the ip-precedence command, you can set the precedence of IP packets
carried over PVC. Using the undo ip-precedence command, you can delete the
precedence configuration of IP packets carried over PVC.
This command can be only used to set the PVC within the PVC-Group. The
specified minimum preference min must be less than or equal to the specified
maximum preference max.
For the related commands, see pvc-group and pvc.
Example
Display how to set an IP packet named "3Com" whose VPI/VCI is 1/32 and the
PVC carrying preference is 0 to 3.
[3Com-atm-pvc-group-Atm1/0/0-1/32-3Com] ip-precedence 3Com 1/32 0 3
map bridge
Syntax
map bridge virtual-ethernet interface-num
undo map bridge
View
PVC view
Parameter
interface-num: Interface number of the VE interface, which is determined by a set
of tri-dimensional indices, i.e., slot number/module number/port number.
Description
Using the map bridge command, you can establish the IPoEoA mapping or
PPPoEoA mapping on the PVC. Using the undo map bridge command, you can
delete the mapping.
By default, no mapping is configured.
Before using this command, make sure that VE has been created.
As the upper layer of the link layer on the VE interface is Ethernet and the lower
layer is carried by AAL5, the MAC address used by VE is not the actual MAC
address and it cannot be obtained from the hardware and must be configured
manually. Users need to configure the correct MAC address by themselves.
Example
The following example shows a complete process of IPoEoA configuration.
Establish a VE interface Virtual-Ethernet2/0/0.
[3Com] interface virtual-ethernet 2
355
Establish the IPoE mapping using the established VE interface in PVC view.
[3Com-atm-pvc-Atm2/0/0-1/102] map bridge virtual-ethernet2
map ip
Syntax
map ip { ip-address [ ip-mask ] | default | inarp [ minutes ] } [ broadcast ]
undo map ip { ip-address | default | inarp }
View
PVC view
Parameter
ip-address: Opposite IP address mapping to PVC.
ip-mask: IP address mask, optional. If a packet cannot find the next hop at the
interface, but the next hop address belongs to the network segment specified by
ip-address and ip-mask, it can be sent over the PVC.
default: A mapping with the default route property is set. If a packet cannot find
a mapping with the same address of next hop at the interface, but one PVC has
the default mapping, the packet can be sent over the PVC.
inarp: Enables Inverse Address Resolution Protocol (InARP) at PVC.
minutes: Time interval to send InARP packets in minutes, optional. The range of
the value is 1 to 600 and the default value is 15.
broadcast: Pseudobroadcast, optional parameter. If a mapping with such property
is configured at PVC, the broadcast packets at the interfaces should be sent a copy
at the PVC.
Description
Using the map ip command, you can create IPoA mapping for PVC. Using the
undo map ip command, you can delete the mapping.
By default, no mapping is configured. If a mapping is set, pseudobroadcast is not
supported by default.
When InARP is used, it must be aal5snap encapsulation type. InARP is not
supported when aal5mux and aal5nlpid encapsulations are adopted.
356
Example
The two examples are the cases creating IPoA mapping for PVC.
Display how to create a static mapping at PVC 1/32, specify the opposite IP
address to 61.123.30.169 and support pseudobroadcast.
[3Com-atm-pvc-Atm1/0/0-1/32] map ip 61.123.30.169 broadcast
Display how to enable InARP at PVC 1/33 to automatically obtain the opposite
address and send InARP packets every 10 minutes.
[3Com-atm-pvc-Atm1/0/0.1-1/33] map ip inarp 10
map ppp
Syntax
map ppp virtual-template vt-number
undo map ppp View
View
PVC view
Parameter
Virtual-template (VT) Interface number corresponding to PPPoA. It should be
created previously.
Description
Using the map ppp command, you can create PPPoA mapping at PVC in PVC
view. Using the undo map ppp command, you can delete the mapping.
By default, no mapping is configured.
Before this command is used, the VT must have already been created.
Example
Display a complete PPPoA configuration process.
At first, a VT interface with the number 10 is created and its IP address is
configured.
[3Com] interface virtual-template 10
[3Com-Virtual-Template10] ip address 202.38.160.1 255.255.255.0
[3Com-Virtual-Template10] quit
mtu
357
Syntax
mtu mtu-number
undo mtu
View
Interface view
Parameter
mtu-number: MTU size of ATM interface in bytes, the range of the value is 128 to
16384.
Description
Using the mtu command, you can set the size of Maximum Transmission Unit
(MTU) of the ATM interface. Using the undo mtu command, you can restore the
default of the value.
By default, 1500 bytes.
MTU of ATM interface only influences the packet assembling and packet
disassembling of IP layer at the ATM interface. Because of the limit of the QoS
queue length (for example, the default length of the FIFO queue is 75), the too
small MTU will lead to too many fragments and will be dropped by the QoS
queue. In this case, the length of the QoS queue can be enlarged appropriately.
FIFO is the queue dispatching mechanism used by PVC by default, and its queue
length can be changed by using the fifo queue-length command in the PVC view.
This command can be used in ATM main interface and sub-interface at the same
time.
Example
Display how to set MTU of ATM interface Atm1/0/0 to 1492 bytes.
[3Com-Atm1/0/0] mtu 1492
oam frequency
Syntax
oam frequency frequency [ up up-count down down-count retry-frequency
retry-frequency ]
undo oam frequency
View
PVC view, ATM Class view.
Parameter
frequency: Time interval to send OAM F5 Loopback cells in seconds, and the
range of the value is 1 to 600.
358
pvc
Syntax
pvc { pvc-name [ vpi/vci ] | vpi/vci }
undo pvc { pvc-name [ vpi/vci ] | vpi/vci }
View
ATM interface view or PVC-Group view
Parameter
pvc-name: PVC name, whose maximum length is 16 characters. It shall be unique
at ATM interface (case insensitive), and can not be legal VPI/VCI pair. For example,
"1/20" cannot be a PVC name.
vpi/vci: vpi is ATM Virtual Path Identifier (VPI) in the range 0 to 255; vci is ATM
Virtual Channel Identifier (VCI). Its value range depends on interface type. See the
following table for reference. Usually, the vci values from 0 to 31 are reserved for
special usage and cannot be used
Table 15 VCI range for each type of ATM interface
nterface type
VCI
ADSL
<0-255>
359
VCI
GSHDSL
<0-255>
ATMOC3
<0-1023>
ATM25
<0-511>
ATME3
<0-1023>
ATMT3
<0-1023>
pvc-group
Syntax
pvc-group { pvc-name [ vpi/vci ] | vpi/vci }
undo pvc-group { pvc-name [ vpi/vci ] | vpi/vci }
View
ATM interface view
360
Parameter
pvc-name: PVC name, whose maximum length is 16 characters. It is case
insensitive and should be unique at ATM interface. And it shouldn't be legal
VPI/VCI pair. For example, "1/20" cannot be a PVC name. The PVC corresponding
to pvc-name must have already been created.
vpi/vci: vpi is ATM Virtual Path Identifier (VPI) in the range 0 to 255; vci is ATM
Virtual Channel Identifier (VCI). For its value range, refer to VCI range for each
type of ATM interface. Usually, the vci values from 0 to 31 are reserved for special
usage and cannot be used. PVC corresponding to vpi/vci must have already been
created.
Description
Using the pvc-group command, you can create a PVC-Group or enter the
PVC-Group view at ATM interface. Using the undo pvc-group command, you can
delete the specified PVC-Group.
Once pvc-name is specified for some PVC (e.g. "3Com"), it is possible to enter the
PVC-Group view by inputting pvc-group pvc-name (e.g. "pvc-group 3Com"). The
deletion of the PVC-Group can be done by inputting undo pvc-group pvc-name
(e.g. "undo pvc-group 3Com") or through the undo pvc-group vpi/vci (if the
VPI/VCI of this PVC is 1/32, it is " undo pvc-group 1/32") command.
For the related commands, see ip-precedence and pvc.
Example
Display how to create a PVC-Group based on the name "3Com" and the PVC
with VPI/VCI as 1/32.
[3Com-Atm1/0/0] pvc-group 3Com 1/32.
pvc max-number
Syntax
pvc max-number max-number
undo pvc max-number
View
ATM master interface view
Parameter
max-number: Maximum number of supported VCs. Value range of this parameter
depends on interface type, as shown in the following table:
Table 16 The maximum number of VCs allowed for each type of ATM interface
Interface type
max-number
ADSL
<1-32>
GSHDSL
<1-32>
ATMOC3
<1-1024>
361
Table 16 The maximum number of VCs allowed for each type of ATM interface
Interface type
max-number
ATM25
<1-256>
ATME3
<1-1024>
ATMT3
<1-1024>
Description
Using the pvc max-number command, you can set the maximum number of
ATM interface virtual circuits (VC). Using the undo pvc max-number command,
you can restore the default value.
This command is used to set the maximum number of the total available VCs for
ATM main interfaces and sub-interfaces.
Although this command is valid on both ATM main interface and sub-interface, it
can only be used in ATM main interface view and there is not this command in
ATM sub-interface view.
For the related command, see display atm interface.
Example
The two examples can both make ATM interface Atm1/0/0 support totally 2048
VCs.
Display how to set ATM interface Atm1/0/0 to totally support maximum 2048
VCs.
[3Com-Atm1/0/0] pvc max-number 2048
Display how to set ATM interface Atm1/0/0 to support the default maximum
number of VCs (2048).
[3Com-Atm1/0/0] undo pvc max-number
pvp limit
Syntax
pvp limit vpi peak-rate
undo pvp limit vpi
View
ATM master interface view
Parameter
vpi: Virtual path identifier of ATM network, its value ranges from 0 to 255.
peak-rate: Normal flow to be held. Value range of this parameter depends on
interface type, as shown in the following table:
362
peak-rate
ADSL
<64-640>
GSHDSL
<64-2312>
ATMOC3
<2000-155000>
ATM25
<64-25600>
ATME3
<64-34000>
ATMT3
<64-45000>
Description
Using the pvp limit command, you can set the parameters for VP policing. Using
the undo pvp limit command, you can delete the VP policing.
By default, the VP policing is not performed.
When applying VP policing, the parameters of PVC are still valid. Only when the
parameters of PVC and VP policing are satisfied, will the packets be transmitted.
When calculating the traffic, the LLC/SNAP, MUX and NLPID headers are included,
but the ATM cell head is not included.
For the related commands, see pvc, service cbr, service vbr-nrt, and service
vbr-rt, service ubr.
Example
Set the traffic of VP with vpi 1 to 2M.
[3Com-Atm1/0/0] pvp limit 1 2000
service cbr
Syntax
service cbr output-pcr [ cdvt cdvt_value ]
View
PVC view
Parameter
output-pcr: Output peak rate of ATM cell in Kbit/s. Value range of this parameter
depends on interface type, as shown in the following table
Table 18 Value ranges of output-pcr
Interface type
output-pcr
ADSL
<64-640>
GSHDSL
<64-2312>
ATMOC3
<2000-155000>
ATM25
<64-25600>
ATME3
<64-34000>
363
output-pcr
ATMT3
<64-45000>
cdvt_value: cell delay variation tolerance, in s, and the range of the value is 0 to
10000s.
Description
Using the service cbr command, you can specify PVC service type as constant bit
rate (CBR).
By default, the service type is UBR after creating a PVC. When the value of cdvt is
not specified, it is 500s by default.
This command is used to set the PVC service type and parameter. The newly
specified PVC service type will replace the existing service type. It is recommended
that the PVC with larger bandwidth be created first and then the one with smaller
bandwidth. If the creation fails, the cdvt_value can be adjusted larger to create the
PVC once more. The above case will be prompted in the command line, as follows:
fail to set service parameter, please adjust cdvt value
The command does not support ATM E1 interface and ATM E3 interface.
For the related commands, see service vbr-nrt, service vbr-rt, and service ubr.
Example
Create a PVC named "3Com" with VPI/VCI as 1/101.
[3Com-Atm1/0/0] pvc 3Com 1/101
Specify the service type of the PVC as cbr and the peak rate of ATM cell as
50,000Kbits/s.Cell delay variation tolerance is 1000s.
[3Com-atm-pvc-Atm1/0/0-1/101-3Com] service cbr 50000 cdvt 1000
service ubr
Syntax
service ubr output-pcr
View
PVC view
Parameter
output-pcr: Output peak rate of ATM cell in Kbit/s. For the value ranges of this
parameter, see Value ranges of output-pcr.
364
Description
Using the service ubr command, you can specify the service type of PVC as
Unspecified Bit Rate (UBR) and specify the related rate parameters.
By default, the service type is UBR after creating a PVC.
This command as well as the service vbr-nrt, service vbr-rt and service cbr
commands can be used to set the service type and service parameters of PVC. The
newly specified PVC service type will supersede the existing service type.
For the related commands, see service vbr-nrt, service vbr-rt, and service cbr.
Example
Display how to create a PVC named "3Com" with VPI/VCI as 1/101.
[3Com-Atm1/0/0] service pvc 3Com 1/101
Display how to specify the service type of the PVC as ubr and the peak cell rate of
ATM cell as 100,000Kbps.
[3Com-atm-pvc-Atm1/0/0-1/101-3Com] service ubr 100000
service vbr-nrt
Syntax
service vbr-nrt output-pcr output-scr output-mbs
View
PVC view
Parameter
output-pcr: Peak rate of ATM cell output in Kbit/s. For the value ranges of this
parameter, see Value ranges of output-pcr.
output-scr: Sustainable rate of ATM cell output in Kbps. Its value ranges are the
same as those of output-pcr.
output-mbs: Maximum burst size of ATM cell output, i.e., the maximum cache size
of ATM cell output at the interface in cell number.
Description
Using the service vbr-nrt command, you can specify the service type of PVC as
Variable Bit Rate-Non Real Time (VBR-NRT) and specify the related rate
parameters.
By default, the service type is UBR after creating a PVC.
This command as well as the service ubr, service vbr-rt and service cbr commands
can be used to set the service type and service parameters of PVC. The newly
specified PVC service type will supercede the existing service type.
For the related commands, see service vbr-rt, service ubr, and service cbr.
365
Example
Display how to create a PVC named "3Com" with VPI/VCI as 1/101.
[3Com-Atm1/0/0] pvc 3Com 1/101
Display how to specify the service type of the PVC as VBR-NRT and set the peak
bit rate of ATM cell to 100,000kbit/s, sustainable bit rate to 50,000Kbps, the
maximum burst size to 320 cells.
[3Com-atm-pvc-Atm1/0/0-1/101-3Com] service vbr-nrt 100000 50000 320
service vbr-rt
Syntax
service vbr-rt output-pcr output-scr output-mbs
View
PVC view
Parameter
output-pcr: Peak cell rate of ATM output in Kbit/s. For the value ranges of this
parameter.
output-scr: Sustainable cell rate of ATM output in Kbps. Its value ranges are the
same as those of output-pcr.
output-mbs: Maximum burst size of ATM cell output, i.e., the maximum cache size
of ATM cell output at the interface in cell number. The range of the value is 1 to
512. When it is used in ATM E3 interface, the range of the parameter is 1 to 512.
Description
Using the service vbr-rt command, you can set the service type of PVC to Variable
Bit Rate - Real Time (VBR-RT) and specify the related rate parameters in the PVC
view.
By default, the service type is UBR after creating a PVC.
This command as well as the service ubr, service cbr and service vbr-nrt commands
can be used to set the service type and service parameters of PVC. The newly
specified PVC service type will supercede the existing service type. The command
does not support ATM E1 interface.
For the related commands, see service cbr, service ubr, and service vbr-nrt.
Example
Display how to create a PVC named "3Com" with VPI/VCI as 1/101.
[3Com-if-Atm1/0/0] pvc 3Com 1/101
Display how to specify the service type of the PVC as VBR-NRT and set the peak
cell rate of ATM to 100,000kbit/s, sustainable cell rate to 50,000Kbps, the
maximum burst size to 320 cells.
366
Syntax
channel { interface serial interface-number | xot ip-address }
undo channel { interface serial interface-number | xot ip-address }
View
X.25 hunt group view
Parameter
interface-number: Interface number, its value ranges from 0 to 3.
ip-address: IP address of the peer XOT host.
Description
Using the channel command, you can add X.25 interface or XOT channel of one
serial port to the current hunt group. Using the undo channel command, you can
delete the specified interface or XOT channel from the current hunt group.
One interface may belong to six hunt groups at most at the same time.
For the related command, see X25 hunt-group.
Example
Add the serial interface serial0/0/0 to the hunt group hg1.
[3Com] x25 hunt-group hg1 round-robin
[3Com-hg-hg1] channel interface serial0/0/0
debugging pad
Syntax
debugging pad { all | error | event | packet }
undo debugging pad { all | error | event | packet }
View
User view
Parameter
all: All debugging switch of PAD.
error: Error debugging switch of PAD.
event: Event debugging switch of PAD.
367
Syntax
debugging x25 xot { all | event | packet }
undo debugging x25 xot { all | event | packet }
View
User view
Parameter
all: All debugging switch of XOT.
event: Event debugging switch of XOT.
packet: Packet debugging switch of XOT
Description
Using the debugging x25 xot command, you can enable the debugging switch
of XOT
Using the undo debugging x25 xot command, you can disable the debugging
switch of XOT
Example
None
display interface
Syntax
display interface serial [ number ]
View
Any view
Parameter
number: Serial interface number.
368
Description
Using the display interface command, you can view the LAPB or X.25 interface
information. After configuring PVC of X.25, users can use the command to obtain
the status information on one interface.
Example
Encapsulate Serial0/0/0 with LAPB protocol and view the encapsulated interface
information using the following commands.
<3Com> system-view
[3Com] interface Serial1/0/0
[3Com-Serial0/0/0] linl-protocol lapb
[3Com-Serial0/0/0] display interface serial 0/0/0
Serial0/0/0 current state : UP
Line protocol current state : UP
Description : 3Com, 3Com Series, Serial4/0/0 Interface
The Maximum Transmit Unit is 1500, Holder timer is 10(sec)
Internet protocol processing : disabled
Link-protocol is X.25 DCE Ietf, address is , state R1, modulo 8
input/output: window sizes 7/7, packet sizes 256/256
Channels: Incoming-only 10-20, Two-way 30-40, Outgoing-only 50-60
Timers: T10 60, T11 180, T12 60, T13 60, Idle_Timer 0 (seconds)
New configuration(will be effective after restart): modulo 8
input/output: window sizes 7/7, packet sizes 256/256
Channels: Incoming-only 10-20, Two-way 30-40, Outgoing-only 50-60
Statistic: Restarts 0 (Restart Collisions 0)
Refused Incoming Call 0, Failing Outgoing Call 0
input/output: RESTART 1/1 CALL 9/2 DIAGNOSE 0/0
DATA 119/121 INTERRUPT 0/0 Bytes 2497/2731
RR 6/113 RNR 0/0 REJ 0/0
Invalid Pr: 0 Invalid Ps: 0 Unknown: 0
Link-protocol is LAPB
LAPB DCE, module 8, window-size 7, max-frame 12056, retry 10
Timer: T1 3000, T2 1500, T3 0 (milliseconds), x.25-protocol
state CONNECT, VS 6, VR 3, Remote VR 6
IFRAME 147/254, RR 11/6, RNR 0/0, REJ 0/0
FRMR 0/0, SABM 0/1, DM 0/0, UA 1/0
DISC 0/0, invalid ns 0, invalid nr 0, link resets 0
FIFO queuing: (Outbound queue:Size/Length/Discards)
FIFO 0/75/0
Physical layer is synchronous,
Interface is DTE, Cable type is V24
5 minutes input rate 0.00 bytes/sec, 0.01 packets/sec
5 minutes output rate 0.07 bytes/sec, 0.01 packets/sec
159 packets input, 3338 bytes, 0 no buffers
261 packets output, 4057 bytes, 0 no buffers
0 input errors, 0 CRC, 0 frame errors
0 overrunners, 0 aborted sequences, 0 input no buffers
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
The above information will be displayed after entering the command series, in
which the contents in boldface are those related to X.25 and LAPB protocols. The
main parameters are described as follows:
369
370
timer: Delay value of timers of this interface LAPB, in milliseconds. The unit
of T3 is second.
Syntax
display x25 alias-policy [ interface interface-type slot-number ]
View
Any view
Parameter
interface-type: Interface type.
slot-number: Interface number.
Description
Using the display x25 alias-policy command, you can view X.25 alias table.
For the related command, see x25 alias-policy.
Example
Display X.25 alias table.
<3Com> display x25 alias-policy
Alias for Serial0/0/0:
Alias for Serial1/0/0:
Alias- 1:$20112405$strict
Alias- 2:$20112450left
Alias- 3:20112450$right
The above information indicates: the interface Serial0/0/0 is set without alias, and
the interface Serial1/0/0 is set with 3 aliases, which are $20112405$ (in strict
371
match mode), $20112405 (in left alignment match mode) and 20112405$ (in
right alignment match mode).
display x25
hunt-group-info
Syntax
display x25 hunt-group-info [ hunt-group-name ]
View
Any view
Parameter
hunt-group-name: hunt group name
Description
Using the display x25 hunt-group-info command, you can view the status
information of X.25 hunt group.
You can use this command to learn the hunt group of the Router and the
information about the interfaces and XOT channel inside the hunt group.
For the related command, see x25 hunt-group.
Example
Display the status information of X.25 hunt group hg1.
[3Com] display x25 hunt-group-info hg1
HG_ID : hg1 HG_Type: round-robin
member
state vc-used in-pkts out-pkts
Serial0/0/0 Last
2
51
20
Serial1/0/0 Next
1
21
15
1.1.1.1 Normal 1
24
3
The following table introduces the meaning of each field in the displayed
information.
Table 19 Explanation of each field in the command display x25 hunt-group-info
Field
Explanation
hg1
round-robin
member
state
vc-used
372
Explanation
out-pkts
Syntax
display x25 map
View
Any view
Parameter
None
Description
Using the display x25 map command, you can view the X.25 address mapping
table.
The X.25 address mapping can be configured in two methods: special
configuration (through the x25 map command) or implied configuration (through
the x25 pvc command). The display x25 map command can be used to show all
the address mappings.
For the related commands, see x25 map, x25 pvc, x25 switch pvc, x25 xot pvc,
and x25 fr pvc.
Example
Display the X.25 address map table.
<3Com> display x25 map
Interface:Serial3/0/0(protocol status is up):
ip address:202.38.162.2 X.121 address: 22
map-type: SVC_MAP VC-number: 0
Facility:
ACCEPT_REVERSE;
BROADCAST;
PACKET_SIZE: I 512 O 512 ;
Syntax
display x25 pad [ pad-id ]
View
Any view
373
Parameter
pad-id: PAD ID, its value ranges from 0 to 255. If it is not specified, all PAD
connection information will be displayed.
Description
Using the display x25 pad command, you can view X.25 PAD connection
information.
PAD is a kind of application similar to telnet. It can establish the connection
between two ends through X121 address, and then, to carry out configuration
operations.
For the related commands, see display x25 vc and x25 xot.
Example
Display X.25 PAD connection information.
[3Com] display x25 pad
UI-INDEX130:
From remote 22 connected to local 11, State: Normal
X.3Parameters(In):
1:1,2:0,3:2,4:1,5:0,6:0,7:21,8:0,9:0,10:0,11:14
12:0,13:0,14:0,15:0,16:127,17:21,18:18,19:0,20:0,21:0,22:0
X.3Parameters(Out):
1:1,2:0,3:2,4:1,5:0,6:0,7:21,8:0,9:0,10:0,11:14
12:0,13:0,14:0,15:0,16:127,17:21,18:18,19:0,20:0,21:0,22:0
Input:
Pkts(total/control): 13/2 bytes:12
queue(size/max) :0/200
Output:
Pkts(total/control): 15/2 bytes:320
Syntax
display x25 switch-table pvc
View
Any view
Parameter
None
Description
Using the display x25 switch-table pvc command, you can view X.25 switching
virtual circuit table.
For the related commands, see x25 pvc, x25 switch pvc, x25 xot pvc, x25 fr
pvc, and x25 switch svc.
374
Example
Display X.25 switching virtual circuit table.
[3Com] display x25 switch-table pvc
#1 (In: Serial0/0/0-vc1024)< >(Out: Serial1/0/0-vc1}
#2 (In: Serial1/0/0-vc1024)< >(Out: Serial0/0/0-vc1}
Syntax
display x25 switch-table svc { dynamic | static }
View
Any view
Parameter
None
Description
The command display x25 switch-table svc is used to display X.25 switching
routing table.
For the related command, see x25 switch svc.
Example
Display X.25 switching routing table.
[3Com] display x25 switch-table svc static
Number Destination Substitute- Substitute- CUD SwitchTo(type/name)
src
dst
1
11
I/Serial2/0/0
2
22
I/Serial2/1/0
3
133
H/hg1
4
132
T/123.123.123.123
5
133
T/123.123.123.123
T/124.124.124.124
T/125.125.125.125
6
111
222
333
T/4.4.4.4
Total of static svc is 6.
The item type of SwitchTo meaning:
I: interface H: hunt-group T: xot
The following table introduces the meaning of each field in the displayed
information.
Table 20 Explanation of each field in the command display x25 switch-table svc
Field
Explanation
Number
Substitute-src
Substitute-dst
375
Table 20 Explanation of each field in the command display x25 switch-table svc
display x25 vc
Field
Explanation
CUD
SwitchTo
Syntax
display x25 vc [ lci ]
View
Any view
Parameter
lci: Logical channel identifier, its value ranges from 1 to 4095. If the logical
channel identifier is not specified, all virtual circuits will be displayed.
Description
Using the display x25 vc command, you can view the information about the X.25
virtual circuit.
SVC (Switched Virtual Circuit) is set up temporarily by X.25 through call
connection when data transmission is required. PVC is configured manually and
exists regardless of the data transmission requirement. When the router works in
X.25 switched mode, virtual circuits will be set up in order to transfer the switched
data. The information about these virtual circuits can be shown via this command,
and only some fields in the displayed information differ.
For the related commands, see x25 pvc, x25 switch pvc, x25 xot pvc, and x25
fr pvc.
Example
Display X.25 virtual circuit.
<3Com> display x25 vc
Interface: Serial2/0/0
SVC 1
State: P4
Map: ip 10.1.1.2 to 130
Window size: input 2 output 2
Packet Size: input 128 output 128
Local PS: 5 Local PR: 5 Remote PS: 5 Remote PR: 4
Local Busy: FALSE Reset times: 0
Input/Output:
DATA 5/5 INTERRUPT 0/0
RR 0/0 RNR 0/0 REJ 0/0
Bytes 420/420
Snd Queue(Current/Max): 0/200
Interface: Serial2/1/0
SVC 10
State: P4
376
Syntax
display x25 xot
View
Any view
377
Parameter
None
Description
Using the display x25 xot command, you can view XOT link information.
You can use the command display x25 xot to view the detailed information
about all XOT links, including peer ip and port, local ip and port, keepalive setting
of socket and come/go interface names.
For the related commands, see x25 switch svc xot and x25 xot pvc.
Example
Display XOT link information.
[3Com] display x25 xot
SVC 1024: ( ESTAB )
tcp peer ip: 10.1.1.1, peer port: 1998
tcp local ip: 10.1.1.2, local port: 1024
socket keepalive period: 5, keepalive tries: 3
come interface name: Serial0/0/0-10.1.1.1-1024
go interface name: Serial0/0/0:
The above information indicates: there is one established XOT link via SVC, whose
peer IP is 10.1.1.1, peer port is 1998, local IP is 10.1.1.2, local port is 1024,
keepalive period of socket is 5 seconds, keepalive tries are 3, come interface name
is Serial0/0/0-10.1.1.1-1024 (XOT interface), and go interface name is Serial0/0/0.
lapb max-frame
Syntax
lapb max-frame n1-value
undo lapb max-frame
View
Interface view
Parameter
n1-value: The value of the parameter N1 in bits, and its value ranges from 1096 to
12104.By default, the parameter N1 of LAPB is 12032.
Description
Using the lapb max-frame command, you can configure the LAPB parameter N1.
Using the undo lapb max-frame command, you can restore the default value.
N1 shall indicate the maximum bit of I frame that DCE or DTE wish to receive from
DTE or DCE, and its value is maximum transmission unit (MTU) plus the total bytes
of protocol header times 8, which stipulates the maximum length of transmission
frame.
378
Example
Set the parameter N1 of LAPB on the interface Serial 0/0/0 is 1160.
[3Com-Serial0/0/0] lapb max-frame 1160
lapb modulo
Syntax
lapb modulo { 128 | 8 }
undo lapb modulo
View
Interface view
Parameter
128: Using modulus 128 numbering view.
8: Using modulus 8 numbering view.
Description
Using the lapb modulo command, you can specify the LAPB frame numbering
view (also called modulo). Using the undo lapb modulo command, you can
restore the default value.
By default, the LAPB frame protocol view is modulo 8.
There are two LAPB frame numbering views: modulo 8 and modulo 128. Each
information frame (I frame) is numbered in sequence, ranging from 0 to the
modulo minus 1. In addition, sequential numbers will cycle within the range of
modulo.
Modulo 8 is a basic view, LAPB can implement all the standards via the view. It is
sufficient for most links.
For the related command, see lapb window-size.
Example
Set the LAPB frame numbering view on Serial0/0/0 to modulo 8.
[3Com-Serial0/0/0] lapb modulo 8
lapb retry
Syntax
lapb retry n2-value
undo lapb retry
View
Interface view
379
Parameter
n2-value: The value of N2, its value ranges from 1 to 255.By default, the
parameter N2 of LAPB is 10.
Description
Using the lapb retry command, you can configure LAPB parameter N2. Using the
undo lapb retry command, you can restore the default value.
The value of N2 indicates the maximum retries that DCE or DTE sends one frame
to DTE or DCE.
Example
Set the LAPB parameter N2 on Serial0/0/0 to 20.
[3Com-Serial0/0/0] lapb retry 20
lapb timer
Syntax
lapb timer { t1 t1-value | t2 t1-value | t3 t3-value }
undo lapb timer { t1 | t2 | t3 }
View
Interface view
Parameter
t1-value: The value of timer T1 in ms, its value ranges from 1 to 64000ms.The
default value of T1 is 2000ms.
t2-value: Value of the timer T2 in ms, ranging 1 to 32000.The default value of T2
is 1000ms.
t3-value: Value of the timer T3 in ms, its value ranges from 0 to 255. The default
value of T3 is 0ms.
Description
Using the lapb timer command, you can configure the LAPB timers T1, T2 and
T3..Using the undo lapb timer command, you can restore their default values.
T1 is a transmission timer. When T1 expires, DTE (DCE) will start retransmission.
The value of T1 shall be greater than the maximum time between the sending of a
frame and the receiving of its response frame.
T2 is a reception timer. When it expires, the DTE/DCE must send an
acknowledgement frame so that this frame can be received before the peer
DTE/DCE T1 timer expires (T2<T1).
T3 is an idle channel timer, when it expires, the DCE reports to the packet layer
that the channel stays idle for a long time. T3 should be greater than the timer T1
(T3>T1) on a DCE. When T3 is 0, it indicates that it does not function yet.
380
Example
Set the LAPB timer T1 on Serial0/0/0 to 3000ms.
[3Com-Serial0/0/0] lapb timer t1 3000
lapb window-size
Syntax
lapb window-size k-value
undo lapb window-size
View
Interface view
Parameter
k-value: Maximum number of I frame of unacknowledged sequence number that
DTE or DCE may send, if the modulus is 8, the value of the window parameter K
ranges 1 to 7. If the modulus is 128, the value of the window parameter K ranges
1 to 127. By default, the window parameter K is 7.
Description
Using the lapb window-size command, you can configure the LAPB window
parameter K. Using the undo lapb window-size command, you can restore the
default value of the LAPB window parameter K.
The value of the window parameter K is determined by the value of modulus.
For the related command, see lapb modulo.
Example
Set the LAPB window parameter K on the interface Serial 0/0/0 to be 5.
[3Com-Serial0/0/0] lapb window-size 5
link-protocol lapb
Syntax
link-protocol lapb [ dte | dce ] [ ip | multi-protocol ]
View
Interface view
Parameter
dte: Indicates that the interface works in DTE mode of LAPB.
dce: Indicates that the interface works in DCE mode of LAPB.
ip: Indicates that the network layer protocol borne by LAPB is IP.
381
Description
Using the link-protocol lapb command, you can specify the link layer protocol of
the interface as LAPB.
By default, DTE is the default LAPB operating mode. IP is the default network layer
protocol.
Though LAPB is a layer-2 protocol of X.25, it can act as an independent link-layer
protocol for simple data transmission. Generally, LAPB can be used when two
routers are directly connected with a dedicated line. At that time one end works in
the DTE mode, and the other in the DCE mode.
For the related command, see display interface.
Example
Configure LAPB as the link layer protocol of the interface Serial 0/0/0, and enable
it to work in DCE mode.
[3Com-Serial0/0/0] link-protocol lapb dce
link-protocol x25
Syntax
link-protocol x25 [ dte | dce ] [ ietf | nonstandard ]
View
Interface view
Parameter
dte: Indicates that the interface works in DTE mode.
dce: Indicates that the interface works in DCE mode.
letf: Based on the standard stipulation of the IETF RFC 1356, encapsulate IP or
other network protocols on the X.25 network.
nonstandard: Encapsulates IP or other network protocols on the X.25 network
with nonstandard.
Description
Using the link-protocol x25 command, you can encapsulate X.25 protocol to the
specified interface.
By default, the link-layer protocol for interface is PPP. When the interface uses
X.25 protocol, it works in DTE IETF mode by default.
If the X.25 switching function is not used, and two Routers are directly connected
back to back via the X.25 protocol, one Router shall work in DTE mode, while the
other shall work in DCE mode. When two Routers are connected via the X.25
public packet network, they shall generally work in DTE mode. If the X.25
switching function is used, the Router shall generally work in DCE mode.
382
pad
Syntax
pad x121-address
View
User view
Parameter
x121-address: x121 destination address.
Description
Using the pad command, you can establish a PAD connection with the remote
site.
PAD is a kind of application similar to telnet. It can establish the connection
between two ends through X121 address, and then, to carry out configuration
operations.
Example
Establish a PAD connection, and the destination x121 address is 2.
<03Com> pad 2
reset xot
Syntax
reset xot local local-ip-address local-port remote remote-ip-address remote-port
View
User view
Parameter
local-ip-address: Local IP address of the XOT connection.
local-port: Local port number of the XOT connection.
remote-ip-address: Remote IP address of the XOT connection.
remote-port: Remote port number of the XOT connection.
383
Description
For SVC, using the reset xot command, you can initiatively clear an XOT link.
For PVC, using reset xot command, you can initiatively reset an XOT link.
You can initiatively clear or reset the XOT link using the command reset xot.
When you clear or reset the XOT link, you can obtain the required ports using the
commands display x25 xot or display tcp status.
For the related commands, see display x25 vc, x25 switching, display x25 xot,
and display tcp status.
Example
Clear or reset an XOT link.
[3Com] reset xot local 10.1.1.1 1998 remote 10.1.1.2 1024
x25 alias-policy
Syntax
x25 alias-policy match-type alias-string
undo x25 alias-policy match-type alias-string
View
Interface view
Parameter
match-type: Match type of the alias. There are 9 optional match types:
384
When an X.25 call is forwarded between networks, different X.25 networks may
perform some operations on the destination addresses (that is, the called DTE
address) carried by this call packet, for example, regularly adding or deleting the
prefix and suffix. In this case, a user needs to set an interface alias for the router to
adapt this change. Please consult your ISP to learn if the network supports this
function before deciding whether the alias function is enabled or not.
For the details about the X.25 alias matching method, please see the chapter LAPB
and X.25 Configurations in Operation Manual.
For the related commands, see display x25 alias-policy and x25 x121-address.
Example
Configure the link-layer protocol on interface Serial0/0/0 as X.25 and its X.121
address to 20112451, and set two aliases with different match types for it.
[3Com] interface serial 0/0/0
[3Com-Serial0/0/0] link-protocol x25
[3Com-Serial0/0/0] x25 x121-address 20112451
[3Com-Serial0/0/0] x25 alias-policy right 20112451$
[3Com-Serial0/0/0] x25 alias-policy left $20112451
With the above configurations, a call whose destination address is 20112451 can
be accepted as long as it can reach the local X.25 interface Serial0/0/0, no matter
whether the network is performing the prefix adding operation or suffix adding
operation.
x25 call-facility
Syntax
x25 call-facility facility-option
undo x25 call-facility facility-option
View
Interface view
Parameter
facility-option: User facility option, its value includes:
385
roa-list name: Specifies an ROA list name configured by the command X25
roa-list in system view for the X.25 interface.
send-delay value: Specifies the maximum network send delay request while
calling from X.25 interface. You can set this request to any value ranging
from 0 to 65534 ms (including 0 and 65534).
threshold in out: Specifies throughput negotiation while calling from X.25
interface. The values of in/out are defined as 75, 150, 300, 600, 1200,
2400, 4800, 9600, 19200, and 48000.
window-size input-window-size output-window-size: Specifies the window
size negotiation while calling from X.25 interface. Window size negotiation
is a part of flow control parameter negotiation. It needs two parameters:
reception window size and transmission window size, which must be in the
range of 1 to modulo -1 (including 1 and modulo -1).The default values of
the two parameters are 2.
Description
Using the x25 call-facility command, you can set user options for an X.25
interface. After an option is set, all X.25 calls from the X.25 interface will carry the
relevant information field in call packet. Using the undo x25 call-facility
command, you can delete the set option.
By default, no facility is set.
The user facilities set via this command are available for all the calls originating
from this X.25 interface. You can set a user option for an X.25 call from a certain
address mapping through the command x25 map protocol-name protocol-address
x.121-address x.121-address [ option ].
For the related command, see x25 map.
Example
Specify the flow control parameter negotiation with the peer end for the calls
from the X.25 interface serial0/0/0.
[3Com-Serial0/0/0] x25 call-facility packet-size 512 512
[3Com-Serial0/0/0] x25 call-facility window-size 5 5
x25 cug-service
Syntax
x25 cug-service [ incoming-access ] [ outgoing-access ] [ suppress { all | preferential } ]
undo x25 cug-service
View
Interface view
Parameter
incoming-access: Performs the suppress processing of incoming access
outgoing-access: Performs the suppress processing of outgoing access
386
x25 default-protocol
Syntax
x25 default-protocol protocol-type
undo x25 default-protocol
View
Interface view
Parameter
protocol-type: Protocol type, may be IP.
Description
Using the x25 default-protocol command, you can set the default upper-layer
protocol carried over X.25 for the X.25 interface. Using the undo x25
default-protocol command, you can restore the default upper-layer protocol.
By default, IP is carried over X.25.
During X.25 SVC setup, the called device will check the call user data field of X.25
call request packet. If it is an unidentifiable one, the called device will deny the
setup of the call connection. However, a user can specify a default upper-layer
protocol carried over X.25. When X.25 receives a call with unknown CUD, the call
can be treated based on the default upper-layer protocol specified by a user.
For the related command, see x25 map.
Example
Set the default upper-layer protocol over the X.25 interface Serial0/0/0 as IP.
387
x25 hunt-group
Syntax
x25 hunt-group hunt-group-name { round-robin | vc-number }
undo x25 hunt-group hunt-group-name
View
System view
Parameter
hunt-group-name: Name of hunt group.
round-robin: Select call channel using cyclic selection policy.
vc-number: Select call channel using the policy of computing available logical
channel.
Description
Using the x25 hunt-group command, you can create or enter an X.25 hunt
group. Using the undo x25 hunt-group command, you can delete the specified
X.25 hunt group.
X.25 hunt group supports two call channel selection policies: round-robin mode
and vc-number mode, and a hunt group only uses one channel selection policy.
The round-robin mode will select next interface or XOT channel inside hunt group
for each call request using cyclic selection method. The vc-number mode will
select the interface with the most idle-logical channels in hunt group for each call
request.
A hunt group can have 10 interfaces or XOT channels at most, and it may
nondistinctively select the available channels between interface and XOT channel.
XOT channel cannot join the hunt group that adopts the vc-number selection
policy.
For the related command, see display x25 hunt-group.
Example
Create hunt group hg1 which uses cyclic selection policy.
[3Com] x25 hunt-group hg1 round-robin
[3Com-hg-hg1]
x25 ignore
called-address
Syntax
x25 ignore called-address
undo x25 ignore called-address
388
View
Interface view
Parameter
None
Description
Using the x25 ignore called-address command, you can enable it to ignore the
X.121 address of the called DTE when X.25 initiates calls. Using the undo x25
ignore called-address command, you can disable this function.
By default, this function is disabled.
According to X.25, the calling request packet must carry the address bits.
However, on some occasions, the X.25 calling request does not have to carry the
called/calling DTE address in a specific network environment or as is required by
the application. This command enables users to specify whether the call request
packet sent by X.25 in the 3Com series routers carries the called DTE address.
For the related commands, see x25 response called-address, x25 response
calling-address, and x25 ignore calling-address.
Example
Specify the call request packet from the X.25 interface Serial0/0/0 not to carry the
called DTE address.
[3Com-Serial0/0/0] x25 ignore called-address
x25 ignore
calling-address
Syntax
x25 ignore calling-address
undo x25 ignore calling-address
View
Interface view
Parameter
None
Description
Using the x25 ignore calling-address command, you can enable it to ignore the
X.121 address of the calling DTE when X.25 initiates calls. Using the undo x25
ignore calling-address command, you can disable this function.
By default, this function is disabled.
According to X.25, the calling request packet must carry the address bits.
However, on some occasions, the X.25 calling request does not have to carry the
389
x25 local-cug
Syntax
x25 local-cug cug-number network-cug cug-number [ no-incoming ] [ no-outgoing ] [
preferential ]
undo x25 local-cug cug-number
View
Interface view
Parameter
local-cug cug-number: Number of local cug.
network-cug cug-number: Number of network cug.
no-incoming: Suppresses incoming access.
no-outgoing: Suppresses outgoing access.
preferential: Suppresses the CUGs configured with preferential.
Description
Using the x25 local-cug command, you can define CUG suppress rules. Using the
undo x25 local-cug command, you can delete the rules. CUG suppress rules have
two: suppressing all CUG facilities and suppressing the mapping CUG facility
configured with preferential.
By default, no suppress rule is defined.
For the related commands, see x25 call-facility and x25 cug-service.
Example
Define the rule on the serial interface Serial0/0/0: the incoming calls with 100
local CUGs or 200 network CUGs are denied.
[3Com-Serial0/0/0] x25 cug-service
[3Com-Serial0/0/0] x25 local-cug 100 network-cug 200 no-incoming
390
x25 map
Syntax
x25 map { ip | compressedtcp } protocol-address x121-address x.121-address [ option ]
undo x25 map { ip | compressedtcp } protocol-address
View
Interface view
Parameter
ip: Uses IP protocol.
compressedtcp: Uses TCP header compression.
protocol-address: Network protocol address of the peer host.
x.121-address: X.121 address of the peer host.
option: Specifies some attributes or user facilities for the address mapping.
Description
Using the x25 map command, you can set the address mapping between IP
address used by LANs and X.121 address. Using the undo x25 map command,
you can delete one existing mapping.
By default, no address mapping is set.
Since X.25 protocol can multiplex more logical virtual circuits on a physical
interface, you need to manually specify the mapping relation between all network
addresses and X.121 address.
Once you have specified an address mapping, its contents (including protocol
address, X.121 address and all options) cannot be changed. To make
modifications, you can first delete this address mapping via the undo x25 map
command, and then establish one new address mapping.
Two or more address mappings with an identical protocol address shall not exist
on the same X.25 interface.
Detailed explanations are as follows:
391
For the related commands, see display x25 map, x25 reverse-charge-accept,
x25 call-facility, x25 timer idle, and x25 vc-per-map.
Example
Set two address mappings on the X.25 interfaces Serial0/0/0 and Serial1/0/0,
respectively, and the four address mappings have different attributes.
[3Com] interface serial 0/0/0
[3Com-Serial0/0/0] x25 map ip 202.38.160.11 x121-address 20112451
reverse-charge-request reverse-charge-accept
[3Com-Serial0/0/0] x25 map ip 202.38.160.138 x121-address 20112450 packet-size 512
512 idle-timer 10
[3Com] interface serial1/0/0
[3Com-Serial1/0/0] x25 map ip 20.30.4.1 x121-address 25112451 window-size 4 4
broadcast
[3Com-Serial0/0/0] x25 map ip 20.30.4.8 x121-address 25112450 no-callin
x25 modulo
Syntax
x25 modulo modulus
undo x25 modulo
392
View
Interface view
Parameter
modulus: Modulus, whose value is 8 or 128.
Description
Using the x25 modulo command, you can set the window modulus of an X.25
interface. Using the undo x25 modulo command, you can restore its default
window modulus.
By default, the window modulus of X.25 interface is modulus 8 mode.
The slip window is the basis for X.25 traffic control, and the key about the slip
window is that the sent packets are numbered cyclically in order and are to be
acknowledged by the peer end. The order in numbering refers to the ascending
order, like 2, 3, 4, 5, 6 Cyclically means that the numbering starts again
from the beginning when a certain number (called modulus) is reached. For
example, when the modulus is 8, the numbering goes 4, 5, 6, 7, 0, 1.
X.25 defines two numbering modulus: 8 (also called the basic numbering) and
128 (also called extended numbering), and the X.25 of the 3Com series routers
supports both views.
For the related commands, see display interface, x25 call-facility, x25 map,
x25 pvc, x25 switch pvc, x25 xot pvc, x25 fr pvc, and x25 window-size.
Example
Set the modulus on the X.25 interface Serial0/0/0 to 128.
[3Com-Serial0/0/0] x25 modulo 128
x25 packet-size
Syntax
x25 packet-size input-packet output-packet
undo packet-size
View
Interface view
Parameter
input-packet: Maximum input packet length in bytes, its value ranges from 16 to
1024 (including 16 and 1024) and must be the integer power of 2.By default, the
maximum input packet length of X.25 interface is 128 bytes.
output-packet: Maximum output packet length in bytes, its value ranges from 16
to 1024 (including 16 and 1024) and must be the integer power of 2. By default,
the maximum output packet length of X.25 interface is 128 bytes.
393
Description
Using the x25 packet-size command, you can set the maximum input and output
packet lengths of X.25 interface. Using the undo x25 packet-size command, you
can restore their default values.
Usually, the X.25 packet-switching network has a limitation of the transmission
packet size, and the maximum size of a data packet sent by the DTE shall not
exceed this size (otherwise it will trigger the reset of the VC).In this way, the DTE
devices at sending end and receiving end are required to have datagram
fragmentation and reassembly functions. The DTE device at sending end
fragments the datagram with a length exceeding the maximum transmission
packet length based on the maximum transmission packet length, and sets M bit
in other fragments besides the final fragment. After receiving these fragments, the
DTE at receiving end will reassemble them as a datagram to submit the upper-layer
protocol based on the M bit. Please consult users' ISP about this maximum
receiving packet length.
Normally, the maximum receiving packet length is equivalent to the maximum
send packet. Unless users' ISP allows, please do not set these two parameters to
different values.
For the related commands, see x25 call-facility, x25 pvc, x25 switch pvc, x25
xot pvc and x25 fr pvc.
Example
Set the maximum receiving packet length and maximum sending packet length
on X.25 interface Serial0/0/0 to 256 bytes.
[3Com-Serial0/0/0] x25 packet-size 256 256
x25 pvc
Syntax
x25 pvc pvc-number protocol-type protocol-address x121-address x.121-address [
option ]
undo x25 pvc pvc-number
View
Interface view
Parameter
pvc-number: PVC number, which must range from 1 to 4095 (including 1 and
4095), and must be in the PVC channel range.
protocol-type: Upper-layer protocol carried over the permanent virtual circuit,
which may be IP or compressedtcp.
protocol-address: Network protocol address of the peer end of the PVC.
x.121-address: X.121 address of the peer end of this PVC.
option: Attribute of the PVC.
394
Description
Using the x25 pvc command, you can configure one PVC route encapsulated with
datagram. Using the undo x25 pvc command, you can delete this route.
By default, no PVC encapsulated with datagram is created. When creating such a
PVC, you do not set the relevant attributes for the PVC, its flow control
parameters will be the same as that of the X.25 interface on which it resides (the
flow control parameters on an X.25 interface can be set by the x25 packet-size
and x25 window-size commands).
As one corresponding address mapping is impliedly established while establishing
the PVC, it is unnecessary (or impossible) to establish an address mapping first
before establishing PVCs.
Before establishing PVCs, users should first enable the PVC channel section. The
section is between 1 and the latest unprohibited channel section PVC number
minus 1 (including 1 and the lowest PVC number minus 1). Naturally, if the lowest
PVC number is 1, the PVC section will be disabled naturally. The following table
shows some typical PVC sections.
Table 21 PVC channel section of some typical configurations
Incoming-only
channel range
Two-way
channel range
Outgoing-only channel
range
PVC channel
range
[0, 0]
[1, 1024]
[0, 0]
Disabled
[0, 0]
[10, 24]
[0, 0]
[1, 9]
[1, 10]
[15, 30]
[0, 0]
Disabled
[5, 10]
[15, 25]
[30, 32]
[1, 4]
[0, 0]
[0, 0]
[20, 45]
[1, 19]
[0, 0]
[0, 0]
[0, 0]
[1, 4095]
395
x25 queue-length
Syntax
x25 queue-length queue-length
undo x25 queue-length
View
Interface view
Parameter
queue-length: Length of queue in packets, which ranges from 0 to 9999.By
default, the data queue length on X.25 VC is 500.
Description
Using the x25 queue-length command, you can set the data queue length on
X.25 VC. Using the undo x25 queue-length command, you can restore its
default value.
When the data traffic is too heavy, you can use this command to extend the
receiving queue and sending queue of the X.25 VC to avoid data loss that may
affect transmission performance. It should be noted here that modifying this
parameter would not affect the existing data queue of VC.
For the related command, see x25 packet-size
Example
Set the VC data queue length of the X.25 interface Serial0/0/0 to 75 datagrams.
[3Com-Serial0/0/0] x25 queue-length 75
x25 receive-threshold
Syntax
x25 receive-threshold count
undo x25 receive-threshold
View
Interface view
Parameter
count: The number of data packets that can be received before previous
acknowledgement, ranging from 0 to input window size. If it is set to 0 or the
input window size, this function will be disabled. If it is set to 1, X.25 of the 3Com
396
serial routers will send an acknowledgement for each correct packet received. By
default, the number of data packets that can be received on X.25 before previous
acknowledgement is 0.
Description
Using the x25 receive-threshold command, you can set the number of
receivable maximum packets before X.25 sends the acknowledged packet. Using
the undo x25 receive-threshold command, you can restore its default value.
After enabling this function, the 3Com series routers can send acknowledgement
to the peer router upon the receipt of some correct packets, even if the input
window is not yet full. If there is not much data traffic in users' application
environment and users pay more attention to the response speed, they can
appropriately adjust this parameter to meet the requirement.
For the related command, see x25 window.
Example
Specify that each VC on the X.25 interface Serial0/0/0 acknowledges each
correctly received data packet.
[3Com-Serial0/0/0] x25 receive-threshold 1
x25 response
called-address
Syntax
x25 response called-address
undo x25 response called-address
View
Interface view
Parameter
None
Description
Using the x25 response called-address command, you can enable X.25 to carry
the address information of the called DTE in sending call reception packet. Using
the undo x25 response called-address command, you can disable the above
function.
By default, this function is disabled.
According to X.25, the call receiving packet of a call may or may not carry an
address code group, depending on the specific network requirements. This
command enables users to easily specify whether the call receiving packet of a call
sent by X.25 of the 3Com series routers carries the called DTE address.
For the related commands, see x25 response calling-address, x25 ignore
called-address, and x25 ignore calling-address.
397
Example
Specify that the call receiving packet of a call sent from the X.25 interface
Serial0/0/0 carries the called DTE address.
[3Com-Serial0/0/0] x25 response called-address
x25 response
calling-address
Syntax
x25 response calling-address
undo x25 response calling-address
View
Interface view
Parameter
None
Description
Using the x25 response calling-address command, you can enable X.25 to carry
the address information of the calling DTE in sending call reception packet. Using
the undo x25 response calling-address command, you can disable the above
function.
By default, this function is disabled.
According to X.25, the call receiving packet of a call may or may not carry an
address code group, depending on the specific network requirements. This
command enables users to easily specify whether the call receiving packet of a call
sent by X.25 of the 3Com series routers carries the calling DTE address.
For the related commands, see x25 response called-address, x25 ignore
called-address, and x25 ignore calling-address.
Example
Specify that the call receiving packet of a call sent from the X.25 interface
Serial0/0/0 carries the calling DTE address.
[3Com-Serial0/0/0] x25 response calling-address
x25
reverse-charge-accept
Syntax
x25 reverse-charge-accept
undo x25 reverse-charge-accept
View
Interface view
398
Parameter
None
Description
Using the x25 reverse-charge-accept command, you can enable this interface to
accept the call with reverse charging request, the information added by some
certain user facilities. Using the undo x25 reverse-charge-accept command, you
can disable this above function.
By default, this function is disabled.
This function does not affect any call without reverse charging request.
If you enable this function on an X.25 interface, all these calls that reach the
interface will be accepted. If you enable this function for a certain address
mapping by the option reverse-charge-accept in the command x25 map, only such
calls that reach the interface and map this address will be accepted, while other
calls (carrying reverse charging request, and not mapping this address) will be
cleared.
For the related command, see x25 map.
Example
Set the accepting calls with reverse charging request function on interface
Serial0/0/0.
[3Com-Serial0/0/0] x25 reverse-charge-accept
x25 roa-list
Syntax
x25 roa-list roa-name roa-id1 [ , id2, id3.... ]
undo x25 roa-list roa-name id1 [ , id2, id3.... ]
View
System view
Parameter
roa-name: Name of ROA.
id: ID specified for this ROA, and its value ranges from 0 to 9999. You can specify
multiple IDs for the ROA.
Description
Using the x25 roa-list command, you can define ROA list. Using the undo x25
roa-list command, you can delete ROA list items.
By default, no ROA list is defined.
399
You can configure multiple (0 to 20) ROAs, and each ROA can be specified with
multiple(1 to 10) IDs. After configuring ROA, you can cite it by its name in the
commands x25 call-facility or x25 map.
For the related commands, see x25 call-facility and x25 map.
Example
Define two ROA lists, and cite them on the interfaces Serial 0/0/0 and Serial 1/0/0.
[3Com] x25 roa-list list1 11 23 45
[3Com] x25 roa-list list2 345
[3Com] interface serial 0/0/0
[3Com-Serial0/0/0] x25 call-facility roa-size list1
[3Com] interface serial 1/0/0
[3Com-Serial0/0/0] x25 call-facility roa-list list2
Syntax
x25 switch pvc pvc-number1 interface serial number pvc pvc-number2 [ option ]
undo x25 switch pvc pvc-number1
View
Interface view
Parameter
pvc-number1: PVC number on the input interface, and its value ranges from 1 to
4095.
pvc-number2: PVC number on the output interface, and its value ranges from 1 to
4095.
number: Number of the input interface.
option: Attribute of PVC.
Description
Using the x25 switch pvc (packet switching) command, you can configure one
PVC route. Using the undo x25 switch pvc command, you can delete one PVC
route.
By default, no PVC route is defined.
Based on the X.25 switching configuration, you can use the 3Com series Routers
as a simple X.25 switch. When PVC switching is configured, the link layer
protocols on the input and output interfaces must be X.25. Moreover, the
specified PVCs on the two interfaces have been presented and enabled. Note that
PVC switching cannot be configured on the X.25 sub-interface.
Detailed explanations of PVC options are as follows:
400
For the related commands, see display x25 vc and x25 switching.
Example
Perform the packet switching between PVC1 on the Serial0/0/0 and PVC1 on the
Serial1/0/0.
[3Com-Serial0/0/0] link-protocol x25 dce ietf
[3Com-Serial0/0/0] interface serial1/0/0
[3Com-Serial0/0/0] link-protocol x25 dce ietf
[3Com-Serial1/0/0] x25 switch pvc 1 interface serial 0/0/0 pvc 1
Syntax
x25 switch svc x.121-address [ sub-dest destination-address ] [ sub-source
source-address ] hunt-group hunt-group-name
undo x25 switch svc x.121-address [ sub-dest destination-address ] [ sub-source
source-address ] hunt-group hunt-group-name
View
System view
Parameter
x.121-address: Destination address of X.121.This parameter consists of mode
matching string, and its length ranges from 1 to 15 characters. For the specific
description of mode matching, see the segment Description.
sub-dest destination-address: Substitution destination address.
sub-source source-address: Substitution source address.
hunt-group-name: Name of hunt group.
Description
Using the x25 switch svc hunt-group command, you can add an X.25 switching
route whose forwarding address is a hunt group. Using the undo x25 switch svc
hunt-group command, you can delete the specified X.25 switching route.
By default, no X.25 switching route is configured.
401
After the X.25 switching route whose forwarding address is a hunt group is
configured, the relevant X.25 call request packet will be forwarded to different
interfaces or XOT channels in the specified hunt group, so as to implement the
load sharing under X.25 protocol.
Table 22 X.121 mode matching rules
Matchable
character string
Wildcard characters
Matching zero
or more
previous
characters
fo*
Matching zero
or more
previous
characters
fo+
Matching the
^hell
beginning of the
entered
characters
Matching the
end of the
entered
characters
ar$
\char
Matching a
single character
specified by
char.
b\+
b+
Matching
arbitrary single
character
l.st
.*
Matching
fo.*
arbitrary zero or
more characters.
.+
Matching
fo.+
arbitrary one or
more characters.
Input rules
Cannot be placed after Cannot be placed before and after the symbols + and *.
the symbol ^
+
Cannot be placed
after the symbol ^
402
[3Com] x25 switch svc 111 sub-dest 9999 sub-source 8888 hunt-group hg1
Syntax
x25 switch svc x.121-address [ sub-dest destination-address ] [ sub-source
source-address ] xot ip-address1 [ ip-address2 ] [ ip-address6 ] [ xot-option ]
undo x25 switch svc x.121-address [ sub-dest destination-address ] [ sub-source
source-address ] [ xot ip-address1 [ ip-address2 ] [ ip-address6 ] ]
View
System view
Parameter
x.121-address: Destination address of X.121. This parameter consists of mode
matching string, and its length ranges from 1 to 15 characters. For the specific
description of mode matching, see Table 10-4 and Table 10-5.
sub-dest destination-address: Substitution destination address.
sub-source source-address: Substitution source address.
ip-address1 - ip-address6: Destination IP address of XOT connection, up to 6
addresses can be configured.
xot-option: XOT channel parameter option. For the specific configuration, see XOT
channel parameter option.
Description
Using the x25 switch svc xot command, you can add an X.25 switching route
whose forwarding address is XOT channel. Using the undo x25 switch svc xot
command, you can delete the specified X.25 switching route.
By default, no X.25 switching route is configured.
After configuring the XOT switching command of X.25 SVC, a user can cross IP
network from the local X.25 network to implement the interconnection with the
remote X.25 network. If a user configures the keepalive attribute, the link
detection for XOT will be supported.
Table 24 XOT channel parameter option
Option
Explanation
timer seconds
retry times
source interface-type
interface-name
403
For the related commands, see x25 switch svc interface, display x25
switch-table svc, and x25 switching.
Example
Switch SVC 1 to the destination address 10.1.1.1.
[3Com] x25 switch svc 1 xot 10.1.1.1
x25 switching
Syntax
x25 switching
undo x25 switching
View
System view
Parameter
None
Description
Using the x25 switching command, you can enable the X.25 switching function.
Using the undo x25 switching command, you can disable this function, which
will not affect the established VC switching function.
By default, X.25 packet switching function is disabled.
X.25 packet switching is used to accept packets from an X.25 interface and send
them to a certain interface based on the destination information contained in the
packets. The Router can be used as a small-sized packet switch by the packet layer
switching function.
For the related commands, see x25 pvc, x25 switch pvc, x25 xot pvc, x25 fr
pvc, x25 switch svc, display x25 vc, and display x25 switch-table svc.
Example
Enable X.25 switching function.
[3Com] x25 switching
Syntax
x25 timer hold minutes
undo x25 timer hold
View
Interface view
404
Parameter
minutes: Value of delay time in minutes, and its value ranges from 0 to 1000. If
the previous call failed at one destination, the X.25 wont send calls to such a
destination again within the time set by this command.
By default, the delay time is 0.
Description
Using the x25 timer hold command, you can set the delay to send calls to a
destination with failed calls. Using the undo x25 timer hold command, you can
restore its default value.
Frequently sending call requests to a wrong destination (which does not exist or is
faulty) will deteriorate the operating efficiency of the 3Com series router. The use
of this function can avoid this problem to a certain extent. If this parameter is set
to 0, it is equal to disabling the function. In addition, this function is only effective
to the calls originated from the local. That is to say, this parameter is meaningless
when the X.25 operates in the switching mode.
For the related command, see display interface.
Example
Set the parameter of the X.25 interface Serial0/0/0 to 5 minutes.
[3Com-Serial0/0/0] x25 timer hold 5
Syntax
x25 timer idle minutes
undo x25 timer idle
View
Interface view
Parameter
minutes: Maximum idle time of SVC in minutes, and its value ranges from 0 to
255.By default, this value is 0.
Description
Using the x25 timer idle command, you can set the maximum idle time of the
SVC on the interface. Using the undo x25 timer idle command, you can restore
its default value.
When a SVC stays idle (no data transmission) for a period (the period length is
decided by the parameter), the router will clear this SVC automatically. If this
parameter is set to 0, this SVC will be reserved no matter how long it stays idle.
405
The configuration of this parameter will affect all the SVCs on this X.25 interface.
Also users can set the maximum idle time for a SVC attached to this address
mapping through the option in the command x25 map.
For PVC or the established SVC for X.25 switching, the command will be disabled.
For the related command, see x25 map.
Example
Set the maximum idle time of the SVC on the interface Serial 0/0/0 to 10 minutes.
[3Com-Serial0/0/0] x25 timer idle 10
Syntax
x25 timer tx0 seconds
undo x25 timer tx0
View
Interface view
Parameter
seconds: Delay time for the X.25 restarting timer in seconds. It ranges 0 to 1000.
By default, the delay on the X.25 DTE restarting timer is 180 seconds and that on
the DCE timer is 60 seconds.
Description
Using the x25 timer tx0 command, you can set the restart/retransmission timer
delay for DTE (or DCE). Using the undo x25 timer tx0 command, you can restore
their default values.
According to X.25, a timer should be started when a DTE sends a restart request
(or a DCE sends a restart indication). If no peer acknowledgement is received after
this timer is timeout, the sending end will take some measures to guarantee the
normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.
For the related commands, see x25 timer tx1, x25 timer tx2, and x25 timer
tx3.
Example
Set the restarting timer delay on the X.25 interface Serial0/0/0 to 120 seconds.
[3Com-Serial0/0/0] x25 timer tx0 120
Syntax
x25 timer tx1 seconds
undo x25 timer tx1
406
View
Interface view
Parameter
seconds: Delay time of calling request (indication) transmission timer in seconds,
and its value ranges from 0 to 1000. By default, the delay time on a DTE call timer
is 200 seconds; that on a DCE call sending timer is 180 seconds.
Description
Using the x25 timer tx1 command, you can set calling request (indication)
transmission timer delay for DTE (or DCE). Using the undo x25 timer tx1
command, you can restore its default value.
According to X.25, a timer should be started when a DTE sends a call request (or a
DCE sends a call indication). If no peer acknowledgement is received after this
timer is timeout, the sending end will take some measures to guarantee the
normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.
For the related commands, see x25 timer tx0, x25 timer tx2, and x25 timer
tx3.
Example
Set the timer delay on the X.25 interface Serial0/0/0 to 100 seconds.
[3Com-Serial0/0/0] x25 tx1 100
Syntax
x25 timer tx2 seconds
undo x25 timer tx2
View
Interface view
Parameter
seconds: Delay time of resetting request (indication) timer in seconds, and its value
ranges from 0 to 1000. By default, the delay time on a DTE reset timer is 180
seconds; that on a DCE reset timer is 60 seconds.
Description
Using the x25 timer tx2 command, you can set resetting request (indication)
transmission timer delay for DTE (or DCE). Using the undo x25 timer tx2
command, you can restore its default value.
According to X.25, a timer should be started when a DTE sends a reset request (or
a DCE sends a reset indication). If no peer acknowledgement is received after this
timer is timeout, the sending end will take some measures to guarantee the
407
normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.
For the related commands, see x25 timer tx0, x25 timer tx1, and x25 timer
tx3.
Example
Set the reset timer delay on the X.25 interface Serial0/0/0 to 120 seconds.
[3Com-Serial0/0/0] x25 tx2 120
Syntax
x25 timer tx3 seconds
undo x25 timer tx3
View
Interface view
Parameter
seconds: Delay time of clearing request (indication) transmission timer in seconds,
and its value ranges from 0 to 1000. By default, the delay time on a DTE clearing
timer is 180 seconds; that on a DCE clearing timer is 60 seconds.
Description
Using the x25 timer tx3 command, you can set clearing request (indication)
transmission timer delay for DTE (or DCE). Using the undo x25 timer tx3
command, you can restore its default value.
According to X.25, a timer should be started when a DTE sends a clear request (or
a DCE sends a clear indication). If no peer acknowledgement is received after this
timer is timeout, the sending end will take some measures to guarantee the
normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.
For the related commands, see x25 timer tx0, x25 timer tx1, and x25 timer
tx2.
Example
Set the delay time of clearing timer on the X.25 interface Serial0/0/0 to 100
seconds.
[3Com-Serial0/0/0] x25 timer tx3 100
x25 vc-per-map
Syntax
x25 vc-per-map count
undo x25 vc-per-map
408
View
Interface view
Parameter
count: Maximum number of VCs, and its value ranges from 1 to 8.By default, its
value is 1.
Description
Using the x25 vc-per-map command, you can set the maximum number of VCs
for connections with the same destination device. Using the undo x25
vc-per-map command, you can restore their default values.
If the parameter is greater than 1, and the sending window and the sending
queue of VC are filled full, the system will create a new VC to the same
destination. If the new VC cannot be created, the datagram will be discarded.
For the related commands, see display interface and x25 map.
Example
Set the maximum value of VCs on the X.25 interface Serial 0/0/0 to 3.
[3Com-Serial0/0/0] x25 vc-per-map 3
x25 vc-range
Syntax
x25 vc-range [ in-channel lic hic ] [ bi-channel ltc htc ] [ out-channel loc hoc ]
undo x25 vc-range
View
Interface view
Parameter
ltc htc: Lowest and highest two-way channels of X.25 VC, and its value ranges
from 0 to 4095. If htc (highest two-way channel) is set to 0, ltc (lowest two-way
channel) must also be set to 0, which indicates that the two-way channel section is
disabled. By default, the htc of X.25 VC is 1024.
lic hic: Lowest and highest incoming-only channels of X.25 VC, and its value
ranges from 0 to 4095.If hic (highest incoming-only channel) is set to 0, lic (lowest
incoming-only channel) must also be set to 0, which indicates that the
incoming-only channel section is disabled. By default, the hic in X.25 VC range is
0.
loc hoc: Lowest and highest outgoing-only channels of X.25 VC, and its value
ranges from 0 to 4095. If hoc (highest outgoing-only channel) is set to 0, loc
(lowest outgoing-only channel) must also be set to 0, which indicates that the
outgoing-only channel section is disabled. By default, the hoc in X.25 VC range is
0.
409
Description
Using the x25 vc-range command, you can set highest and lowest values of X.25
VC range. Using the undo x25 vc-range command, you can restore their default
values.
By default, VRP X.25 disables incoming-only channel range and outgoing-only
channel, and only the two-way channel range (1-1024) is reserved for use. Please
set the VC range correctly according to the requirements of the ISP.
Example
Configure the link layer protocol on the interface Serial 0/0/0 to X.25, enable
incoming-only channel section and two-way channel section and disable outgoing
only channel section. After executing a series of commands, the three sections
are [1, 7], [8, 1024] and [0, 0], respectively.
[3Com] interface serial 0/0/0
[3Com-Serial0/0/0] link-protocol x25
[3Com-Serial0/0/0] x25 vc-range in-channel 1 7 bi-channel 8 1024
x25 window-size
Syntax
x25 window-size input-window-size output-window-size
undo x25 window-size
View
Interface view
Parameter
input-window-size: Size of input window. When X.25 window modulus is 8, its
value ranges from 1 to 7. When X.25 window modulus is 128, its value ranges
from 1 to 127.By default, its value is 2.
output-window-size: Size of output window. When X.25 window modulus is 8, its
value ranges from 1 to 7. When X.25 window modulus is 128, its value ranges
from 1 to 127. By default, its value is 2.
Description
Using the x25 window-size command, you can set the sizes of input and output
windows on the interface X.25. Using the undo x25 window-size command,
you can restore their default values.
This parameter in-packets determines the maximum number of correctly received
packets before X.25 sends the acknowledgement information. As long as the
bandwidth allows, the greater the window size, the higher the transmission
efficiency.
Out-packets determines the maximum number of data packets sent by X.25
before it receives the correct acknowledgment information. As long as the
bandwidth allows, the greater the window size, the higher the transmission
efficiency.
410
Please consult users' ISP about the sending and receiving window sizes. Unless
supported by the network, do not set these two parameters to different values.
For the related commands, see display interface, x25 map, x25 pvc, x25
switch pvc, x25 xot pvc, x25 fr pvc, and x25 receive-threshold.
Example
Set the receiving and sending window sizes on the X.25 interface Serial0/0/0 to 5.
[3Com-Serial0/0/0] x25 window-size 5 5
x25 x121-address
Syntax
x25 x121-address x.121-address
undo x25 x121-address
View
Interface view
Parameter
x.121-address: X.121 address of an interface. It is formatted using the numerical
string from 1 to 15 bytes.
Description
Using the x25 x121-address command, you can set the X.121 address of an X.25
interface. Using the undo x25 x121-address command, you can delete the
address.
If the Router is accessed to X.25 public packet network, the ISP must assign a valid
X.121 address to it. If two Routers are only directly connected back to back, a user
can randomly specify the valid X.121 address. If you only wants the Router to
work in switching mode, the X.121 address needs not to be configured.
When you reconfigure an X.121 address for an X.25 interface, you need not
delete the original X.121 address, because the new address will overwrite the old
one. After an X.25 interface is re-configured, the original X.121 address will be
deleted. So the X.121 address must be re-configured to work properly.
Note: For the format of the X.121 address and the dynamic conversion between IP
address and X.121 address, please refer to ITU-T Recommendation X.121 and the
relative RFC document.
For the related command, see display interface.
Example
Configure the link layer protocol on the interface Serial 0/0/0 as X.25, and X.121
address as 20112451.
[3Com] interface serial 0/0/0
[3Com-Serial0/0/0] link-protocol x25
411
Syntax
x25 xot pvc pvc-number1 ip-address interface type number pvc pvc-number2 [
xot-option ] [ packet-size input-packet output-packet window-size input-window-size
output-window-size ]
undo x25 pvc pvc-number1
View
Interface view
Parameter
pvc-number1: Number of PVC on the local interface, and its value ranges from 1
to 4095.
pvc-number2: Number of PVC on the peer interface, and its value ranges from 1
to 4095.
ip-address: IP address of the peer destination for connection with XOT.
interface type number: Type and number of interface, and the interface type can
only be Serial.
xot-option: Option of XOT channel parameter. For the specific configuration, see
XOT channel parameter option.
packet-size input-packet output-packet: Specifies the maximum receiving packet
length and maximum sending packet length. The length is counted in byte, which
must range from 16 to 4096 (including 16 and 4096), and must be the integer
power of 2.
window-size input-window-size output-window-size: Specifies the receiving
window and sending window sizes of the VC, which range between 1 and the
number that is 1 less than the modulus of the X.25 interface where the address
mapping exists (including 1 and modulus minus 1).
Description
Using the x25 xot pvc command, you can add a PVC route of XOT. Using the
undo x25 pvc command, you can delete the specified PVC route of XOT.
By default, no PVC route is configured.
After configuring the XOT switching command of X.25 PVC, a user can cross IP
network from the local X.25 network to implement the interconnection with the
remote X.25 network. If a user configures the keepalive attribute, the link
detection for XOT will be supported.
For the related commands, see display x25 vc and x25 switching.
412
Example
Connect PVC1 on the interface Serial0/0/0(10.1.1.1) of Router RTA with PVC2 on
the interface Serial1/0/0(10.1.1.2) of Router RTB via XOT tunnel, and then perform
packet switching.
Perform the configurations on the Router RTA.
[3Com-Serial0/0/0] ip address 10.1.1.1 255.255.255.0
[3Com-Serial0/0/0] link-protocol x25 dce ietf
[3Com-Serial0/0/0] x25 xot pvc 1 10.1.1.2 interface serial 1/0/0 pvc 2
x29 timer
inviteclear-time
Syntax
x29 timer inviteclear-time seconds
View
System view
Parameter
seconds: Delay time in seconds, and its value ranges from 5 to 2147483. The delay
of waiting for response after inviting PAD clear procedure, its default value is 5.
Description
Using the x29 timer inviteclear-time command, you can set the delay of waiting
for response after inviting PAD clear procedure. After exceeding the time, the
system will forcedly exit from the PAC connection and start x.25 clear procedure.
Example
Set the parameter of X.29 to 10 seconds.
[3Com] x29 timer inviteclear-time 10
NETWORK PROTOCOL
5
IP Address
Configuration
Commands
display ip interface
Syntax
display ip interface { interface-type interface-number | interface-name }
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface sequence number.
interface-name: Interface name.
Description
Using the display ip interface command, you can display the running condition
of all the interfaces.
Example
3Com<3Com> display ip interface Ethernet6/0/0
Ethernet6/0/0 current state : UP
Line protocol current state : UP
Internet Address : 5.5.5.5/8
Broadcast address : 0.0.0.0
The Maximum Transmit Unit : 1500 bytes
input packets : 1231, bytes : 57557, multicasts : 1177
output packets : 0, bytes : 0, multicasts : 0
The following information is displayed: the current physical link state of Ethernet
6/0/0 is UP, the protocol of link layer is UP, the IP address is 5.5.5.5, the broadcast
address is 0.0.0.0, the maximum transmit unit is 1500 bytes and some other
information about packets receiving/sending via this interface.
ip address
Syntax
ip address ip-address net-mask [ sub ]
414
View
Interface view
Parameter
ip-address: Interface IP address, in dot delimitated decimal format.
net-mask: The mask of the corresponding subnet, in dot delimitated decimal
format.
sub: To enable communications among different subnets, the configured slave IP
address should be used.
Description
Using the ip address command, you can set an IP address for an interface. Using
the undo ip address command, you can delete an IP address of the interface.
By default, no IP address is configured.
IP address is classified into five types, and users can select proper IP subnet
according to actual conditions. Moreover, in the case that part of the host address
is composed of 0, or the entire host address is composed of 1, the address has
some special use and can not be used as an ordinary IP address.
The mask identifies the network number in an IP address.
Under normal conditions, one interface only needs to be configured with one IP
address. However, to enable one interface of a router to connect to several
subnets, one interface can be configured with several IP addresses. Among them,
one is master IP address, and others are slave IP addresses. The following is the
relationship between the master and slave IP addresses:
If a master IP address is configured while theres already an existing master IP
address, the original one will be deleted and the newly configured will take effect.
The command undo ip address without parameters indicates to delete all the
IP addresses of the interface. The command undo ip address ip-address
net-mask indicates to delete the master IP address, and undo ip address
ip-address net-mask sub indicates to delete the slave address. All the slave
addresses must be deleted before the master IP address can be deleted.
In addition, any two IP addresses configured for all interfaces on a router cannot
be located in the same subnet.
For the related commands, see ip route-static, display ip interface, and
display interface.
Example
Configure the interface Serial 0/0/0 with the master IP address as 129.102.0.1, the
slave IP address is 202.38.160.1, and the subnet mask of both is 255.255.255.0.
415
ip address
ppp-negotiate
Syntax
ip address ppp-negotiate
undo ip address ppp-negotiate
View
Interface view
Parameter
None
Description
Using the ip address ppp-negotiate command, you can allow IP address to be
assigned through negotiation at the interface. Using the undo ip address
ppp-negotiate command, you can disable this function.
By default, no interface ip address negotiation is allowed.
As PPP supports IP address negotiation, only when the interface is encapsulated
with the link-layer protocol PPP, can the IP address negotiation at this interface be
configured.
Normally, it is not necessary to configure ip address negotiation. Only in some
special circumstances such as, accessing Internet through the ISP, the IP addresses
of the interface that are connected with the ISP are allocated by the ISP through
negotiation.
When IP address negotiation for the interface is configured, it is not necessary to
configure the IP address manually for this interface.
Example
Display how to set IP address of interface Serial 0/0/0 to be allocated by peer
through negotiation.
[3Com-Serial0/0/0] ip address ppp-negotiate
ip address unnumbered
Syntax
ip address unnumbered { interface interface-type interface-number | interface-name }
undo ip address unnumbered
View
Interface view
Parameter
interface-type: Name of the unnumbered interface.
416
remote address
Syntax
remote address { ip-address | pool [ pool-number ] }
undo remote address
View
Interface view
Parameter
ip-address: IP address.
pool-number: Address pool number, i.e., assigning one address in the
pool-number to the peer interface. It is a number ranging 0 to 99 with the default
value as 0.
Description
Using the remote address command, you can configure to assign IP address for
the peer interface. Using the undo remote address command, you can disable
the IP address assigned for the peer interface.
By default, the interface does not assign address for the peer interface.
When an interface is encapsulated with PPP, but not configured with IP address,
perform the following task to configure the negotiable attribute of IP address for
this interface (configuring the ip address ppp-negotiate command on local
router while configuring the remote address command on the peer router), so that
the local interface can accept the IP address originated from PPP negotiation. This
IP address is assigned by the opposite end. This configuration is mainly used to
obtain IP address assigned by ISP when accessing Internet via ISP.
417
ARP Configuration
Commands
arp static
Syntax
arp static ip-address ethernet-address [ vpn-instance-name ]
undo arp ip-address [ vpn-instance-name ]
View
System view
Parameter
ip-address: IP addresses of the ARP mapping entries in dot deliminated decimal
format.
ethernet-address: Ethernet MAC address of ARP mapping entries. Its format is
H-H-H, in which H is a hexadecimal number with 1 to 4 bits.
vpn-instance-name: The name of VPN instance.
Description
Using the arp static command, you can configure ARP mapping table. And using
the undo arp command, you can delete mapping items corresponding to some
addresses in the ARP mapping table.
By default, the mapping table of the system ARP is empty and the address
mapping can be obtained through dynamic ARP.
Normally, ARP mapping table is maintained by dynamic ARP, only in special
circumstances is manual configuration needed. Besides, ARP mapping table is
used for LAN only, WAN address resolution is accomplished in a different way, for
instance the inverse address resolution of frame relay.
For the related commands, see arp static and display arp.
Example
Configure the Ethernet MAC address e0-fc01-0 corresponding to the IP address
129.102.0.1.
[3Com] arp static 129.102.0.1 e0-fc01-0
418
Syntax
arp check enable
undo arp check enable
View
System view
Parameter
None
Description
Using the arp check enable command, you can enable ARP entry check to have
the device not learn the ARP entries with broadcast MAC addresses. Using the
undo arp check enable command, you can disable ARP entry check to have the
system learn the ARP entries with broadcast MAC addresses.
By default, ARP entry check is enabled. The device does not learn the ARP entries
with broadcast MAC addresses.
Example
Enable ARP entry check.
[Router] arp check enable
Syntax
debugging arp packet
undo debugging arp packet
View
User view
Parameter
None
Description
Using the debugging arp packet command, you can enable ARP packets
debugging; and using the undo debugging arp packet command, you can
disable the function.
Example
Enable ARP packets debugging.
<3Com> debugging arp packet
display arp
Syntax
display arp [ static | dynamic | all ]
View
Any view
Parameter
static: Indicates to show the static ARP entries.
dynamic: Indicates to show the dynamic ARP entries.
all: Indicates to show all ARP entries.
Description
Using the display arp command, you can view the ARP mapping table.
By default, all the ARP entries of the RSU are displayed.
For the related commands, see arp static and reset arp.
Example
Display all static ARP entries.
<3Com> display arp static
IP Address MAC AddressType Vrf NameInterface
129.102.0.100e0-fc01-0000S
10.110.28.4400e0-fc07-5b2bIEth0/0
reset arp
Syntax
reset arp [ all | dynamic | static | interface { interface-type interface-number |
interface-name } ]
View
User view
Parameter
static: Indicates to clear the static ARP entries.
dynamic: Indicates to clear the dynamic ARP entries.
all: Indicates to clear all ARP entries.
interface: Indicates the selected interface.
interface-type: Interface type.
interface-number: Interface sequence number.
interface-name: Interface name.
419
420
Description
Using the reset arp command, you can clear the ARP entries in the ARP mapping
table.
By default, if slot-number is not specified, the operation will be performed upon
RSU board.
When operation is performed to the interface with specified interface, the
interface type can only be Ethernet, GE or virtual Ethernet and only the dynamic
entries can be deleted on the interface.
For the related commands, see arp static and display arp.
Example
The following example shows how to delete the dynamic entries in the ARP
mapping table on Ethernet 0/0/0.
arp-proxy enable
Syntax
arp-proxy enable
undo arp-proxy enable
View
Ethernet interface view
Parameter
None
Description
Using the arp-proxy enable command, you can enable proxy ARP on an interface.
Using the undo arp-proxy enable command, you can disable proxy arp on the
interface.
By default, the proxy ARP is disabled.
This command is applied on Ethernet interface. As for the hosts in the same hop
but on different physical networks, the proxy ARP function hides the fact that the
physical network are separated, and makes the user feel like he is on the same and
one physical network.
Example
Enable proxy ARP at Ethernet 0/0/0.
[Router-Ethernet0/0/0]arp-proxy enable
421
Syntax
display ip host
View
Any view
Parameter
None
Description
Using the display ip host command, you can display all the host names and their
corresponding IP addresses.
Example
Display all the host names and their corresponding IP addresses.
<3Com> display ip host
Host
Age
Flags Address(es)
eth
0
static 6.1.1.1
3Com
0
static 1.1.1.1
ip host
Syntax
ip host hostname ip-address
undo ip host hostname [ ip-address ]
View
System view
Parameter
hostname: The name of a host, a character string with its length from 1 to 20.
ip-address: The IP address corresponding to a host name, whose format can be
A.B.C.D
Description
Using the ip host command, you can configure the IP address corresponding to a
host name; while using the undo ip host command, you can remove the IP
address corresponding to a host name.
By default, the static domain name table is empty, i.e. theres no host name and IP
address pair.
422
Example
Configure the IP address corresponding to the host name router1 as 10.110.0.1.
[3Com] ip host router1 10.110.0.1
DNS Client
Configuration
Commands
dns resolve
Syntax
dns resolve
undo dns resolve
View
System view
Parameter
None
Description
Using the dns resolve command, you can enable DNS resolving. Using the undo
dns resolve command, you can disable DNS resolving.
By default, DNS resolving is disabled.
Example
Enable DNS resolving.
[Router] dns resolve
dns server
Syntax
dns server ip-address
undo dns server [ip-address]
View
System view
423
Parameter
ip-address: IP address of a DNS server.
Description
Using the dns server command, you can configure IP address of a DNS server.
Using the undo dns server command, you can delete IP address of a DNS server.
Example
Configure IP address of a DNS server.
[Router] dns server 10.110.66.1
Delete IP address of a specified DNS server.
[Router] undo dns server 10.110.66.1
Delete IP addresses of all the DNS servers.
[Router] undo dns server
dns domain
Syntax
dns domain domain-name
undo dns domain [domain-name]
View
System view
Parameter
domain-name: DNS domain name.
Description
Using the dns domain command, you can configure a DNS domain name. Using
the undo dns domain command, you can delete one or all DNS domain names.
Example
Configure a DNS domain name.
[Router] dns domain huawei-3com.com
Delete a specified DNS domain name.
[Router] undo dns domain huawei-3com.com
Delete all the DNS domain names.
[Router] undo dns domain
Syntax
display dns domain [dynamic]
View
Any view
Parameter
dynamic: displays DNS domain names that are dynamically obtained through
DHCP or by other means.
Description
Using the display dns domain command, you can view the DNS domain names
that are manually configured. Using the display dns domain dynamic command,
424
you can view the DNS domain names that are dynamically obtained through DHCP
or other protocols.
Example
Display the DNS domain names that are manually configured.
[Router] display dns domain
No
Domain-name
0
3com.com
Syntax
display dns server [dynamic]
View
Any view
Parameter
dynamic: displays DNS server addresses that are dynamically obtained through
DHCP or other protocols.
Description
Using the display dns server command, you can view the DNS server addresses
manually configured. Using the display dns server dynamic command, you can
view the DNS server addresses that are dynamically obtained through DHCP or
other protocols.
Example
Display the DNS server addresses that are dynamically obtained.
[Router]display dns server dynamic
Domain-server
IpAddress
0
10.72.66.36
display dns
dynamic-host
Syntax
display dns dynamic-host
View
Any view
Parameter
None
425
Description
Using the display dns dynamic-host command, you can view the current contents
in the domain name cache of the DNS client.
The DNS client retains the result of each successful domain name resolution in its
cache. If it receives the same resolving request later, it first looks up the cache for a
match. And if no match is found, it sends a domain name resolving request to the
DNS server. You can use this command to view the current contents in the buffer.
Example
Display the current contents in the domain name cache of the DNS client.
[Router]display dns dynamic-host
No Domain-name
Ipaddress
0
www.baidu.com
202.108.249.134
1
www.yahoo.akadns.net 66.94.230.39
2
www.hotmail.com
207.68.172.239
3
www.eyou.com
61.136.62.70
TTL
63000
24
3585
3591
Alias
Syntax
reset dns dynamic-host
View
User view
Parameter
None
Description
Using the reset dns dynamic-host command, you can clear the current contents in
the domain name cache of the DNS client.
Example
Clear the current contents in the domain name cache of the DNS client.
[Router]reset dns dynamic-host
debugging dns
Syntax
debugging dns
undo debugging dns
View
User view
Parameter
None
Description
Using the debugging dns command, you can enable DNS client debugging. Using
the undo debugging dns command, you can disable DNS client debugging.
By default, DNS client debugging is disabled.
426
Example
Enable DNS client debugging.
<Router>debugging dns
<Router>undo debugging dns
DHCP Public
Configuration
Commands
dhcp enable
Syntax
dhcp enable
undo dhcp enable
View
System view
Parameter
None
Description
Using the dhcp enable command, you can enable DHCP services. Using the undo
dhcp enable command, you can disable DHCP services.
By default, DHCP services are enabled.
Before you can configure DHCP, you must enable DHCP services. This
configuration is essential to both DHCP server and DHCP relay.
Example
Enable DHCP services on current router.
[3Com] dhcp enable
Syntax
dhcp select { global | interface | relay }
undo dhcp select
View
Interface view
Parameter
global: The address DHCP client gets is the one selected by the local DHCP server
from a global address pool upon the receipt of the DHCP request from the client.
427
interface: The address DHCP client gets is the one selected by the local DHCP
server from an interface address pool upon the receipt of the DHCP request from
the client.
relay: The address DHCP client gets is allocated by an external DHCP server.
Description
Using the dhcp select command in interface view, you can select a method for
disposing the DHCP packets destined to the local device. Using the undo dhcp
select command in interface view, you can restore the default setting.
By default, DHCP packets destined to the local device will be sent to the internal
server and the clients sending them will be allocated with addresses selected from
a global address pool (in global approach).
For the related command, see dhcp select (in system view).
Example
Allocate addresses selected from an interface address pool on the internal DHCP
server to the clients sending DHCP packets destined to the local device.
[3Com-Ethernet1/0/0] dhcp select interface
Syntax
dhcp select { global | interface | relay } { interface ethernet-subinterface-range | all }
undo dhcp select { interface ethernet-subinterface-range | all }
View
System view
Parameter
global: The address DHCP client gets is the one selected by the local DHCP server
from a global address pool upon the receipt of the DHCP request from the client.
interface: The address DHCP client gets is the one selected by the local DHCP
server from an interface address pool upon the receipt of the DHCP request from
the client.
relay: The address DHCP client gets is allocated by an external DHCP server.
ethernet-subinterface-range: Includes all the subinterfaces between two
subinterfaces (including these two subinterfaces) by inserting the keyword to
between these two interfaces.
all: All the interfaces.
Description
Using the dhcp select command in system view, you can select a method for
multiple interfaces in a specified range to dispose the DHCP packets destined to
428
the local device. Using the undo dhcp select command in system view, you can
restore the default setting.
By default, DHCP packets destined to the local device will be sent to the internal
server and the clients sending them will be allocated with addresses selected from
a global address pool (in global approach).
For the related command, see dhcp select (in interface view).
Example
Configure the interfaces in the range of Ethernet2/0/0.1 to Ethernet2/0/0.5 to
allocate addresses selected from an interface address pool maintained by the
internal server to the clients sending DHCP packets destined to the local device.
[3Com] dhcp select interface interface ethernet 2/0/0.1 to ethernet 2/0/0.5
Syntax
dhcp server detect
undo dhcp server detect
View
Interface view
Parameter
None
Description
Using the dhcp server detect command, you can enable pseudo-DHCP-server
detection. Using the undo dhcp server detect command, you can disable the
function.
By default, pseudo-DHCP-server detection is disabled.
Example
Enable pseudo DHCP server detection on the interface Ethernet 2/0/0.
[3Com-Ethernet2/0/0] dhcp server detect
DHCP Server
Configuration
Commands
debugging dhcp server
Syntax
debugging dhcp server { all | error | events | packets }
undo debugging dhcp server { all | error | events | packets }
View
User view
429
Parameter
all: All debugging functions of DHCP server.
error: Error debugging on the DHCP server, specifically, the debugging on the
errors that occur when the DHCP server processes DHCP packets, allocates
addresses, etc.
events: Event debugging on the DHCP server, specifically, the debugging on the
events such as address allocation, ping detection timeout, etc.
packet: DHCP packet debugging, specifically, the debugging on the packets that
the DHCP server has received and sent and on the ping packets sent for the
purpose of detection and the received response packets.
Description
Using the debugging dhcp server command, you can enable debugging on the
DHCP server. Using the undo debugging dhcp server command, you can
disable debugging.
By default, debugging is disabled on the DHCP server.
Example
Enable event debugging on the DHCP server.
<3Com> debugging dhcp server events
*0.62496500-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: ICMP Timeout
*0.62496583-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Still Need to ICMP detect for 1 times
*0.62497000-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: ICMP Timeout
*0.62497083-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: All Try finished
*0.62497166-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Ack User's Lease
430
Syntax
dhcp server dns-list ip-address [ ip-address ]
undo dhcp server dns-list { ip-address | all }
View
Interface view
Parameter
ip-address: IP address of DNS. You can configure up to eight IP addresses
separated by spaces in a command.
Description
Using the dhcp server dns-list command in interface view, you can configure
DNS IP addresses for an interface configured with a DHCP address pool. Using the
undo dns-list command in interface view, you can delete the configuration.
By default, no DNS address is configured.
By far, only up to eight DNS server addresses can be set in each DHCP address
pool.
For the related commands, see dhcp server dns-list (in system view), dhcp
server ip-pool, and dns-list.
Example
Configure the DNS server address 1.1.1.254 for the DHCP address pool of the
interface Ethernet1/0/0.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server dns-list 1.1.1.254
Syntax
dhcp server dns-list ip-address [ ip-address ] { interface ethernet-subinterface-range |
all }
undo dhcp server dns-list { ip-address | all } { interface ethernet-subinterface-range | all }
View
System view
Parameter
ip-address: IP address of DNS. You can configure up to eight IP addresses
separated by spaces in a command.
ethernet-subinterface-range: Includes any the subinterfaces whose interface
number lies between the two given subinterface number (including these two
431
dhcp server
domain-name (in
Interface View)
Syntax
dhcp server domain-name domain-name
undo dhcp server domain-name domain-name
View
Interface view
Parameter
domain-name: Domain name that the DHCP server allocates to clients, which is a
string comprising at least three characters and at most 50 characters.
Description
Using the dhcp server domain-name command in interface view, you can
configure the domain name that the DHCP address pool of the current interface
allocates to clients. Using the undo dhcp server domain-name command in
interface view, you can delete the configured domain name.
By default, no domain name has been allocated to DHCP clients and domain name
is null.
For the related commands, see dhcp server ip-pool, dhcp server domain-name
(in system view), and domain-name.
Example
Configure the domain name eth1_0_0.com.cn in an interface DHCP address pool.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server domain-name eth1_0_0.com.cn
432
dhcp server
domain-name (in System
View)
Syntax
dhcp server domain-name domain-name { interface ethernet-subinterface-range | all }
undo dhcp server domain-name domain-name { interface ethernet-subinterface-range |
all }
View
System view
Parameter
domain-name: Domain name that the DHCP server allocates to clients, which is a
string comprising 3 to 50 characters.
ethernet-subinterface-range: Includes any the subinterfaces whose interface
number lies between two subinterface numbers (including these two
subinterfaces) by inserting the keyword to between these two interface
numbers.
all: All the interfaces.
Description
Using the dhcp server domain-name command in system view, you can
configure the domain name that the DHCP address pool of the interfaces in a
specified range allocates to DHCP clients. Using the undo dhcp server
domain-name command in system view, you can delete the configured domain
name.
By default, no domain name is configured for clients.
After configuring this command you cannot view the configuration of the
command by executing the display current-configuration command. By
executing the dhcp server domain-name command respectively on the specified
interfaces, you can fulfill the batch configurations of the command.
For the related command, see dhcp server ip-pool.
Example
Configure eth2_1_5.com.cn as the domain name in the interface DHCP address
pool of the interfaces Ethernet2/0/0.1 through Ethernet2/0/0.5.
[3Com] dhcp server domain-name eth1_0_0.com.cn interface ethernet 2/0/0.1 to
ethernet 2/0/0.5
Syntax
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
undo dhcp server expired
View
Interface view
Parameter
day day: Number of days in the range of 0 to 365.
hour hour: Number of hours in the range of 0 to 23.
433
Syntax
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited } { interface
ethernet-subinterface-range | all }
undo dhcp server expired { interface ethernet-subinterface-range | all }
View
System view
Parameter
day day: Number of days in the range of 0 to 365.
hour hour: Number of hours in the range of 0 to 23.
minute minute: Number of hours in the range of 0 to 59.
unlimited: The valid period is unlimited.
ethernet-subinterface-range: Includes any the subinterfaces whose interface
number lies between two subinterface numbers (including these two
subinterfaces) by inserting the keyword to between these two interface
numbers.
all: All the interfaces.
Description
Using the dhcp server expired command in system view, you can configure a
valid period allowed for leasing IP addresses in the interface DHCP address pool of
the interfaces in a specified range. Using the undo dhcp server expired
command in system view, you can restore the default setting.
By default, the leasing valid period is one day.
434
After configuring this command, you cannot view the configuration by executing
the display current-configuration command. By calling the dhcp server
expired command respectively on the specified interfaces, you can fulfill the
batch configurations of the command.
For the related commands, see dhcp server ip-pool, dhcp server expired (in
interface view), and expired.
Example
Set the valid period for leasing IP addresses in the interface address pool of the
interfaces in the range of Ethernet2/0/0.1 to Ethernet2/0/0.5 to unlimited.
[3Com] dhcp server expired unlimited interface ethernet 2/0/0.1 to ethernet 2/0/0.5
Syntax
dhcp server forbidden-ip low-ip-address [ high-ip-address ]
undo dhcp server forbidden-ip low-ip-address [ high-ip-address ]
View
System view
Parameter
low-ip-address: The low IP address that does not participate in the auto-allocation.
high-ip-address: The high IP address that does not participate in the
auto-allocation. It must belong to the same segment to which the low-ip-address
belongs as well and must not be smaller than the low-ip-address. If this parameter
is not specified, there will be only one IP address, i.e., low-ip-address.
Description
Using the dhcp server forbidden-ip command, you can exclude IP addresses in a
specified range to participate in the auto-allocation. Using the undo dhcp server
forbidden-ip command, you can delete the configuration.
By default, all the IP addresses in address pools participate in the auto-allocation.
You can configure multiple IP address ranges that do not participate in the
auto-allocation. Before using the undo dhcp server forbidden-ip command to
delete the setting, you must make sure that you are using exactly the same
parameters that you have configured. In other words, you cannot delete only
some addresses from the configured range.
For the related commands, see dhcp server ip-pool, network, and static-bind
ip-address.
Example
Reserve the IP addresses in the range of 10.110.1.1 to 10.110.1.63 so that these
addresses will not participate in the address auto-allocation.
[3Com] dhcp server forbidden-ip 10.110.1.1 10.110.1.63
Syntax
dhcp server ip-pool pool-name
435
View
System view
Parameter
pool-name: Address pool name uniquely identifying an address pool, which is a
string comprising at least one character and 35 characters at most.
Description
Using the dhcp server ip-pool command, you can create a DHCP address pool
and access the DHCP address pool view. Using the undo dhcp server ip-pool
command, you can delete the specified address pool.
By default, no DHCP address pool is created.
If the specified address pool has existed, executing the dhcp server ip-pool
command will directly access the DHCP address pool view. If the address pool does
not exist, the DHCP server will create it before accessing the DHCP address pool
view. Each DHCP server is allowed to configure multiple address pools, but no
more than 50.
For the related commands, see dhcp enable, expired, and network.
Example
Create DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0]
Syntax
dhcp server nbns-list ip-address [ ip-address ]
undo dhcp server nbns-list { ip-address | all }
View
Interface view
Parameter
ip-address: IP address of NetBIOS server. You can configure up to eight IP
addresses separated by spaces in a command.
all: All the NetBIOS server IP addresses.
Description
Using the dhcp server nbns-list command in interface view, you can configure
NetBIOS server addresses in the DHCP address pool of current interface. Using the
undo dns-list command in interface view, you can delete the configuration.
By default, no NetBIOS address is configured.
By far, only up to eight NetBIOS addresses can be configured in each DHCP
address pool.
For the related commands, see dhcp server ip-pool, dhcp server nbns-list (in
system view), nbns-list, and netbios-type.
436
Example
In the DHCP address pool of Ethernet1/0/0, allocate the NetBIOS server at
10.12.1.99 to the clients.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server nbns-list 10.12.1.99
Syntax
dhcp server nbns-list ip-address [ ip-address ] { interface ethernet-subinterface-range |
all }
undo dhcp server nbns-list { ip-address | all } { interface ethernet-subinterface-range | all
}
View
System view
Parameter
ip-address: IP address of NetBIOS server. You can configure up to eight IP
addresses separated by spaces in a command.
all: In the undo form of the command, the first all refers to all the NetBIOS
server addresses and the second, all the interfaces.
ethernet-subinterface-range: Includes any the subinterfaces whose interface
number lies between two subinterface numbers (including these two
subinterfaces) by inserting the keyword to between these two interface
numbers.
Description
Using the dhcp server nbns-list command in system view, you can configure
NetBIOS server addresses for the clients that get ip address from the DHCP address
pool of the interfaces in a specified range. Using the undo dhcp server nbns-list
command in system view, you can delete the configuration.
By default, no NetBIOS address is configured.
By far, only up to eight NetBIOS addresses can be configured in each DHCP
address pool.
After configuring this command, you cannot view the configuration by executing
the display current-configuration command. By calling the dhcp server
nbns-list command respectively on the specified interfaces, you can fulfill the
batch configurations of the command.
For the related commands, see dhcp server ip-pool, dhcp server nbns-list (in
interface view), nbns-list, and netbios-type.
Example
In the DHCP address pool of interfaces in the range of Ethernet2/0/0.1 to
Ethernet2/0/0.5, assign the NetBIOS server at 10.12.1.99 to the clients.
[3Com] dhcp server nbns-list 10.12.1.99 interface ethernet 2/0/0.1 to ethernet 2/0/0.5
437
Syntax
dhcp server netbios-type { b-node | h-node | m-node | p-node }
undo dhcp server netbios-type
View
Interface view
Parameter
b-node: Broadcast mode, i.e., hostname-IP maps are obtained by means of
broadcast.
p-node: Peer-to-peer mode, i.e., maps are obtained by means of communicating
with the NetBIOS server.
m-node: Mixed (m) mode, i.e., the mode of type b nodes running peer-to-peer
communications mechanism.
h-node: Hybrid (h) mode, i.e., the mode of type p nodes possessing some of the
broadcast features.
Description
Using the dhcp server netbios-type command in interface view, you can
configure the NetBIOS node type of the DHCP clients of the current interface.
Using the undo dhcp server netbios-type command in interface view, you can
restore the default setting.
By default, clients adopt type h node (h-node).
Hostname-IP maps are required in the event that DHCP clients use the NetBIOS
protocol on a WAN.
For the related commands, see dhcp server ip-pool, netbios-type, dhcp server
netbios-type (in system view), and nbns-list.
Example
In the DHCP address pool of Ethernet1/0/0, set the NetBIOS node type of its clients
to p-node.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server netbios-type p-node
Syntax
dhcp server netbios-type { b-node | h-node | m-node | p-node } { interface
ethernet-subinterface-range | all }
undo dhcp server netbios-type { interface ethernet-subinterface-range | all }
View
System view
Parameter
b-node: Broadcast mode, i.e., hostname-IP maps are obtained by means of
broadcast.
438
Syntax
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address }
undo dhcp server option code
View
Interface view
Parameter
code: Option value that needs to be assigned by the user.
ascii ascii-string: ASCII string.
hex hex-string: 2-digit or 4-digit hexadecimal string, such as hh or hhhh.
ip-address ip-address: IP address.
439
Description
Using the dhcp server option command in interface view, you can configure a
DHCP self-defined option for the DHCP address pool of the current interface.
Using the undo dhcp server option command in interface view, you can delete
the configuration.
For the related commands, see option and dhcp server option (in system
view).
Example
Define the hexadecimal strings of the option code 100 to 0x11 and 0x22 for the
DHCP address pool of the interface Ethernet1/0/0.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server option 100 hex 11 22
Syntax
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address } {
interface ethernet-subinterface-range | all }
undo dhcp server option code { interface ethernet-subinterface-range | all }
View
System view
Parameter
code: Option value that needs to be assigned by the user.
ascii ascii-string: ASCII string.
hex hex-string: 2-digit or 4-digit hexadecimal string, such as hh or hhhh.
ip-address ip-address: IP address.
ethernet-subinterface-range: Includes all the subinterfaces between two
subinterfaces (including these two subinterfaces) by inserting the keyword to
between these two interfaces.
all: All the interfaces.
Description
Using the dhcp server option command in system view, you can configure a
DHCP self-defined option for the interfaces in a specified range. Using the undo
dhcp server option command in system view, you can delete the configuration.
After configuring this command, you cannot view the configuration by executing
the display current-configuration command. By calling dhcp server option
respectively on the specified interfaces, you can fulfill the batch configurations of
the command.
For the related commands, see dhcp server option (in interface view) and
option.
440
Example
Define the hexadecimal strings of the option code 100 to 0x11 and 0x22 for the
interface DHCP address pool of the interfaces in the range of Ethernet2/0/0.1 to
Ethernet2/0/0.5.
[3Com] dhcp server option 100 hex 11 22 interface ethernet 2/0/0.1 to ethernet 2/0/0.5
Syntax
dhcp server ping { packets number | timeout milliseconds }
undo dhcp server ping { packets | timeout }
View
System view
Parameter
packets number: The maximum number of ping packets allowed to be sent, which
is in the range of 0 to 10 and defaults to 2, with 0 indicating that no ping
operation will be performed.
timeout milliseconds: The longest time period that the DHCP server waits for the
response to each ping packet, which is in the range of 0 to 10000 milliseconds
and defaults to 500 milliseconds.
Description
Using the dhcp server ping command, you can configure the maximum number
of ping packets that the DHCP server is allowed to send and the longest time
period that the DHCP server should wait for the response to each ping packet.
Using the undo dhcp server ping command, you can restore the default
settings.
To prevent the address collision resulted from repeated IP address allocation, DHCP
server sends ping packets to detect that an address is available.
Example
Allow the DHCP server to send up to ten ping packets and wait 500 milliseconds
(the default setting) for the response to each packet.
[3Com] dhcp server ping packets 10
Syntax
dhcp server static-bind ip-address ip-address mac-address mac-address
undo dhcp server static-bind { ip-address ip-address | mac-address mac-address }
View
Interface view
Parameter
ip-address: Statically bound IP address. It must be a valid IP address selected from
the current interface address pool.
mac-address: Statically bound MAC address.
441
Description
Using the dhcp server static-bind command, you can configure a static address
binding in the DHCP address pool of the current interface. Using the undo dhcp
server static-bind command, you can delete the configuration.
By default, static address binding is not configured in any interface address pool.
In all the static address binding operations performed on an interface, the IP
addresses and the MAC addresses must be unique.
Example
Statically bind the MAC address 0000-e03f-0305 with the IP address 10.1.1.1.
[3Com-Ethernet1/0/0] dhcp server static-bind 10.1.1.1 0000-e03f-0305
Syntax
display dhcp server conflict [ ip ip-address | all ]
View
Any view
Parameter
ip-address: A specified IP address.
all: All the IP addresses.
Description
Using the display dhcp server conflict command, you can view the DHCP
address conflict statistics, including the information in conflicted IP address,
conflict detection type, conflict time, etc.
If no optional parameter has been specified, the information displayed will depend
on the current view:
Table 1 Description of the information displayed by executing display dhcp server conflict
Major item
Description
Address
Discover Time
442
Syntax
display dhcp server expired [ ip ip-address | pool [ pool-name ] | interface [
interface-name ] all ]
View
Any view
Parameter
ip-address: A specified IP address.
pool-name: Name of a global address pool. All the global address pools will apply
if no address pool has been specified.
interface-name: Interface address pool. All the interface address pools will apply if
no interface has been specified.
all: All the IP addresses.
Description
Using the display dhcp server expired command, you can view the expired
address leases in a DHCP address pool. In certain conditions, the addresses of the
expired leases will be allocated to other DHCP clients.
Example
View the expired leases in DHCP address pools.
<3Com> display dhcp server expired all
Global pool:
IP address Hardware address Lease expiration
Interface pool:
IP address Hardware address Lease expiration
Type
Type
443
Table 2 Description of the information displayed by executing display dhcp server expired
Major item
Description
Global pool:
Interface pool:
IP address
Hardware address
Lease expiration
Type
Syntax
display dhcp server free-ip
View
Any view
Parameter
None
Description
Using the display dhcp server free-ip command, you can view the ranges of
available addresses in DHCP address pools, i.e., information of the IP addresses
that have not been allocated yet.
Example
View the ranges of the available addresses in DHCP address pools.
<3Com> display dhcp server free-ip
IP Range from 1.0.0.0
to 2.2.2.1
IP Range from 2.2.2.3
to 2.255.255.255
IP Range from 4.0.0.0
to 4.255.255.255
IP Range from 5.5.5.0
to 5.5.5.0
IP Range from 5.5.5.2
to 5.5.5.255
Syntax
display dhcp server ip-in-use [ ip ip-address | pool [ pool-name ] | interface [
interface-name ] ]
View
Any view
Parameter
ip-address: Specifies an IP address. If no IP address has been specified, information
of all the bound addresses will be displayed.
pool-name: Specifies a global address pool. If no global address pool has been
specified, the bound addresses in all the global address pools will be displayed.
444
Table 3 Description of the information output by executing display dhcp server ip-in-use
Major item
Description
Global pool:
Interface pool:
IP address
Hardware address
Lease expiration
Type
Syntax
display dhcp server statistics
View
Any view
Parameter
None
Description
Using the display dhcp server statistics command, you can view the statistics on
the DHCP server, including such information as number of DHCP address pools,
automatically or manually bound address and expired addresses, number of
unknown packets, number of DHCP request packets, and number of response
packets.
445
Table 4 Description of the information output by executing display dhcp server statistics
Major item
Description
Global Pool:
Interface Pool:
Pool Number
Auto
Manual
Expire
Boot Request
446
Syntax
display dhcp server tree [ pool [ pool-name ] | interface [ interface-name ] | all ]
View
Any view
Parameter
pool-name: Name of a global address pool. All the global address pools will apply
if no address pool has been specified.
interface-name: Interface address pool. All the interface address pools will apply if
no interface has been specified.
all: All the DHCP address pools.
Description
Using the display dhcp server tree command, you can view the tree-structure
information of DHCP address pools, including the address pool at each node,
option, address lease period, and DNS server information.
If no optional parameter has been specified, the information output by executing
the command will be:
Example
View the tree-structure information of DHCP address pools.
<3Com> display dhcp server tree all
Global pool:
Pool name: 5
network 10.10.1.0 255.255.255.0
Child node:6
Sibling node:7
option 1 ip-address 255.0.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 6
host 10.10.1.2 255.0.0.0
hardware-address 1111.2222.3333 ethernet
Parent node:5
option 1 ip-address 255.255.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 7
network 10.10.1.64 255.255.255.192
PrevSibling node:5
Sibling node:8
option 1 ip-address 255.0.0.0
Pool name: 8
network 20.10.1.1 255.255.255.0
Child node:9
PrevSibling node:7
option 1 ip-address 255.0.0.0
gateway-list 2.2.2.2
447
nbns-list 3.3.3.3
netbios-type m-node
expired 2 0 0
option 58 hex 00 01 51 80
option 59 hex 00 00 00 3C
Pool name: 9
network 30.10.1.64 255.255.255.0
Parent node:8
option 1 ip-address 255.0.0.0
gateway-list 2.2.2.2
dns-list 1.1.1.1
domain-name 444444
nbns-list 3.3.3.3
netbios-type m-node
expired 2 0 0
option 58 hex 00 01 51 80
option 59 hex 00 00 00 3C
Interface pool:
Pool name: Ethernet11/2/0
network 5.5.5.0 mask 255.255.255.0
option 1 ip-address 255.255.255.0
gateway-list 5.5.5.5
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Table 5 Description of the information output by executing display dhcp server tree
Major item
Description
Global pool:
Interface pool:
Pool Name:
network
host 10.10.1.2
255.0.0.0
child node:6
Child node, which is the child node (subnet) address pool of the
current address pool
Parent node, which is Sibling node, which is the next sibling node (another subnet on
the father node
the same natural network segment) address pool. The order of
(natural network
sibling nodes depends on the order in which they are configured.
segment) address pool
of the current node
PrevSibling node,
which is the previous
sibling node of the
current node
option
Self-definable DHCP
option
expired
dns-list
448
Table 5 Description of the information output by executing display dhcp server tree
Major item
Description
domain-name
Domain name
specified for DHCP
clients
nbns-list
netbios-type
dns-list
Syntax
dns-list ip-address [ ip-address ]
undo dns-list { ip-address | all }
View
DHCP address pool view
Parameter
ip-address: IP address of the DNS. You can configure up to eight IP addresses
separated by spaces in a command.
Description
Using the dns-list command, you can configure DNS server IP addresses in a
global DHCP address pool. Using the undo dns-list command, you can delete the
configuration.
By default, no DNS server address is configured.
By far, only up to eight DNS server addresses can be set in each DHCP address
pool.
For the related commands, see dhcp server dns-list interface, dhcp server
dns-list, and dhcp server ip-pool.
Example
Specify 1.1.1.254 as a DNS server address for DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] dns-list 1.1.1.254
domain-name
Syntax
domain-name domain-name
undo domain-name domain-name
View
DHCP address pool view
449
Parameter
domain-name: Domain name that the DHCP server allocates to clients, which is a
string comprising at least three characters and at most 50 characters.
Description
Using the domain-name command, you can configure the domain name that a
global address pool of the DHCP server allocates to clients. Using the undo
domain-name command, you can delete the configured domain name.
By default, no domain name has been allocated to DHCP clients and domain name
is null.
For the related commands, see dhcp server ip-pool, dhcp server domain-name
interface, and dhcp server domain-name.
Example
Set the domain name of DHCP address pool 0 to mydomain.com.cn.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] domain-name mydomain.com.cn
expired
Syntax
expired { day day [ hour hour [ minute minute ] ] | unlimited }
undo expired
View
DHCP address pool view
Parameter
day day: Number of days in the range of 0 to 365.
hour hour: Number of hours in the range of 0 to 23.
minute minute: Number of hours in the range of 0 to 59.
unlimited: The valid period is unlimited.
Description
Using the expired command, you can configure a valid period allowed for leasing
IP addresses in a global DHCP address pool. Using the undo expired command,
you can restore the default setting.
By default, the leasing valid period is one day.
For the related commands, see dhcp server ip-pool, dhcp server expired, and
dhcp server expired interface.
Example
Set the IP address lease period of global address pool 0 to three minutes, two
hours, and one day.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] expired 1 2 3
450
gateway-list
Syntax
gateway-list ip-address [ ip-address ]
undo gateway-list { ip-address | all }
View
DHCP address pool view
Parameter
ip-address: IP address of egress GW router. You can configure up to eight IP
addresses separated by spaces in a command.
all: IP addresses of all the egress GW routers.
Description
Using the gateway-list command, you can configure IP addresses of the egress
GW routers used by DHCP clients. Using the undo gateway-list command, you
can delete the configuration.
By default, no egress GW router is configured.
For the related commands, see dhcp server ip-pool and network.
Example
Associate the egress GW router at 10.110.1.99 with DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] gateway-list 10.110.1.99
nbns-list
Syntax
nbns-list ip-address [ ip-address ]
undo nbns-list { ip-address | all }
View
DHCP address pool view
Parameter
ip-address: IP address of NetBIOS server. You can configure up to eight IP
addresses separated by spaces in a command.
all: All the NetBIOS server IP addresses.
Description
Using the nbns-list command, you can configure NetBIOS server addresses in a
global DHCP address pool for the clients. Using the undo nbns-list command,
you can remove the configured NetBIOS server addresses.
By default, no NetBIOS address is configured.
By far, only up to eight NetBIOS addresses can be configured in each DHCP
address pool.
For the related commands, see dhcp server ip-pool, dhcp server nbns-list,
dhcp server nbns-list interface, and netbios-type.
451
Example
In the DHCP address pool 0, allocate the NetBIOS server at 10.12.1.99 to the
clients.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] nbns-list 10.12.1.99
netbios-type
Syntax
netbios-type { b-node | h-node | m-node | p-node }
undo netbios-type
View
DHCP address pool view
Parameter
b-node: Broadcast mode, i.e., hostname-IP maps are obtained by means of
broadcast.
p-node: Peer-to-peer mode, i.e., maps are obtained by means of communicating
with the NetBIOS server.
m-node: Mixed (m) mode, i.e., the mode of type b nodes running peer-to-peer
communications mechanism.
h-node: Hybrid (h) mode, i.e., the mode of type p nodes possessing some of the
broadcast features.
Description
Using the netbios-type command, you can configure the NetBIOS node type of
the clients of a global DHCP address pool. Using the undo netbios-type
command, you can restore the default setting.
By default, clients adopt type h node (h-node).
For the related commands, see dhcp server ip-pool, dhcp server netbios-type
(in interface view), dhcp server netbios-type (in system view), and
nbns-list.
Example
Specify b-node as the NetBIOS node type of clients of DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] netbios-type b-node
network
Syntax
network ip-address [ mask netmask ]
undo network
View
DHCP address pool view
452
Parameter
ip-address: The subnet address of an IP address pool used for dynamic allocation.
mask netmask: Network mask of the IP address pool. Natural mask will be
adopted if the parameter is not specified.
Description
Using the network command, you can configure an IP address range used for
dynamic allocation. Using the undo network command, you can delete the
configuration.
By default, no IP address range has been configured for dynamic allocation.
Each DHCP address pool can be configured with a network segment and the new
configuration will replace the old one. If the system requires several such address
segments, you should configure them in multiple address pools.
For the related commands, see dhcp server ip-pool and dhcp server
forbidden-ip.
Example
Use 192.168.8.0/24 as the address space for DHCP address pool 0.
[3Com-dhcp-0] network 192.168.8.0 mask 255.255.255.0
option
Syntax
option code { ascii ascii-string | hex hex-string | ip-address ip-address }
undo option code
View
DHCP address pool view
Parameter
code: Option value that needs to be assigned by the user.
ascii ascii-string: ASCII string.
hex hex-string: 2-digit or 4-digit hexadecimal string, such as hh or hhhh.
ip-address ip-address: IP address.
Description
Using the option command, you can configure the self-defined options for a
DHCP global address pool. Using the undo option command, you can delete the
DHCP self-defined options.
New options are emerging along with the development of DHCP. In order to
accommodate these options, manual option addition is supported so that they can
be added into the attribute list maintained by the DHCP server.
For the related commands, see dhcp server option (in interface view) and
dhcp server option interface (in system view).
453
Example
Define the hexadecimal strings of the option code 100 to 0x11 and 0x22.
[3Com-dhcp-0] option 100 hex 11 22
Syntax
reset dhcp server conflict [ ip-address | all ]
View
User view
Parameter
ip-address: A specified IP address.
all: All the address pools.
Description
Using the reset dhcp server conflict command, you can clear the statistics about
DHCP address collision.
In the case that no parameter has been specified when the command is
configured, the scope in which the command takes effect will depend on the view
in which the command is executed:
Syntax
reset dhcp server ip-in-use [ ip ip-address | pool [ pool-name ] | interface [
interface-name ] | all ]
View
User view
Parameter
ip-address: Binding information of a specified IP address.
pool-name: Specifies a global address pool. All the global address pools will apply
if no address pool has been specified.
interface-name: Specifies an interface address pool. If no interface has been
specified, all the interface address pools will apply.
all: All the address pools.
454
Description
Using the reset dhcp server ip-in-use command, you can clear the DHCP
dynamic address binding information.
In the case that no parameter has been specified when the command is
configured, the scope in which the command takes effect will depend on the view
in which the command is executed:
Syntax
reset dhcp server statistics
View
User view
Parameter
None
Description
Using the reset dhcp server statistics command, you can clear the statistics on
the DHCP server, including such information as number of DHCP address pools,
automatically and manually bound addresses and expired addresses, number of
unknown packets, number of DHCP request packets, and number of response
packets.
For the related command, see display dhcp server statistics.
Example
Clear statistic information of the DHCP server.
<3Com> reset dhcp server statistics
static-bind ip-address
Syntax
static-bind ip-address ip-address [ mask netmask ]
undo static-bind ip-address
View
DHCP address pool view
Parameter
ip-address: IP address to be bound.
455
static-bind mac-address
Syntax
static-bind mac-address mac-address
undo static-bind mac-address
View
DHCP address pool view
Parameter
mac-address: The host MAC address to be bound, which is in the format of
H-H-H.
Description
Using the static-bind mac-address command, you can bind a MAC address
statically. Using the undo static-bind mac-address command, you can delete the
statically bound MAC address.
By default, no MAC address is bound statically.
The commands static-bind mac-address and static-bind ip-address must be
used in pairs so that a MAC address and an IP address can be bound together.
For the related commands, see dhcp server ip-pool, and static-bind
ip-address.
Example
Bind the PC at the MAC address 0000-e03f-0305 with the IP address 10.1.1.1
using the mask 255.255.255.0.
[3Com-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
[3Com-dhcp-0] static-bind mac-address 0000-e03f-0305
456
DHCP Client
Configuration
Commands
debugging dhcp client
Syntax
debugging dhcp client { event | packet | error | all }
undo debugging dhcp client { event | packet | error | all }
View
User view
Parameter
event: Protocol events of the DHCP client, which include address allocation and
data updating.
packet: DHCP packets received and sent by the DHCP client.
error: Unknown packet information or error information.
all: Enables debugging of the DHCP client in all the information (event, packet,
and error).
Description
Using the debugging dhcp client command, you can enable debugging on the
DHCP client. Using the undo debugging dhcp client command, you can disable
debugging on the DHCP client. By default, DHCP client debugging is disabled.
Example
Enable event debugging on the DHCP client.
<3Com>debugging dhcp client event
Syntax
display dhcp client [ verbose ]
View
Any view
Parameter
verbose: Statistic details of the DHCP client.
Description
Using the display dhcp client command, you can display the statistic information
of the DHCP client. Executing the command attached without the keyword
parameter verbose will display only the brief address allocation information on the
DHCP client.
Example
Display the statistic details of the DHCP client.
[3Com] display dhcp client verbose
457
The statistic information shows that two interfaces, i.e., Ethernet0/0 and
Ethernet2/0, have been configured to be DHCP clients.
Ethernet0/0 has been assigned with the address 169.254.0.2/16 subject to the
lease expiration of 86400 seconds and the current machine state is BOUND. The
renewal timer is set to 43200 seconds, the rebinding timer to 75600 seconds, and
the lease expiration to the period since 2002.09.20 01:05:03 to 2002.09.21
01:05:03. The selected DHCP server is at 169.254.0.1, the GW at 2.2.2.2, and the
DNS server at 1.1.1.1, given the domain name is 3Com.com. In addition, the next
timeout will happen 1 second, 56 minutes, and 11 hours later.
The allocation process has not been started at Ethernet2/0 yet. The current
machine state is HALT, which is normally as a result of the DOWN state of the
interface.
Display more details of the DHCP client.
[3Com]display dhcp client verbose
DHCP client statistic infomation:
Ethernet0/0:
Current machine state: BOUND
Alloced IP: 169.254.0.2 255.255.0.0
Alloced lease: 300 seconds, T1: 150 seconds, T2: 262 seconds
Lease from 2002.09.15 07:11:55 to 2002.09.15 07:16:55
Server IP: 169.254.0.1
Transaction ID = 0x3d8432b1
Client ID: 3Com-00e0.fc0a.c3ef-Ethernet0/0
Next timeout will happen after 0 days 0 hours 1 minutes 36 seconds.
Description
Ethernet0/0
Alloced IP
lease
Lease period
T1
T2
Lease from.to.
Server IP
Transaction ID
Transaction ID
458
ip address dhcp-alloc
Item
Description
Client ID
User ID
Default router
GW address
DNS server
Domain name
Domain name
Requested IP
Offered IP
Syntax
ip address dhcp-alloc
undo ip address dhcp-alloc
View
Interface view
Parameter
None
Description
Using the ip address dhcp-alloc command, you can allocate local IP addresses by
making use of DHCP. Using the undo ip address dhcp-alloc command, you can
disable the allocation of local IP addresses via DHCP negotiation. This command
must be configured and executed in Ethernet interface (including subinterface)
view.
By default, DHCP negotiation is not used for the allocation of local IP addresses.
Example
Adopt DHCP negotiation for the allocation of local IP addresses on Ethernet0/0/0.
[3Com-Ethernet0/0/0] ip address dhcp-alloc
DHCP Relay
Configuration
Commands
debugging dhcp relay
Syntax
debugging dhcp relay
undo debugging dhcp relay
View
User view
Parameter
None
459
Description
Using the debugging dhcp relay command, you can enable debugging on the
DHCP-relay module. Using the undo debugging dhcp relay command, you can
disable DHCP-relay module debugging.
Example
Enable DHCP-relay module debugging.
<3Com>debugging dhcp relay
Syntax
dhcp relay release { client-ip mac-address } [ server-ip ]
View
Interface view
System view
Parameter
client-ip: IP address of the DHCP client.
mac-address: MAC address of the DHCP client, which is in the format of H-H-H.
server-ip: IP address of the DHCP server.
Description
Using the dhcp relay release command, you can send an IP address releasing
request to a DHCP server via the DHCP relay.
Given that no IP address of DHCP server has been specified, release packets will be
sent either to all the DHCP servers, if this command is configured in system view,
or to all the relay addresses configured on an interface, if this command is
configured in the interface view.
Example
Send a release packet to the DHCP server at 10.110.91.174, requesting to release
the IP address 192.2.2.25, which was offered to the client whose MAC address is
0050-ba34-2000.
[3Com] dhcp relay release 192.2.2.25 0050-ba34-2000 10.110.91.174
Syntax
display dhcp relay address [ interface interface-name | all ]
View
Any view
Parameter
interface-name: Specifies an interface name, which is represented by interface
type plus interface number.
all: All the interfaces.
460
Description
Using the display dhcp relay address command, you can view the DHCP relay
address configuration of an interface.
For the related commands, see ip relay address and ip relay address interface.
Example
View the DHCP relay address configurations of all the interfaces.
<3Com> display dhcp relay address all
** Ethernet11/2/0 DHCP Relay Address **
Relay Address [0] : 3.3.3.3
Syntax
display dhcp relay statistics
View
Any view
Parameter
None
Description
Using the display dhcp relay statistics command, you can view the statistics of
DHCP relay in packet errors, DHCP packets received from clients, DHCP packets
received from and sent to servers, and DHCP packets sent to clients (including
unicast and broadcast packets).
Example
View DHCP relay statistics.
<3Com> display dhcp relay statistics
Bad Packets recieved:
0
DHCP packets received from clients:
0
DHCP DISCOVER packets received:
0
DHCP REQUEST packets received:
0
DHCP INFORM packets received:
0
DHCP DECLINE packets received:
0
DHCP packets received from servers:
0
DHCP OFFER packets received:
0
DHCP ACK packets received:
0
DHCP NAK packets received:
0
DHCP packets sent to servers:
0
DHCP packets sent to clients:
0
Unicast packets sent to clients: 0
ip relay address
Syntax
ip relay address ip-address
undo ip relay address [ ip-address ]
View
Interface view
461
Parameter
ip-address: IP relay address in dot-deliminated decimal format.
Description
Using the ip relay address command, you can specify the exact location of a
DHCP server by configuring an IP relay address for it. Using the undo ip relay
address command, you can delete one or all relay IP addresses used by an
interface.
By default, no relay IP address has been configured.
Executing undo ip relay address without ip-address will delete all the relay IP
addresses configured on the current interface.
As the packets sent by DHCP client machines in some phases of DHCP are
broadcast packets, the interfaces configured with relay IP addresses must support
broadcast. In other words, this command can be used on the broadcast-supported
network interfaces, Ethernet interfaces for example.
For the related command, see dhcp select interface.
Example
Add two relay IP addresses on Ethernet 0/0/0.
[3Com-Ethernet0/0/0] ip relay address 202.38.1.2
[3Com-Ethernet0/0/0] ip relay address 202.38.1.3
Syntax
ip relay address cycle
undo ip relay address cycle
View
System view
Parameter
None
Description
Using the ip relay address cycle command, you can adopt the polling approach
to relay packets, ensuring that different clients use different DHCP servers and the
same clients use the same DHCP server so long as it is possible. Using the undo ip
relay address cycle command, you can adopt the broadcast approach to relay
packets to broadcast client requests to all the DHCP servers.
By default, the broadcast approach is adopted.
Suppose that there are three clients, i.e., A, B, and C, and the DHCP server has
been configured with three relay addresses, i.e., S1, S2, and S3. If the polling
approach is adopted to relay packets, A, B, and C will respectively use the relay
addresses S1, S2, and S3. If A is shut down and restarted again, it will continue to
use S1. But if a client other than these three clients started, it will use S1. Thus, the
relay addresses will be used cyclically.
For the related command, see ip relay address.
462
Example
Adopt the polling approach to relay.
[3Com] ip relay address cycle
ip relay address
interface
Syntax
ip relay address ip-address [ interface ethernet-subinterface-range | all ]
undo ip relay address { ip-address | all } { interface ethernet-subinterface-range | all }
View
System view
Parameter
ip-address: IP address of the DHCP server.
ethernet-subinterface-range: Includes all the subinterfaces whose interface
number lies between two subinterface numbers (including these two
subinterfaces) by inserting the keyword to between these two interface
numbers.
all: In the undo form of the command, the first all refers to all the relay
addresses and the second all, the interfaces.
Description
Using the ip relay address interface command, you can configure a relay
address for the Ethernet interfaces in a specified range for the purpose of
transparent forwarding. Using the undo ip relay address interface command,
you can delete the configured relay address.
By default, no relay IP address has been configured on any Ethernet interface.
For the related command, see ip relay address.
Example
Add a relay IP address for the interfaces in the range of Ethernet2/0/0.1 to
Ethernet2/0/0.5.
[3Com] ip relay address 202.38.1.2 interface ethernet 2/0/0.1 to ethernet 2/0/0.5
Syntax
reset dhcp relay statistics
View
User view
Parameter
None
Description
Using the reset dhcp relay statistics command, you can clear the DHCP relay
statistics.
For the related command, see display dhcp relay statistics.
463
Example
Clear the DHCP relay statistics.
<3Com> reset dhcp relay statistics
IP Performance
Configuration
Commands
debugging ip
Syntax
debugging ip { icmp | packet [ acl { acl-number1 | acl-number2 } ] }
undo debugging ip { icmp | packet }
View
User view
Parameter
acl-number1: ACL based on the interface, in the range of 1000 to 1999.
acl-number2: ACL in the range of 1 to 199. The ACL in the range of 1 to 99 is the
basic ACL and that in the range of 100 to 199 is the advanced ACL.
Description
Using debugging ip icmp command, you can enable the ICMP debugging. Using
the undo debugging ip icmp command, you can disable the ICMP debugging.
The debugging ip packet command is used to enable the IP packet debugging.
The filtration to the debugging information can be accomplished by filtering the IP
packets via acl. Using the undo debugging ip packet command, you can disable
the IP packet debugging.
Example
Enable the IP debugging.
<3Com> debugging ip packet
*0.129680-IP-8-debug_case:
Delivering, interface = Serial0/0/0, version = 4, headlen = 20, tos = 6,pktlen = 70, pktid = 49,
offset = 0, ttl = 1, protocol = 17,checksum = 50, s = 1.1.1.2, d = 224.0.0.2
prompt: IP packet is delivering up!
*0.129680-IP-8-debug_case:
Sending, interface = Serial0/0/0, version = 4, headlen = 20, tos = 6,pktlen = 70, pktid = 49,
offset = 0, ttl = 1, protocol = 17,checksum = 55147, s = 1.1.1.2, d = 224.0.0.2
prompt: Sending the packet from local at Serial0/0/0
<3Com> debugging ip icmp
*0.157090-IP-8-debug_icmp:
ICMP Receive: echo(Type=8, Code=0), Src = 127.0.0.1, Dst = 1.1.1.2
*0.157090-IP-8-debug_icmp:
ICMP Send: echo-reply(Type=0, Code=0), Src = 1.1.1.2, Dst = 127.0.0.1
*0.157090-IP-8-debug_icmp:
ICMP Receive: echo-reply(Type=0, Code=0), Src = 1.1.1.2, Dst = 127.0.0.1
464
Syntax
debugging tcp event [ task_id socket_id ]
undo debugging tcp event [ task_id socket_id ]
View
User view
Parameter
task_id: The ID of a task.
socket_id: The ID of a socket.
Description
Using the debugging tcp event command, you can enable TCP events
debugging. And using the undo debugging tcp event command, you can
disable TCP events debugging.
There is a limit for the number of debugging switches enabled, that is, only a fixed
number of debugging switches can be enabled at one time (combination of task
ID and socket ID). In addition, when TCP is enabled to receive connection request
reactively, a new socket will be created to establish that connection, and some
programs will create a new task to process the connection, like Telnet server. So, to
view information about a connection, such parameters as task_id and socket_id
cannot be used for filtering.
Example
Enable debugging of TCP events.
<3Com> debugging tcp event
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 0,
TCPCB 0x02c6fd74 created
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 1,
state CLOSED changed to SYN_SENT
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 1,
sending SYN, seq = 74249530,
LA = 127.0.0.1:1025, FA = 1.1.1.1:23
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 1,
advertising MSS = 512,
LA = 127.0.0.1:1025, FA = 1.1.1.1:23
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = VTYD(9), socketid = 0,
received MSS = 512,
LA = 1.1.1.1:23, FA = 127.0.0.1:1025
*0.50959090-SOCKET-8-TCP EVENT:
733759463: sending RST to 2.2.2.1:11022
*0.1293330-SOCKET-8-TCP EVENT:
1043495346: task = Co0(2), socketid = 1,
connection refused because remote sent RST!
LA = 1.1.1.1:1026, FA = 1.1.1.2:21
<3Com> display debugging
TCP:
465
Syntax
debugging tcp md5
undo debugging tcp md5
View
User view
Parameter
None
Description
Using the debugging tcp md5 command, you can enable the MD5
authentication debugging of the TCP connection. Using the undo debugging
tcp md5 command, you can disable the MD5 authentication debugging of the
TCP connection.
Example
Enable the MD5 authentication debugging of the TCP connection.
<3Com> debugging tcp md5
Syntax
debugging tcp packet [ task_id socket_id ]
undo debugging tcp packet [ task_id socket_id ]
View
User view
Parameter
task_id: The ID of a task.
socket_id: The ID of a socket.
Description
Using the debugging tcp packet command, you can enable the debugging of
TCP connection. The number of debugging switches users can enable is limited,
that is, at the same time only a fixed number of debugging switches can be
enabled (combination of task ID and socket ID). Using the undo debugging tcp
packet command, you can disable the debugging of TCP connection.
Example
Enable the debugging of TCP connection.
<3Com> debugging tcp packet
<3Com> display debugging
*0.100070-SOCKET-8-TCP PACKET:
1043204051: Input: Co0(5) socketId = 2, state = SYN_SENT,
src = 127.0.0.1:1025, dst = 2.2.2.2:23,
seq = 11084380, ack = 0, optlen = 4, flag = SYN ,
466
window = 8192
1043204051: Output: Co0(5) SocketId = 2, State = SYN_SENT,
src = 127.0.0.1:1025, Dst = 2.2.2.2:23,
Seq = 11084380, Ack = 0, Datalen = 4, Flag = ACK PSH ,
Window = 8192
1043204051: Retrans: Co0(5) SocketId = 2, State = SYN_SENT,
Src = 127.0.0.1:1025, Dst = 2.2.2.2:23,
Seq = 11084380, Ack = 0, Optlen = 4, Flag = SYN ,
Window = 8192
Syntax
debugging udp packet [ task_id socket_id ]
undo debugging udp packet [ task_id socket_id ]
View
User view
Parameter
task_id: The ID of a task.
socket_id: The ID of a socket.
Description
Using the debugging udp packet command, you can enable the debugging of
UDP connection. The number of debugging switches users can enable is limited,
that is, at the same time only a fixed number of debugging switches can be
enabled (combination of task ID and socket ID). Using the undo debugging udp
packet command, you can disable the debugging of UDP connection.
Example
Enable the debugging of UDP connection.
<3Com> debugging udp packet
<3Com> display debugging
*0.377770-SOCKET-8-UDP:
1043494431: Output: task = ROUT(6), socketid = 3,
src = 1.1.1.1:520, dst = 255.255.255.255:520, datalen = 24,
display fib
Syntax
display fib
View
Any view
Parameter
None
Description
Using the display fib command, you can view the summary of the Forwarding
Information Base.
467
This command outputs the Forwarding Information Base in a list, in which each
line represents one route. The following points are included:
a Next hop
a Time stamp
an Outbound interface
Example
Display the summary of the forwarding information base.
<3Com> display fib
Destination/MaskNexthopFlagTimeStampIInterface
80.10.0.2/3280.10.0.2GHUt[0]Serial2/0/0
80.10.255.255/32127.0.0.1HUt[0]InLoopBack0
80.10.0.0/1680.10.0.1Ut[0]Serial2/0/0
80.50.0.2/3280.50.0.2GHUt[0]Serial2/0/0
80.50.255.255/32127.0.0.1HUt[0]InLoopBack0
Syntax
display fib acl { listnumber | listname }
View
Any view
Parameter
listnumber: The ACL rules expressed in number, ranging from 1 to 99.
listname: The ACL rules expressed in name.
Description
Using the display fib acl command, you can filter and display FIB information.
According to ACL number or name entered, you can display the FIB table entries
matching the filtering rules in a format.
A standard ACL name must be input if the ACL is expressed in name; otherwise,
the system will prompt an abnormal entering. When the ACL name or number
ranging from 1 to 99 is entered, the corresponding ACL will be searched. If no
ACL is found, all FIB table entries information will be displayed; and if such an ACL
is found, the FIB table entries information will be output in a format.
If the number of FIB table entries matching the filtering rules is 0, the following
information will be output:
Route entry matched by access-list 2:
Summary count: 0
If the number of FIB table entries matching the filtering rules is not 0, the FIB table
entry information will be output in the following format:
Route entry matched by access-list 1:
468
Summary count: 1
Destination/MaskNexthopFlagTimeStampInterface
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0
Example
Display the FIB table entries matched by the ACL.
<3Com> display fib acl 10
Route entry matched by access-list 10:
Summary counts: 1
Destination/MaskNexthopFlagTimeStampInterface
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0
Syntax
display fib | [ { begin | include | exclude } text ]
View
Any view
Parameter
text: Character.
Description
Using the display fib command, you can output the lines related to the line
containing the character string text in the buffer according to the regular
expression.
Using the display fib | begin text command, you can view the lines beginning
from the line containing the character string text to the end line of the buffer.
Using the display fib | include text command, you can just view the lines
containing the character string text.
Using the display fib | exclude text command, you can view the lines not
containing the character string text.
Example
Display the lines beginning from the line containing the character string
169.254.0.0 to the end line of the buffer:
<3Com> display fib | begin 169.254.0.0
Destination/MaskNexthopFlagTimeStampInterface
169.254.0.0/162.1.1.1Ut[0]Ethernet0/0/0
2.0.0.0/16 2.1.1.1 U t[0]Ethernet0/0/0
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0
Display all the lines not containing the character string 169.254.0.0:
469
Syntax
display fib ip-prefix listname
View
Any view
Parameter
listname: The name of the prefix list.
Description
Using the display fib ip-prefix command, you can filter and display FIB
information. According to the name of prefix-list entered, you can display the FIB
entries matching the filtering rules in the prefix list in a format.
If there is no FIB table entry matching the prefix list, the prompt information will
be displayed that the number of FIB entry matched by the prefix list is 0. If the
name of ip-prefix cannot be found, all FIB table entries will be displayed; if the FIB
table entries after filtering is not 0, they will be output in a format.
If no FIB table entry matching the prefix list, the following information will be
output:
Route entry matched by prefix-list abc1:
Summary count: 0
If the number of FIB table entries after filtering is not 0, FIB table entry information
will be output in the following format:
Route entry matched by prefix-list abc2:
Summary count: 1
Destination/Mask Nexthop
Flag TimeStamp
Interface
127.0.0.0/8
127.0.0.1 U
t[0]
InLoopBack0
Example
Display the FIB table entries matched by the prefix list abc0.
<3Com> display fib ip-prefix abc0
Route Entry matched by prefix-list abc0:
Summary count: 4
Destination/MaskNexthopFlagTimeStampInterface
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0
127.0.0.1/32127.0.0.1Ut[0]InLoopBack0
169.0.0.0/82.1.1.1SU t[0]Ethernet 0/0/0
169.0.0.0/152.1.1.1SUt[0]Ethernet 0/0/0
Syntax
display fib dest-addr1 [ dest-mask2 ] [ longer ]
470
1. Using the above command, you can display the FIB table entries matching the
destination address. Different parameters selected leads to different matching
methods.
display fibdest-addr1 dest-mask1 dest-addr2 dest-mask2
2. Using the above command, you can display the FIB table entries whose
destination address ranges from dest-addr1 dest-mask1 to dest-addr2
dest-mask2, including the FIB entries exactly matching dest-addr1 dest-mask1 and
dest-addr2 dest-mask2.
View
Any view
Parameter
dest-addr1: The destination IP address 1, which is expressed in dot-deliminated
decimal format.
dest-mask1: The subnet mask 1 corresponding to the destination IP address 1,
which is the mask in dot-deliminated decimal format or the mask length in
integer format.
dest-addr2: The destination IP address 2, which is expressed in dot-deliminated
decimal format.
dest-mask2: The subnet mask 2 corresponding to the destination IP address 2,
which is the mask in dot-deliminated decimal format or the mask length in
integer format.
Description
Different parameters selected leads to different matching methods;
Example
Display the FIB table entries whose destination address matches169.253.0.0
longest with the natural mask range.
<3Com> display fib 169.253.0.0
Destination/MaskNexthopFlagTimeStampInterface
471
169.0.0.0/162.1.1.1 Ut[0]Ethernet0/0/0
Display the FIB entries whose destination address is within the range from
69.254.0.0/16 to 169.254.0.6/16.
<3Com> display fib 169.254.0.0 255.255.0.0 169.254.0.6 255.255.0.0
Destination/MaskNexthopFlagTimeStampInterface
169.254.0.1/162.1.1.1Ut[0]Ethernet0/0/0
Syntax
display fib statistics
View
Any view
Parameter
None
Description
Using the display fib statistics command, you can display the total numbers of
FIB table entries.
Example
Display the total numbers of FIB table entries.
<3Com> display fib statistics
Route Entry Count : 30
display ip
fast-forwarding cache
Syntax
display ip fast-forwarding cache
View
Any view
Parameter
None
Description
Using the display ip fast-forwarding cache command, you can view the
information on the fast-forwarding table.
Example
Display the information of the fast-forwarding table.
[Router] display ip fast-forwarding cache
Fast-Forwarding cache:
Index SrIP SrPort DsIP
DsPort Pro Input_If Output_If
FLAG
600:0 1.1.3.149 1463 10.10.26.30 23 6 Ethernet0/0/0 Ethernet1/0/0 81
The above information indicates that the latest cache contains the data flow from
port 1463 at 1.1.3.149 to port 23 at 10.10.26.30, with a protocol number 6, i.e.
the TCP data, ingress is Ethernet0/0/0 and the egress is Ethernet1/0/0.
472
display ip interface
Syntax
display ip interface [ interface-type interface-number | interface-name ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
interface-name: Interface name.
Description
Using the display ip interface command, you can view the information of IP
interfaces.
By default, if no interface is specified, the information about all IP interfaces will
be displayed.
This command is used to display all the information related to IP on the interface.
The information is helpful for fault diagnosis. For the related command, see
display interface.
Example
Display IP-related information at the interface Serial 0/0/0.
<3Com> display ip interface Serial 0/0/0
Serial 0/0/0 current state : UP
Line protocol current state : UP
Internet Address : 10.10.10.10/16
Broadcast address : 10.10.255.255
The Maximum Transmit Unit : 1500 bytes
input packets : 1231, bytes : 57557, multicasts : 1177
output packets : 0, bytes : 0, multicasts : 0
The above information shows that the physical link state of the interface serial
0/0/0 is UP, link-layer protocol state is UP, the maximum transmit unit is 1500
bytes, the IP address is 10.10.10.10, the broadcast subnet is 10.10.255.255 and
the packet receiving/sending conditions at this interface.
display ip socket
Syntax
display ip socket [ socktype sock_type ] [ task_id socket_id ]
View
Any view
Parameter
sock_type: The type of a socket: (tcp:1, udp 2, raw ip 3)
task_id: The ID of a task.
socket_id: The ID of a socket.
473
Description
Using the display ip socket command, you can display the information about all
sockets in the current system.
Example
Display the information about the socket of TCP type.
<3Com> display ip socket socktype 1
SOCK_STREAM:
Task = VTYD(9), socketid = 1, Proto = 6,
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 4096, rcvbuf = 4096, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN
socket state = SS_PRIV SS_ASYNC
SOCK_DGRAM:
Task = ROUT(6), socketid = 1, Proto = 17,
LA = 0.0.0.0:0, FA = 0.0.0.0:0,
sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0,
socket option = SO_UDPCHECKSUM
socket state = SS_PRIV SS_ASYNC
SOCK_RAW:
Task = ROUT(6), socketid = 2, Proto = 2,
LA = 0.0.0.0, FA = 0.0.0.0,
sndbuf = 32767, rcvbuf = 32767, sb_cc = 0, rb_cc = 0,
socket option = 0,
socket state = SS_PRIV SS_NBIO SS_ASYNC
sb_cc: the current data size in the sending buffer. The value makes sense
only for the socket of TCP type, because only TCP is able to cache data.
Display the information about the socket with socket ID as 4 and task ID as 8.
<3Com> display ip socket 8 4
Task = VTYD(8), socketid = 4, Proto = 6,
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 4096, rcvbuf = 4096, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN
socket state = SS_PRIV SS_ASYNC
display ip statistics
Syntax
display ip statistics
474
View
Any view
Parameter
None
Description
Using the display ip statistics command, you can view IP traffic statistics
information. This command is used to display such statistics information as IP
packet transmit/receive, packet assembly/disassembly, which is helpful to fault
diagnosis.
For the related commands, see display interface, display ip interface, and reset
ip statistics.
Example
Display the IP traffic statistic information.
<3Com> disp ip stat
Input:
sum 0 local
0
bad protocol
0 bad format
bad checksum
0 bad options
Output: forwarding
0 local
dropped
0 no route
compress fails 0
Fragment:input
0 output
dropped
0
fragmented
0 couldn't fragment
Reassembling:sum
0 timeouts
0
0
0
0
0
0
0
Syntax
display icmp statistics
View
Any view
Parameter
None
Description
Using the display icmp statistics command, you can view the statistics of ICMP
packet traffic.
For the related command, see display interface.
Example
Display the statistics of ICMP packet traffic.
[Router] display icmp statistics
Input: bad formats
0
echo
5
source quench 0
echo reply
15
timestamp
0
bad checksum
destination unreachable
redirects
parameter problem
information request
0
0
0
0
0
mask requests 0
time exceeded 1
Output:echo
15
source quench 0
echo reply
5
timestamp
0
mask requests 0
time exceeded 1
mask replies
destination unreachable
redirects
parameter problem
information reply
mask replies
0
0
0
0
0
475
Syntax
display tcp statistics
View
Any view
Parameter
None
Description
Using the display tcp statistics command, you can view TCP traffic statistic
information.
The command is used to display the traffic statistic information of all the active
TCP connections. Statistics information is classified into two parts, receiving and
sending, and each part is further classified according to different types of packets.
For example, for receiving packets, there are retransmission packet numbers,
keep-alive detection packet numbers, etc. Also the statistics closely related to
connection are displayed, such as, connection number received, retransmission
packet numbers and keep-alive detection packet numbers. The unit of statistics
results is packet, and sometimes is byte.
For the related command, see display tcp status.
476
Example
Display the TCP traffic statistic information.
<3Com> display tcp statistics
Received packets:
Total: 0
packets in sequence: 0 (0 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, bad offset : 0, too short : 0
duplicate packets : 0 (0 bytes), partially duplicate packets : 0(0 bytes)
out-of-order packets : 0 (0 bytes)
packets with data after window : 0 (0 bytes)
packets after close : 0
ack packets:0 (0 bytes), duplicate ack packets:0, ack packets with unsend data:0
Sent packets:
Total: 0
urgent packets: 0
control packets: 0 ( 0 RST)
window probe packets: 0, window update packets: 0
data packets : 0 (0 bytes), data packets retransmitted: 0 (0 bytes)
ack only packets : 0(0 delayed)
Total retransmit timeout: 0, connections dropped in retransmit timeout: 0
Keepalive timeout: 0, keepalive probe: 0, dropped connections in keepalive: 0
Initiated connections: 0, accepted connections: 0,established connections: 0
Closed connections: 0,( dropped: 0, embryonic dropped: 0)
Dropped packets with MD5 authentication : 0
Permitted packets with MD5 authentication : 0
Receiving statistics:
Sending statistics:
477
Syntax
display tcp status
View
Any view
Parameter
None
Description
Using the display tcp status command, you can monitor TCP connection any
time.
For the related command, see display local-user.
Example
Display the TCP connection status.
<3Com> display tcp status
TCPCB Local AddressForeign AddressState
0442c394 10.110.93.146.2310.110.93.175.1538ESTAB
045d8074 0.0.0.0.210.0.0.0.0
LISTEN
Syntax
display udp statistics
View
Any view
Parameter
None
478
Description
Using the display udp statistics command, you can view TCP traffic statistic
information.
The command is used to display the traffic statistic information of all the active
TCP connections. Statistics information is classified into two parts, receiving and
sending, and each part can be further classified according to different types of
packets, as checksum packets and error packets, for example. Moreover there are
statistics closely related to connection, such as the number of broadcast packets.
The statistics information is organized in terms of packet.
For relate configuration, please refer to the reset udp statistics command.
Example
Display the UDP traffic statistic information.
<3Com> display udp statistics
Received packet:
Total:0
checksum error:0
shorter than header:0, data length larger than packet:0
no socket on port:0
broadcast:0
not delivered, input socket full:0
input packets missing pcb cache:0
Sent packet:
Total:0
Syntax
ip fast-forwarding [ inbound | outbound ]
undo ip fast-forwarding
View
Interface view
Parameter
inbound: Allows fast-forwarding only on the inbound interface.
outbound: Allows fast-forwarding only on the outbound interface.
Description
Using the ip fast-forwarding command, you can enable fast packet forwarding
on the outbound interface. Using the undo ip fast-forwarding command, you
can disable fast-forwarding on the outbound interface.
By default, fast-forwarding is allowed on both inbound and outbound interfaces.
479
Fast-forwarding is well suited to high-speed links (such as Ethernet and FR). Its
function will be rendered useless, however, on a low-speed link, due to the low
transmission rate such a link can provide.
3Com Series Routers support fast-forwarding on the links of various high-speed
interfaces such as Ethernet, synchronous PPP, FR, and HDLC, on the interfaces
configured with firewall and NAT features, and on the virtual tunnel interface of
GRE as well. However, it should be noted that the interface configured with the
function of fast-forwarding will be unable to send ICMP redirection packets.
Example
Disable the interface to fast forward packets.
[3Com-Ethernet/0/0] undo ip fast-forwarding
reset ip fast-forwarding
cache
Syntax
reset ip fast-forwarding cache
View
User view
Parameter
None
Description
Using the reset ip fast-forwarding cache command, you can reset the
fast-forwarding cache.
This command is used to clear the fast-forwarding cache. The fast-forwarding
table will not contain any fast-forwarding entry after having been cleared.
Example
Clear the fast-forwarding cache.
<3Com> reset ip fast-forwarding cache
reset ip statistics
Syntax
reset ip statistics
View
User view
Parameter
None
Description
Using the reset ip statistics command, you can clear the IP statistics information.
In some special cases, it is necessary to clear the IP statistics information and
perform new statistics.
480
For the related commands, see display ip interface and display ip statistics.
Example
Clear IP statistics information.
<3Com> reset ip statistics
Syntax
reset tcp statistics
View
User view
Parameter
None
Description
Using the reset tcp statistics command, you can clear TCP traffic statistic
information. After the execution of this command, theres no prompt information
on the screen, and the existing statistics are cleared.
For the related command, see display tcp statistics.
Example
Display the TCP traffic statistic information.
<3Com> reset tcp statistics
Syntax
reset udp statistics
View
User view
Parameter
None
Description
Using the reset udp statistics command, you can clear the UDP statistics
information. After the execution of this command, theres no prompt information
on the screen, and the existing statistics are cleared.
Example
Clear UDP traffic statistics information.
<3Com> reset udp statistics
tcp mss
Syntax
tcp mss value
undo tcp mss
481
View
Interface view
Parameter
Value: The threshold for the TCP packet to be fragmented, with the value ranging
from 128 to 2048.
Description
Using the tcp mss command, you can designate a value as a threshold for TCP
packets to be fragmented. The undo tcp mss command is used to prevent TCP
packets from being fragmented. As the default MTU of the interface being 1500
bytes, this restricts the total length of encryption packet head + data link
expenditure + IP packet head + TCP packet to 1500 bytes. So the dear length of
TCP packets to fragment may be about 1200 bytes.
By default, TCP packets are not fragmented.
Example
Configure the threshold of TCP packet fragmentation to be 300.
3Com-Ethernet0/0/0] tcp mss 300
Syntax
tcp timer fin-timeout time-value
undo tcp timer fin-timeout
View
System view
Parameter
time-value: TCP finwait timer value, in second, with the value range of 76 to 3600.
Description
Using the tcp timer fin-timeout command, you can configure the TCP finwait
timer. Using the undo tcp timer fin-timeout command, you can restore the
default value of the timer.
By default, TCP finwait timer value is 675 seconds.
When the TCP connection status changes from FIN_WATI_1 to FIN_WAIT_2, the
finwait timer is enabled. If FIN packet is not received before the timeout of finwait
timer, the TCP connection will be closed.
The configuration of this parameter needs to be implemented under the guidance
of the technical support engineers.
For the related commands, see tcp timer syn-timeout and tcp window.
Example
Configure the TCP finwait timer value as 675 seconds.
[3Com] tcp timer fin-timeout 675
482
Syntax
tcp timer syn-timeout time-value
undo tcp timer syn-timeout
View
System view
Parameter
time-value: TCP synwait timer value in second, with the value range of 2 to 600.
Description
Using the tcp timer syn-timeout command, you can configure the TCP synwait
timer. Using the undo tcp timer syn-timeout command, you can restore the
default value of the timer.
By default, TCP synwai timer value is 75 seconds.
When a syn packet is sent, TCP enables the synwait timer. If the response packet is
not received before synwait timeout, the TCP connection will be disabled.
The configuration of this parameter needs to be implemented under the guidance
of the technical support engineers.
For the related commands, see tcp timer fin-timeout and tcp window.
Example
Configure the TCP synwait timer value as 75 seconds.
[3Com] tcp timer syn-timeout 75
tcp window
Syntax
tcp window-size window
undo tcp window
View
System view
Parameter
window-size: The size of the transceiving buffer of the connection-oriented Socket
in kilobytes (KB), with the value ranging 1 to 32.
Description
Using the tcp window command, you can configure the size of the transceiving
buffer of the connection-oriented Socket. Using the undo tcp window
command, you can restore the default size of the buffer.
By default, the size of the connection-oriented transceiving buffer is 4K bytes.
The configuration of this parameter needs to be implemented under the guidance
of the technical support engineers.
For the related commands, see tcp timer fin-timeout and tcp timer
syn-timeout.
483
Example
Configure the size of the transceiving buffer of the connection-oriented Socket as
4 KB.
[3Com] tcp window 4
debugging nat
Syntax
debugging nat { alg | event | packet [ interface { interface-type interface-number |
interface-name } ] }
undo debugging nat { alg | event | packet [ interface { interface-type interface-number |
interface-name } ] }
View
User view
Parameter
alg: Enables the application level gateway NAT debugging information.
event: Enables NAT event debugging information.
packet: Enables NAT data packet debugging information.
Interface: Enables NAT packet debugging for a special interface.
Description
Using the debugging nat command, you can enable the NAT debugging
function. Using the undo debugging nat command, you can disable the NAT
debugging function.
display nat
Syntax
display nat { address-group | aging-time | all | outbound | server | statistics | session [
vpn-instance vpn-instance-name ] [ slot slot-number ] [ destination ip-addr ] [source
global global-addr | source inside inside-addr ] }
View
Any view
Parameter
address-group: Displays the information of the address pool.
aging-time: Displays the effective time for NAT connection.
all: Displays all the information about NAT.
outbound: Displays the information of the outbound NAT.
server: Displays the information of the internal server.
statistics: Displays the statistics of current NAT records.
session: Displays the information of the currently activated connection.
484
Two address pools are configured: Address pool 1 ranges from 11.1.1.1 to
11.1.1.20, and address tool 2 ranges from 22.1.1.1 to 22.1.1.20.
Two address translation associations are configured at Serial0/0/0: ACL 11 is
associated with address pool 1 and one-to-one address translation is performed;
and ACL 22 is associated with address pool 2, and one-to-one address translation
is performed.
Serial0/0/0 is configured with 2 internal servers: the www server of
http://202.119.11.3:8080, whose internal address is 5.5.5.5; and the ftp server of
ftp://202.119.11.3:2121, whose internal address is 5.5.5.5.
nat address-group
485
Syntax
nat address-group group-number start-addr end-addr
undo nat address-group group-number
View
System view
Parameter
group-number: defined Address pool ID, it is an integer ranging from 0 to 31.
start-addr: Starting IP address in the address pool.
end-addr: Ending IP address in the address pool.
Description
Using the nat address-group command, you can configure an address pool.
Using the undo nat address-group command, you can delete an IP address pool.
Address pool indicates the cluster of some outside IP addresses. If start-addr and
end-addr are the same, it means that there is only one address.
CAUTION: The length of an address pool (numbers of all addresses contained in
an address pool) cannot exceed 256.
The address pool cannot be deleted, if it has been correlated to some certain
access control list to perform the address translation.
Example
Configure an address pool from 202.110.10.10 to 202.110.10.15, with its NAT
pool ID being 1.
[3Com] nat address-group 1 202.110.10.10 202.110.10.15
nat aging-time
Syntax
{ default | { dns | ftp-ctrl | ftp-data | icmp | pptp | tcp | tcp-fin | tcp-syn | udp
} seconds }
View
System view
Parameter
default: Sets the address translation lifetime values to the defaults.
dns: Sets the address translation lifetime for DNS to 60 seconds (default).
ftp-ctrl: Sets the address translation lifetime for FTP control links to 7200 seconds
(default).
ftp-data: Sets the address translation lifetime for FTP data links to 240 seconds
(default).
icmp: Sets the address translation lifetime for ICMP to 60 seconds (default).
486
pptp: Sets the address translation lifetime for PPTP to 86400 seconds (default).
tcp: Sets the address translation lifetime for TCP to 86400 seconds (default).
tcp-fin: Sets the address translation lifetime for TCP FIN or TCP RST connections to
60 seconds (default).
tcp-syn: Sets the address translation lifetime for TCP SYN connections to 60
seconds (default).
udp: Sets the address translation lifetime for UDP to 300 seconds (default).
seconds: Time value in the range 10 to 86400 (24 hours).
Description
Using the nat aging-time command, you can set the lifetime of NAT connections.
This command is used to set the lifetime of address translation connection in
seconds, and different time values are set for different types of protocols.
nat outbound
Syntax
nat outbound acl-number [ address-group group-number [ no-pat ] ]
undo nat outbound acl-number [ address-group group-number [ no-pat ] ]
View
Interface view
Parameter
address-group: Configures address translation by means of address pool. If the
address pool is not specified, use the IP address of the interface as the translated
address, i.e., the "easy ip" feature.
no-pat: Uses simple address translation, which means only to translate the address
of the packet but not use port information.
acl-number: ACL index in the range of 1 to 199 (the advanced ACL can be used).
group-number: The number of a defined address pool.
Description
Using the nat outbound command, you can associate an ACL with an address
pool, indicating that the address specified in the acl-number can be translated by
using address pool group-number. Using the undo nat outbound command, you
can remove the corresponding address translation.
Translation of the source address of the packet that conforms to the ACL is
accomplished by configuring the association between the ACL and the address
pool. The system performs address translation by selecting one address in the
address pool or by directly using the IP address of the interface. Users can
configure different address translation associations at the same interface. The
corresponding undo form of the command can be used to delete the related
487
Allow address translation and use the addresses of address pool 1 for address
translation. During translation, the information of TCP/UDP port is used.
[3Com-Serial0/0/0] nat outbound 1 address-group 1
The configuration that can be used when performing address translation by using
the IP address of interface Serial0/0/0 directly.
[3Com-Serial0/0/0] nat outbound 1
nat server
Syntax
nat server [ vpn-instance vpn-instance-name ] protocol pro-type global global-addr
global-port1 global-port2 inside host-addr1 host-addr2 host-port
nat server [ vpn-instance vpn-instance-name ] protocol pro-type global global-addr [
global-port ] inside host-addr [ host-port ]
undo nat server [ vpn-instance vpn-instance-name ] protocol pro-type global
global-addr global-port1 global-port2 inside host-addr1 host-addr2 host-port
488
View
Interface view
Parameter
vpn-instance-name: The virtual route forwarding instance of the VPN the internal
server belongs to. If the parameter is not configured, it represents that the internal
server belongs to an ordinary private network, other than one MPLS VPN.
global-addr: An IP address provided for the outside to access (a legal IP address).
global-port: A service port number provided for the outside to access. If ignored,
its value shall be the same with the host-ports value.
host-addr: IP address of the server in internal LAN.
host-port: Service port number provided for a server in the range of 0 to 65535,
and the common used port numbers are replaced by key words. For example,
www service port number is 80, which can also be represented by www. ftp
service port number is 21, and ftp can also stands for it. If the inside-port is 0, it
indicates that all the types of services can be provided and the key word any can
be used to stand for it in this situation. If the parameter is not configured, it is
considered as the case of any, which is the same as that there is a static connection
between global-addr and host-addr. When the host-port is configured as any, the
global-port also should be any, otherwise the configuration is illegal.
global-port1, global-port2: Specifies a port range through two port numbers,
forming a corresponding relation with the internal host address range.
global-port2 must be larger than global-port1.
host-addr1, host-addr2: Defines a group of consecutive address ranges, which
respectively one-to-one matches the port ranges defined above. host-addr2 must
be bigger than host-addr1. The number of the address ranges should be the same
as the number of ports defined by global-port1 and global-port2.
pro-type: The protocol type carried by IP, possibly being a protocol ID, or a key
word as a substitution. For example: icmp (its protocol ID is 1), tcp (its protocol ID
is 6), udp (its protocol ID is 7).
Description
Using the nat server command, you can define the mapping table of an internal
server. Users can access the internal server with the address and port as host-addr
and host-port respectively through the address port defined by global-addr and
global-port. Using the undo nat server command, you can remove the mapping
table.
Through this command, you can configure some internal network servers for
outside use. The internal server can locate in the ordinary private network or in
MPLS VPN. For example, www, ftp, telnet, kpop3, dns and so on.
Up to 256 internal server conversion commands can be configured on one
interface and at most 4096 internal servers can be configured on one interface.
489
Specify one interior host 10.110.10.12, expecting that the host of the exterior
network can ping it with ping 202.110.10.11 command.
[3Com-Serial0/0/0] nat server protocol icmp global 202.110.10.11 inside 10.110.10.12
By the command below, the internal ftp server of VPN vrf10 can be removed.
[3Com-Serial0/0/0] undo nat server protocol tcp global 202.110.10.11 8070 inside
10.110.10.11 ftp
Specify an outside address as 202.110.10.10, and map the ports ranging from
1001 to 1100 to the addresses of 10.110.10.1 to 10.110.10.100 respectively to
access ftp service inside VPN vrf10. 202.110.10.10:1001 accesses 10.110.10.1
and 202.110.10:1002 accesses 10.110.10.2, etc.
[3Com-Serial0/0/0] nat server protocol tcp global 202.110.10.10 1001 1100 inside
10.110.10.1 10.110.10.100 telnet
reset nat
Syntax
reset nat { log-entry | session slot slot-number }
View
User view
Parameter
log-entry: Clears NAT log buffer.
490
slot slot-number: Number of the interface card, which only exists in the
distributed environment.
session: Clears the information of the address translation table.
Description
This command is used to clear up the mapping tables of address translation in the
memory and release all the memory dynamically allocated to store the mapping
tables.
Example
In the central environment, clear NAT log buffer.
<3Com> reset nat log-entry
IP Unicast Policy
Routing Configuration
Commands
apply default
output-interface
Syntax
apply default output-interface interface-type interface-number [ ... interface-type
interface-number ]
undo apply default output-interface interface-type interface-number [ ... interface-type
interface-number ]
View
Route-policy view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the apply default output-interface command, you can set default
forwarding interface for packets. Using the undo apply default
output-interface command, you can cancel the configuration of the default
forwarding interface of packets.
491
This command is used to set forwarding interface for the matched IP packet, and
the clause is valid for the packet whose route has not been found.
For the related commands, see apply ip-precedence, apply ip-address
next-hop, apply output-interface, and apply ip-address default next-hop.
Example
Set the default forwarding interface of packets as serial 0/0/0.
[3Com-route-policy] apply default output-interface serial 0/0/0
Syntax
apply ip-address default next-hop ip-address [...ip address ]
undo apply ip-address default next-hop ip-address [...ip address ]
View
Route-policy view
Parameter
ip-address: IP address of default next hop.
Description
Using the apply ip-address default next-hop command, you can set the default
next hop of a packet. Using the undo apply ip-address default next-hop
command, you can cancel the configured default packet next hop.
This command is only valid for the packet whose route has not been found.
For the related commands, see apply ip-precedence, apply output-interface,
apply default output-interface, and apply ip-address next-hop.
Example
Set the default next hop of a packet to 1.1.1.1.
[3Com-route-policy] apply ip-address default next-hop 1.1.1.1
apply ip-address
next-hop
Syntax
apply ip-address next-hop ip-address [ ip-address ]
undo apply ip-address next-hop ip-address [ ip-address ]
View
Route-policy view
Parameter
ip-address: IP address of next hop.
Description
Using the apply ip-address next-hop command, you can set the packet next
hop. Using the undo apply ip-address next-hop command, you can cancel the
configuration about the next hop.
This command is used to set the next hop for the matched IP packet and at most
two next hops can be specified. The next hop should be adjacent to this device.
492
apply ip-precedence
Syntax
apply ip-precedence value
undo apply ip-precedence
View
Route-policy view
Parameter
value: The preference value. There are totally 8 (in the range 0 to 7) preferences:
routine
priority
immediate
flash
flash-override
critical
internet
network
Description
Using the apply ip-precedence command, you can set precedence of IP packets.
Using the undo apply ip-precedence command, you can remove the precedence
of IP packets. This command is used to configure the set clause of route-policy and
the preference for the matched IP packets.
For the related commands, see apply output-interface, apply ip-address
next-hop, apply default output-interface, and apply ip-address default
next-hop.
Example
Set the preference of IP packet to 5 (critical).
[3Com-route-policy] apply ip-precedence critical
apply output-interface
Syntax
apply output-interface interface-type interface-number [ interface-type
interface-number ]
undo apply output-interface interface-type interface-number [ interface-type
interface-number ]
493
View
Route-policy view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the apply output-interface command, you can set a packet forwarding
interface. Using the undo apply output-interface command, you can cancel the
configuration on a forwarding interface.
This command is used to set the packet forwarding interface for the matched IP
packet. At most two forwarding interfaces can be specified.
For the related commands, see apply ip-precedence, apply ip-address
next-hop, apply default output-interface, and apply ip-address default
next-hop.
Example
Specify forwarding interface as serial0/0/0 for the matched IP packet.
[3Com-route-policy] apply output-interface Serial 0/0/0
display ip policy
Syntax
display ip policy
View
Any view
Parameter
None
Description
Using the display ip policy command, you can view the routing policies of local
and configured interface policy routings. This command is used to display the
routing policies of local and configured interface policy routings.
Example
Display the routing policies of the local and configured interface policy routings.
<3Com> display ip policy
Route-policy Interface
pr02
Local
pr02
Virtual-Template0
pr01
Ethernet 0/0/0
The first line is prompt information. The first row shows where is used the routing
policy indicated in the second row. Take the first line as an example, "local"
indicates that the policy routing is used on the local router, i.e., all packets sent
from the local router (not forward through it) using the policy routing "pr02". The
494
second and third lines represent that the interfaces virtual-template0 and
Ethernet0/0/0 use route policy pr02 and pr01 respectively.
display ip policy setup
Syntax
display ip policy setup { policy-tag | local | interface interface-type interface-number }
View
Any view
Parameter
policy-tag: Displays the setting information of policy routings identified by
map-tag.
local: Displays the setting information of local policy routings.
interface: Displays the setting information of interface policy routings.
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display ip policy setup command, you can view the setting
information of policy routings.
The display output of the display ip policy setup local command is the same as
that with policy-tag which will be shown soon, except that it displays the policy
routing enabled on the local router but not the configuration of a certain specified
route-policy.
The display ip policy setup interface command displays the configuration of
the policy routing enabled on the interface.
Example
Display the specific configurations of the specified policy routing, enabled or
disabled.
<3Com> display ip policy setup pr01
route-policy pr01 permit node 0
if-match acl 11
apply ip-address next-hop 3.3.3.3
This command displays the specific configuration of the policy routing named
pr01. As shown above, the policy routing has one 0 node and includes an if-match
clause and an apply clause. For the accurate meanings of the if-match clause and
the apply clause, you can refer to the configuration guide of the command. The
example shows how the option map-tag is used.
display ip policy statistic
Syntax
display ip policy statistic { { policy-tag | local | interface interface-type interface-number
} [ verbose ] }
495
View
Any view
Parameter
policy-tag: Displays the statistics of the policy identified by policy-tag performing
policy routing process on packets.
local: Displays the statistics of local policy routing packets.
interface: Displays the statistics of interface policy routings.
interface-type: Interface type.
interface-number: Interface number.
verbose: Displays the detailed information.
Description
Using the display ip policy statistic command, you can view the statistics of
policy routings.
Example
Display the matching statistics of the specified policy routing.
<3Com> display ip policy statistic local
local policy pr02 summary information:
Main board
Total success packet number: 0
Total failure packet number: 0
The above information shows the forwarding success and failure times for all the
forwarding policy (i.e., the apply clause) of the local router policy routing.
To display the more detail statistics classified according to each apply clause, the
option verbose should be added.
<3Com> display ip policy statistic local verbose
local policy pr02 detail information:
Main board
apply output-interface: NULL0
Total success packet number: 0
Fail for interface not exists: 0
Fail for interface down: 0
apply ip-address next-hop: 5.5.5.5
Total success packet number: 0
Fail for error next-hop: 0
Fail for interface not exists: 0
Fail for interface down: 0
If the optional field verbose is added, the more detail statistics of each apply clause
in the policy routing will be displayed separately and the statistics of the
forwarding errors has been classified.
496
if-match acl
Syntax
if-match acl acl-number
undo if-match acl acl-number
View
Route-policy view
Parameter
acl-number: Address access control list number.
Description
Using the if-match acl command, you can set the match condition for IP address.
Using the undo if-match acl command, you can delete the IP address match
condition.
An acl-number can be basic standard access-list or advanced access-list.
For the related command, see if-match packet-length.
Example
Set packets that accord with the access list 10 to be matched.
[3Com] route-policy map1 permit node 10
[3Com-route-policy] if-match acl 10
if-match packet-length
Syntax
if-match packet-length min-len max-len
undo if-match packet-length
View
Route-policy view
Parameter
min-len: Minimum packet length of network layer.
max-len: Maximum packet length of network layer.
Description
Using the if-match packet-length command, you can set length match
conditions of IP packets. Using the undo if-match packet-length command, you
can delete the configuration about IP packet length match conditions.
For the related command, see if-match acl.
Example
Set the packet in the range 100 to 200 to be matched.
[3Com] route-policy map1 permit node 10
[3Com-route-policy] if-match packet-length 100 200
ip local policy
route-policy
Syntax
ip local policy route-policy policy-tag
497
View
System view
Parameter
policy-tag: Policy name.
Description
Using the ip local policy route-policy command, you can enable local policy
routing. Using the undo ip local policy route-policy command, you can delete
the existing setting of the policy routing.
By default, interface local policy routing is disabled.
This command is used to enable or disable the local policy routing for the packets
sent by the local device. If there is no special demand, it is recommended that
users do not configure local policy routing.
For the related command, see ip policy route-policy.
Example
Enable a local policy routing at system view. The policy routing is specified by
route-policy AAA.
[3Com] ip local policy route-policy AAA
ip policy route-policy
Syntax
ip policy route-policy policy-name
undo ip policy route-policy policy-name
View
Interface view
Parameter
policy-name: Policy name.
Description
Using the ip policy route-policy command, you can enable policy routing at an
interface. Using the undo ip policy route-policy command, you can delete the
existing policy routing at an interface.
By default, interface policy routing is disabled.
For the related command, see ip local policy route-policy.
Example
Enable the policy routing specified by route-policy AAA at the interface Ethernet
0/0/0.
[3Com-ethernet0/0/0] ip policy route-policy AAA
498
IP Multicast Policy
Routing Configuration
Commands
apply ip-address
next-hop
Syntax
apply ip-address next-hop { acl acl-number | ip-address [ ip-address ] }
undo apply ip-address next-hop [ acl acl-number | ip-address [ ip-address ] ]
View
Route-policy view
Parameter
acl-number: Standard ACL number ranging from 1 to 99.
ip-address: Specifies the next hop address. Multiple next hop addresses can be
specified.
Description
Using the apply ip-address command, you can configure the next hop IP address
list in a route-node. Using the undo apply ip-address command, you can remove
the configuration.
By default, no apply clause is defined.
This command specifies the next hop address for packets that match the if-match
acl command. It specifies the next hop IP address list for multicast policy routing
through the ACL. This command is in juxtaposition relation with the apply
output-interface command. If both apply clauses are configured at the same
time, in multicast policy routing, the packets will be replicated and forwarded to
all the interfaces and next hops specified by the ACLs respectively. This is different
from unicast policy routing because only one apply clause works.
For the next hop IP address, the specified ACL is the standard ACL.
For the related commands, see if-match acl, apply output-interface, and
display ip multicast-policy.
apply output-interface
Syntax
apply output-interface acl acl-number
undo apply output-interface [ acl acl-number ]
View
Route-policy view
Parameter
acl-number: ID of interface-based ACL, ranging from 1000 to 1999.
Description
Using the apply output-interface command, you can configure an outgoing
interface list in a route-node. Using the undo apply output-interface command,
you can remove the configuration.
499
Syntax
debugging ip multicast-policy [ acl-number ]
undo debugging ip multicast-policy
View
User view
Parameter
acl-number: ID of interface-based ACL ranging 1000 to 1999.
Description
Using the debugging ip multicast-policy command, you can enable the
debugging of IP multicast policy routing. Using the undo debugging ip
multicast-policy command, you can disable the debugging of multicast policy
routing.
The contents of the debugging information contain the route-node that the
packets match and the next hop/outgoing interface to which the packets are
forwarded. The debugging information output can be filtered with the
interface-based ACL.
It should be noted that enabling the debugging will affect the performance of the
system. You should disable the debugging when the system is running normally.
For the related command, see route-policy.
display ip
multicast-policy
Syntax
display ip multicast-policy [ setup interface interface-name | statistic interface
interface-name ]
View
Any view
500
Parameter
interface-name: Interface name.
Description
Using the display ip multicast-policy command, you can view the multicast
policy routing information.
Example
Display the information about the multicast policy routing configured on interface
Ethernet2/0/0.
[3Com] display ip multicast-policy setup interface ethernet2/0/0
route-policy cc permit node 10
if-match acl 110
apply ip-address next-hop acl 50
route-policy cc permit node 20
if-match acl 120
apply output-interface acl 1005
Display the statistic information about the multicast policy routing configured on
interface Ethernet2/0/0.
[3Com] display ip multicast-policy statistic interface ethernet2/0/0
interface Ethernet2/0/0 multicast-policy routing summary information:
Total packets matched: 5
Total packets forward : 20
if-match acl
Syntax
if-match { acl acl-number | ip-prefix ip-prefix-name }
undo if-match { acl acl-number | ip-prefix ip-prefix-name }
View
Route-policy view
Parameter
acl-number: Standard or extended ACL number ranging from 1 to 199.
ip-prefix-name: Specifies the name of an address prefix list used for filtering.
Description
Using the if-match acl command, you can set conditions that multicast packets
should meet in each policy node. Using the undo if-match acl command, you can
remove the match conditions set.
By default, no if-match clause is defined.
If a packet meets the if-match conditions specified in a policy node, actions
specified by the node will be performed. If a packet does not meet the if-match
conditions specified in a policy node, the next node will be detected. If a packet
does not meet the conditions of all policy nodes, the packet will return to the
normal forwarding flow. The configuration and use of this command are the same
as those of the same command in the unicast policy routing.
ip multicast-policy
route-policy
501
Syntax
ip multicast-policy route-policy policy-name
undo ip multicast-policy route-policy policy-name
View
Interface view
Parameter
policy-name: Specifies the name of a route-policy, which uniquely identifies one
route-policy.
Description
Using the ip multicast-policy route-policy command, you can enable a
multicast policy routing on an interface. Using the undo ip multicast-policy
route-policy command, you can remove a multicast policy route applied on the
interface.
By default, no multicast route policy is enabled.
Using this command can enable multicast policy routing defined by the
route-policy named policy-name on an interface.
When multicast policy routing is configured on an interface of a router, all
multicast packets entering the router on the interface will be filtered.
The filter method is that all policy nodes of the route-policy specified by the policy
routing are tried in the order of the ascending sequence of the numbers. If a
packet meets the if-match conditions specified in a policy node, actions specified
by the node will be performed. If a packet does not meet the if-match conditions
specified in a policy node, the next node will be detected. If a packet does not
meet the conditions of any policy nodes, the packet will return to the normal
forwarding flow.
For the related command, see route-policy.
Example
Enable multicast policy routing named map1 on interface Ethernet 2/0/0.
[3Com-Ethernet2/0/0] ip multicast-policy route-policy map1
route-policy
Syntax
route-policy policy-name { permit | deny } node sequence-number
undo route-policy policy-name [ permit | deny ] [ node sequence-number ]
View
System view
Parameter
policy-name: Specifies the name of a route-policy, which uniquely identifies one
route-policy.
permit: Specifies the match mode of the route-policy node defined as permit.
When a route entry meets the if-match clause of the node, the entry is permitted
502
to pass the filter of the node and the apply clause of the node will be performed.
If a route entry does not meet the if-match clause of the node, the next node of
the route-policy will be tested. For multicast policy routing configuration, all the
if-match clauses except the if-match acl clause are invalid.
deny: Specifies the match mode of the route-policy node defined as deny. When a
route entry meets the if-match clause of the node, the entry is denied to pass the
filter of the node and the next node will not be tested. For multicast policy routing
configuration, all the if-match clauses except the if-match acl clause are invalid.
sequence-number: Identifies a node in the route-policy. When the route-policy is
used for routing information filtering, the node with a smaller sequence-number is
tested first. This parameter ranges from 0 to 65535.
Description
Using the route-policy command, you can configure a route-policy node and
enter the route-policy view. Using the undo route-policy command, you can
remove a route-policy or a node.
By default, no route-policy is defined.
The policy of IP multicast policy routing is implemented by configuring
route-policies. Multiple route-policies can be configured on a router. Each
route-policy may contain multiple route-nodes. Different route-nodes in a
route-policy are identified by different integer sequence-numbers. In each
route-node, set the conditions that packets should match (i.e., the match rule)
with the if-match command, and configure the forwarding actions to be
executed to packets that meet the match conditions with the apply command.
The logical relation that filter the if-match clauses is and. This means that any
if-match clause passing the filter will cause others to be ignored.
Only the if-match acl clause is effective for multicast policy routing. The logical
relation between route-policy nodes is or. That is, one packet forwarded in one
policy node results in all the following nodes being ignored. If all permit nodes can
not succeed in matching with the features of packet or any deny node is matched,
the packet will then be forwarded or discarded normally, up to the route table.
When multicast policy routing is configured on an interface of a router, all
multicast packets entering the router on the interface will be filtered. The filter
method is that all policy nodes of the route-policy are applied in the ascending
sequence of their ID(a number).
For the related commands, see if-match, apply output-interface, apply
ip-address next-hop, and display ip multicast-policy.
Example
Configure a route-policy named map1 with the node ID of 10 and with the match
mode of permit and enter the route-policy view.
[3Com] route-policy map1 permit node 10
[3Com-route-policy]
503
IPX Configuration
Commands
debugging ipx packet
Syntax
debugging ipx packet [ interface-type interface-num | interface-name ]
undo debugging ipx packet [ interface-type interface-num | interface-name ]
View
User view
Parameter
interface-type: Interface type.
interface-num: Interface number.
interface-name: Interface name.
Description
Using the debugging ipx packet command, you can enable IPX packet
debugging switch to view the contents of IPX packet received and transmitted.
Using the undo debugging ipx packet command, you can disable the
debugging switch.
By default, IPX packet debugging switch is disabled.
Example
Enable IPX packet debugging switch.
<3Com> debugging ipx packet
*0.8942310-IPX-8-IPXPKT:
Sending, interface = Serial3/0/0,
pktlen = 40, hops = 0, pkttype = 0x1,
dstnet = 0xb, dstnode = ffff-ffff-ffff, dstsocket = 0x453,
srcnet = 0xb, srcnode = 00e0-fc01-5517, srcsocket = 0x453
prompt: Sending the packet.
*0.8942610-IPX-8-IPXPKT:
Delivering, interface = Serial3/0/0,
pktlen = 480, hops = 0, pkttype = 0x4,
dstnet = 0xb, dstnode = ffff-ffff-ffff, dstsocket = 0x452,
srcnet = 0xb, srcnode = 00e0-fc01-54f6, srcsocket = 0x452
prompt: IPX packet is delivering up!
Description
pktlen =
hops =
pkttype =
dstnet =
dstnode =
dstsocket =
srcnet =
504
Item
Description
srcnode =
srcsocket =
promt:
Syntax
debugging ipx ping
undo debugging ipx ping
View
User view
Parameter
None
Description
Using the debugging ipx ping command, you can enable IPX Ping packet
debugging switch to view the contents of Ping packet received and transmitted.
Using the undo debugging ipx ping command, you can disable the debugging
switch.
By default, IPX Ping packet debugging switch is disabled.
Example
Enable IPX Ping packet debugging switch.
<3Com> debugging ipx ping
*0.15396012-IPX-8-IPXHWPING:
Ping receiving: Request, Src = a.00e0-fc04-8859, Dst = a.00e0-fc01-54f6
*0.15396130-IPX-8-IPXPING:
Ping sending: Response, Src = a.00e0-fc01-54f6, Dst = a.00e0-fc04-8859
Description
Src =
Dst =
505
Syntax
debugging ipx rip { packet [ verbose ] | event }
undo debugging ipx rip { packet [ verbose ] | event }
View
User view
Parameter
packet: Debugging information of packet received and transmitted.
verbose: Displays detailed information about packet received and transmitted.
event: Event debugging information, such as Up/Down of an interface and
related timer events.
Description
Using the debugging ipx rip command, you can enable RIP debugging switch to
view information on RIP packet received and transmitted, routing changes and
timer expiry. Using the undo debugging ipx rip command, you can disable RIP
debugging switch.
By default, IPX RIP debugging switch is disabled.
Example
Enable IPX RIP packet debugging switch.
<3Com> debugging ipx rip packet
Send RIP Response to Ethernet0/0, length 96
src:a.00e0-fc01-5517(453), dst:a.ffff-ffff-ffff(453)
Number of Entries in Pkt: 8
506
debugging ipx
rtpro-flash
Syntax
debugging ipx rtpro-flash
undo debugging ipx rtpro-flash
View
User view
Parameter
None
Description
Using the debugging ipx rtpro-flash command, you can turn on the debugging
switch of route refreshing in the IPXRM module. Using the undo debugging ipx
rtpro-flash command, you can turn off the debugging switch of route refreshing
in the IPXRM module.
This kind of debugging information is generated when routes are refreshed for the
sake of route change.
Example
Switch on route refreshing debugging for IPXRM module.
<3Com>debugging ipx rtpro-flash
<3Com>
debugging ipx
rtpro-interface
Syntax
debugging ipx rtpro-interface
undo debugging ipx rtpro-interface
View
User view
Parameter
None
Description
Using the debugging ipx rtpro-interface command, you can turn on the
debugging switch of interface change in the IPXRM module. Using the undo
debugging ipx rtpro-interface command, you can turn off the debugging
switch of interface change in the IPXRM module.
507
debugging ipx
rtpro-routing
Syntax
debugging ipx rtpro-routing
undo debugging ipx rtpro-routing
View
User view
508
Parameter
None
Description
Using the debugging ipx rtpro-routing command, you can turn on the
debugging switch of route change in the IPXRM module. Using the undo
debugging ipx rtpro-routing command, you can turn off the debugging switch
of route change in the IPXRM module.
This kind of debugging information is generated when route changes as addition,
deletion or attribute adjustment occur.
Example
Switch on route change debugging for IPXRM module.
<3Com>debugging ipx rtpro-routing
<3Com>
Nexthop: 0.0000-0000-0000
Interface: a.00e0-fcfb-3a00(Serial1)
Protocol: Static
Ticks: 6
Preference: 60
Hops: 1
Nexthop: 0.0000-0000-0000
Interface: a.00e0-fcfb-3a00(Serial1)
Protocol: Static
Ticks: 6
Preference: 60
Hops: 1
Syntax
debugging ipx sap [ packet [ verbose ] | event ]
undo debugging ipx sap [ packet [ verbose ] | event ]
View
User view
Parameter
packet: Debugging information of packet received and transmitted.
verbose: Displays detailed information about packet received and transmitted.
event: Event debugging information, such as Up/Down of an interface and
related timer events.
509
Description
Using the debugging ipx sap command, you can enable IPX SAP debugging
switch to view information on SAP packet received and transmitted, routing
changes and timer expiry. Using the undo debugging ipx sap command, you
can disable IPX SAP debugging switch.
Enabling IPX SAP debugging switch, you can confirm whether SAP packet is
received. Normally, a router or server sends out an SAP update packet every
minute. By default, each SAP packet includes up to seven service information
items at most. If a lot service information needs advertising on the network, the
router sends out multiple packets per update. For example, if a router has 20
service information items in SIT, it sends three SAP packets per update. The first
SAP includes the first seven items, the second SAP includes the next seven items,
and the last update includes the last six items.
The debugging ipx sap command generates significant amount of output, use it
with caution on networks that have many interfaces and a great deal of service
information. Disable debugging switch immediately after debugging to reduce
effect to normal services as possible.
Example
Enable SAP packet verbose debugging switch.
<3Com> debugging ipx sap packet verbose
*0.20909856-IPXSAP-8-IPX SAP: MSG: Receive Response Packet From Eth0,Length 480
Src: 000a.0000-0104-8f02 (0452) Dest: 000a.ffff-ffff-ffff (0452)
Number of entries in pkt: 7
Server type 2000 "PS1" 0008.000a-000a-000a (0452) hop 3
Server type 2345 "kkkkk" 000d.0005-0005-0005 (0452) hop 6
Server type 9000 "kiran-temp" 000d.0006-0006-0006 (0452) hop 16
Server type 6000 "kiran3" 000d.0003-0003-0003 (0452) hop 6
Server type 5000 "kiran2" 000d.0002-0002-0002 (0452) hop 16
Server type 4000 "kiran1" 000d.0001-0001-0001 (0452) hop 16
Server type 1000 "FS2" 000d.000a-000a-000a (0452) hop 2
Syntax
display ipx interface [ interface- type interface-num | interface-name ]
View
Any view
510
Parameter
Interface-type: Interface type.
Interface-num: Interface number.
Interface-name: Interface name.
Description
Using the display ipx interface command, you can view IPX interface
configuration information and interface parameters in communication devices.
Example
Display IPX configuration and statistics of the interface Ethernet1/0/0.
<3Com> display ipx interface ethernet 1/0/0
Ethernet1/0/0 is up
IPX address is 2.00E0-FC01-0000 [up]
SAP is enabled
Split horizon is enabled
Update change only is disabled
Forwarding of IPX type 20 propagation packet is enabled
Delay of this IPX interface, in ticks is 1
SAP GNS response is enabled
RIP packet maximum size is 432 bytes
SAP packet maximum size is 480 bytes
IPX encapsulation is Netware 802.3
0 received, 0 sent
0 bytes received, 0 bytes sent
0 RIP received, 0 RIP sent, 0 RIP discarded
0 RIP specific requests received, 0 RIP specific responses sent
0 RIP general requests received, 0 RIP general responses sent
0 SAP received, 0 SAP sent, 0 SAP discarded
0 SAP requests received, 0 SAP responses sent
Description
Ethernet1/0/0 is ...
[up]
SAP is
Split horizon is
SAP GNS response is ... Whether SAP GNS reply is enabled on the current interface. The
related command is ipx sap gns-disable-reply.
511
Item
Description
received
sent
bytes received
bytes sent
RIP received
RIP sent
RIP discarded
SAP received
SAP sent
SAP discarded
Syntax
display ipx routing-table [ network ] [ verbose ]
display ipx routing-table protocol { default | direct | rip | static } [ inactive | verbose ]
View
Any view
Parameter
network: Destination network ID of IPX static route. It is an 8-bit hexadecimal
number, ranging from 1 to 0xFFFFFFFE. Display IPX routing information to
specified destination network ID.
verbose: Displays detailed route information, including active and inactive routes.
default: Displays all the default routing information.
direct: Displays all the directly connected routing information.
rip: Displays all IPX RIP routing information.
512
The following table explains the contents in the above displayed information:
Description
Dest_Ntwk_ID
Proto
Pre
Ticks
Hops
Nexthop
Interface
Display detailed IPX routing information, including active and inactive routes.
Item
Description
Time
State
Syntax
display ipx routing-table statistics
View
Any view
Parameter
None
Description
Using the display ipx routing-table statistics command, you can view IPX
routing statistics.
Example
Display IPX routing statistics.
<3Com> display ipx routing-table statistics
513
514
Routing tables:
Proto/State
route
Direct
2
Static
1
RIP
1
Default
0
Total
4
active
2
1
1
0
4
added
2
2
1
0
5
0
1
0
0
1
deleted
0
1
0
0
1
freed
Syntax
display ipx service-table [ [ type service-type | name name | network network | order {
network | type } ] | [ inactive ] ] [ verbose ]
View
Any view
Parameter
type: Displays information for specified service type ID.
service-type: The type of service.
name: Displays information for specified server name.
name: Name of the server.
network: Displays service information of the server on specified network
segment.
network: The network ID of the network segment.
order: Displays service information after classified by the type.
network: Classified by the network ID.
type: Classified by the service type.
inactive: Displays inactive service information.
verbose: Displays details about service information.
Description
Using the display ipx service-table command, you can view contents of an IPX
service information table. The output information of the command helps users
with IPX SAP troubleshooting.
Example
Display contents of IPX service information table.
[3Com] display ipx service-table
Abbreviation: S - Static, Pref - Preference(Decimal), NetId - Network number,
NodeId - Node address, hop - Hops(Decimal), Recv-If - Interface from which the service is
receieved
Name Type NetId NodeId
Sock Pref Hops Recv-If
FS2 1000 000d 000a-000a-000a 0452 500 02 Eth1/0/0
PS1 2000 0008 000a-000a-000a 0452 500 03 Eth1/0/0
0005-0005-0005
0003-0003-0003
0452 500
0452 500
06
06
515
Eth1/0/0
Eth1/0/0
Syntax
display ipx statistics
View
Any view
Parameter
None
Description
Using the display ipx statistics command, you can view statistics and type of IPX
packet transmitted and received.
Example
Display IPX statistics.
<3Com> display ipx statistics
Received: 0 total, 0 packets pitched
0 packets size errors, 0 format errors
0 bad hops(>16), 0 discarded(hops=16)
0 other errors, 0 local destination
0 can not be dealed
Sent: 0 forwarded, 0 generated
0 no route, 0 discarded
RIP: 0 sent, 0 received
0 responses sent, 0 responses received
0 requests received, 0 requests dealed
0 requests sent, 0 periodic updates
SAP: 0 general requests received
0 specific requests received
0 GNS requests received
0 general responses sent
0 specific responses sent
0 GNS responses sent
0 periodic updates, 0 errors
Description
Received
0 total
0 packets pitched
516
ipx enable
Item
Description
0 format errors
0 bad hops
0 discarded(hop=16)
0 other errors
0 local destination
Sent:
0 forwarded
0 generated
0 no route
0 discarded
RIP:
0 sent
0 received
0 responses sent
0 responses received
0 requests received
0 requests dealt
0 requests sent
0 periodic updates
SAP:
0 general requests
received
0 specific requests
received
0 GNS requests
received
0 general responses
sent
0 specific responses
sent
0 periodic updates
0 errors
Syntax
ipx enable [ node node ]
undo ipx enable
View
System view
517
Parameter
node: node value of the router. It is a 48-bit value represented by a triplet of
four-digit hexadecimal numbers separated by -. It is neither a broadcasting
address nor a multicast address. If the parameter is not configured, the router will
assign MAC address of the first Ethernet interface as its node value.
If there is no Ethernet interface in the router, the system will assign a random node
value based on the system clock.
Description
Using the ipx enable command, you can activate IPX. Using the undo ipx
enable command, you can deactivate IPX and remove all IPX configurations
simultaneously.
Activating IPX again after executing the undo ipx enable command, you can not
restore any IPX configuration.
Example
Enable IPX.
[3Com] ipx enable
Disable IPX.
[3Com] undo ipx enable
ipx encapsulation
Syntax
ipx encapsulation [ dot2 | dot3 | ethernet-2 | snap ]
undo ipx encapsulation
View
Ethernet Interface view
Parameter
dot2: Encapsulation format is Ethernet_802.2.
dot3: Encapsulation format is Ethernet_802.3.
ethernet-2: Encapsulation format is Ethernet_II.
snap: Encapsulation format is Ethernet_SNAP.
Description
Using the ipx encapsulation command, you can set IPX frame encapsulation
format on Ethernet interface. Using the undo ipx encapsulation command, you
can restore the default IPX frame encapsulation format.
By default, IPX frame encapsulation format on Ethernet interface is dot3
(Ethernet_802.3).
In WAN interfaces, IPX frame only supports PPP encapsulation.
518
Example
Configure IPX frame encapsulation format on the interface Ethernet0/1/0 as
Ethernet_II.
[3Com-Ethernet 0/1/0] ipx encapsulation ethernet-2
ipx netbios-propagation
Syntax
ipx netbios-propagation
undo ipx netbios-propagation
View
Interface view
Parameter
None
Description
Using the ipx netbios-propagation command, you can configure the router to
forward type 20 broadcast packets on the current interface. Using the undo ipx
netbios-propagation command, you can disable the forwarding of type 20
packets.
By default, type 20 broadcast packets will be discarded by the router rather than
forwarded.
IPX type 20 packet is a packet for NetBIOS (Network Basic Input/Output System)
defined by Novell NetWare.
Example
Enable the receipt and forwarding of type 20 broadcast packets.
[3Com-Ethernet 0/1/0] ipx netbios-propagation
ipx network
Syntax
ipx network network-number
undo ipx network
View
Interface view
Parameter
network: Network ID of IPX interface in hex. It ranges from 0x1 to FFFFFFFD.
519
Description
Using the ipx network command, you can configure a network ID for an
interface. Using the undo ipx network command, you can delete IPX network ID
of an interface.
By default, IPX is disabled on all interfaces after it is activated. There is no IPX
network ID on the interface.
Example
Configure the interface Ethernet0/1/0 as IPX interface and assign it with a network
ID.
[3Com-Ethernet 0/1/0] ipx network 675
Syntax
ipx rip import-route static
undo ipx rip import-route static
View
System view
Parameter
static: Imported static route.
Description
Using the ipx rip import-route static command, you can import static routes
into RIP. RIP adds them in their route updates. Using the undo ipx rip
import-route static command, you can disable the importation of static routes.
Example
Import a static route to RIP.
[3Com] ipx rip import-route static
Syntax
ipx rip mtu bytes
undo ipx rip mtu
View
Interface view
Parameter
bytes: Maximum RIP updating packet size in byte, ranging from 432 to 1500. By
default, it is 432.
Description
Using the ipx rip mtu command, you can configure RIP updating packet size.
Using the undo ipx rip mtu command, you can restore the default configuration.
520
By default, the maximum size of RIP updating packets is 432 bytes. In RIP updating
packets, the size of each routing information item is 8 bytes and the size of IPX
header and RIP header is 32 bytes. So an updating packet can carry up to 50
routing information items at most.
Example
Configure the maximum size of RIP updating packets on the interface
Ethernet1/0/0 to 500 bytes.
[3Com-Ethernet1/0/0] ipx rip mtu 500
Syntax
ipx rip multiplier multiplier
undo ipx rip multiplier
View
System view
Parameter
multiplier: It is used to calculate the aging period of RIP routing information table
items, ranging from 1 to 1000. By default, the value is 3. The actual aging time is
the value of multiplier multiplied by the RIP updating interval.
Description
Using the ipx rip multiplier command, you can configure the aging period of RIP
routing information table items. Using the undo ipx rip multiplier command,
you can restore the default configuration.
By default, RIP aging period is 3 times of updating interval.
Routers may contain a timer for each item in their routing information table,
which keeps track of elapsed time since the route was received. Every time the
updating packet containing the routing information is received, the timer is reset
to zero. If RIP route is not updated in a period of time, the system will regard the
route is no longer valid and delete it from the routing table.
For the related command, see ipx rip timer update.
Example
Configure RIP aging period of routing information table items is 5 times of
updating interval.
[3Com] ipx rip multiplier 5
Syntax
ipx rip timer update seconds
undo ipx rip timer update
View
System view
521
Parameter
seconds: RIP updating interval in second, ranging from 10 to 60000.
Description
Using the ipx rip timer update command, you can configure RIP updating
interval. Using the undo ipx rip timer update command, you can restore the
default value of RIP updating interval.
By default, the RIP updating interval is 60 seconds.
On a network, routers need to constantly exchange routing information with each
other to keep routing information consistent with actual network topology. In RIP,
directly connected routers periodically send updating packets to each other.
The changes of RIP updating interval will affect aging period. For the related
command, see ipx rip multiplier.
Example
Configure RIP updating interval to 30 seconds.
[3Com] ipx rip timer update 30
ipx route
Syntax
ipx route-static network [ network.node | interface-type interface-num |
interface-name ] [ preference value ] [ tick ticks hop hops ]
undo ipx route-static { network [ network.node | interface-type interface-num |
interface-name ] | all }
View
System view
Parameter
network: Destination network ID of IPX static route. It is an 8-bit hexadecimal
number, ranging from 1 to 0xFFFFFFFE.
network.node: The next hop address of IPX static route. network is the network ID
of the next hop. node is a triplet of four-bit hexadecimal numbers separated by
-, each ranging from 1 to 0xFFFF.
interface-type: Outgoing interface type, only supporting the interface with PPP
encapsulation. It can be Serial or POS interface.
interface-num: Outgoing interface number.
interface-name: Outgoing interface name.
preference: Route preference. The preference of directly connected routes is fixed
to 0 and cannot be changed. By default, the preference of active IPX static route is
60 and can be configured. The preference of dynamic IPX routes is fixed to 100
and cannot be changed.
value: Route preference value, ranging from 0 to 255. The less the value, the
higher the preference.
522
ticks: It indicates the necessary time to destination network (1 tick = 1/18 second).
By default, it is the tick value of outgoing interface. Interfaces of different types
have different default tick values. The tick value of Ethernet interface is 1 and that
of Serial interface is 6. When the tick value of an interface is modified, the tick
value of the corresponding static route will also be changed.
hops: Number of routers which are passed by to destination network. By default,
the value is 1.
all: All IPX static routes.
Description
Using the ipx route-static command, you can configure IPX static route. Using
the undo ipx route-static command, you can delete static route.
The system regards the IPX static route with destination network ID being -2
(0xFFFFFFFE) as the default route.
Example
Configure an IPX static route with destination network ID being 0x5a, the next
hop being 1000.0-0c91-f61f, ticks 10 and hops 2.
[3Com] ipx enable
[3Com] ipx route-static 5a 1000.0-0c91-f61f 10 2
Configure the default IPX route with the next hop being 3.4a-60-7, ticks 10, hops
2 and preference 20.
[3Com] ipx enable
[3Com] ipx route-static -2 3.4a.60.7 tick 10 hop 2 preference 20
Configure an IPX static route with destination network ID being 3a, outgoing
interface being Serial1/0/0, ticks 10, hops 2 and preference 30.
[3Com] ipx enable
[3Com] ipx route-static 3a serial 0/0/0 tick 10 hop 2 preference 30
ipx route
load-balance-path
Syntax
ipx route load-balance-path paths
undo ipx route load-balance-path
View
System view
Parameter
paths: The maximum equivalent route number to the same destination address,
ranging from 1 to 64. By default, the value is 1.
Description
Using the ipx route load-balance-path command, you can configure the
equivalent route number to the same destination address. Using the undo ipx
route load-balance-path command, you can restore the default configuration.
523
The equivalent route number to the same destination address is the maximum
number of active equivalent routes in the current system. If the newly configured
value is less than the current active route number, the system will change the
excessive active routes to inactive status.
Example
Configure the equivalent route number to the same destination address to 30.
[3Com] ipx route load-balance-path 30
ipx route
max-reserve-path
Syntax
ipx route max-reserve-path paths
undo ipx route max-reserve-path
View
System view
Parameter
paths: The maximum dynamic route number to the same destination address,
ranging from 1 to 255. By default, the value is 4.
Description
Using the ipx route max-reserve-path command, you can configure the
maximum dynamic route number to the same destination address. Using the
undo ipx route max-reserve-path command, you can restore the default
configuration.
When the dynamic route number to the same destination address exceeds the
maximum value configured the newly found dynamic routes will not be added
into the routing table; discarded directly. If the newly configured value is less than
the original one the excessive routes in the current routing table will not be
deleted until they age themselves or are deleted manually.
Example
Configure the maximum dynamic route number to the same destination address
to 200.
[3Com] ipx route max-reserve-path 200
Syntax
ipx sap disable
undo ipx sap disable
View
Interface view
Parameter
None
524
Description
Using the ipx sap disable command, you can disable SAP on the current
interface. Using the undo ipx sap disable command, you can enable SAP on the
current interface.
By default, the interface SAP is enabled as soon as IPX is enabled.
Example
Disable SAP on the interface Ethernet0/0/0.
[3Com-Ethernet0/0/0] ipx sap disable
Syntax
ipx sap gns-disable-reply
undo ipx sap gns-disable-reply
View
Interface view
Parameter
None
Description
Using the ipx sap gns-disable-reply command, you can disable IPX GNS reply on
the current interface. Using the undo ipx sap gns-disable-reply command, you
can enable IPX GNS reply on the current interface.
By default, GNS reply is enabled on an interface.
Example
Disable GNS reply on the interface Ethernet0/0/0.
[Ethernet0/0/0] ipx sap gns-disable-reply
Syntax
ipx sap gns-load-balance
undo ipx sap gns-load-balance
View
System view
Parameter
None
525
Description
Using the ipx sap gns-load-balance command, you can configure the router to
respond GNS request in Round-robin method, i.e., all servers respond GNS request
in turn. Using the undo ipx sap gns-load-balance command, you can configure
the nearest server to respond GNS request.
By default, for GNS request, a router will inform all servers it knows to respond in
Round-robin method to avoid overload of one server.
For the related command, see ipx sap gns-disable-reply.
Example
Configure the nearest server to respond GNS request.
[3Com] undo ipx sap gns-load-balance
ipx sap
max-reserve-servers
Syntax
ipx sap max-reserve-servers length
undo ipx sap max-reserve-servers
View
System view
Parameter
length: The length of the dynamic service information reserve queue, ranges
from1 to 2048. By default, the value is 2048.
Description
Using the ipx sap max-reserve-servers command, you can configure the length
of the service information reserve queue. Using the undo ipx sap
max-reserve-servers command, you can restore the default configuration.
If the newly configured service information queue length is less than the present
one, the items in SIT will not be deleted. If the service information item number for
the same service type exceeds the maximum value configured, the new service
information will not be added.
Example
Set the maximum length of service information reserve queue to 1024.
[3Com] ipx sap max-reserve-servers 1024
Syntax
ipx sap mtu bytes
undo ipx sap mtu
View
Interface view
526
Parameter
bytes: The maximum SAP packet size in byte, ranging from 480 to 1500. By
default, the value is 480.
Description
Using the ipx sap mtu command, you can configure the maximum size of SAP
updating packet. Using the undo ipx sap mtu command, you can restore the
default configuration.
By default, the maximum size of SAP updating packet is 480 bytes. The size of IPX
header and SAP header is 32 bytes, so a 480-byte SAP updating packet contains 7
service information items (64 bytes each).
Example
Set the maximum size of SAP updating packet on the interface Ethernet1/0/0 to
674 bytes (carrying 10 service information items at most).
[3Com-Ethernet0/0/0] ipx sap mtu 674
Syntax
ipx sap multiplier multiplier
undo ipx sap multiplier
View
System view
Parameter
multiplier: It is used to calculate the aging period of SAP service information table
items, ranging from 1 to 1000. By default, the value is 3. When the updating
interval is 60 seconds, the aging period is 60*3 = 180 seconds.
Description
Using the ipx sap multiplier command, you can configure the aging period of
SAP service information table items. Using the undo ipx sap multiplier
command, you can restore the default value of SAP aging period.
By default, the aging period of SAP service information table items is 3 times of
SAP updating interval.
For the related command, see ipx sap timer update.
Example
Set the aging period of SAP service information table items is 5 times of updating
interval.
[3Com] ipx sap multiplier 5
Syntax
ipx sap timer update seconds
undo ipx sap timer update
527
View
System view
Parameter
seconds: SAP updating interval, ranging from 10 to 60000 seconds. By default,
the value is 60 seconds.
Description
Using the ipx sap timer update command, you can configure SAP updating
interval. Using the undo ipx sap timer update command, you can restore the
default value of SAP updating interval.
When an interface adopts trigger update method, the command configuration
does not take effect.
For the related commands, see ipx sap multiplier and ipx update-change-only.
Example
Configure SAP updating interval to 300 seconds.
[3Com] ipx sap timer update 300
ipx service
Syntax
ipx service service-type name network.node socket hop hopcount preference
preference
undo ipx service { { service-type [ name [ network.node ] ] [ preference preference ] } |
all }
View
System view
Parameter
service-type: Service type is a 4-byte hexadecimal number. 0 indicates all service
types.
name: The server name which provides the service, in character string with the
maximum length being 48 bytes.
network.node: Network ID and node value of a server. Network ID is represented
by an 8-bit hexadecimal number, ranging from 0x1 to 0xFFFFFFFD. The 0s in front
can be omitted when inputting. Node value is used to identify a node in the
network, with the length of 48 bits, represented by a triplet of 4-digit hexadecimal
numbers separated by -.
socket: It is represented by a 4-bit hexadecimal number, ranging from 0x1 to
0xFFFF.
hop-count: The number of hops to the server in decimal, ranging from 1 to 15.
Note that hop count more than or equal to 16 implies the service is unreachable.
preference: The preference of service information, ranging from 1 to 255. The
less the value, the higher the preference. By default, the preference of the static
528
service information table items is 60 and the preference of the dynamic one is
500.
Description
Using the ipx service command, you can add a static service information item to
SIT. Using the undo ipx service command, you can delete a static service
information item from SIT.
The NetWare server uses SAP to advertise service information and stores the
service information to SIT which is dynamically updated by SAP. Adding a service
information item to SIT, users can access the service.
Example
Add a static service information item with service type 4, service name
FileServer, server network ID 130, node value 0000-0a0b-abcd, server hops 1
and server preference 60.
[3Com] ipx service 4 FileServer 130.0000-0a0b-abcd 451 hop 1 preference 60
[3Com] ipx service 4 FileServer 130.0000-0a0b-abcd 451 hop 1
[3Com] ipx service 114 MyServer 199.0000-0a0b-abcd 451 hop 10
Service information with server type 114 will not be advertised if there is no active
route to the network 199.
ipx split-horizon
Syntax
ipx split-horizon
undo ipx split-horizon
View
Interface view
Parameter
None
Description
Using the ipx split-horizon command, you can enable split horizon on the
current interface. Using the undo ipx split-horizon command, you can disable
split horizon on the current interface.
By default, split horizon is enabled on the interface.
Split horizon is a way to avoid routing loops, i.e., routing information received
from an interface is not permitted to be sent from the interface. The function does
not take effect point-to-point connection links.
Example
Enable split horizon on the interface Ethernet1/1/0.
[3Com-Ethernet1/1/0] ipx split-horizon
ipx tick
529
Syntax
ipx tick ticks
undo ipx tick
View
Interface view
Parameter
ticks: Delay time in tick, ranging from 0 to 30000. One tick is 1/18 second
(approximately 55 ms). By default, the delay of Ethernet interface is 1 tick, that of
the asynchronous serial port is 30 ticks and that of WAN port is 6 ticks.
Description
Using the ipx tick command, you can configure the delay of interface sending IPX
packets. Using the undo ipx tick command, you can restore the default value of
interface delay.
As the IPX RIP delay field, the delay value configured by the ipx tick command is a
basis for the optimal routing selection.
Example
Configure the delay is 5 ticks on the interface Ethernet1/0/0.
[3Com-Ethernet1/0/0] ipx tick 5
ipx update-change-only
Syntax
ipx update-change-only
undo ipx update-change-only
View
Interface view
Parameter
None
Description
Using the ipx update-change-only command, you can enable trigger update on
the current interface. Using the undo ipx update-change-only command, you
can disable trigger update on the current interface.
By default, trigger update is disabled on the interface.
IPX RIP and SAP periodically advertise updating broadcast packets. Users can
configure trigger update to avoid broadcast flood.
Example
Enable trigger update on the interface Ethernet1/1/0.
[3Com-Ethernet 1/1/0] ipx update-change-only
530
ping ipx
Syntax
ping ipx network.node [ -c count ] [ -t timeout ] [ -s size ]
View
Any view
Parameter
network.node: Ping destination address. The parameter network can be an
eight-bit hexadecimal number ranging from 0x1 to 0xFFFFFFFD. The 0s in front can
be omitted when inputting. The parameter node is a 48-bit value represented by a
triplet of four-digit hexadecimal numbers separated by -.
The 0s in front of node value cannot be omitted.
count: Number of Ping packets that are sent. By default, the value is 5.
timout: The period of time to wait for Ping response. By default, the value is 2
seconds.
size: Ping packet size. By default, the value is 100 bytes.
Description
Using the ping ipx command, you can check host reachability and network
connectivity in IPX network.
Example
Ping system whose destination address is 675.0000-a0b0-fefe with default
parameters.
<3Com> ping ipx 675.0000-a0b0-fefe
Syntax
reset ipx statistics
View
User view
Parameter
None
Description
Using the reset ipx statistics command, you can clear IPX statistics by the system.
Example
Clear IPX statistics.
<3Com> reset ipx statistics
Syntax
reset ipx routing-table statistics protocol [all | default | direct | rip | static]
531
View
User view
Parameter
all: Clears statistical information of all types IPX route.
default: Clears the statistical information of the default IPX route type.
direct: Clears the statistical information of the IPX route directly connected.
rip: Clears the statistical information of the IPX RIP route.
static: Clears the statistical information of the static IPX route.
Description
The reset ipx routing-table statistics command is used to clear the statistical
information of a specified type of IPX route. Such information can be shown upon
the terminal using the display ipx routing-table statistics command.
Example
Add 5 IPX static routes to the router, then delete them, and then add anther 9 IPX
static routes. The IPX route statistical information would be as follows:
[3Com]dis ipx routing-table statistics
Routing tables:
Proto/State
route
active
added
deleted freed
Direct
1
1
1
0
0
Static
9
9
14
5
5
RIP
0
0
0
0
0
Default
0
0
0
0
0
Total
10
10
15
5
5
[3Com]
Clear the IPX static route.
<3Com>reset ipx routing-table statistics protocol static
This will erase the specific routing counters information.
Are you sure?[Y/N]y
<3Com>
The displayed statistical information shows that all three items (add, delete, freed)
of static route have changed to 0, and the below Total item has also changed
accordingly.
<3Com>dis ipx routing-table statistics
DLSw Configuration
Commands
bridge-set (in
synchronous serial
interface view)
Syntax
bridge-set bridge-set-number
undo bridge-set bridge-set-number
532
View
Synchronous serial interface view
Parameter
bridge-set-number: The bridge group number the synchronous serial port is to be
added into, ranging from 1 to 63.
Description
Using the bridge-set (in Synchronous serial interface system view)
command, you can add the synchronous serial interface encapsulated into SDLC
into the bridge group. Using the undo bridge-set (in synchronous serial
interface view) command, you can delete the interface from the DLSw bridge
group.
By default, no synchronous serial port is added into the bridge group.
In order for the SDLC encapsulated synchronous serial port to join the DLSw
forwarding, the SDLC interface is needed to added into a bridge group by using
this command. What is different is that the bridge group on the Ethernet interface
joins the local forwarding, while the bridge group configured on the SDLC only
joins the DLSw forwarding, that is, all the data on it will be forwarded onto the
TCP tunnel. If it is configured in the Ethernet Interface view, the Ethernet interface
of the same group number on the router can forward packets transparently. But
packets cannot be transferred transparently between the serial ports. Each serial
port only exchanges packet with the remote end.
Example
Add the Serial1/0/0 into the DLSw bridge group numbered 20.
[3Com] dlsw bridge-group 20
[3Com] interface Serial1/0/0
[3Com-Serial1/0/0] bridge-set 20
Syntax
bridge-set bridge-set-number
undo bridge-set bridge-set-number
View
Ethernet Interface view
Parameter
bridge-set-number: The bridge group number that the Ethernet interface is added
into, ranging from 1 to 63.
Description
Using the bridge-set (in the Ethernet Interface view) command, you can add
the Ethernet interface into the bridge. Using the undo bridge-set (in the
Ethernet Interface view) command, you can delete the interface from the DLSw
bridge group.
By default, no Ethernet interface is added into the bridge group.
533
After an Ethernet interface is added into the bridge group, the LLC2 packets on
the Ethernet interface can be sent to the remote peer through the related TCP
tunnel.
Example
Add the Ethernet1/0/0 interface into the DLSw bridge group numbered 20.
[3Com] dlsw bridge-group 20
[3Com] interface Ethernet1/0/0
[3Com-Ethernet1/0/0] bridge-set 20
code nrzi
Syntax
code nrzi
undo code
View
Synchronous serial interface system view
Parameter
None
Description
Using the code nrzi command, you can configure the NRZI encoding of the
synchronous serial port. Using the undo code nrzi command, you can remove the
NRZI encoding of the synchronous serial port.
By default, the NRZ encoding is configured on the synchronous serial port.
There are two coding schemes, NRZI and NRZ, available on the synchronous serial
port. The NRZ coding scheme is generally used in our router. The serial port coding
scheme of some SNA devices is the NRZI coding scheme. Therefore the coding
scheme of the router needs to be changed according to the encoding of the
connected device.
Example
Configure the NRZI encoding on the Serial1/0/0.
[3Com-Serial1/0/0] code nrzi
debugging dlsw
Syntax
debugging dlsw { circuit [ correlator ] | tcp [ ip-address ] }
undo debugging dlsw { circuit [ correlator ] | tcp [ ip-address ] }
View
User view
Parameter
circuit: Enables the DLSw circuit debugging.
correlator: Distinguishes different IDs of the circuits.
tcp: Enables the debugging of the DLSw peers.
534
ip-address: IP address.
Description
Using the debugging dlsw command, you can enable the DLSw debugging.
Using the undo debugging dlsw command, you can disable the DLSw
debugging.
debugging llc2
Syntax
debugging llc2 circuit [ correlator ]
undo debugging llc2 circuit [ correlator ]
View
User view
Parameter
correlator: Distinguishes different IDs of the circuits.
Description
Using the debugging llc2 command, you can enable the LLC2 debugging. Using
the undo debugging llc2 command, you can disable the LLC2 debugging.
debugging sdlc
Syntax
debugging sdlc [ all | event | packet ]
undo debugging sdlc { all | event | packet }
View
User view
Parameter
all: Enables all debuggings of the SDLC.
event: Enables the SDLC event debugging.
packet: Enables the SDLC packet debugging.
Description
Using the debugging sdlc command, you can enable the SDLC debugging. Using
the undo debugging sdlc command, you can disable the SDLC debugging.
display dlsw
bridge-entry
Syntax
display dlsw bridge-entry [ interface-name | interface-type interface-number ]
View
Any view
Parameter
None
535
Description
Using the display dlsw bridge-entry command, you can view the bridge group
information.
Example
Display the bridge group information.
<3Com> display dlsw bridge-entry
Mac_entry
Port
group hashIndex
0000.e81c.b6bf Ethernet0/0/0
1
79
Syntax
display dlsw circuits [ circuit-id ] [ verbose ]
View
Any view
Parameter
circuit-id: Displays the virtual circuit number of the specified DLSw.
verbose: Displays the detail information of the virtual circuits.
Description
Using the display dlsw circuits command, you can view the DLSw virtual circuits.
The output information of this command helps the user understand the
information regarding DLSw virtual circuits.
Example
Display the general information of the virtual circuits.
<3Com> display dlsw circuits
Correlator Local addr(LSAP)
Remote addr(RSAP)
State
2ce0005 0020.357b.e065 (4) 0000.1738.6dfd (4)
CONNECTED
Syntax description:
Correlator: Distinguish different IDs of the circuits
Local addr(LSAP) Local MAC address, with the lsap being the last SAP used by
the local device.
Remote addr(RSAP) Remote MAC address, with the rsap being the last SAP
used by the remote device.
State: State of the links.
Display the detail information of the virtual circuits.
<3Com> display dlsw circuits verbose
Correlator Local addr(LSAP)
Remote addr(RSAP)
State
2ce0005 0020.357b.e065 (4) 0000.1738.6dfd (4)
CONNECTED
Port Ethernet 0/0/0
Direction:ORIGIN
Connection Time: 14:19:49
Flow Control: Transmit CW:40 GT:0 Receive CW:40 GT:0
Info-Frame: Transmit:0 Receive:0 Drop:0
536
display dlsw
information
Syntax
display dlsw information [ local ] [ ip-address ]
View
Any view
Parameter
local: Displays the local exchange capability information.
ip-address: Displays the exchange capability information of specified IP address.
Description
Using the display dlsw information command, you can view the DLSw
exchange capability information. The output information of the command
facilitates the user to understand the status of the DLSw virtual circuit and perform
fault diagnosis.
Example
Display the general information of exchange capability.
<3Com> display dlsw information
DLSw: Capabilities for peer 10.10.20.1:
Vendor ID (OUI)
: '00000c' (3Com)
Version number
: 01
Release number
: 00
Init Pacing Window
: 40
Num of TCP sessions : 01
Mac address exclusive : no
NetBIOS Name exclusive : no
Mac address List
: none
NetBIOS Name List
: none
Configured IP address : 14.0.0.1
Version string
:
Copyright (c) 1997-2002 3Com TECH CO., LTD.
Syntax description:
537
Syntax
display dlsw remote [ ip-address ]
View
Any view
Parameter
ip-address: Displays the information of the remote peer with specified IP address
or of all the remote peers.
Description
Using the display dlsw remote command, you can view the information of the
remote peers. The output information helps the user to understand the
connection state between the DLSw and the remote peers.
Example
Display the information of the remote peers.
<3Com> display dlsw remote
Peers: State
pkts_rx pkts_tx drops uptime
*TCP 11.0.0.1 DISCONNECT
0
0
0 00:00:00
*TCP 13.0.0.1 DISCONNECT
0
0
0 00:00:00
*TCP 14.0.0.1 CONNECT
1897
1899
0 14:26:22
Syntax description:
*TCP: The * mark indicates the connection can be created on the peer. If there is
no this mark before the TCP, it indicates it is an inactivated backup peer.
538
display llc2
Syntax
display llc2 [ circuit correlator ]
View
Any view
Parameter
correlator: ID used to distinguish different circuits.
Description
The display interface command is used to display statistical information of LLC2.
Example
Display the statistical information of LLC2
<3Com> display llc2 circuit 46465025
llc2 circuit index 46465025
Local MAC 0.20.35.7b.e0.65
Remote MAC 0. 0.84.25.1e.e9
Local Sap 4
Remote Sap 4
Role secondary
State : NORMAL
dlsw bridge-set
Syntax
dlsw bridge-set bridge-set-number
undo dlsw bridge-set bridge-set-number
View
System view
Parameter
bridge-set-number: ID of bridge group, ranging from 1 to 63, local valid.
Description
Using the dlsw bridge-set command, you can configure the bridge group to
connect DLSw . Using the undo dlsw bridge-set command, you can delete the
bridge.
In order to forward packets of specified bridge group to the remote end through
the TCP connection, a local bridge group needs to be connected with the DLSw by
using this command, that is, packets of the local bridge group can be sent to the
remote end through the TCP tunnel. This command can be used many times to
connect many bridge groups with the DLSw, and make them all capable of joining
the forwarding through the TCP tunnel.
Example
Configure the bridge group connected with the DLSw, with the ID of the bridge
group being 20.
[3Com] dlsw bridge-group 20
dlsw enable
539
Syntax
dlsw enable
undo dlsw enable
View
System view
Parameter
None
Description
Using the dlsw enable command, you can enable the DLSw performance. Using
the undo dlsw enable command, you can suspend the DLSw performance.
By default, the DLSw performance is enabled.
After this command is performed, the system will release all dynamic resources,
but retain the original configuration.
Example
Suspend the DLSw performance.
[3Com] undo dlsw enable
dlsw local
Syntax
dlsw local ip-address [ init-window init-window-size ] [ keepalive keepalive-interval ] [
max-frame max-frame-size ] [ max-window max-window-size ] [ permit-dynamic ]
undo dlsw local ip-address [ init-window ] [ keepalive ] [ max-frame ] [ max-window ] [
permit-dynamic ]
View
System view
Parameter
ip-address: IP address of the created local peer.
init-window-size: Size of the initialized local response window, ranging from 1 to
2000.
keepalive-interval: Time interval for sending the keepalive, ranging from 0 to
1200 seconds.
max-frame-size: Maximum length of the packet, which can be 516, 1470, 1500,
2052, 4472, 8144, 11407, 11454, or 17800 bytes.
max-window-size: Size of the maximum local response window, ranging from 1 to
2000.
540
dlsw remote
Syntax
dlsw remote ip-address [ backup backup-address ] [ priority priority] [ keepalive
keepalive-interval ] [ max-frame max-frame-size ] [ max-queue max-queue-length ] [
linger minutes ]
display dlsw remote ip-address
View
System view
Parameter
ip-address: Specifies the IP address of the remote peer.
backup backup-address: the backup IP address of the remote peer.
priority priority: Transmission cost, ranging from 1 to 5.
keepalive keepalive-interval: Time interval for sending the keepalive packet,
ranging from 0 to 1200 seconds.
max-frame max-frame-size: Maximum length of the packet, which can be 516,
1470, 1500, 2052, 4472, 8144, 11407, 11454, or 17800 bytes.
max-queue max-queue-length: Size of the TCP sending/receiving queue, ranging
from 50 to 2000.
linger minutes: Linger time of the backup connection after the primary peer being
disconnected, ranging from 0 to 1440 minutes.
541
Description
Using the dlsw remote command, you can create the DLSw remote peer. Using
the undo dlsw remote command, you can delete the remote peer.
The default priority is 3. The default keepalive-interval is 30 seconds. The default
max-frame-size is 1500 bytes. The default max-queue-length is 200. The default
seconds is 90 seconds. The default minutes are 5 minutes.
After the local peer is configured, the remote peer needs to be configured to
create the TCP tunnel. The router will keep attempting to create the TCP
connection with the remote router. A router can be configured with several
remote peers so as to create the TCP tunnel with several remote routers.
The following deserves special attention on creating the remote backup-address:
1 In order to create the remote backup-address, the ip-address should be the IP
address of the backup peer end, and the backup backup-address should be the IP
address of the remote primary peer with the TCP connection already being
created. In other words, before creating the remote backup peer connection, the
user should ensure that the local end has created the TCP connection with a
remote primary peer. If the peer end backup peer is created the same time the
remote peer being first created, the system will prompt the following information:
Primary peer ip address does not exist
This prompt indicates that the user should first create a remote primary peer
before creating the backup peer.
2 If the backup link still exists after the TCP connection of the primary link is
interrupted, the TCP link can be retained (use the display dlsw remote
command and a TCP connection can be found still exist) till the backup link linger
minutes is also timeout.
Example
Create the DLSw remote peer, with the IP address being 2.2.2.2, the transmission
cost being 2, the time interval for sending the keepalive being 40 seconds, the
maximum length lf-size of the packet being the default value, and the size of the
TCP sending/receiving queue being 300.
[3Com] dlsw remote 2.2.2.2 priority 2 keepalive 40 max-queue 300
dlsw timer
Syntax
dlsw timer [ connect seconds ] [ explorer-wait seconds ] [ local-pending seconds ] [
remote-pending seconds ] [ cache seconds ] [ explorer seconds ]
undo dlsw timer
View
System view
Parameter
connect seconds: The holding time of a connection, ranging from 1 second to
65535 seconds. The default value is 300 seconds.
explorer-wait seconds: The waiting time of local explorer frames, ranging from 1
second to 65535 seconds. The default value is 30 seconds.
542
local-pending seconds: The local pending time, ranging from 1 second to 65535
seconds. The default value is 30 seconds.
remote-pending seconds: The remote pending time, ranging from 1 second to
65535 seconds. The default value is 30 seconds.
cache seconds: Address saving time in SNA cache, ranging from 1 second to
65535 seconds. The default value is 120 seconds.
explorer seconds: The waiting time of remote explorer frames, ranging from 1
second to 65535 seconds. The default value is 30 seconds.
Description
Using the dlsw timer command, you can configure the DLSw timer parameters.
Using the undo dlsw timer command, you can restore the default value of the
DLSw timer parameters.
By configuring the DLSw timer, the various kinds of timers used for the DLSw to
create the virtual circuit can be revised, but the user is suggested not to revise the
DLSw timer parameters randomly.
Example
Configure the DLSw timer parameters, with the connected timeout being 200
seconds, the waiting timeout of the local explorer frame being 15 seconds, the
local waiting timeout being 15 seconds, the remote peer waiting timeout being 25
seconds, the SNA cache address timeout being the default value and the waiting
timeout of the remote explorer frame being the default value.
[3Com] dlsw timer connect 20 explorer-wait 15 local-pending 15 remote-pending 25
idle-mark
Syntax
idle-mark
undo idle-mark
View
Synchronous serial interface view
Parameter
None
Description
Using the idle-mark command, you can configure the idle coding scheme of the
synchronous serial port. Using the undo idle-mark command, you can restore the
default idle coding scheme of the synchronous serial port.
By default, the synchronous serial port adopts the 7E coding scheme.
3Com series routers encapsulate 7E in the packets to identify the free time of
the SDLC serial interface, but some SDLC devices adopt full 1 high level instead.
In order to be better compatible to this kind devices, the idle coding scheme of the
router needs to be changed.
Sometimes when connecting with the AS/400, this command needs to be
configured to change the idle coding scheme and accelerate the AS/400 polling
speed.
543
Example
Configure the idle coding scheme of the synchronous serial port on the Serial1/0/0
as idle-mark.
[3Com-Serial1/0/0] idle-mark
link-protocol sdlc
Syntax
link-protocol sdlc
View
Synchronous serial interface view
Parameter
None
Description
Using the link-protocol sdlc command, you can change the link layer
encapsulation protocol of the synchronous serial interface into SDLC.
By default, the encapsulated link layer protocol of the synchronous serial interface
is PPP.
The SDLC is a kind of link layer protocol relative to the SNA, with working principal
similar to that of the HDLC. In order for the DLSw to work normally, the link layer
encapsulation protocol of the synchronous serial interface should be changed into
SDLC.
Note all the IP related commands on the interface should be removed before
encapsulating the SDLC, as the SDLC link protocol cannot be used to carry the IP
protocol, for example, to delete the IP address on the interface, etc.
Example
Configure the encapsulation protocol on the Serial1/0/0 as SDLC.
[3Com-Serial1/0/0] link-protocol sdlc
llc2 max-ack
Syntax
llc2 max-ack length
llc2 max-ack
View
Ethernet Interface view
Parameter
length: Length of the LLC2 advanced response window, ranging from 1 to 127.
Description
Using the llc2 max-ack command, you can configure the length of the advance
response window before the LLC2 sending the acknowledgement frame. Using
the undo llc2 max-ack command, you can restore the default length of the
advance response window before the LLC2 sending the acknowledgement frame.
By default, the length of the LLC2 advance response window is 3.
544
The LLC2 advance response window refers to the maximum receivable information
frames before sending the acknowledgement frame, that is, to send the response
packet in advance on receiving the packet n.
Example
Configure the length of the advanced response window before the LLC2 sends
the acknowledgement frame as 5.
[3Com-Ethernet1/0/0] llc2 max-ack 5
llc2 max-send-queue
Syntax
llc2 max-send-queue length
undo llc2 max-send-queue
View
Ethernet Interface view
Parameter
length: The queue length sending the LLC2 packet, ranging from 20 to 200.
Description
Using the llc2 max-send-queue command, you can configure the queue length
sending the LLC2 packet. Using the undo llc2 max-send-queue command, you
can restore the default queue length sending the LLC2 packet.
By default, the queue length sending the LLC2 packet is 100. Example
Example
Configure the queue length sending the LLC2 packet as 30.
[3Com-Ethernet1/0/0] llc2 max-send-queue 30
llc2 max-transmission
Syntax
llc2 max-transmission retries
undo llc2 max-transmission
View
Ethernet Interface view
Parameter
retries: LLC2 retransmission times, ranging form 1 to 255.
Description
Using the llc2 max-transmission command, you can configure the
retransmission times of the LLC2. Using the undo llc2 max-transmission
command, you can restore the default retransmission times of the LLC2.
By default, the LLC2 retransmission times are 20 times.
The LLC2 retransmission times refers to the times of resending information frames
before the acknowledgement frame is received from the peer end.
545
Example
Configure the LLC2 retransmission times as 10 times.
[3Com-Ethernet1/0/0] llc2 max-transmission 10
llc2 modulo
Syntax
llc2 modulo n
undo llc2 modulo
View
Ethernet Interface view
Parameter
n: The modulus of the LLC2, with the available values of 8 or 128.
Description
Using the llc2 modulo command, you can configure the modulus of the LLC2.
Using the undo llc2 modulo command, you can restore the default modulus of
the LLC2.
By default, the modulus of the LLC2 is 128.
LLC2, like X25, adopts modulus mode to number information packets, and the
modulus of LLC2 is 8 or 128. Ethernet generally uses modulus 128.
Example
Restore the default modulus of the LLC2.
[3Com-Ethernet1/0/0] undo llc2 modulo
llc2 receive-window
Syntax
llc2 receive-window length
undo llc2 receive-window
View
Ethernet Interface view
Parameter
length: Length of the local response window, ranging from 1 to 127.
Description
Using the llc2 receive-window command, you can configure the maximum
packets that can be sent before the LLC2 receives the acknowledgement frame.
Using the undo llc2 receive-window command, you can restore the default
value of the maximum packets that can be sent before the acknowledgement
frame is received.
By default, the length of the LLC2 local response window is 7.
The LLC2 local response window refers to the maximum packets that can be sent
continuously before the acknowledgement frame is received.
546
Example
Configure the maximum packets that can be sent before the LLC2 receives the
acknowledgement frame as 10.
[3Com-Ethernet1/0/0] llc2 receive-window 10
Syntax
llc2 timer ack mseconds
undo llc2 timer ack
View
Ethernet Interface view
Parameter
mseconds: LLC2 local response time, ranging from 1 to 60000ms.
Description
Using the llc2 timer ack command, you can configure the LLC2 local response
time. Using the undo llc2 timer ack command, you can restore the default value
of the LLC2 local response time.
By default, the LLC2 local response time is 200ms.
The LLC2 local response time refers to the maximum waiting time for the response
from the peer end after an LLC2 data packet is sent.
Example
Configure the LLC2 local response time as 10ms.
[3Com-Ethernet1/0/0] llc2 timer ack 10
Syntax
llc2 timer ack-delay mseconds
undo llc2 timer ack-delay
View
Ethernet Interface view
Parameter
mseconds: Local acknowledgement delay time on receiving the information
frames, ranging from 1 to 60000ms.
Description
Using the llc2 timer ack-delay command, you can configure the local
acknowledgement delay time when the LLC2 receives information frames. Using
the undo llc2 timer ack-delay command, you can restore the default value of
the local acknowledgement delay time when the LLC2 receives information frame.
By default, the LLC2 local acknowledgement delay time is 100ms.
The LLC2 local acknowledgement delay time refers to the maximum waiting time
for delayed acknowledgement on receiving an LLC2 data packet.
547
Example
Configure the local acknowledgement delay time for received information frames
as 200 milliseconds.
[3Com-Ethernet1/0/0] llc2 timer ack-delay 200
Syntax
llc2 timer busy mseconds
undo llc2 timer busy
View
Ethernet Interface view
Parameter
mseconds: The LLC2 BUSY time, ranging from 1 to 60000ms.
Description
Using the llc2 timer busy command, you can configure the LLC2 BUSY time.
Using the undo llc2 timer busy command, you can restore the default value of
the LLC2 BUSY time.
By default, the LLC2 BUSY time is 300ms.
The LLC2 BUSY time refers to the waiting time before repolling a busy station.
Example
Configure the LLC2 BUSY time as 200ms.
[3Com-Ethernet1/0/0] llc2 timer busy 200
Syntax
llc2 timer poll mseconds
undo llc2 timer poll
View
Ethernet Interface view
Parameter
mseconds: LLC2 P/F waiting time, ranging from 1 to 60000ms.
Description
Using the llc2 timer poll command, you can configure the P/F waiting time of the
LLC2. Using the undo llc2 timer poll command, you can restore the default value
of the LLC2 P/F waiting time.
By default, the LLC2 P/F waiting time is 5000ms.
The LLC2 P/F waiting time refers to the time of waiting for the acknowledgement
frame after the frame P is sent.
Example
Configure the LLC2 P/F waiting time as 2000ms.
548
Syntax
llc2 timer reject mseconds
undo llc2 timer reject
View
Ethernet Interface view
Parameter
mseconds: The LLC2 REJ time, ranging from 1 to 60000ms.
Description
Using the llc2 timer reject command, you can configure the REJ time of the LLC2.
Using the undo llc2 timer reject command, you can restore the default value of
the LLC2 REJ time.
By default, the LLC2 REJ time is 500ms.
The LLC2 REJ time refers to the waiting time for the acknowledgement frame to
come after a deny frame is sent.
Example
Configure the LLC2 REJ time as 2000ms.
[3Com-Ethernet1/0/0] llc2 timer reject 2000
Syntax
reset dlsw bridge-entry
View
User view
Parameter
None
Description
Using the reset dlsw bridge-entry command, you can clear the entry cache
information in the DLSw bridge group.
Example
Clear the entry cache information in the DLSw bridge group.
<3Com> reset dlsw bridge-entry
Syntax
reset dlsw circuits [ circuit-id ]
View
User view
549
Parameter
circuit-id: The virtual circuit ID of DLSw, ranging from 0 to 4294967295.
Description
Using the reset dlsw circuits command, you can clear the DLSw virtual circuit
information.
Example
Clear the virtual circuit information with the virtual circuit number of 100.
<3Com> reset dlsw circuits 100
sdlc controller
Syntax
sdlc controller sdlc-address
undo sdlc controller sdlc-address
View
Synchronous serial interface view
Parameter
sdlc-address: The secondary station address of the SDLC.
Description
Using the sdlc controller command, you can configure the secondary station
address of the SDLC. Using the undo sdlc controller command, you can delete
the secondary station address of the SDLC.
By default, the secondary station address of the SDLC is not configured.
The SDLC protocol permits several virtual circuits running on a single SDLC
physical link, with one end connected with the primary station and the other end
connected with the secondary station. In order to distinguish each virtual circuit,
their SDLC addresses need to be designated. Because the SDLC is in unbalanced
mode, a primary device can connect with several secondary devices through the
medium of shared machine or SDLC switches, while the secondary devices cannot
be connected with each other. And there can exist one and only primary device if
any. In this sense, the SDLC devices in the same group can be guaranteed to
communicate with each other normally only if the addresses of the secondary
devices are specified. This command specifies the SDLC address, which is unique
on a physical interface, for the virtual circuit. The configured SDLC address on
synchronous serial interface is virtually the address of the SDLC secondary station.
The SDLC address ranges from 0x01 to 0xFE. The SDLC address of a router is only
valid on one physical interface, that is, the SDLC addresses configured on different
interfaces can be same.
Example
Configure the secondary station address of the SDLC on the Serial1/0/0 as 0x05.
[3Com-Serial1/0/0] sdlc controller 05
550
Syntax
sdlc mac-map local mac-address
undo sdlc mac-map local
View
Synchronous serial interface view
Parameter
mac-address: The virtual MAC address of the SDLC.
Description
Using the sdlc mac-map local command, you can configure the virtual MAC
address of the SDLC. Using the undo sdlc mac-map local command, you can
delete the virtual MAC address of the SDLC.
By default, the SDLC has no virtual MAC address.
Example
Configure the virtual MAC address of the SDLC.
[3Com-Serial1/0/0] sdlc mac-map local 0000-e81c-b6bf
Syntax
sdlc mac-map remote mac-addr sdlc-addr
undo sdlc mac-map remote mac-addr sdlc-addr
View
Synchronous serial interface view
Parameter
mac-addr: The MAC address of the SDLC peer.
sdlc-addr: The SDLC address of the SDLC peer.
Description
Using the sdlc mac-map remote command, you can configure the SDLC peer.
Using the undo sdlc mac-map remote command, you can delete the SDLC peer.
By default, the synchronous serial interface has no peer.
This command is used to specify the MAC address of a peer end for an SDLC
virtual circuit so as to provide the destination MAC address on the transformation
from the SDLC to the LLC2. When configuring the DLSw, an SDLC address should
be configured a related partner (peer). The MAC address of the partner (peer)
should be the MAC address of the remote SNA device (physical addresses of such
devices as the Ethernet and the Token-Ring), or the MAC address of the peer end
compounded by the SDLC.
Example
Configure the SDLC peer.
[3Com-Serial1/0/0] sdlc mac-map remote 00E0-FC00-0010 0x05
sdlc max-pdu
551
Syntax
sdlc max-pdu n
undo sdlc max-pdu
View
Synchronous serial interface view
Parameter
n: The maximum receivable frame length of the SDLC, ranging from 1 to 17600
bytes.
Description
Using the sdlc max-pdu command, you can configure the maximum receivable
frame length of the SDLC. Using the undo sdlc max-pdu command, you can
restore the default value of the SDLC maximum receivable frame length.
By default, the maximum receivable frame length of the SDLC is of 265 bytes.
The SDLC maximum frame length refers to the bytes of the largest packet that can
be received and sent, excluding the parity bit and the start/stop bit.
The maximum receivable frame length of some PU2.0 devices is of 265 bytes, and
that of IBM AS/400 is generally of 521 bytes. Usually we need to configure it the
same value as the connected SDLC device.
Example
Configure the maximum receivable frame length of the SDLC as 512.
[3Com-Serial1/0/0] sdlc max-pdu 521
sdlc max-send-queue
Syntax
sdlc max-send-queue length
undo sdlc max-send-queue
View
Synchronous serial interface view
Parameter
length: The queue length sending the SDLC packet, ranging from 20 to 255.
Description
Using the sdlc max-send-queue command, you can configure the queue length
sending the SDLC packet. Using the undo sdlc max-send-queue command, you
can restore the default value of the queue length sending the SDLC packet.
By default, the queue length sending the SDLC packet is 50.
Example
Configure the queue length sending the SDLC packet on the Serial1/0/0 as 30.
[3Com-Serial1/0/0] sdlc max-send-queue 30
552
sdlc max-transmission
Syntax
sdlc max-transmission retries
undo sdlc max-transmission
View
Synchronous serial interface view
Parameter
retries: The SDLC timeout retransmission times, ranging from 1 to 255 times.
Description
Using the sdlc max-transmission command, you can configure the SDLC
timeout retransmission times. Using the undo sdlc max-transmission command,
you can restore the default value of the SDLC timeout retransmission times.
By default, the SDLC timeout retransmission times are 20.
The SDLC timeout retransmission times (N2) refers to the retransmission times
before receiving the acknowledgement packet from the peer end.
Example
Configure the SDLC timeout retransmission times as 30.
[3Com-Serial1/0/0] sdlc max-transmission 30
sdlc modulo
Syntax
sdlc modulo n
undo sdlc modulo
View
Synchronous serial interface view
Parameter
n: SDLC modulus, with available value of 8 or 128.
Description
Using the sdlc modulo command, you can configure the modulus of the SDLC.
Using the undo sdlc modulo command, you can restore the default modulus of
the SDLC.
By default, the SDLC modulus is 8.
SDLC, like X25, adopts modulus mode to number information packets, and the
modulus of SDLC is 8 or 128. Generally modulus 8 is selected.
Example
Restore the default modulus of the SDLC.
[3Com-Serial1/0/0] undo sdlc modulo
Syntax
sdlc sap-map local lsap sdlc-addr
553
View
Synchronous serial interface view
Parameter
lsap: The virtual SAP address set by the device connected with the local interface.
sdlc-addr: The SDLC address.
Description
Using the sdlc sap-map local command, you can configure the SAP address on
transforming the SDLC into the LLC2. Using the undo sdlc sap-map local
command, you can restore the default value of the LLC2 SAP address.
By default, lsap is 04.
When the SDLC packet is translated into the LLC2 packet, the SAP address is
needed besides the MAC address.
Generally speaking, the SAP address of the SNA protocol is 0x04 or 0x08 or 0x0C.
For related configuration, please see the sdlc sap-map remote command.
Example
Configure the SAP address on translating the SDLC into the LLC2.
[3Com-Serial1/0/0] sdlc sap-map local 08 05
Syntax
sdlc sap-map remote dsap sdlc-addr
undo sdlc sap-map remote dsap sdlc-addr
View
Synchronous serial interface view
Parameter
dsap: The SAP address of the DLSw peer device. By default, dsap is 04.
sdlc-addr: The SDLC address.
Description
Using the sdlc sap-map remote command, you can configure the remote DLSw
device SAP address when SDLC is translated into LLC2. And using the undo sdlc
sap-map remote command, you can restore the default value.
When the SDLC packet is translated into the LLC2 packet, the SAP address is
needed besides the MAC address.
Generally speaking, the SAP address of the SNA protocol is 0x04 or 0x08 or 0x0C.
For related configuration, please see sdlc sap-map local.
554
Example
Configure the remote DLSw device SAP address when SDLC is translated into
LLC2.
[3Com-Serial1/0/0] sdlc sap-map remote 0C 05
sdlc simultaneous
Syntax
sdlc simultaneous
undo sdlc simultaneous
View
Synchronous serial interface view
Parameter
None
Description
Using the sdlc simultaneous command, you can configure the SDLC data to use
the bidirectional transmission mode. Using the undo sdlc simultaneous
command, you can stop the SDLC data to use the bidirectional transmission mode.
By default, the SDLC data are transmitted in bidirectional mode.
This command configures the synchronous serial interface to work in bidirectional
data simultaneous transmission mode. That is, the SDLC primary station can send
data to the secondary station and receive data at the same time.
Example
Configure the SDLC data to use the bidirectional transmission mode.
[3Com-Serial1/0/0] sdlc simultaneous
sdlc status
Syntax
sdlc status { primary | secondary }
undo sdlc status
View
Synchronous serial interface view
Parameter
primary: The primary station of the end, controlling the whole connection
process.
secondary: The secondary station of the end, controlled by the primary station.
Description
Using the sdlc role command, you can configure the SDLC role the device acts.
Using the undo sdlc role command, you can restore the default SDLC role.
By default, the device has no role.
The SDLC is a kind of link layer protocol in unbalanced mode. That is, the statuses
of the devices on the two connected ends are unequal, one is primary and the
555
other is secondary. The primary side, being the primary station, whose role is
primary, plays the dominant role and controls the whole connection process. While
the other side, being the secondary station, whose role is secondary, receives
control passively.
Therefore, the user needs to configure the role for the interface encapsulated with
SDLC protocol. On the SDLC role configuration, the roles should be decided by the
status of the SDLC device connected with the local router. If the SDLC device
connected with the local interface is primary, the local interface is to be set
secondary, and vice versa.
In general, the central IBM mainframe is primary, whereas terminal devices,
including UNIX hosts and ATM, are secondary.
Example
Configure the SDLC device connected with the Serial1/0/0 as primary, and the
local interface as secondary.
[3Com-Serial1/0/0] sdlc role secondary
Syntax
sdlc timer ack mseconds
undo sdlc timer ack
View
Synchronous serial interface view
Parameter
mseconds: The SDLC primary station response waiting time, ranging from 1 to
60000ms.
Description
Using the sdlc timer ack command, you can configure the SDLC primary station
response waiting time (mseconds). Using the undo sdlc timer ack command, you
can restore the default value of the SDLC primary station response waiting time.
By default, the configured SDLC primary station response waiting time is 3000ms.
The primary station response waiting time (mseconds) refers to the waiting time
for the response from the secondary station after the primary station sends
information frames.
Example
Configure the SDLC primary station response waiting time (mseconds) as 2000ms.
[3Com-Serial1/0/0] sdlc timer ack 2000
Syntax
sdlc timer lifetime mseconds
undo sdlc timer lifetime
View
Synchronous serial interface view
556
Parameter
mseconds: The SDLC secondary station response waiting time, ranging from 1 to
60000ms.
Description
Using the sdlc timer lifetime command, you can configure the SDLC secondary
station response waiting time (mseconds). Using the undo sdlc timer lifetime
command, you can restore the default value of the SDLC secondary station
response waiting time.
By default, the SDLC secondary station response waiting time (mseconds) is
500ms.
The secondary station response waiting time (mseconds) refers to the waiting time
for the response from the primary station after the secondary station sends
information frames.
Example
Configure the SDLC secondary station response waiting time (mseconds) as
1000ms.
[3Com-Serial1/0/0] sdlc timer lifetime 1000
Syntax
sdlc timer poll mseconds
undo sdlc timer poll
View
Synchronous serial interface view
Parameter
mseconds: SDLC poll pause timer, ranging from 1 to 10000ms.
Description
Using the sdlc timer poll command, you can configure the SDLC poll pause timer.
Using the undo sdlc timer poll command, you can restore the default value of
the SDLC poll pause timer.
By default, the SDLC poll pause timer is 1000ms.
The SDLC poll pause timer refers to the waiting interval between the two SDLC
nodes polled by the SDLC primary station.
Example
Configure the SDLC poll pause timer as 200ms.
[3Com-Serial1/0/0] sdlc timer poll 200
sdlc window
Syntax
sdlc window length
undo sdlc window
557
View
Synchronous serial interface view
Parameter
length: Length of the SDLC local response window, ranging from 1 to 7.
Description
Using the sdlc window command, you can configure the length of the SDLC
local response window. Using the undo sdlc window command, you can restore
the default length of the SDLC local response window.
By default, the default length of the SDLC local response window is 7.
The SDLC local response window refers to the maximum packets number that can
be sent continuously without waiting for the response from the peer end.
Example
Configure the length of the SDLC local response window on the Serial1/0/0 as 5.
[3Com-Serial1/0/0] sdlc window 5
sdlc xid
Syntax
sdlc xid sdlc-address xid-number
undo sdlc xid sdlc-address
View
Synchronous serial interface view
Parameter
sdlc-address: The SDLC address of the XID, which should be configured
beforehand.
xid-number: An integer with a length of 4 bytes, ranging from 1 to 0xFFFFFFFF.
The first 12 bits are network numbers, and the last 20 bytes are node numbers.
Description
Using the sdlc xid command, you can configure the XID of the SDLC. Using the
undo sdlc xid command, you can delete the XID of the SDLC.
By default, the synchronous serial interface has no XID of the SDLC.
The XID is the ID of a device in the SNA world. Generally speaking, there are two
kinds of devices: PU2.0 and PU2.1. The XID has been automatically configured on
the PU2.1 devices and they can announce their IDs by exchanging the XID. The
PU2.0 devices did not exchange the ID, so they can not get ID automatically.
Therefore, this command needs not to be configured on PU2.1 typed devices,
whereas it is needed to specify an XID for PU2.0 typed devices.
Example
Configure the XID of the SDLC, in which the xid-number is 0x2000.
[3Com3Com-Serial1/0/0] sdlc xid 05 2000
558
ROUTING PROTOCOL
For the specific examples and parameter explanation of VPN instance, refer to the
MPLS module of this manual.
Display Commands of
the Routing Table
display ip routing-table
Syntax
display ip routing-table
View
Any view
Parameter
None
Description
Using the display ip routing-table command, you can view the routing table
summary.
This command views routing table information in summary form. Each line
represents one route. The contents include destination address/mask length,
protocol, preference, cost, next hop and output interface.
Only current used route, i.e., best route, is displayed via the display ip
routing-table command.
Example
View the summary of current routing table.
<3Com> display ip routing-table
Routing Table: public net
Destination/Mask Proto Pre Cost Nexthop
Interface
1.1.1.0/24
DIRECT 0 0
1.1.1.1
Interface serial1/0/0
1.1.1.1/32
DIRECT 0 0
127.0.0.1
InLoopBack0
2.2.2.0/24
DIRECT 0 0
2.2.2.1
Interface serial2/0/0
2.2.2.1/32
DIRECT 0 0
127.0.0.1
InLoopBack0
3.3.3.0/24
DIRECT 0 0
3.3.3.1
Interface ethernet1/0/0
3.3.3.1/32
DIRECT 0 0
127.0.0.1
InLoopBack0
4.4.4.0/24
DIRECT0 0
4.4.4.1
Interface ethernet2/0/0
4.4.4.1/32
DIRECT 0 0
127.0.0.1
InLoopBack0
127.0.0.0/8
DIRECT 0 0
127.0.0. 1
InLoopBack0
127.0.0.1/32 DIRECT 0 0
127.0.0.1
InLoopBack0
560
display ip routing-table
acl
Syntax
display ip routing-table acl { acl-number | acl-name } [ verbose ]
View
Any view
Parameter
acl_number: Number of basic ACL, ranging from 1 to 99.
acl-name: Name of basic ACL.
verbose: The verbose information of both the active and inactive routes that
passed filtering rules. Without this parameter, this command only displays the
summary of the active routes that passed filtering rules.
Description
Using the display ip routing-table acl command, you can view the route filtered
through specified basic access control list (ACL).
The command is used in tracking route policy to display the route that passed the
filtering rule according to the input basic ACL number or name.
The command is only applicable to view the route that passed basic ACL filtering
rules.
Example
View the summary of active routes that are filtered through basic ACL 1.
<3Com> display ip routing-table acl 1
Routes matched by access-list 1:
Summary count: 4
Destination/MaskProtoPreCost NexthopInterface
127.0.0.0/8Direct00 127.0.0.1InLoopBack0
127.0.0.1/32Direct00 127.0.0.1InLoopBack0
169.0.0.0/8Static60 0 2.1.1.1LoopBack1
169.0.0.0/15Static6002.1.1.1LoopBack1
Display the verbose information of the active and inactive routes that are filtered through basic
ACL1.
<3Com> display ip routing-table acl 1 verbose
Routes matched by access-list 1:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:5
**Destination: 127.0.0.0Mask: 255.0.0.0
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 127.0.0.1Mask: 255. 255. 255. 255
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NotInstall NoAdvise Int ActiveU Retain Gateway Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 179.0.0.0Mask: 255.0.0.0
561
Protocol: StaticPreference: 60
*NextHop: 4.1.1.1
Vlinkindex: 0
State: <Int Hidden Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.254.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
display ip routing-table
ip_address
Syntax
display ip routing-table ip_address [ mask ] [ longer-match ] [ verbose ]
View
Any view
Parameter
ip_address: Destination IP address in dotted decimal format.
mask: IP address mask, which can be in dotted decimal notation or represented by
an integer in the range of 0 to 32.
longer-match: Indicates all route destination addresses are matched in the natural
mask range.
verbose: With the verbose parameter, this command displays the verbose
information of both the active and inactive routes. Without the parameter, this
command only displays the summary of active routes.
Description
Using the display ip routing-table ip_address command, you can view the
routing information of the specified destination address.
With different optional parameters, the output of the command is different. The
following is the output description for different forms of this command:
display ip routing-table ip_address
If destination address, ip_address, has corresponding routes in natural mask range,
this command will display all subnet routes. Or, only the route best matching the
destination address, ip_address, is displayed. And only the active matching route is
displayed.
display ip routing-table ip_address mask,
562
This command only displays the route fully matching with specified destination
address and mask.
display ip routing-table ip_address longer-match
This command displays all route destination addresses matching with destination
addresses in natural mask range.
Example
There is corresponding route in natural mask range. View the summary.
<3Com> display ip routing-table 169.0.0.0
Routing Tables:
Summary count:1
Destination/MaskProtoPreCost NexthopInterface
169.0.0.0/16Static6002.1.1.1LoopBack1
There is no corresponding route (only the longest matching route is displayed) in natural mask
range and summary is viewed.
<3Com> display ip routing-table 169.253.0.0
Routing Tables:
Summary count:1
Destination/MaskProtoPreCost NexthopInterface
169.0.0.0/8Static60 02.1.1.1LoopBack1
There are corresponding routes in the natural mask range. View the detailed information.
<3Com> display ip routing-table 169.0.0.0 verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:2
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.254.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
There are no corresponding routes in the natural mask range (only display the longest matching
route). View the detailed information.
<3Com> display ip routing-table 169.253.0.0 verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:1
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: -60
*NextHop: 2.1.1.1
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
display ip routing-table
ip_address1 ip_address2
Syntax
display ip routing-table ip_address1 mask1 ip_address2 mask2 [ verbose ]
563
View
Any view
Parameter
ip_address1, ip_address2: Destination IP address in dotted decimal notation.
ip_address1 and ip_address2 determine one address range together to display the
route in this address range.
mask1, mask2: IP address mask, length in dotted decimal notation or integer
form.
verbose: With the verbose parameter, this command displays the verbose
information of both the active and inactive routes. Without the parameter, this
command only displays the summary of active routes.
Description
Using the display ip routing-table ip_address1 ip_address2 command, you
can view the routing information in the specified destination address range.
Example
View the routing information of destination addresses ranging from 1.1.1.0 to
2.2.2.0.
<3Com> display ip routing-table 1.1.1.0 24 2.2.2.0 24
Routing tables:
Summary count: 3
Destination/Mask Proto Pre Cost
Nexthop
Interface
1.1.1.0/24
DIRECT 0 0
1.1.1.1
Interface serial1/0/0
1.1.1.1/32
DIRECT 0 0
127.0.0.1
InLoopBack0
2.2.2.0/24
DIRECT 0 0
2.2.2.1
Interface serial2/0/0
display ip routing-table
ip-prefix
Syntax
display ip routing-table ip-prefix ip-prefix-name [ verbose ]
View
Any view
Parameter
ip-prefix-name: Prefix list name.
verbose: With the parameter, this command displays the verbose information of
both the active and inactive routes that passed filtering rules. Without the
parameter, this command displays the summary of the active routes that passed
filtering rules.
Description
Using the display ip routing-table ip-prefix command, you can view the route
that passed the filtering rule according to the specified ip prefix list.
If there is no specified prefix list, this command will display the verbose
information of all active and inactive routes with the parameter verbose and it will
display the summary of all active routes without the parameter verbose.
564
Example
Display the summary of the active route that is filtered through ip prefix list abc2.
<3Com> display ip routing-table ip-prefix abc2
Routes matched by ip-prefix abc2:
Summary count: 4
Destination/MaskProtoPreCost NexthopInterface
127.0.0.0/8Direct00 127.0.0.1InLoopBack0
127.0.0.1/32Direct00 127.0.0.1InLoopBack0
169.0.0.0/8Static600 2.1.1.1LoopBack1
169.0.0.0/15Static6002.1.1.1LoopBack1
Display the verbose information of the active and inactive routes that are filtered through ip
prefix list abc2.
<3Com> display ip routing-table ip-prefix abc2 verbose
Routes matched by ip-prefix abc2:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:4
**Destination: 127.0.0.0Mask: 255.0.0.0
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 127.0.0.1Mask: 255. 255. 255. 255
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NotInstall NoAdvise Int ActiveU Retain Gateway Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 179.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference:-60
*NextHop: 4.1.1.1
Vlinkindex: 0
State: <Int Hidden Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47
Metric: 0/0
**Destination: 169.0.0.0Mask: 255.254.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47
Metric: 0/0
display ip routing-table
protocol
Syntax
display ip routing-table protocol protocol [ inactive | verbose ]
View
Any view
565
Parameter
protocol: Has multiple selectable values:
inactive: With the parameter, this command displays the inactive route
information. Without the parameter, this command displays the active and
inactive route information.
verbose: With the verbose parameter, this command displays the verbose routing
information. Without the parameter, this command displays the route summary.
Description
Using the display ip routing-table protocol command, you can view the routing
information of specified protocol.
Example
Display all direct connection routes summary.
<3Com> display ip routing-table protocol direct
DIRECT Routing tables:
Summary count: 4
DIRECT Routing tables status:<active>:
Summary count: 3
Destination/MaskProto Pre Cost NexthopInterface:
20.1.1.1/32DIRECT 00127.0.0.1InLoopBack0
127.0.0.0/8DIRECT 00127.0.0.1InLoopBack0
127.0.0.1/32DIRECT 00127.0.0.1InLoopBack0
DIRECT Routing tables status:<inactive>:
Summary count: 1
Destination/MaskProto PreCostNexthopInterface
210.0.0.1/32DIRECT 0 0127.0.0.1InLoopBack0
Display the static routing table.
<3Com> display ip routing-table protocol static
STATIC Routing tables:
Summary count: 1
STATIC Routing tables status:<active>:
Summary count: 0
STATIC Routing tables status:<inactive>:
Summary count: 1
Destination/Mask Proto Pre Cost
Nexthop
Interface
1.2.3.0/24
STATIC 60 0
1.2.4.5
Ethernet 2/0/0
566
display ip routing-table
radix
Syntax
display ip routing-table radix
View
Any view
Parameter
None
Description
Using the display ip routing-table radix command, you can view the routing
table information in a tree structure.
Example
View the routing table information in a tree structure.
<3Com> display ip routing-table radix
Radix tree for INET (2) inodes 7 routes 5:
+-32+--{210.0.0.1
+--0+
| | +--8+--{127.0.0.0
| | | +-32+--{127.0.0.1
| +--1+
| +--8+--{20.0.0.0
| +-32+--{20.1.1.1
display ip routing-table
statistics
Syntax
display ip routing-table statistics
View
Any view
Parameter
None
Description
Using the display ip routing-table statistics command, you can view the
integrated routing information.
The integrated routing information includes total route amount, the route amount
added or deleted by protocol, amount of the routes that are labeled deleted but
not deleted, the active route amount and inactive route amount.
Example
Display the integrated routing information.
<3Com> display ip routing-table statistics
Routing tables:
Protorouteactiveaddeddeletedfreed
BGP 0
0
000
DIRECT5 4
5 00
RIP
0
0
000
STATIC0 0
0 00
IS-IS0
0
0 00
OSPF 0
O_ASE0 0
O_NSSA0 0
Total 5
display ip routing-table
verbose
0
0
0
4
567
000
00
00
500
Syntax
display ip routing-table verbose
View
Any view
Parameter
None
Description
Using the display ip routing-table verbose command, you can view the verbose
routing table information.
With the verbose parameter, this command displays the verbose routing table
information. The descriptor describing the route state will be displayed first, then
the statistics of the entire routing table will be output and finally the verbose
description of each route will be output.
All current routes, including inactive routes and invalid routes, can be displayed
using the display ip routing-table verbose command.
Example
Display the verbose routing table information.
<3Com> display ip routing-table verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Destinations: 4
Routes: 4
Holddown: 0 Delete: 9
Hidden: 0
**Destination: 127.0.0.0
Mask: 255.0.0.0
Protocol: Static
Preference: 0
*NextHop: 127.0.0.1
Interface: 127.0.0.1(LO0)
State: <NoAdv Int Active Retain Rej>
Age: 19:31:06 Metric: 0/0
**Destination: 127.0.0.1 Mask: 255.255.255.255
Protocol: Direct
Preference: 0
*NextHop: 127.0.0.1
Interface: 127.0.0.1(LO0)
State: <NoAdv Int Active Retain>
Age: 114:03:05 Metric: 0/0
568
The statistics of the entire routing table is displayed first, then the verbose
description of each route is output. The meanings of route state parameters are
explained in the following table:
Table 1 Description of the output information of the display ip routing-table verbose
command
display ip routing-table
vpn-instance
Main field
Description
Holddown
Delete
Hidden
Syntax
display ip routing-table vpn-instance vpn-instance-name [ ip-address ] [ verbose ]
View
Any view
Parameter
vpn-instance-name: VPN instance name.
ip-address: Destination IP address in dotted decimal format.
verbose: With the parameter, the command displays the verbose routing
information. Without the parameter, the command displays the route summary.
Description
Using the display ip routing-table vpn-instance command, you can view RIP
information associated with vpn instance address family.
Given that both ip-address and verbose are configured in the command, you can
view all routes to the specified IP address in the VPN-instance, including the local
routes as well as the routes learned from the remote.
Example
Display details of the routes to 10.1.1.1 in the VPN-instance vpn1.
<3Com> display ip routing-table vpn-instance vpn1 10.1.1.1 verbose
Routing tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both * = Next hop in use
Summary count: 2
**Destination: 10.1.1.1
Mask: 255.255.255.255
Protocol: DIRECT
Preference: 0
*NextHop: 127.0.0.1
Interface: 127.0.0.1(InLoopBack0)
569
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 54
Cost: 0/0
**Destination: 10.1.1.0
Mask: 255.255.255.0
Protocol: DIRECT
Preference: 0
*NextHop: 10.1.1.1
Interface: 10.1.1.1(LoopBack0)
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 54
Cost: 0/0
Static Route
Configuration
Commands
delete static-routes all
Syntax
delete static-routes all
View
System view
Parameter
None
Description
Using the delete static-routes all command, you can cancel all the static routes.
When this command is used to cancel static routes, the user should confirm the
settings before all the configured static routes are canceled.
For the related command, see display ip routing-table and ip route-static.
Example
Delete all the static routes configured on router.
[3Com] delete static-routes all
This will erase all unicast static routes and their configurations, you must reconfigure all static
routes
Are you sure to delete all the static routes?[Y/N]y
ip route-static
Syntax
570
View
System view
Parameter
ip-address: Destination IP address, in dotted decimal notation.
mask: Mask.
mask-length: Mask length. Since "1" s in the 32-bit mask are required to be
consecutive, the mask in dotted decimal notation can be replaced by mask-length,
which is the number of the consecutive "1" s in the mask.
interface-name: Specifies the outbound interface name of the static route. The
interfaces of the public network or under other vpn-instances can be taken as the
outbound interface of the static route.
vpn-instance-name: Indicates a name of VPN instance. It can take a maximum of 6
values.
vpn-nexthop-name: Specifies the vpn-instance of the static route next hop.
nexthop-address: Specifies the next hop IP address (in dotted decimal notation) of
the static route.
preference-value: Preference level of the static route in the range from 1 to 255.
reject: Indicates an unreachable route.
blackhole: Indicates a blackhole route.
Description
Using the ip route-static command, you can configure a static route. Using the
undo ip route-static command, you can cancel the configured static route.
Using the ip route-static vpn-instance command, you can configure a static route.
In the application of multi-role host, you can configure a static route on a private
network to specify the interface of another private network or public network as
its outbound interface. Using the undo ip route-static vpn-instance command,
you can remove the static route configuration.
By default, the system can obtain the sub-net route directly connected with the
router. When configuring a static route, the default preference is 60 if it is not
specified. If it is not specified as reject or blackhole, the route will be reachable by
default.
Precautions when configuring static route:
When the destination IP address and the mask are both 0.0.0.0, it is the
default route. If there are no route entries for a specific destination If it is
571
failed to detect the routing table, a packet will be forwarded along the
default route.
In some conditions (for example, the link layer is encapsulated with PPP),
transmission interface can be specified when opposite address cannot be learned
in router configuration. After specifying transmission interface, the configuration
of this router is unnecessary to be modified as opposite address changes.
For the related command, see display ip routing-table.
Example
Configure the next hop of the default route as 129.102.0.2.
[3Com] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2
Configure the static route, whose destination address is 100.1.1.1 and whose next-hop address
is 1.1.1.2.
[3Com] ip route-static vpn-instance vpn1 100.1.1.1 16 vpn-instance vpn1 1.1.1.2
RIP Configuration
Commands
checkzero
For the specific examples and parameter explanation of VPN instance, refer to
MPLS module of this manual.
Syntax
checkzero
undo checkzero
View
RIP view
Parameter
None
572
Description
Using the checkzero command, you can check the zero field of RIP-1 packet.
Using the undo checkzero command, you can cancel the check of the zero fields.
By default, RIP-1 performs the zero field check.
According to the protocol (RFC1058) specifications, some fields in RIP-1 packets
must be zero, called zero fields. With the checkzero command, the zero check
operation for RIP-1 packet can be enabled or disabled. During the zero check
operation, if the RIP-1 packet in which the zero fields are not zeros is received, it
will be rejected.
This command is ineffective to RIP-2 since RIP-2 packets have no zero fields.
Example
Configure not to perform zero check for RIP-1 packet.
[3Com-rip] undo checkzero
debugging rip
Syntax
debugging rip { packet | receive | send }
View
User view
Parameter
packet: Enables the RIP packets debugging.
receive: Enables the RIP receiving packets debugging.
send: Enables the RIP sending packets debugging.
Description
Using the debugging rip command, you can enable the RIP packet debugging.
Using the undo debugging rip command, you can disable the RIP packet
debugging.
Users can learn the current information of receiving and sending RIP packets on
each interface by using this command.
Example
Enable the RIP packets debugging.
<3Com> debugging rip packet
default cost
Syntax
default cost value
undo default cost
View
RIP view
573
Parameter
value: Default routing cost to be set, ranging from 1 to 16.The default value is 1.
Description
Using the default cost command, you can configure the default routing cost of
an imported route. Using the undo default cost command, you can restore the
default value.
If no specific routing cost is specified when importing other protocol routes with
the import-route command, the importing will be performed with the default
routing cost specified by the default cost command.
For the related command, see import-route.
Example
Set the default routing cost of importing other route protocol routes as 3.
[3Com-rip] default cost 3
display rip
Syntax
display rip
View
Any view
Parameter
None
Description
Using the display rip command, you can view the current RIP running state and
its configuration information.
Example
Display the current running state and configuration information of the RIP
protocol.
<3Com> display rip
RIP is turned on
public net VPN-Instance
Checkzero is on
Default cost : 1
Summary is on
Preference : 100
Period update timer : 30
Timeout timer : 180
Garbage-collection timer : 120
No peer router
Description
RIP is turned on
RIP is enabled.
Checkzero is on
Default cost : 1
Summary is on
574
Item
Description
Preference : 100
No peer router
Syntax
display rip vpn-instance vpn-instance-name
View
Any view
Parameter
vpn-instance vpn-instance-name: VPN instance name.
Description
Using the display rip vpn-instance command, you can view the related
configuration of VPN instance of RIP.
Example
None
filter-policy export
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ]
undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ]
View
RIP view
Parameter
acl-number: Access control list number used for filtering the destination addresses
of the routing information.
ip-prefix-name: Name of address prefix list used for filtering the destination
addresses of the routing information.
routing-protocol: Routing protocol whose routing information is to be filtered,
including direct, isis, bgp, ospf, ospf-ase, ospf-nssa, and static at present.
Description
Using the filter-policy export command, you can configure to filter the
advertised routing information by RIP. Using the undo filter-policy export
command, you can configure not to filter the advertised routing information.
By default, RIP does not filter the advertised routing information.
For the related commands, see acl, filter-policy import, and ip ip-prefix.
575
Example
Filter the advertised route information according to acl 3.
[3Com-rip] filter-policy 3 export
filter-policy import
Syntax
filter-policy gateway ip-prefix-name import
undo filter-policy gateway ip-prefix-name import
filter-policy { acl-number | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] }
import
View
RIP view
Parameter
ip-prefix-name: Name of address prefix list used for filtering the destination
addresses of the routing information.
acl-number: Access control list number used for filtering the destination addresses
of the routing information.
gateway ip-prefix-name: Name of address prefix list used for filtering the
addresses of the neighboring routers advertising the routing information.
Description
Using the filter-policy gateway command, you can configure to filter the
received routing information distributed from the specified address. Using the
undo filter-policy gateway command, you can configure not to filter the
received routing information distributed from the specified address.
Using the filter-policy import command, you can configure the filtering to the
received global routing information. Using the undo filter-policy import
command, you can disable filtering to the received global routing information
By default, RIP does not filter the received routing information.
The range of the routes received by RIP can be controlled by specifying the access
control list and the address prefix list.
For the related command, see acl, filter-policy export, and ip ip-prefix.
Example
Configure the filtering of the global routing information according to acl 3.
[3Com-rip] filter-policy 3 import
host-route
Syntax
host-route
undo host-route
View
RIP view
576
Parameter
None
Description
Using the host-route command, you can control the RIP to accept the host route.
Using the undo host-route command, you can reject the host route.
By default, router accepts the host route.
In some special cases, RIP receives a great number of host routes in the same
network segment. These routes cannot help the path searching much but occupy
a lot of resources. In this case, the undo host-route command can be used to
reject host routes.
Example
Configure RIP to reject a host route.
[3Com-rip] undo host-route
import-route
Syntax
import-route protocol [ cost value ] [ route-policy route-policy-name ]
undo import-route protocol
View
RIP view
Parameter
protocol: Specifies the source routing protocol to be imported by RIP. At present,
RIP can import the following routes: direct, ospf, ospf-ase, ospf-nssa, static, bgp
and isis.
value: Cost value of the route to be imported, ranging from 1 to 16..
route-policy route-policy-name: Configured to import the route matching the
condition of the specified Route-policy only.
Description
Using the import-route command, you can import the routes of other protocols
into RIP. Using the undo import-route command, you can cancel the routes
imported from other protocols.
By default, RIP does not import any other routes.
The import-route command is used to import the route of another protocol by
using a certain value. RIP regards the imported route as its own route and
transmits it with the specified value. This command can greatly enhance the RIP
capability of obtaining routes, thus increasing the RIP performance.
If the cost value is not specified, routes will be imported according to the default
cost. It is in the range of 1 to 16. If it is larger than or equal to 16, it indicates an
unreachable route and the transmission will be stopped in 120 seconds.
For the related command, see default cost.
577
Example
Import a static route with cost being 4.
[3Com-rip] import-route static cost 4
Set the default cost and import an OSPF route with the default cost.
[3Com-rip] default cost 3
[3Com-rip] import-route ospf
ipv4-family vpn-instance
Syntax
ipv4-family [ unicast ] vpn-instance vpn-instance-name
undo ipv4-family [ unicast ] vpn-instance vpn-instance-name
View
RIP view
Parameter
unicast: Unicast address.
vpn-instance-name: Associates the specified VPN instance with the IPv4 address
family. Enter the MBGP address family view of RIP with this parameter.
Description
Using the ipv4-family command, you can enter MBGP address family view of RIP.
Using the undo ipv4-family command, you can cancel all configurations in
extended address family view.
ipv4-family command is used to enter the MBGP address family view. In this
view, parameters related to address family can be configured for RIP.
undo ipv4-family command is only used in RIP view.
The ipv4-family vpn-instance command is used for BGP/MPLS VPN. For related
description, refer to MPLS VPN section in module MPLS chapter of this
manual.
For the related command, see display rip vpn-instance.
Example
None
network
Syntax
network network-address
undo network network-address
View
RIP view
Parameter
network-address: Address of the network enabled/disabled. It can be the IP
network address of any interface.
578
Description
Using the network command, you can enable Routing Information Protocol (RIP)
on the interface. Using the undo network command, you can cancel the RIP on
the interface.
By default, RIP is disabled on any interface.
After enabling a RIP routing process, it is disabled on any interface by default. RIP
at a certain interface must be enabled with the network command.
The undo network command is similar to the interface undo rip work command
in terms of function. But they are not identical. Their similarity is that the interface
using either command will not receive/transmit RIP routes. The difference between
them is that, in the case of undo rip work , other interfaces will still forward the
routes of the interface using the undo rip work command. In the case of undo
network, it is like to perform undo rip work command on the interface, and the
routes of corresponding interfaces cannot be transmitted by RIP. Therefore, the
packets transmitted to this interface cannot be forwarded.
When the network command is used on an address, the effect is that the interface
on the network segment at this address is enabled. For example, the results of
viewing the network 129.102.1.1 with both the display current-configuration
command and the display rip command are shown as the network 129.102.0.0.
For the related command, see rip work.
Example
Enable the RIP on the interface with the network address as 129.102.0.0.
[3Com-rip] network 129.102.0.0
peer
Syntax
peer ip-address
undo peer ip-address
View
RIP view
Parameter
ip-address: IP address of the peer router with which information will be exchanged
in unicast mode, represented in the format of dotted decimal.
Description
Using the peer command, you can configure the destination address of the peer
to which information is sent in unicast mode. Using the undo peer command,
you can cancel the set destination address.
By default, do not send RIP packet to any destination.
This command specifies the sending destination address to fit some non-broadcast
networks. Usually, it is not recommended to use this command.
Example
Specify the sending destination address 202.38.165.1.
[3Com-rip] peer 202.38.165.1
preference
579
Syntax
preference value
undo preference
View
RIP view
Parameter
value: Preference level, ranging from 1 to 255. By default, the value is 100.
Description
Using the preference command, you can configure the route preference of RIP.
Using the undo preference command, you can restore the default preference.
Every routing protocol has its own preference. Its default value is determined by
the specific routing policy. The preference will finally determine the routing
algorithm to obtain the optimal route in the IP routing table. This command can
be used to modify the RIP preference manually.
Example
Specify the RIP preference as 20.
[3Com-rip] preference 20
reset
Syntax
reset
View
RIP view
Parameter
None
Description
Using the reset command, you can reset the system parameters of RIP.
When you need to re-configure parameters of RIP, this command can be used to
restore the default setting.
Example
Reset the RIP system.
[3Com-rip] reset
rip
Syntax
rip
undo rip
View
system view
580
Parameter
None
Description
Using the rip command, you can enable the RIP and enter the RIP view. Using the
undo rip command, you can cancel RIP.
By default, the system does not run RIP.
To enter the RIP view to configure various RIP global parameters, RIP should be
enabled first. Whereas the configuration of parameters related to the interfaces is
not restricted by enabling/disabling RIP.
The interface parameters configured previously would be invalid when RIP is
disabled.
Example
Enable the RIP and enter the RIP view.
[3Com] rip
[3Com-rip]
rip authentication-mode
Syntax
rip authentication-mode { { simple password } | { md5 { key-string key-string | key-id
key-id } } }
undo rip authentication-mode
View
Interface view
Parameter
simple: Simple text authentication mode.
password: Simple text authentication key, in character string format with 1 to 16
characters in simple text mode or 24 characters in cipher text mode.
md5: MD5 cipher text authentication mode.
key-string: MD5 cipher text authentication key, in character string format with 1 to
16 characters in simple text mode or 24 characters in cipher text mode.
key-id: MD5 cipher text authentication identifier, ranging from 1 to 255.
Description
Using the rip authentication-mode command, you can configure RIP-2
authentication mode and corresponding parameters. Using the undo rip
authentication-mode command, you can cancel the RIP-2 authentication.
RIP-1 does not support authentication. There are two RIP authentication modes:
simple text authentication and MD5 cipher text authentication. When MD5 cipher
text authentication mode is used, there are two types of packet formats. One of
them is described in RFC 1723, which was discussed earlier. The other format is
the one described specially in RFC 2082. The router supports both of the packet
formats and the user can select either of them.
581
rip authentication-mode
Syntax
rip authentication-mode md5 type { usual | nonstandard }
View
Interface view
Parameter
usual: Specifies the MD5 cipher text authentication packet to use the general
packet format (RFC1723 standard format).
nonstandard: Specifies the MD5 cipher text authentication packet to use a
nonstandard packet format described in RFC2082.
Description
Using the rip authentication-mode md5 type command, you can configure
md5 type of RIP-2 authentication
By default, use nonstandard type.
RIP-2 packets can be in the following two formats when MD5 authentication is
adopted: The earlier raised format is described in RFC1723, which is adopted by
Gated. Another format fits into RFC2082 standard, which is adopted by part of
the routers in the industry.
For the related commands, see rip authentication-mode and rip version.
Example
Set MD5 authentication at Serial0, and the packet type is "nonstandard".
[3Com] interface serial1/0/0
[3Com-Serial1/0/0] rip version 2
[3Com-Serial1/0/0] rip authentication-mode md5 type nonstandard
rip input
Syntax
rip input
undo rip input
View
Interface view
Parameter
None
582
Description
Using the rip input command, you can allow an interface to receive RIP packets.
Using the undo rip input command, you can cancel an interface from receiving
RIP packets.
By default, RIP packets at all interfaces (except loopback interface) can be
received..
This command is used in cooperation with the other two commands: rip output
and rip work. Functionally, rip work is equivalent to rip input & rip output. The
latter two control the receipt and the transmission of RIP packets respectively on
an interface. The former command equals the functional combination of the latter
two commands.
For the related command, see rip output and rip work.
Example
Specify the interface serial1/0/0 not to receive RIP packets.
[3Com-serial1/0/0] undo rip input
rip metricin
Syntax
rip metricin value
undo rip metricin
View
Interface view
Parameter
value: Additional route metric added when receiving a packet, ranging from 0 to
16. By default, the value is 1.
Description
Using the rip metricin command, you can configure the additional route metric
added to the route when an interface receives RIP packets. Using the undo rip
metricin command, you can restore the default value of this additional route
metric.
This command is valid for the routes distributed by the local network and other
routes imported by other routes. This command is invalid for the routes imported
by the local router.
For the related command, see rip metricout.
Example
Specify the additional route metric to 2 when the interface serial1/0/0 receives RIP
packets.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip metricin 2
rip metricout
Syntax
rip metricout value
undo rip metricout
583
View
Interface view
Parameter
value: Additional route metric added when transmitting a packet, ranging from 1
to 16. By default, the value is 1.
Description
Using the rip metricout command, you can configure the additional route metric
to the route when an interface transmits RIP packets. Using the undo rip
metricout command, you can restore the default value of this additional route
metric.
This command is valid for the routes distributed by the local network and other
routes imported by other routes. This command is invalid for the routes imported
by the local router.
For the related command, see rip metricin.
Example
Set the additional route metric to 2 when the interface serial1/0/0 transmits RIP
packets.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip metricout 2
rip output
Syntax
rip output
undo rip output
View
Interface view
Parameter
None
Description
Using the rip output command, you can configure an interface to transmit RIP
packets. Using the undo rip output command, you can cancel an interface to
transmit RIP packets.
By default, RIP packets at all interfaces (except loopback interface) can be
transmitted.
This command is used in cooperation with the other two commands: rip input and
rip work. Functionally, rip work is equivalent to rip input & rip output. The latter
two control the receipt and the transmission of RIP packets respectively on an
interface. The former command equals the functional combination of the latter
two commands.
For the related command, see rip input and rip work.
Example
Disable the interface serial1/0/0 to transmit RIP packets.
584
rip split-horizon
Syntax
rip split-horizon
undo rip split-horizon
View
Interface view
Parameter
None
Description
Using the rip split-horizon command, you can configure an interface to use split
horizon when transmitting RIP packets. Using the undo rip split-horizon
command, you can configure an interface not to use split horizon when
transmitting RIP packets.
By default, an interface is enabled to use split horizon when transmitting RIP
packets.
Normally, split horizon is necessary for reducing route loop. Only in some special
cases, split horizon should be disabled to ensure the correct execution of
protocols.
Example
Specify the interface serial1/0/0 not to use split horizon when processing RIP
packets.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] undo rip split-horizon
rip version
Syntax
rip version { 1| { 2 [ broadcast | multicast ] } }
undo rip version
View
Interface view
Parameter
1: Interface version is RIP-1.
2: Interface version is RIP-2. By default, multicast is used.
broadcast: Transmission mode of RIP-2 packet is broadcast.
multicast: Transmission mode of RIP-2 packet is multicast.
585
Description
Using the rip version command, you can configure the version of RIP packets on
an interface. Using the undo rip version command, you can restore the default
value of RIP packet version on the interface.
By default, the interface RIP version is RIP-1.
RIP-2 has 2 transmission modes: broadcast and multicast. Multicast is the default
mode. The multicast address in RIP-2 is 224.0.0.9. One of the advantages of
multicast mode is that the hosts that do not run RIP in this network will not receive
the broadcast packets. Additionally, hosts running RIP-1 will be prevented from
receiving and processing the RIP-2 routes with subnet masks.
When the interface specifies the use of RIP-1, only RIP-1 and RIP-2 broadcast
packets will be received. In this case, RIP-2 multicast packets will be rejected.
When the interface is specified to use RIP-2 multicast, only RIP-2 multicast packets
and RIP-2 broadcast packets will be received. In this case, RIP-1 packets will be
rejected.
Example
Configure the interface serial1/0/0 as RIP-2 broadcast mode.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip version 2 broadcast
rip work
Syntax
rip work
undo rip work
View
Interface view
Parameter
None
Description
Using the rip work command, you can enable RIP on an interface. Using the
undo rip work command, you can disable RIP on an interface.
By default, RIP is enabled on an interface.
This command is used in cooperation with rip input, rip output and network
commands.
For the related commands, see network, rip input, and rip output.
Example
Disable the interface serial1/0/0 to run the RIP.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] undo rip work
summary
Syntax
summary
undo summary
586
View
RIP view
Parameter
None
Description
Using the summary command, you can enable RIP-2 automatic route
summarization. Using the undo summary command, you can disable RIP-2
automatic route summarization.
By default, RIP-2 route summarization is enabled.
Route aggregation can be performed to reduce the routing traffic on the network
as well as to reduce the size of the routing table. If RIP-2 is used, route
summarization function can be disabled with the undo summary command, when
it is necessary to broadcast the subnet route.
RIP-1 does not support subnet mask. Forwarding subnet route may cause
ambiguity. Therefore, RIP-1 uses route summarization all the time. The undo
summary command is invalid for RIP-1.
For the related command, see rip version.
Example
Set RIP version on the interface serial1/0/0 as RIP-2 and disable the route
summarization function.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip version 2
[3Com-serial1/0/0] quit
[3Com] rip
[3Com-rip] undo summary
timers
Syntax
timers { update update-timer-length | timeout timeout-timer-length } *
undo timers { update | timeout } *
View
RIP view
Parameters
update-timer-length: Period update value, measured in seconds ranging from 1 to
3600. The default value is 30 seconds.
timeout-timer-length: Timeout value, measured in seconds ranging from 1 to
3600. The default value is 180 seconds.
Description
Using the timers command, you can modify value for the three timers, Period
update, Timeout and Garbage-collection, of RIP. Using the undo timers
command, you can restore the default setting.
587
The default values of timer Period update, Timeout and Garbage-collection are
respectively 30s, 180s and 120s.
Usually, the timing length of timer Garbage-collection is 3 times that of timer
Period update. However, in practice, an unreachable route will not be completely
deleted until the fourth update packet sent from the same neighbor is received. So
the actual timing length of timer Garbage-collection is as 3 to 4 times as that of
timer Period update. Additionally, the modification on timer Period update will
affect timer Garbage-collection.
The modified value of RIP timers will take effect immediately.
For the related command, see display rip.
Example
Set timer Period update to 10 seconds and timer Timeout to 30 seconds.
[3Com] rip
[3Com-rip] timers update 10 timeout 30
OSPF Configuration
Commands
abr-summary
Syntax
abr-summary ip-address mask [ advertise | not-advertise ]
undo abr-summary ip-address mask
View
OSPF area view
Parameter
ip-address: Network segment address.
mask: Network mask.
Advertise: Advertises only the summarized route.
Notadvertise: Suppresses the advertisement of the routes in the matched range.
Description
Using the abr-summary command, you can configure the route aggregation on
the area border router (ABR). Using the undo abr-summary command, you can
cancel the function of route aggregation on the area border router.
By default, the area border router doesnt aggregate routes.
This command is applicable only to the ABR and is used for the route aggregation
in an area. The ABR only transmits an aggregated route to other areas. Route
aggregation refers to that the routing information is processed in the ABR and for
each network segment configured with route aggregation, there is only one route
transmitted to other areas. An area can configure multiple aggregation network
segments. Thus OSPF can aggregate various network segments together.
588
Example
Aggregate the routes in the two network segments, 36.42.10.0 and 36.42.110.0,
of OSPF area 1 into one route 36.42.0.0 and transmit it to other areas.
[3Com-ospf-1] area 1
[3Com-ospf-1-area-0.0.0.1] network 36.42.10.0 0.0.0.255
[3Com-ospf-1-area-0.0.0.1] network 36.42.110.0 0.0.0.255
[3Com-ospf-1-area-0.0.0.1] abr-summary 36.42.0.0 255.255.0.0
area
Syntax
area area-id
undo area area-id
View
OSPF view, OSPF area view
Parameter
area-id: ID of the OSPF area, which can be a decimal integer (ranging from 0 to
4294967295) or in IP address format.
Description
Using the area command, you can enter OSPF area view. Using the undo area
command, you can cancel the designated area.
Example
Enter area 0 view.
[3Com-ospf-1] area 0
[3Com-ospf-1-area-0.0.0.0]
asbr-summary
Syntax
asbr-summary ip-address mask [ not-advertise | tag value ]
undo asbr-summary ip-address mask [ not-advertise | tag value ]
View
OSPF view
Parameter
ip-address: Matched IP address in dotted decimal notation.
mask: IP address mask in dotted decimal notation.
not-advertise: Not advertises routes matching the specified IP address and mask.
Aggregated route will be advertised without this parameter.
tag-value: Control advertisement of routes via Route-policy. It is in the range from
0 to 4294967295. If it is not specified, it is 1 by default.
589
Description
Using the asbr-summary command, you can configure summarization of
imported routes by OSPF. Using the undo asbr-summary command, you can
cancel the summarization.
By default, summarization of imported routes is disabled.
After the summarization of imported routes is configured, if the local router is an
autonomous system border router (ASBR), this command summarizes the
imported Type-5 LSAs in the summary address range. When NSSA is configured,
this command will also summarize the imported Type-7 LSAs in the summary
address range.
If the local router acts as both an ABR and a switch router in the NSSA, this
command summarizes Type-5 LSAs transformed from Type-7 LSAs. If the router is
not the router in the NSSA, the summarization is disabled.
For the related command, see display ospf asbr-summary.
Example
Set summarization of 3Com imported routes.
[3Com-ospf-1] asbr-summary 10.2.0.0 255.255.0.0 not-advertise
authentication-mode
Syntax
authentication-mode [ simple | md5 ]
undo authentication-mode
View
OSPF area view
Parameter
simple: Simple text authentication mode.
md5: MD5 cipher text authentication mode.
Description
Using the authentication-mode command, you can configure one area of OSPF
to support the authentication attribute. Using the undo authentication-mode
command, you can cancel the authentication attribute of this area.
By default, an area does not support authentication attribute.
All the routers in one area must use the same authentication mode (no
authentication, supporting simple text authentication or MD5 cipher text
authentication). If the mode of supporting authentication is configured, all routers
on the same segment must use the same authentication key. To configure a simple
text authentication key, use the ospf authentication-mode simple command.
And, use the ospf authentication-mode md5 command to configure the MD5
cipher text authentication key if the area is configured to support MD5 cipher text
authentication mode.
For the related command, see ospf authentication-mode.
590
Example
Enter area 0 view.
[3Com-ospf-1] area 0
Specify the OSPF area 0 to support MD5 cipher text authentication.
[3Com-ospf-1-area-0.0.0.0] authentication-mode md5
debugging ospf
Syntax
debugging ospf [ process-id ] { event | { packet [ ack | dd | hello | request | update ] } |
lsa-generate | spf | te }
undo debugging ospf [ process-id ] { event | { packet [ ack | dd | hello | request | update ]
} | lsa-generate | spf | te }
View
User view
Parameter
process-id: OSPF process number. If no process number is specified, all the process
debugging is enabled or disabled.
event: Enables OSPF event information debugging.
packet: Enables OSPF packet information debugging. There are five sorts of
packets in OSPF as follows:
ack: LSAck packet.
dd: Database Description packet.
hello: Hello message.
request: Link State Request packet.
update: Link State Update packet.
Lsa-generate: Enables OSPF LSA packet information debugging.
spf: Enables the debugging of the calculation of the OSPF shortest-path tree.
te: Enables the debugging of OSPF TE.
Description
Using the debugging ospf command, you can enable OSPF debugging. Using
the undo debugging ospf command, you can disable the function.
In OSPF multi-process, using debugging command, you can enable the
debugging of all the process simultaneously or one of the processes only.
If no process number is specified in the debugging command, the command is
valid to all the processes. And it keeps the state during the router running period
no matter OSPF process exits or not. In this way, the execution of this command
will enable/disable each enabled OSPF debugging. At the same time, the
debugging specified by this command will be enabled automatically when new
OSPF is enabled.
591
default cost
Syntax
default cost value
undo default cost
View
OSPF view
Parameter
value: Default routing cost of external route imported by OSPF, ranging from 0 to
16777214. By default, its value is 1.
Description
Using the default cost command, you can configure the default cost for OSPF to
import external routes. Using the undo default cost command, you can restore
the default value of the default routing cost configured for OSPF to import
external routes.
Since OSPF can import external routing information and propagate it to the entire
autonomous system, it is necessary to specify the default routing cost for the
protocol to import external routes.
If multiple OSPFs are enabled, the command is valid to this process only.
Example
Specify the default routing cost for OSPF to import external routes as 10.
[3Com-ospf-1] default cost 10
default interval
Syntax
default interval seconds
undo default interval
View
OSPF view
Parameter
seconds: Default interval for importing external routes. Its unit is second and the
value ranges from 1 to 2147483647. By default, the interval for OSPF to import
external routes is 1 second.
592
Description
Using the default interval command, you can configure the default interval for
OSPF to import external routes. Using the undo default interval command, you
can restore the default value of the default interval of importing external routes.
Because OSPF can import the external routing information and broadcast it to the
entire autonomous system, it is necessary to specify the default interval for the
protocol to import external routes.
Example
Specify the default interval for OSPF to import external routes as 10 seconds.
[3Com-ospf-1] default interval 10
default limit
Syntax
default limit routes
undo default limit
View
OSPF view
Parameter
routes: Default value to the imported external routes in a unit time, ranging from
200 to 2147483647. By default, the value is 1000.
Description
Using the default limit command, you can configure default value of maximum
number of imported routes. Using the undo default limit command, you can
restore the default value.
OSPF can import external route information and broadcast them to the whole
autonomous system, so it is necessary to regulate the default value of external
route information imported in one process.
For the related command, see default interval.
Example
Specify the default value of OSPF importing external routes as 200.
[3Com-ospf-1] default limit 200
default tag
Syntax
default tag tag
undo default tag
View
OSPF view
Parameter
tag: Default tag, ranging from 0 to 4294967295.
593
Description
Using the default tag command, you can configure the default tag of OSPF when
it redistributes an external route. Using the undo default tag command, you can
restore the default tag of OSPF when it redistributes the external route.
When OSPF redistributes a route found by other routing protocols in the router
and uses it as the external routing information of its own autonomous system,
some additional parameters are required, including the default cost and the
default tag of the route.
For the related command, see default type.
Example
Set the default tag of OSPF imported external route of the autonomous system as
10.
[3Com-ospf-1] default tag 10
default type
Syntax
default type { 1 | 2 }
undo default type
View
OSPF view
Parameter
type 1: External routes of type 1.
type 2: External routes of type 2.
Description
Using the default type command, you can configure the default type when OSPF
redistributes external routes. Using the undo default type command, you can
restore the default type when OSPF redistributes external routes.
By default, the external routes of type 2 are imported.
OSPF specifies the two types of external routing information. The command
described in this section can be used to specify the default type when external
routes are imported.
For the related command, see default tag.
Example
Specify the default type as type 1 when OSPF imports an external route.
[3Com-ospf-1] default type 1
default-cost
Syntax
default-cost value
undo default-cost
View
OSPF area view
594
Parameter
value: Specifies the cost value of the default route transmitted by OSPF to the
STUB or NSSA area, ranging from 0 to 16777214. The default value is 1.
Description
Using the default-cost command, you can configure the cost of the default route
transmitted by OSPF to the STUB or NSSA area. Using the undo default-cost
command, you can restore the cost of the default route transmitted by OSPF to
the STUB or NSSA area to the default value.
This command is applicable for the border routers connected to STUB or NSSA
area.
The stub and default-cost commands are necessary in configuring STUB area. All
the routers connected to STUB area must use stub command to configure the
stub attribute to this area. Using the default-cost command, you can specify the
cost of the default route transmitted by ABR to STUB or NSSA area.
This command is only valid for this process if multiple OSPF processes are enabled.
For the related commands, see stub and nssa.
Example
Set the area 1 as the STUB area and the cost of the default route transmitted to
this STUB area to 60.
[3Com-ospf-1] area 1
[3Com-ospf-1-area-0.0.0.1] network 20.0.0.0 0.255.255.255
[3Com-ospf-1-area-0.0.0.1] stub
[3Com-ospf-1-area-0.0.0.1] default-cost 60
default-route-advertise
Syntax
default-route-advertise [ always ] [ cost cost-value ] [ type type-value ] [ route-policy
route-policy-name ]
undo default-route-advertise [ always ] [ cost ] [ type ] [ route-policy ]
View
OSPF view
Parameter
always: Only available for the ASBR. If the parameter is selected, a default route
which is advertised via LSAs will be generated no matter whether there is a default
route in the routing table. For the ASBR in an general area, the default route is
advertised via Type-5 LSA, while in NSSA, the default route is advertised via Type-7
LSA.
cost-value: Cost value of this LSA. The cost-value ranges from 0 to 16777214. The
default value is 1.
type-value: Cost type of this LSA. It ranges from 1 to 2. The default value is 2.
route-policy-name: If the default route matches the route-policy specified by
route-policy-name, route-policy will affect the value in LSA. The length of
route-policy-name parameter ranges from 1 to 19 character.
595
Description
Using the default-route-advertise command, you can make the system
generate a default route to OSPF area. Using the undo default-route-advertise
command, you can cancel generation of a default route.
By default, OSPF does not generate default route.
Using the default-route-advertise command at ABR, you can generate a default
route which is advertised via the Type-5 LSA or Type-7 LSA no matter whether
there is a default route in the routing table.
An OSPF router after the default-route-advertise command is executed will
become an ASBR, as is similar to executing the import-route command on an OSPF
router. But you cannot import the default route into the OSPF area with the
import-route command.
In addition, the default-route-advertise command is not available for the Stub
area. For the ABR or ASBR in NSSA, the default-route-advertise command is
equivalent to the nssa default-route-advertise command in terms of effect.
This command is valid for the current process only if multiple OSPF processes are
enabled.
For the related commands, see import-route and nssa.
Example
If local route has default route, the LSA of default route will be generated,
otherwise it wont be generated.
[3Com-ospf-1] default-route-advertise
The LSA of default route will be generated and advertised to OSPF route area
even the local router has no default route.
[3Com-ospf-1] default-route-advertise always
Syntax
display debugging ospf
View
Any view
Description
Using the display debugging ospf command, you can view the global OSPF
debugging state and each process debugging state.
For the related command, see debugging ospf.
Example
View the global OSPF debugging state and each process debugging state.
<3Com> display debugging ospf
OSPF global debugging state:
OSPF SPF debugging is on
OSPF LSA debugging is on
OSPF process 100 debugging state:
OSPF SPF debugging is on
OSPF process 200 debugging state:
596
Syntax
display ospf abr-asbr
View
Any view
Parameter
None
Description
Using the display ospf abr-asbr command, you can view the information about
the Area Border Router (ABR) and Autonomous System Border Router (ASBR) of
OSPF.
Example
Display the information of the OSPF ABR and ASBR.
<3Com> display ospf abr-asbr
Routing Table to ABR and ASBR
Destination
Area
Cost Type Nexthop Interface
Intra 1.2.3.9
0.0.0.0
1
ASBR 1.2.3.9 Ethernet2/0/0
display ospf
asbr-summary
Syntax
display ospf asbr-summary [ ip-address mask ]
View
Any view
Parameter
ip-address: Matched IP address, in dotted decimal notation.
mask: IP address mask in dotted decimal notation.
Description
Using the display ospf asbr-summary command, you can view the summary
information of OSPF imported routes.
If the parameters are not configured, the summary information of all imported
routes will be viewed.
For the related command, see asbr-summary.
Example
Display the summary information of all OSPF imported routes.
<3Com> display ospf asbr-summary
Total summary address count: 2
Summary Address
net
: 168.10.0.0
mask : 255.254.0.0
597
tag
:1
status : Advertise
The Count of Route is 0
Summary Address
net
: 1.1.0.0
mask : 255.255.0.0
tag
: 100
status : DoNotAdvertise
The Count of Route is 0
Syntax
display ospf [ process-id ] brief
View
Any view
Parameter
process-id: Process number of OSPF. If no process number is specified, this
command displays the main information of all OSPF processes in configuration
sequence.
Description
Using the display ospf brief command, you can view the summary of OSPF.
Example
Display the OSPF summary.
<3Com> display ospf brief
RouterID: 3.3.3.3 Border Router: Area
spf-schedule-interval: 5
Routing preference: Inter/Intra: 10 External: 150
Default ASE parameters: Metric: 1 Tag: 0.0.0.1 Type: 2
SPF computation count: 13
Area Count: 2 Nssa Area Count: 0
Area 0.0.0.0:
Authtype: none Flags: <>
SPF scheduled: <>
Interface: 20.0.0.2 (Ethernet1/0/0)
Cost: 1 State: BackupDR Type: Broadcast
Priority: 1
Designated Router: 20.0.0.1
Backup Designated Router: 20.0.0.2
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
Interface: 30.0.0.1 (Ethernet2/0/0)
Cost: 1 State: DR Type: Broadcast
Priority: 1
Designated Router: 30.0.0.1
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
Area 0.0.0.1:
Authtype: none Flags: <Transit>
SPF scheduled: <>
Interface: 40.0.0.1 (LoopBack0) --> 40.0.0.1
Cost: 1562 State: P To P Type: PointToPoint
Priority: 1
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
598
Syntax
display ospf cumulative
View
Any view
Parameter
None
Description
Using the display ospf cumulative command, you can view the OSPF cumulative
information.
Example
Display the OSPF cumulative information.
<3Com> display ospf cumulative
IO Statistics
Type
InputOutput
Hello
225
437
DB Description78 86
Link-State Req18 18
Link-State Update 4853
Link-State Ack25 21
ASE: 1 Checksum Sum: FCAF
LSAs originated by this router
Router: 50SumNet: 40SumASB: 2
LSAs Originated: 92 LSAs Received: 33
Area 0.0.00.0:
Neighbors: 1 Interfaces: 1
Spf: 54 Checksum Sum F020
rtr: 2 net: 0 sumasb: 0 sumnet: 1
Area 0.0.0.1:
Neighbors: 0 Interfaces: 1
Spf: 19 Checksum Sum 14EAD
rtr: 1 net: 0sumasb: 1sumnet: 1
Routing Table:
Intra Area: 2 Inter Area: 0ASE: 1
Syntax
display ospf error
599
View
Any view
Parameter
None
Description
Using the display ospf error command, you can view the statistics of error
information which OSPF received.
Example
Display the statistics of error information which OSPF received .
<3Com> display ospf error
OSPF packet error statistics:
0: IP: received my own packet0: OSPF: bad packet type
0: OSPF: bad version0: OSPF: bad checksum
0: OSPF: bad area id0: OSPF: area mismatch
0: OSPF: bad virtual link0: OSPF: bad authentication type
0: OSPF: bad authentication key 0: OSPF: packet too small
0: OSPF: packet size > ip length 0: OSPF: transmit error
0: OSPF: interface down0: OSPF: unknown neighbor
0: HELLO: netmask mismatch0: HELLO: hello timer mismatch
0: HELLO: dead timer mismatch0: HELLO: extern option mismatch
0: HELLO: router id confusion0: HELLO: virtual neighbor unknown
0: HELLO: NBMA neighbor unknown 0: DD: neighbor state low
0: DD: router id confusion0: DD: extern option mismatch
0: DD: unknown LSA type 0: LS ACK: neighbor state low
0: LS ACK: bad ack0: LS ACK: duplicate ack
0: LS ACK: unknown LSA type 0: LS REQ: neighbor state low
0: LS REQ: empty request0: LS REQ: bad request
0: LS UPD: neighbor state low0: LS UPD: newer self-generate LSA
0: LS UPD: LSA checksum bad0: LS UPD:received less recent LSA
0: LS UPD: unknown LSA type
0: OSPF routing: next hop not exist
0: DD: MTU option mismatch
Syntax
display ospf interface [ interface-type port-number ]
View
Any view
Parameter
interface-type: Interface type
port-number: Interface number.
Description
Using the display ospf interface command, you can view the OSPF interface
information.
Example
Display the OSPF ethernet2/0/0 interface information.
600
Syntax
display ospf [ area-id ] lsdb [ brief ] [ asbr | ase | network | nssa | opaque | router |
summary ] [ ip-address ] [ originate-router ip-address ] [ self-originate ]
View
Any view
Parameter
area-id: ID of the OSPF area, represented by decimal integer ranging from 0 to
4294967295 or in IP address format.
brief: Brief database information.
asbr: Database information of Type-4 LSA (summary-Asbr-LSA).
ase: Database information of Type-5 LSA (AS-external-LSA).
network: Database information of Type-2 LSA (Network-LSA).
nssa: Database information of Type-7 LSA (NSSA-external-LSA)
opaque: Database information of Opaque LSA.
router: Database information of Type-1 LSA (Router-LSA)
summary: Database information of Type-3 LSA (Summary-Net-LSA)
ip-address: Link state ID in IP address format.
originate-router ip-address: IP address of the router advertising LSA packet.
self-originate: Database information of self-originated LSA generated by local
router..
Description
Using the display ospf lsdb command, you can view the database information
about OSPF connecting state.
Example
Display the database information about OSPF connecting state.
<3Com> display ospf lsdb
OSPF Process 1 with Router ID 123.1.1.1
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter
Age Len Sequence
Rtr 1.1.1.1
1.1.1.1
563 36 80000008
Net 1.1.1.2
123.1.1.1
595 32 80000001
AS External Database:
Type LinkState ID AdvRouter
Age Len Sequence
ASE 1.1.0.0
1.1.1.1
561 36 80000001
ASE 123.1.1.1
1.1.1.1
561 36 80000001
Metric Where
0 SpfTree
0 SpfTree
Metric Where
1 Uninitialized
1 Uninitialized
601
602
Syntax
display ospf nexthop
View
Any view
Parameter
None
Metric Where
0 SpfTree
1 Inter List
Metric Where
0 SpfTree
1 Inter List
1 SumAsb List
Metric Where
2 Ase List
1 Ase List
603
604
Description
Using the display ospf nexthop command, you can view the information about
the next-hop
Example
Display the OSPF next-hop information.
<3Com> display ospf nexthop
Address
Type Refcount Intf Addr
Intf Name
--------------------------------------------------------------------202.38.160.1Direct 3202.38.160.1 Interface serial2/0/0
202.38.160.2Neighbor 1202.38.160.1 Interface serial2/0/0
Syntax
display ospf peer [ brief ]
View
Any view
Parameter
brief: Brief information of neighbors in areas.
Description
Using the display ospf peer command, you can view the information about the
neighbors in OSPF areas.
Using the display ospf peer brief command, you can view the brief information
of neighbors in OSPF, mainly the neighbor number at all states in every area.
The display format of OSPF neighbor valid time is different according to the length
of time. Description is as follows:
Example
View the information of OSPF peer.
<3Com> display ospf peer
Area 0.0.0.0 interface 1.1.1.1(Serial2/0/0)'s neighbor(s)
RouterID: 1.1.1.3
Address: 1.1.1.3
State: Full Mode: Nbr is Master Priority: 1
DR: 1.1.1.3 BDR: 1.1.1.1
Dead timer expires in 31s
Neighbor is comes for 00:08:24
0.0.0.1
Total
display ospf
request-queue
0 0
0 0
0 0 0
0 0 0
0
0
0
0
605
1 1
2 2
Syntax
display ospf request-queue
View
Any view
Parameter
None
Description
Using the display ospf request-queue command, you can view the information
about the OSPF request-queue.
Example
View the information about the OSPF request-queue.
<3Com> display ospf request-queue
The Router's Neighbors is
RouterID: 103.160.1.1 Address: 103.169.2.5
Interface: 103.169.2.2 Area: 0.0.0.1
LSID:129.11.25.0
AdvRouter:103.160.1.1 Sequence:80000001
LSID:129.11.25.0
AdvRouter:103.160.1.1 Sequence:80000001
LSID:129.11.25.0
AdvRouter:103.160.1.1 Sequence:80000001
display ospf
retrans-queue
Age:201
Age:201
Age:201
Syntax
display ospf retrans-queue
View
Any view
Parameter
None
Description
Using the display ospf retrans-queue command, you can view the information
about the OSPF retransmission queue.
Example
View the information about the OSPF retransmission queue.
<3Com> display ospf retrans-queue
OSPF Process 200 with Router ID 103.160.1.1
Retransmit List
The Router's Neighbors is
RouterID: 162.162.162.162 Address: 103.169.2.2
Interface: 103.169.2.5 Area: 0.0.0.1
Retrans list:
Type: ASE LSID:129.11.77.0 AdvRouter:103.160.1.1
Type: ASE LSID:129.11.108.0 AdvRouter:103.160.1.1
606
Syntax
display ospf routing
View
Any view
Parameter
None
Description
Using the display ospf routing command, you can view the information about
OSPF routing table.
Example
View the routing table information related to OSPF.
<3Com> display ospf routing
Routing for Network
Destination
Cost Type NextHop
AdvRouter
Area
10.110.0.0/16
1 Net 10.110.0.1
10.110.0.1
0
30.110.0.0/16
1 Stub 30.110.0.1
3.3.3.3
0
Total Nets: 2
Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0
Syntax
display ospf vlink
View
Any view
Parameter
None
Description
Using the display ospf vlink command, you can view the information about
OSPF virtual links.
Example
View OSPF virtual links information.
<3Com> display ospf vlink
Virtual-link Neighbor-id -> 1.1.1.1, State: Down
Cost: 0 State: Down Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
filter-policy export
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ]
undo filter-policy {acl-number | ip-prefix ip-prefix-name} export [ routing-protocol ]
View
OSPF view
607
Parameter
acl-number: Access control list number.
ip-prefix-name Name of the address prefix list.
routing-protocol: Protocol advertising the routing information, including direct,
isis, bgp, rip and static at present.
Description
Using the filter-policy export command, you can configure rules for OSPF
filtering to advertised routing information. Using the undo filter-policy export
command, you can cancel the filtering rules that have been set.
By default, no filtering of the distributed routing information is performed.
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. Then, the filter-policy command can be used to
configure the filtering conditions for the routing information to be advertised.
Only the routing information passing the filtration can be advertised.
For the related commands, see acl and ip ip-prefix
Example
Configure OSPF that only advertises the routing information permitted by acl 1.
[3Com] acl number 1
[3Com-acl-basic-1] rule permit source 11.0.0.0 0.255.255.255
[3Com-acl-basic-1] rule deny source any
[3Com-ospf] filter-policy 1 export
filter-policy import
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name | gateway prefix-list-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name | gateway ip-prefix-name }
import
View
OSPF view
Parameter
acl-number: Access control list number used for filtering the destination addresses
of the routing information.
ip-prefix-name: Name of address prefix list used for filtering the destination
addresses of the routing information.
gateway ip-prefix-name: Name of address prefix list used for filtering the
addresses of the neighboring routers advertising the routing information.
Description
Using the filter-policy import command, you can configure the OSPF rules of
filtering the routing information received. Using the undo filter-policy import
command, you can cancel the filtering of the routing information received.
By default, no filtering of the received routing information is performed.
608
In some cases, it may be required that only the routing information meeting some
conditions can be received. Then, the filter-policy command can be used to set
the filtering conditions for the routing information to be advertised. Only the
routing information passed the filtration can be received.
Using the filter-policy import command, you can filter the routes calculated by
OSPF. Only the filtered routes can be added to the routing table. The filtering can
be performed according to the next hop and destination of the route.
Since OSPF is a dynamic routing protocol based on link state, its routing
information hides in the link state, this command cannot filter the
advertised/received routing information in link state. There is more limitation when
using this command in OSPF than using it in distance vector routing protocol.
This command is valid for this process only if multiple OSPF processes are enabled.
Example
Filter the received routing information according to the rule defined by the access
control list 2.
[3Com] acl number 2
[3Com-acl-basic-2] rule permit source 20.0.0.0 0.255.255.255
[3Com-acl-basic-2] rule deny source any
[3Com-ospf-1] filter-policy 2 import
import-route
Syntax
import-route protocol [ cost value ] [ type value ] [ tag value ] [ route-policy
route-policy-name ]
undo import-route protocol
View
OSPF view
Parameter
protocol: Specifies the source routing protocol that can be imported. At present,
it includes direct, rip, bgp, isis, static, ospf, ospf-ase, and ospf-nssa.
ospf process-id: Imports only the internal routes found by OSPF process-id as
external routing information. If no process number is specified, the OSPF default
process number 1 is used.
ospf-ase process-id: Imports only the ASE external routes found by OSPF
process-id as external routing information. If no process number is specified, the
OSPF default process number 1 is used.
ospf-nssa process-id: Imports only the NSSA external routes found by OSPF
process-id as external routing information. If no process number is specified, the
OSPF default process number 1 is used.
route-policy route-policy-name: Imports only the routes matching the specified
Route-policy.
609
Description
Using the import-route command, you can import the information of another
routing protocol. Using the undo import-route command, you can cancel the
imported external routing information.
By default, the routing information of other protocols is not imported.
Example
Specify an imported RIP route as the route of type 2, with the route tag as 33 and
the route cost as 50.
[3Com-ospf-1] import-route rip type 2 tag 33 cost 50
Specify OSPF process 100 to import the route found by OSPF 160.
[3Com-ospf-160] import-route ospf 160
network
Syntax
network ip-address wildcard
undo network ip-address wildcard
View
OSPF area view
Parameter
ip-address: Address of the network segment where the interface locates.
wildcard: IP address wildcard mask, which is similar to the reversed form of the
mask of IP address. But when configure this parameter, you can type it as mask of
IP address, it could be translated as wildcard mask by VRP system.
Description
Using the network command, you can configure the interface running OSPF.
Using the undo network command, you can cancel the interface running OSPF.
By default, the interface does not belong to any area.
To run the OSPF protocol on one interface, the master IP address of this interface
must be in the range of the network segment specified by this command. If only
the slave IP address of the interface is in the range of the network segment
specified by this command, this interface will not run OSPF protocol.
After OSPF multi-instance is configured, different OSPF processes are bound with
different VPN instances. The network addresses between different processes can
be the same or inclusive. But for the same VPN instance, the network addresses
between different OSPF processes cannot be the same or inclusive. Otherwise, the
later configured command cannot be valid and the following will be displayed:
Network already set in OSPF process xx, that is, if network 10.1.0.0 0.0.255.255 is
enabled in process 100, network 10.1.0.0 0.0.255.255, network 10.1.1.0
0.0.0.255 or network 10.0.0.0 0.255.255.255 will fail to be enabled in other
OSPF processes.
CAUTION: OSPF configuration can only enable the interfaces that belong to the
same VPN instance.
610
Enable OSPF process 100 on the router and specify the number of the area where
the interface is located as 2.
[3Com] router id 10.110.1.9
[3Com] ospf 100
[3Com-ospf-100] area 2
[3Com-ospf-100-area-0.0.0.2] network 131.108.20.0 0.0.0.255
Enable OSPF process 200 on the router and specify the number of the area where
the interface is located as 1.
[3Com] ospf 200 vpn-instance vpn1
[3Com-ospf-200] area 1
[3Com-ospf-200-area-0.0.0.1] network 131.108.20.0 0.0.0.255
Enable OSPF process 300 on the router and specify the number of the area where
the interface is located as 2.
[3Com] ospf 300 vpn-instance vpn1
[3Com-ospf-300] area 2
[3Com-ospf-300-area-0.0.0.2] network 131.108.20.0 0.0.0.255
Network already set in OSPF process 200
nssa
Syntax
nssa [ default-route-advertise ] [ no-import-route ] [ no-summary ]
undo nssa
View
OSPF area view
Parameter
default-route-advertise: Only available for the NSSA ABR or ASBR. When using the
parameter at NSSA ABR, you can generate Type-7 LSAs for the default route no
matter whether there exists the default route 0.0.0.0 in the routing table. When
using the parameter at NSSA ASBR, you can generate Type-7 LSAs for the default
route only if there exists the default route 0.0.0.0 in the routing table.
611
opaque-capability
Syntax
opaque-capability enable
undo opaque-capability
View
OSPF view
Parameter
None
Description
Using the opaque-capability enable command, you can enable the Opaque
capability of OSPF. Using the undo opaque-capability command, you can disable
the Opaque capability of OSPF.
CAUTION: By default, Opaque capability of OSPF is enabled.
If the application based on Opaque LSA is enabled, for example, the area TE
capability is enabled, the Opaque capability cannot be disabled.
Example
Enable Opaque capability.
[3Com-ospf-100] opaque-capability enable
ospf
Syntax
ospf [ process-id ]
undo ospf [ process-id ]
612
View
System view
Parameter
process-id: Number of OSPF. If no process number is specified, the default number
1 is used.
Description
Using the ospf command, you can enable the OSPF protocol. Using the undo
ospf command, you can disable the OSPF protocol.
After enabling OSPF protocol, the user can make the corresponding configuration
in OSPF view.
By default, the system does not run the OSPF protocol.
VRP supports OSPF multi-process. Multiple OSPF processes can be enabled by
specifying different process numbers on a router.
It is suggested that user should specify router-id with parameter router-id when
enabling OSPF. Different router-ids should be specified for different processes if
multiple processes are enabled on the router.
For the related command, see network.
Example
Enable the running of the OSPF protocol.
[3Com] router id 10.110.1.8
[3Com] ospf
ospf
authentication-mode
Syntax
ospf authentication-mode { simple password | md5 key-id key }
undo ospf authentication-mode { simple | md5 }
View
Interface view
Parameter
simple password: Character string not exceeding 8 characters using simple text
authentication.
key-id: ID of the authentication key in MD5 cipher text authentication mode in the
range from 1 to 255.
key: MD5 authentication key. If it is input in a simple form, MD5 key is a character
string of 1 to 16 characters. And it will be displayed in a cipher text form in a
613
ospf cost
Syntax
ospf cost value
undo ospf cost
View
Interface view
Parameter
value: Cost for running OSPF protocol, ranging from 1 to 65535.
Description
Using the ospf cost command, you can configure different packet sending costs
so as to send packets from different interfaces. Using the undo ospf cost
command, you can restore the default costs.
By default, the interface automatically calculates the costs required for running
OSPF protocol according to the current Baud rate.
Example
Specify the cost spent when an interface runs OSPF as 33.
[3Com] interface serial1/0/0
[3Com-Serial1/0/0] ospf cost 33
614
ospf dr-priority
Syntax
ospf dr-priority value
undo ospf dr-priority
View
Interface view
Parameter
value: Interface priority for electing the "designated router", ranging from 0 to
255. By default, the value is 1.
Description
Using the ospf dr-priority command, you can configure the priority for electing
the "designated router" on an interface. Using the undo ospf dr-priority
command, you can restore the default value.
Interface priority determines the interface qualification when electing the
designated router. The interface with high priority is considered first when there
is collision in election.
Example
Set the priority of the interface Ethernet1/0/0 to 8, when electing the DR.
[3Com] interface Ethernet1/0/0
[3Com-Ethernet1/0/0] ospf dr-priority 8
ospf mib-binding
Syntax
ospf mib-binding process-id
undo ospf mib-binding
View
System view
Parameter
process-id: Number of OSPF process.
Description
Using the ospf mib-binding command, MIB operation can be bound on the
specified OSPF process. Using the undo ospf mib-binding command, you can
restore the default configuration.
MIB operation is always bound on the first process enabled by OSPF protocol.
Using the this command, MIB operation can be bound on other OSPF processes.
Using the undo ospf mib-binding command, you can cancel the binding
configuration. MIB operation is rebound automatically by OSPF protocol on the
first enabled process.
By default, MIB operation is bound on the first enabled OSPF process.
Example
Bind MIB operation on OSPF process 100.
615
ospf mtu-enable
Syntax
ospf mtu-enable
undo ospf mtu-enable
View
Interface view
Parameter
None
Description
Using the ospf mtu-enable command, you can enable the interface to write MTU
value when sending DD packets. Using the undo ospf mtu-enable command,
you can restore the default settings.
By default, the MTU value is 0 when sending DD packets, i.e. the actual MTU value
of the interface is not written.
Database Description Packets (DD packets) are used to describe its own LSDB
when the router running OSPF protocol is synchronizing the database.
The default MTU value of DD packet is 0. With this command, the specified
interface can be set manually to write the MTU value area in DD packets when
sending DD packets, i.e. the actual MTU value of the interface is written in.
Example
Set interface Ethernet1/0/0 to write MTU value area when sending DD packets.
[3Com] interface Ethernet1/0/0
[3Com-Ethernet1/0/0] ospf mtu-enable
ospf network-type
Syntax
ospf network-type { broadcast | nbma | p2mp | p2p }
undo ospf network-type
View
Interface view
Parameter
broadcast: Changes the interface network type to broadcast.
nbma: Changes the interface network type to Non-Broadcast Multicast Access.
p2mp: Changes the interface network type to point-to-multipoint.
p2p: Changes the interface network type to point-to-point.
616
Description
Using the ospf network-type command, you can configure the network type of
OSPF interface. Using the undo ospf network-type command, you can restore
the default network type of the OSPF interface.
OSPF divides networks into four types by link layer protocol:
If there is a router not supporting multicast address on the broadcast network, the
interface network type can be changed to NBMA. The interface network type can
also be changed from NBMA to broadcast.
A network that can be called an NBMA network or can be changed to a broadcast
network should satisfy the following condition: there is a virtual circuit directly
connects any two routers on the network. In other words, the network is
full-meshed. If the network cannot satisfy this condition, the interface network
type must be changed to point-to-multipoint. In this way, these two routers can
exchange routing information via a router directly connected with the two routers.
If there are only two routers running OSPF protocol on the same network
segment, the interface network type can be changed to point-to-point.
Note: When the network type of an interface is NBMA or it is changed to NBMA
manually, the peer command must be used to configure the neighboring point.
For the related command, see ospf dr-priority.
Example
Set the interface serial1/0/0 to NBMA type.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf network-type nbma
Syntax
ospf timer dead seconds
undo ospf timer dead
View
Interface view
617
Parameter
seconds: Dead interval of the OSPF neighbor. It is in second and ranges from 1 to
65535.
Description
Using the ospf timer dead command, you can configure the dead interval of the
OSPF neighbor. Using the undo ospf timer dead command, you can restore the
default value of the dead interval of the neighbor.
By default, the dead interval for the OSPF neighbors of p2p and broadcast
interfaces is 40 seconds, and for those of p2mp and nbma interfaces is 120
seconds.
The dead interval of OSPF neighbors means that within this interval, if no Hello
message is received from the neighbor, the neighbor will be considered to be
invalid. The value of dead seconds should be at least 4 times of that of the Hello
seconds. The dead seconds for the routers on the same network segment must be
identical.
For the related command, see ospf timer hello.
Example
Set the neighbor dead interval on the interface serial1/0/0 to 80 seconds.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf timer dead 80
Syntax
ospf timer hello seconds
undo ospf timer hello
View
Interface view
Parameter
seconds: Interval in seconds for an interface to transmit hello message. It ranges
from 1 to 255.
Description
Using the ospf timer hello command, you can configure the interval for
transmitting Hello messages on an interface. Using the undo ospf timer hello
command, you can restore the default value.
By default, the interval is 10 seconds for an interface of p2p or broadcast type to
transmit Hello messages, and 30 seconds for an interface of nbma or p2mp type.
For the related command, see ospf timer dead.
Example
Configure the interval of transmitting Hello packets on the interface serial1/0/0 to
20 seconds.
[3Com] interface serial1/0/0
618
Syntax
ospf timer poll seconds
undo ospf timer poll
View
Interface view
Parameter
seconds: Specifies the poll Hello messages interval, ranging from 1 to 65535 and
measured in seconds. By default, the value is 120 seconds.
Description
Using the ospf timer poll command, you can configure the poll Hello message
interval on nbma and p2mp network. Using the undo ospf timer poll command,
you can restore the default value.
On the nbma and p2mp network, if a neighbor is invalid, the Hello message will
be transmitted regularly according to the poll seconds. You can configure the poll
seconds to specify how often the interface transmits Hello message before it
establishes adjacency with the adjacent router. The value of poll seconds should be
no less than 3 times of that of Hello seconds.
Example
Configure to transmit poll Hello message from interface serial2/0/0 every 130
seconds.
[3Com-serial2/0/0] ospf timer poll 130
Syntax
ospf timer retransmit interval
undo ospf timer retransmit
View
Interface view
Parameter
interval: Interval in seconds for re-transmitting LSA on an interface. It ranges from
1 to 65535.The default value is 5 seconds.
Description
Using the ospf timer retransmit command, you can configure the interval for
LSA re-transmitting on an interface. Using the undo ospf timer retransmit
command, you can restore the default interval value for LSA re-transmitting on the
interface.
If a router running OSPF transmits a "link state advertisement"(LSA) to the peer, it
needs to wait for the acknowledgement packet from the peer. If no
acknowledgement is received from the peer within the LSA retransmission, this
LSA will be re-transmitted. According to RFC2328, the LSA retransmission
619
between adjacent routers should not be set too short. Otherwise, unexpected
retransmission will be caused.
Example
Specify the retransmission for LSA transmitting between the interface serial1/0/0
and the adjacent routers to 12 seconds.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf timer retransmit 12
ospf trans-delay
Syntax
ospf trans-delay seconds
undo ospf trans-delay
View
Interface view
Parameter
seconds: Transmitting delay of LSA on an interface. It is in seconds and ranges
from 1 to 3600. By default, the value is 1 second.
Description
Using the ospf trans-delay command, you can configure the LSA transmitting
delay on an interface. Using the undo ospf trans-delay command, you can
restore the default value of the LSA transmitting delay on an interface.
LSA will age in the "link state database" (LSDB) of the router as time goes by (add
1 for every second), but it will not age during network transmission. Therefore, it is
necessary to add a period of time set by this command to the aging time of LSA
before transmitting it.
Example
Specify the trans-delay of transmitting LSA on the interface serial1/0/0 as 3
seconds.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf trans-delay 3
peer
Syntax
peer ip-address [ dr-priority dr-priority-number ]
undo peer ip-address
View
OSPF view
Parameter
ip-address: IP address of the neighboring point.
dr-priority-number: Represents the corresponding value of the network neighbor
priority, being an integer ranging from 0 to 255. The default value is 1.
620
Description
Using the peer command, you can configure the IP address of adjacent routers
and specify a DR priority on an NBMA network. Using the undo peer command,
you can cancel the configuration.
On the frame relay network, a full-meshed network (i.e. there is a VC directly
connecting any two routers on the network) can be implemented by configuring
map. Thus OSPF can perform in the same way in the frame relay network as in the
broadcast network (such as electing DR and BDR). However, the IP address of
adjacent routers and their election rights must be configured manually for the
interface because adjacent routers cannot be found dynamically by advertising
Hello messages.
Example
Configure the IP address of peer router as 10.1.1.1.
[3Com-ospf-1] peer 10.1.1.1
preference
Syntax
preference [ ase ] value
undo preference [ ase ]
View
OSPF view
Parameter
value: OSPF protocol route preference, ranging from 1 to 255.
ase: Preference of an imported external route of the AS.
Description
Using the preference command, you can configure the preference of an OSPF
protocol route. Using the undo preference command, you can restore the
default value of the OSPF protocol route.
By default, the preference of an OSPF protocol internal route is 10 and the
preference of an external route is 150.
Because multiple dynamic routing protocols could be running on a router, there is
the problem of routing information sharing among routing protocols and
selection. Therefore, a default preference is specified for each routing protocol.
When multiple routes to the same destination are found by different routing
protocols, the route found by high preference routing protocol will be selected to
forward IP packets.
Example
Specify the preference of an external imported route of the AS as 160.
[3Com-ospf-1] preference ase 160
reset ospf
Syntax
reset ospf [ statistics ] { all | process-id }
621
View
User view
Parameter
statistics: Resets statistics of the OSPF process.
process-id: OSPF process number. If no OSPF process number is specified, all the
OSPF processes should be reset.
all: Resets all the OSPF processes.
Description
Using the reset ospf all command, you can reset all the OSPF processes. Using
the parameter of statistics to reset statistics about OSPF.
The reset ospf process-id command can be used to reset the specified process
and clear statistics data. Using the parameter of statistics to reset statistics about
OSPF.
Using the reset ospf command to reset the OSPF process, the following results
are expected:
After OSPF process is restarted, new routes and LSA will be generated
correspondingly and LSA will be advertised.
The system will require the user to confirm whether to re-enable the OSPF
protocol after execution of the command.
Example
Reset all the OSPF processes
<3Com> reset ospf all
router id
Syntax
router id router-id
undo router id
View
System view
622
Parameter
router-id: Router ID that is a 32-bit unsigned integer.
Description
Using the router id command, you can configure the ID of a router running the
OSPF protocol. Using the undo router id command, you can cancel the router ID
that has been configured.
By default, no router ID is configured.
Router ID is a 32-bit unsigned integer that uniquely identifies a router in an OSPF
autonomous system. If the router ID specified, the configurations of OSPF can not
be set.
When the router ID is configured manually, the IDs of any two routers cannot be
identical in the autonomous system. So, the IP address of certain interface might
as well be selected as the ID of this router.
The modified router ID will not be valid unless OSPF is re-enabled.
For the related command, see ospf.
Example
Set the router ID to 10.1.1.3.
[3Com] router id 10.1.1.3
silent-interface
Syntax
silent-interface interface-type interface-number
undo silent-interface interface-type interface-number
View
OSPF view
Parameter
interface-type: Specifies the interface type
interface-number: Specifies the interface number.
Description
Using the silent-interface command, you can disable an interface to transmit
OSPF packet. Using the undo silent-interface command, you can restore the
default setting.
By default, the interface is enabled to transmit OSPF packet.
You can use this command to disable an interface to transmit OSPF packet, so as
to prevent the router on some network from receiving the OSPF routing
information.
Different processes can disable the same interface to transmit OSPF packet. While
silent-interface command only takes effect on the interface enabled with OSPF
by this process, being invalid for the interface enabled by other processes.
623
Example
Disable interface serial2/0/0 to transmit OSPF packet.
[3Com-ospf-1] silent-interface serial2/0/0
Disable interface Ethernet2/0/0 to transmit OSPF packet in both OSPF process 100
and OSPF process 200.
[3Com] router id 10.110.1.9
[3Com] ospf 100
[3Com-ospf-100] silent-interface ethernet 2/0/0
[3Com-ospf-100] quit
[3Com] router id 20.18.0.7
[3Com] ospf 200
[3Com-ospf-200] silent-interface ethernet 2/0/0
Syntax
snmp-agent trap enable ospf [ process-id ] [ trap-type ]
undo snmp-agent trap enable ospf [ trap-type ]
View
System view
Parameter
process-id: OSPF process number. If no OSPF process number is specified, this
command is valid for all the current OSPF processes.
trap-type: Type of SNMP TRAP packet transmitted by OSPF. It can be the keyword
in the following table.
Table 3 SNMP TRAP type keywords
keyword
description
ifauthfail
ifcfgerror
ifrxbadpkt
ifstatechange
iftxretransmit
lsdbapproachoverflow
lsdboverflow
maxagelsa
nbrstatechange
originatelsa
virifauthfail
virifcfgerror
virifrxbadpkt
virifstatechange
viriftxretransmit
virnbrstatechange
624
Description
Using the snmp-agent trap enable ospf command, you can enable the TRAP
function of OSPF. Using the undo snmp-agent trap enable ospf command, you
can disable the TRAP function.
This command takes no effect on the OSPF process enabled after its execution.
By default, no OSPF process is enabled to transmit TRAP packets.
For detailed configuration of SNMP TRAP, refer to system management section
in this manual.
Example
Enable TRAP function of OSPF process 100.
<3Com> snmp-agent trap enable ospf 100
spf-schedule-interval
Syntax
spf-schedule-interval interval
undo spf-schedule-interval
View
OSPF view
Parameter
Interval: SPF calculation interval of OSPF, which is in seconds in the range of 1 to
10. The default value is 5 seconds.
Description
Using the spf-schedule-interval command, you can configure the route
calculation interval of OSPF. Using the undo spf-schedule-interval command,
you can restore the default setting.
According to the Link State Database (LSDB), the router running OSPF can
calculate the shortest path tree taking itself as the root and determine the next
hop to the destination network according to the shortest path tree. By adjusting
SPF calculation interval, network frequently changing can be restrained, which
may lead to that too many bandwidth resources and router resources will be used.
Example
Set the OSPF route calculation interval of 3Com to 6 seconds.
[3Com-ospf-1] spf-schedule-interval 6
stub
Syntax
stub [ no-summary ]
undo stub
View
OSPF area view
625
Parameter
no-summary: Only available for the ABR in Stub area. When this parameter is
selected, the ABR only advertises the Summary-LSA for the default route, but no
other Summary-LSAs. The area is also called totally stub area.
Description
Using the stub command, you can configure the type of an OSPF area as the STUB
area. Using the undo stub command, you can cancel the settings.
By default, no area is set to be the STUB area.
All the routers in a Stub area must be configured with the corresponding attribute.
For the related command, see default-cost.
Example
Set the type of OSPF area 1 to the STUB area.
[3Com-ospf] area 1
[3Com-ospf-area-0.0.0.1] stub
vlink-peer
Syntax
vlink-peer router-id [ hello seconds] [ retransmit seconds ] [ trans-delay seconds ] [ dead
seconds ] [ simple password | md5 keyid key ]
undo vlink-peer router-id
View
OSPF area view
Parameter
router-id: Router ID of virtual link neighbor.
hello seconds: Interval that router transmits hello message. It ranges from 1 to
8192 seconds. This value must equal the hello seconds value of the router virtually
linked to the interface. By default, the value is 10 seconds,
retransmit seconds: Specifes the interval for re-transmitting the LSA packets on an
interface. It ranges from 1 to 8192 seconds. By default, the value is 5 seconds.
trans-delay seconds: Specifes the interval for delaying transmitting LSA packets on
an interface. It ranges from 1 to 8192 seconds. By default, the value is 1 second.
dead seconds: Specifies the interval of death timer. It ranges from 1 to 8192
seconds. This value must equal the dead seconds of the router virtually linked to it
and must be at least 4 times of the hello seconds. By default, the value is 40
seconds.
simple password: Specifies the simple text authentication key, not exceeding 8
characters, of the interface. This value must equal the authentication key of the
virtually linked neighbor.
keyid: Specifies the MD5 authentication key ID. Its value ranges from 1 to 255. It
must be equal to the authentication key ID of the virtually linked neighbor.
626
BGP Configuration
Commands
For the commands defining routing policies in BGP, refer to the "IP Routing Policy
Configuration Commands" of the next chapter.
For the configuration examples and parameter explanation of VPNv4 and VPN
instance in BGP, refer to the "Multicast" module and "MPLS" module of this
manual.
aggregate
Syntax
aggregate address mask [ as-set ] [ detail-suppressed ] [ suppress-policy
route-policy-name ] [ origin-policy route-policy-name ] [ attribute-policy
route-policy-name ]
undo aggregate address mask [ as-set ] [ detail-suppressed ] [ suppress-policy
route-policy-name ] [ origin-policy route-policy-name ] [ attribute-policy
route-policy-name ]
View
BGP view
Parameter
address: Address of the aggregated route, in dotted decimal notation.
mask: Network mask of the aggregated route, in dotted decimal notation.
as-set: Creates a route with AS segment.
627
Function
as-set
detail-suppressed
suppress-policy
origin-policy
attribute-policy
Example
Establish an aggregated record in the BGP routing table.
[3Com-bgp] aggregate 192.213.0.0 255.255.0.0
balance
Syntax
balance num
undo balance
View
BGP view
Parameter
num: Number of BGP load sharing routes. Their ranges are defined according to
the router types. You can get prompt information by inputting ? at its location
628
bgp
Syntax
bgp as-number
undo bgp [ as-number ]
View
System view
Parameter
as-number: Specifies local AS number, ranging from 1 to 65535.
Description
Using the bgp command, you can enable BGP and enter the BGP view. Using the
undo bgp command, you can disable BGP.
By default, BGP is not enabled.
This command is used to enable and disable BGP as well as to specify the local AS
number of BGP.
Example
Enable BGP.
[3Com] bgp 100
[3Com-bgp]
compare-different-as-me
d
Syntax
compare-different-as-med
undo compare-different-as-med
View
BGP unicast view, BGP multicast view, VPNv4 view
629
Parameter
None
Description
Using the compare-different-as-med command, you can enable comparison of
MED values from different AS neighboring routes when determining the best
route. Using the undo compare-different-as-med command, you can disable
the comparison.
By default, it is disabled to compare the MED attribute values from the routing
paths of different AS peers.
If there are several routes available to one destination address, the route with
smaller MED parameter can be selected as the final route item.
You are not recommended to use this command unless you can make sure that
the ASs adopt the same IGP and routing method.
Example
Enable the comparison of the MED attribute values from different AS neighboring
route paths.
[3Com-bgp] compare-different-as-med
confederation id
Syntax
confederation id as-number
undo confederation id
View
BGP view
Parameter
as-number: Number of the AS which contains multiple sub-ASs. The range is from
1 to 65535.
Description
Using the confederation id command, you can configure confederation
identifier. Using the undo confederation id command, you can cancel the BGP
confederation specified by parameter as-number.
By default, the confederation ID is not configured.
Confederation can be adopted to solve the problem of too many IBGP full
connections in a large AS domain. The solution is, first dividing the AS domain into
several smaller sub-ASs, and each sub-ASs remains full-connected. These sub-ASs
form a confederation. Key IGP attributes of the route, such as next hop, MED,
local preference, are not discarded across each sub-ASs. The sub-ASs still look like
a whole from the point of view of a confederation although these sub-ASs have
EBGP relations. This can assure the integrality of the former AS domain, and ease
the problem of too many connections in the domain
For the related commands, see confederation nonstandard and
confederation peer-as.
630
Example
Confederation 9 consists of four sub-ASs, namely, 38, 39, 40 and 41. Here, the
peer 10.1.1.1 is an internal member of the AS confederation while the peer
200.1.1.1 is an external member of the AS confederation. For external members,
Confederation 9 is a unified AS domain.
[3Com] bgp 41
[3Com-bgp] confederation id 9
[3Com-bgp] confederation peer-as 38 39 40
[3Com-bgp] peer 10.1.1.1 as-number 38
[3Com-bgp] peer 200.1.1.1 as-number 98
confederation
nonstandard
Syntax
confederation nonstandard
undo confederation nonstandard
View
BGP view
Parameter
None
Description
Using the confederation nonstandard command, the router can be compatible
with the AS confederation not adopting RFC1965. Using the undo
confederation nonstandard command, you can cancel this function.
By default, the configured confederation is consistent with RFC1965.
All the 3Com routers in the confederation should be configured with this
command for interworking with those nonstandard devices.
For the related commands, see confederation id and confederation peer-as.
Example
AS100 contains routers following nonstandard, which is composed of two
sub-ASs, 64000 and 65000.
[3Com] bgp 64000
[3Com-bgp] confederation id 100
[3Com-bgp] confederation peer-as 65000
[3Com-bgp] confederation nonstandard
confederation peer-as
Syntax
confederation peer-as as-number-1 [ ......as-number-n ]
undo confederation peer-as [ as-number-1 ] [......as-number-n ]
View
BGP view
631
Parameter
as-number-1...as-number-n: Sub-AS number, ranging from 1 to 65535. This
command can configure a maximum of 32 sub-Ass belonging to the
confederation.
Description
Using the confederation peer-as command, you can configure a confederation
consisting of which sub-ASs. Using the undo confederation peer-as command,
you can cancel the specified sub-AS in the confederation.
By default, no autonomous system is configured as a member of the
confederation.
The configured sub-ASs in this command is inside a confederation and each
sub-AS uses fully meshed network. The confederation id command is used to
specify the confederation to which each sub-AS belongs. This configuration is
invalid before this command is performed.
For the related commands, see confederation nonstandard and
confederation id.
Example
Configure the confederation that contains AS 2000 and 2001.
[3Com-bgp] confederation peer-as 2000 2001
dampening
Syntax
dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling ] [
route-policy policy-name ]
undo dampening
View
BGP view
Parameter
half-life-reachable: Specifies the half-life when the route is reachable. The range is
1 to 45 minutes. By default, the value is 15 minutes.
half-life-unreachable: Specifies the half-life when the route is unreachable. The
range is 1 to 45 minutes. By default, the value is 15 minutes.
reuse: Penalty value of a route when it starts to be reused. The range is 1 to
20000. By default, its value is 750 .
suppress: Penalty threshold of a route when it starts to be suppressed. The range
is 1 to 20000. By default, its value is 2000.
ceiling: Upper threshold of the penalty. The range is 1001 to 20000. By default,
its value is 16000.
policy-name: Route policy name.
632
Description
Using the dampening command, you can make BGP route attenuation valid or
modify various BGP route attenuation parameters. Using the undo dampening
command, you can make the characteristics invalid.
By default, no route attenuation is configured.
If the parameters are not set, the BGP route attenuation is valid and each
parameter is taken as the default value. half-life-reachable, half-life-unreachable
,reuse, suppress and ceiling are mutually dependent. Once any parameter is
configured, all other parameters should also be specified.
For the related command, see reset dampening, reset bgp flap-info, display
bgp routing-table dampened, and display bgp routing-table flap-info.
Example
Modify various BGP route attenuation parameters.
[3Com-bgp] dampening 15 15 1000 2000 10000
debugging bgp
Syntax
debugging bgp { all | event | keepalive | open | packet | route-refresh | update } [ receive
| send ] [ verbose ]
View
User view
Parameter
all: Enables all BGP information debugging.
event: Enables BGP event information debugging.
keepalive: Enables BGP Keepalive packet information debugging.
open: Enables BGP Open packet information debugging.
packet: Enables BGP packet information debugging.
route-refresh: Enables BGP route-refresh packet information debugging.
update: Enables BGP Update packet information debugging.
Description
Using the debugging bgp all command, you can enable all the information
debugging of BGP packets and events.
Using the debugging bgp event command, you can enable the information
debugging of BGP events.
Using the debugging bgp keepalive command, you can enable the information
debugging of BGP Keepalive packets.
Using the debugging bgp packet command, you can enable the information
debugging of BGP packets.
633
default local-preference
Syntax
default local-preference value
undo default local-preference
View
BGP unicast view, BGP multicast view, VPNv4 view
Parameter
value: Default local preference to be configured. The range is 0 to 4294967295,
the larger the value is, the higher the preference is. By default, its value is 100.
Description
Using the default local-preference command, you can configure the default
local preference. Using the undo default local-preference command, you can
restore the default value.
Configuring different local preferences will affect BGP routing selection.
Example
The two routers RTA and RTB in the same autonomous area use X.25 and Frame
Relay protocols separately to connect with external autonomous areas. The
command can be used to configure the default local preference of RTB as 180 so
that the route via RTB is selected first when the same route goes through RTA and
RTB at the same time.
[3Com-bgp] default local-preference 180
default med
Syntax
default med med-value
undo default med
View
BGP unicast view, BGP multicast view, VPNv4 view, VPN instance view
Parameter
med-value: MED value to be specified. The range is 0 to 4294967295. By default,
the med-value is 0.
Description
Using the default med command, you can configure the system MED value.
Using the undo default med command, you can restore the default value of
metric.
634
Multi-Exit Distinguish (MED) is the external metric of a route. Different from local
preference, MED is exchanged between ASs and will stay in the AS. MED indicates
the attribute of a route. The smaller an MED is, the better a route is. So the route
with a low MED is preferred.When a router running BGP obtains several routes
with identical destination address and different next-hops from various external
peers, it will select the best route depending on the MED value. In the case that all
other conditions are the same, the system first selects the route with the smaller
MED value as the external route of the autonomous system.
Example
Routers RTA and RTB belong to AS100 and router RTC belongs to AS200. RTC is
the peer of RTA and RTB. The network between RTA and RTC is X.25 network and
the network between RTB and RTC is Ethernet. So the MED of RTA can be
configured as 25 to allow RTC to select the route transmitted by RTB first.
[3Com-bgp] default med 25
Syntax
display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] ] group [ group-name ]
View
Any view
Parameter
group-name: A specified peer group.
vpn-instance vpn-instance-name: Name of vpn instance.
Description
Using the display bgp group command, you can view the information of peer
groups.
Example
View the information of the peer group "aaa".
<3Com> display bgp group aaa
group : aaa no as-number still
members in this group :
Description : aaa
route-policy specified in export policy : aaa
filter-policy specified in export policy : list no.30304410
acl specified in export policy : list no.30304410
ip-prefix specified in export policy : aaa
route-policy specified in import policy : aaa
filter-policy specified in import policy : list no.30304410
acl specified in import policy : list no.30304410
ip-prefix specified in import policy : aaa
with Route-policy aaa
Syntax
display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] ] network
635
View
Any view
Parameter
vpn-instance vpn-instance-name: Name of VPN instance.
route-distinguisher route-distinguisher: Name of route-distinguisher.
Description
Using the display bgp network command, you can view the routing information
that has been configured.
Example
View the routing information that has been configured.
<3Com> display bgp network
NetworkMask
Route-policy
133.1.1.0255.255.255.0None
112.1.0.0255.255.0.0None
Syntax
display bgp paths as-regular-expression
View
Any view
Parameter
as-regular-expression: Matched AS path regular expression.
Description
Using the display bgp paths command, you can view the information about AS
paths
Example
Display the information about the AS paths.
<3Com> display bgp paths ^600$
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S aggregate suppressed
Id Hash-Index References Aggregator Origin As-Path
-------------------------------------------------------------------6 90
15
<null>
IGP
600
Syntax
display bgp [ multicast ] peer peer-address verbose
display bgp [ multicast ] peer [ verbose ]
display bgp vpnv4 { all | route-distinguisher route-distinguisher | vpn-instance
vpn-instance-name } peer
View
Any view
636
Parameter
peer-address: Specifies the peer to be displayed.
vpn-instance vpn-instance-name: Name of VPN instance.
route-distinguisher route-distinguisher: Name of route-distinguisher.
verbose: Displays the detailed information of the peer.
Description
Using the display bgp peer command, you can view the information of peer.
Using the display bgp multicast peer command, you can view the information
of MBGP peer.
Using the display bgp vpnv4 peer command, you can view the information of
VPN peer.
Example
Display the information of the peer 10.110.25.20.
<3Com> display bgp peer 10.110.25.20
Peer
AS-number Version Queued-Tx Msg-Rx Msg-Tx Up/Down State
-------------------------------------------------------------------10.110.25.20 100 4
0
0 0
00:33:43 Active
View the details of peer 133.1.1.2.
<3Com> display bgp peer 133.1.1.2 verbose
Peer: 133.1.1.2 Local: Unspecified
Type: External
State: Idle Flags: <Idled>
Last State: NoState Last Event: NoEvent
Last Error: None
Options: <>
Configuration within the peer :
no export policy route-policy
no export policy ip-prefix
no export policy filter-policy
no export policy acl
no import policy route-policy
no import policy ip-prefix
no import policy filter-policy
no import policy acl
no default route produce
display bgp
routing-table
Syntax
display bgp [ multicast | vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] routing-table [ ip-address mask ]
View
Any view
Parameter
multicast: Displays the MBGP routing information in BGP routing table.
637
display bgp
routing-table as-path-acl
Syntax
display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] ] routing-table as-path-acl acl-number
638
View
Any view
Parameter
acl-number: Number of the specified AS path to be matched, ranging 1 to 199.
Description
Using the display bgp routing-table as-path-acl command, you can view
routes that match an as-path acl
Example
Display routes that match filtering list.
<3Com> display bgp routing-table as-path-acl 1
Flags:
- valid,
^ - best,
D - damped, H - history,
I - internal, S aggregate suppressed
Dest/Mask Pref Next-Hop
Med Local-pref Origin As-path
-------------------------------------------------------------------^ 1.1.1.0/24 170 10.10.10.1 0
IGP
200
^ 1.1.2.0/24 170 10.10.10.1 0
IGP
200
^ 1.1.3.0/24 170 10.10.10.1 0
IGP 200
^ 2.2.3.0/24 256 10.10.10.1 0
INC 200
^ 4.4.4.0/24 256 10.10.10.1 0
INC 200
^ 9.9.9.0/24 256 10.10.10.1 0
INC 200
^ 10.10.10.0/24 256 10.10.10.1 0
IGP 200
^ 22.1.0.0/16 256 200.1.7.2
100 INC 200
88.1.0.0/16 60 0.0.0.0
IGP
display bgp
routing-table cidr
Syntax
display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] ] routing-table cidr
View
Any view
Parameter
None
Description
Using the display bgp routing-table cidr command, you can view the routing
information about the non-natural mask (namely the classless inter-domain
routing, CIDR).
Example
<3Com> display bgp routing-table cidr
Flags:
- valid,
^ - best,
D - damped, H - history,
I - internal, S aggregate suppressed
Dest/Mask Pref Next-Hop Med Local-pref Origin As-path
-------------------------------------------------------------------^ 22.1.0.0/16 256 200.1.7.2
100
INC 200
88.1.0.0/16 60 0.0.0.0
IGP
display bgp
routing-table
community
639
Syntax
display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] ] routing-table community [ aa:nn |
no-export-subconfed | no-advertise | no-export ] [ whole-match ]
View
Any view
Parameter
aa:nn: Specifies a community number.
no-export-subconfed: Not sends the matched routes outside the AS.
no-advertise: Not sends the matched routes to any peer.
no-export: Not exports routes outside the AS but advertise to other sub Ass.
whole-match: Displays the exactly matched routes.
Description
Using the display bgp routing-table community command, you can view the
routing information related to the specified BGP community number in the routing
table.
Example
Display the routing information matching the specified BGP community number.
<3Com> display bgp routing-table community 11:22
Flags:
- valid,
^ - best,
D - damped, H - history,
I - internal, S aggregate suppressed
Dest/Mask Pref Next-Hop Med Local-pref Origin
-------------------------------------------------------------------^ 1.0.0.0/8 170 172.10.0.2
100
IGP
^ 2.0.0.0/8 256 172.10.0.2
100
IGP
display bgp
routing-table
community-list
As-path
Syntax
display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] ] routing-table community-list
community-list-number [ whole-match ]
View
Any view
Parameter
community-list-number: Specifies a community-list number.
whole-match: Displays the exactly matched routes.
Description
Using the display bgp routing-table community-list command, you can view
the routing information matching the specified BGP community list.
640
Example
View the routing information matching BGP community list 1.
[3Com] display bgp routing-table community-list 1
Flags:
- valid,
^ - best,
D - damped, H - history,
I - internal, S aggregate suppressed
Destination/Mask Pref Next-hop
Med
Local-Pref Origin As-Path
-------------------------------------------------------------------1.1.1.0/24 170 10.10.10.1
0
IGP
200
1.1.2.0/24 256 10.10.10.1 0
IGP
200
1.1.3.0/24 170 10.10.10.1 0
IGP
200
2.2.3.0/24 256 10.10.10.1 0
INC
200
4.4.4.0/24 170 10.10.10.1
0
INC
200
9.9.9.0/24 256 10.10.10.1
0
INC
200
10.10.10.0/24 0 10.10.10.2
0
IGP
10.10.10.0/24 256 10.10.10.1
0
IGP
200
display bgp
routing-table dampened
Syntax
display bgp routing-table dampened
View
Any view
Parameter
None
Description
Using the display bgp routing-table dampened command, you can view BGP
dampened routes.
Example
View BGP dampened routes.
<3Com> display bgp routing-table dampened
Flags:
- valid,
^ - best,
D - damped, H - history,
I - internal, S aggregate suppressed
Dest/Mask
Source Damping-limit Origin As-path
----------------------------------------------------------------D 11.1.0.0
133.1.1.2
1:20:00
IGP
200
display bgp
routing-table
different-origin-as
Syntax
display bgp [ multicast ] routing-table different-origin-as
View
Any view
Parameter
None
641
Description
Using the display bgp routing-table different-origin-as command, you can
view routes that have different source autonomous systems
Example
View the routes that have different source ASs.
<3Com> display bgp routing-table different-origin-as
Flags:
- valid,
^ - best,
D - damped, H - history,
I - internal, S aggregate suppressed
Destination/Mask Pref Next-hop
Med
Local-Pref Origin As-Path
-----------------------------------------------------------------10.10.10.0/24 0
10.10.10.2
0
IGP
10.10.10.0/24 256 10.10.10.1
0
IGP 200
display bgp
routing-table flap-info
Syntax
display bgp routing-table flap-info [ { regular-expression as-regular-expression } | {
as-path-acl acl-number } | { network-address [ mask [ longer-match ] ] } ]
View
Any view
Parameter
as-regular-expression: Displays the route flap-info matching AS path regular
expression.
acl-number: Number of the specified AS path to be matched, ranging from 1 to
199.
network-address: Network IP address related to the flag information to be
displayed
mask: Network mask.
longer-match: Displays the route flap information that is more specific than
<network-address, mask>.
Description
Using the display bgp routing-table flap-info command, you can view BGP flap
information. When <network-address mask> is <0.0.0.0.0.0.0.0>, this command
will view the flap information of all BGP routes.
Example
Display BGP flap information.
<3Com> display bgp routing-table flap-info
Flags:
- valid,
^ - best,
D - damped, H - history,
I - internal, S aggregate suppressed
Dest/Mask
Source Keepup-time Damping-limit Flap-times Origin As-path
-------------------------------------------------------------------D 11.1.0.0/16 133.1.1.2 48
1:20:30
4
IGP 200
642
display bgp
routing-table peer
Syntax
display bgp routing-table peer peer-address { advertised | received }
View
Any view
Parameter
peer-address: Specifies the peer to be displayed.
advertised: Routing information advertised by the specified peer.
received: Routing information the specified peer received.
Description
Using the display bgp routing-table peer command, you can view the routing
information the specified BGP peer advertised or received.
For the related command, see display bgp peer.
Example
View the routing information advertised by BGP peer 10.10.10.1.
<3Com> display bgp routing table peer 10.10.10.1 advertised
Flags:
- valid,
^ - best,
D - damped,
H - history,
I - internal, S aggregate suppressed
Dest/mask
Next -Hop Med Local-pref Origin As-path
----------------------------------------------------------------*> 10.10.10.0/24
0.0.0.0
INC
display bgp
routing-table
regular-expression
Syntax
display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] ] routing-table regular-expression
as-regular-expression
View
Any view
Parameter
as-regular-expression: Matched AS regular expression.
Description
Using the display bgp routing-table regular-expression command, you can
view the routing information matching the specified AS regular expression
Example
Display the routing information matching with AS regular expression ^600$.
<3Com> display bgp routing-table regular-expression ^600$
Flags:
- valid,
^ - best,
D - damped, H - history,
I - internal, S aggregate suppressed
Destination/Mask Pref Next-hop
Med
Local-Pref Origin As-Path
643
filter-policy export
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
View
BGP unicast view, multicast view, VPNv4 view, VPN instance view
Parameter
acl-number: Specifies the number of access control list matching the destination
address field of routing information, ranging from 1 to 199.
ip-prefix-name: Specifies the name of the address prefix list matching the
destination address field of routing information, ranging from 1 to 19.
protocol: Routing information of which kind of route protocol to be filtered. It
includes direct, ospf, ospf-ase, ospf-nssa, isis, rip, and static at present.
Description
Using the filter-policy export command, you can filter the advertised routes and
only the routes passing the filter can be advertised by BGP. Using the undo
filter-policy export command, you can cancel the filtering to the advertised
routes.
By default, the advertised routing information is not filtered.
If the parameter protocol is specified, only the imported route generated by the
specified protocol is filtered and the imported routes generated by other protocols
are not affected. If the parameter protocol is not specified, the imported route
generated by any protocol will be filtered.
Example
Use acl 3 to filter the routing information advertised by all BGPs.
[3Com-bgp] filter-policy 3 export
filter-policy import
Syntax
filter-policy gateway ip-prefix-name import
undo filter-policy gateway ip-prefix-name import
filter-policy { acl-number | ip-prefix ip-prefix-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name } import
View
BGP unicast view, BGP multicast view, VPNv4 view, VPN instance view
644
Parameter
acl-number: Specifies the number of access control list matching the destination
address field of routing information, ranging from 1 to 199.
ip-prefix ip-prefix-name: Address prefix list name. The matched object is the
destination address domain of the routing information, ranging from 1 to 19.
gateway ip-prefix-name: Address prefix list name of the neighboring router. The
matched object is the routing information distributed by the specified neighboring
router, ranging from 1 to 19.
Description
Using the filter-policy gateway import command, you can filter the learned
routing information advertised by the specified address. Using the undo
filter-policy gateway import command, you can remove the filtering to the
routing information advertised by the specified address.
Using the filter-policy import command, you can filter the received global
routing information. Using the undo filter-policy import command, you can
remove the filtering to the received global routing information.
By default, the received routing information is not filtered.
This command can be used to filter the routes received by BGP and determines
whether to add the routes to the BGP routing table.
Example
Display how to use acl 3 to filter the routing information received by BGP.
[3Com-bgp] filter-policy 3 import
group
Syntax
group group-name { [ internal ] | external }
undo group group-name
View
BGP view
Parameter
group-name: Specifies the name of peer group. It can be described in character
and numeral with the length being 1 to 47.
internal: Creates an internal peer group.
external: Creates an external peer group, including other sub AS groups in the
confederation.
Description
Using the group command, you can establish a peer group. Using the undo
group command, you can delete the configured peer group.
The use of BGP peer group is for the convenience of the users configuration.
When the user starts several peers with the same configuration, a peer group can
645
be established first and be configured. Then add all the peers to the peer group so
that they have the same configuration as this peer group.
The default IBGP peer will be added to the default peer group without any
configuration. The configuration of the route update policy for any IBGP peer is
valid for the other IBGP peers in its group. To be specific, if the router is not a
route reflector, all the IBGP peers are in the same group. If the router is a route
reflector, all the route reflection clients are in a group, while non-clients are in
another group.
The external peer group members must be in the same network segment.
Otherwise, some EBGP peers may discard the transmitted route update.
The peer group members cannot be configured with the route update policy
which is different from that of the peer group, but can be configured with
different ingress policies.
Example
Establish a peer group "test".
[3Com-bgp] group test
import-route
Syntax
import-route protocol [ med med-value ] [ route-policy route-policy-name ]
undo import-route protocol
View
BGP view
Parameter
protocol: Specifies source routing protocols which can be imported, which
includes direct, ospf, ospf-nssa , ospf-ase, rip, bgp, and static at present.
med med-value: Specifies the MED value loaded by a redistributed route, ranging
from 0 to 4294967295.
route-policy route-policy-name: Specifies a route-policy to filter the redistributed
protocol route. It can be described in character and numeral with the length being
1 to 19.
Description
Using the import-route command, you can import routes of other protocols.
Using the undo import-route command, you can remove importing routes of
other protocols.
By default, BGP does not import the routes of other protocols.
Example
Import routes of RIP.
[3Com-bgp] import-route rip
ip as-path acl
Syntax
ip as-path acl acl-number { permit | deny } as-regular-expression
646
View
System view
Parameter
acl-number: Number of AS path list ranging from 1 to 199.
as-regular-expression: AS path regular expression.
Description
Using the ip as-path acl command, you can configure an AS path regular
expression. Using the undo ip as-path acl command, you can disable the defined
regular expression.
The configured AS path list can be used in BGP policy.
For the related command, see peer as-path-acl, and display bgp routing-table
as-path-acl.
Example
Configure an AS path list.
[3Com] ip as-path acl 10 permit 200,300
ip community-list
Syntax
ip community-list stand-comm-list-number { permit | deny } { aa:nn | internet |
no-export-subconfed | no-advertise | no-export }
ip community-list ext-comm-list-number { permit | deny } as-regular-expression
undo ip community-list { stand-comm-list-number | ext-comm-list-number }
View
System view
Parameter
stand-comm-list-number: Number of the standard community list ranging from 1
to 99.
ext-comm-list-number: Number of the extended community list ranging from 100
to 199.
permit: Permits those that match conditions to access.
deny: Denies those that match conditions to access.
aa:nn: Community number.
internet: Advertises all routes.
no-export-subconfed: Used not to advertise the matched route beyond the
confederation.
no-advertise: Used not to send the matched route to any peer.
647
no-export: Used not to pass routes outside the AS but advertise to other sub ASs.
as-regular-expression: Community attribute of the regular expression.
Description
Using the ip community-list command, you can configure a BGP community list.
Using the undo ip community-list command, you can delete the configured BGP
community list.
The configured community list can be used in BGP policy.
For the related command, see apply community, and display bgp
routing-table community-list.
Example
Define a community attribute list which does not advertise routes with the
community attribute beyond the confederation.
[3Com] ip community-list 6 permit no-export-subconfed
network
Syntax
network ip-address [ address-mask ] [ route-policy route-policy-name ]
undo network ip-address [ address-mask ] [ route-policy route-policy-name ]
View
BGP view
Parameter
ip-address: Network address that BGP advertises.
address-mask: Mask of the network address.
route-policy-name: Route-policy applied to advertised routes.
Description
Using the network command, you can configure the network routes advertised
by the local BGP. Using the undo network command, you can delete the existing
configuration.
By default, there is no network sent through BGP.
Example
Advertise routes to network segment 10.0.0.0/16.
[3Com-bgp] network 10.0.0.1 255.255.0.0
peer
advertise-community
Syntax
peer { group-name } advertise-community
undo peer { group-name } advertise-community
View
BGP view, VPNv4 view, VPN instance view
648
Parameter
group-name: Specifies the name of peer group.
Description
Using the peer advertise-community command, you can enable the
transmission of the community attribute to a peer/peer group. Using the undo
peer advertise-community command, you can cancel the existing configuration.
By default, the community attribute is not transmitted to any peer/peer group.
For the related commands, see if-match community-list and apply
community.
Example
Enable the transmission of the community attribute to a peer group "test".
[3Com-bgp] peer test advertise-community
peer allow-as-loop
Syntax
peer { group-name | peer-address } allow-as-loop [ number ]
undo peer { group-name | peer-address } allow-as-loop
View
BGP view, VPNv4 view, VPN instance view
Parameter
group-name: Specifies the name of peer group.
peer-address: Specifies the IP address of the peer.
number: Specifies the repeating times of local AS number. The range is 1 to 10.
Description
Using the peer allow-as-loop command, you can configure the repeating time of
local AS. Using the undo peer allow-as-loop command, you can remove the
repeating time of local AS.
For the related command, see display current-configuration, display bgp
routing-table peer, and display bgp routing-table group.
Example
Specify to configure the repeating times of local AS to 2.
[3Com-bgp] peer 1.1.1.1 allow-as-loop 2
peer as-number
Syntax
peer { group-name } as-number as-number
undo peer { group-name } as-number as-number
View
BGP view
649
Parameter
group-name: Specifies the name of peer group.
peer-address: Specifies the IP address of the peer.
as-number: Peer AS number of the peer/peer group. The range is 1 to 65535.
Description
Using the peer as-number command, you can specify the peer AS number of
peer group. Using the undo peer as-number command, you can delete the AS
number of peer group.
By default, no AS number is configured.
Example
Specify the peer AS number for the peer test as 100.
[3Com-bgp] peer test as-number 100
peer as-path-acl
Syntax
peer { group-name | peer-address } as-path-acl acl-number { import | export }
undo peer { group-name | peer-address } as-path-acl acl-number { import | export }
View
BGP view, VPNv4 view, VPN instance view
Parameter
group-name: Specifies the name of peer group.
peer-address: Specifies the IP address of the peer.
acl-number: Specifies the filter list number of an AS regular expression. The range
is 1 to 199.
import: Import distribution list.
export: Export distribution list.
Description
Using the peer as-path-acl command, you can specify BGP route filtering policy
based on AS path list. Using the undo peer as-path-acl command, you can
cancel the existing configuration.
By default, the peer group has no AS path list.
Example
Set the AS path ACL of the peer group test.
[3Com-bgp] peer test as-number 100
[3Com-bgp] peer test as-path-acl 3 export
650
peer connect-interface
Syntax
peer { group-name | peer-address } connect-interface interface-name
undo peer { group-name | peer-address } connect-interface interface-name
View
BGP view
Parameter
group-name: Specifies the name of the peer group.
peer-address: Specifies the IP address of the peer.
interface-name: Specifies interface name.
Description
Using the peer connect-interface command, you can specify the source interface
of a route update packet. Using the undo peer connect-interface command,
you can restore the best source interface.
By default, BGP uses the best source interface.
Usually, BGP uses the optimal route to update the source interface of the packets.
However, you can set the mode of the interface to Loopback in order to send
route updates even if the interface does not work normally.
Example
None
peer
default-route-advertise
Syntax
peer { group-name } default-route-advertise
undo peer { group-name } default-route-advertise
View
BGP view
Parameter
group-name: Specifies the name of peer group.
Description
Using the peer default-route-advertise command, you can configure a
peer/peer group to import a default route for a peer. Using the undo peer
default-route-advertise command, you can cancel the existing configuration.
By default, a peer/peer group does not import the default route.
For this command, no default route is required in the routing table. A default
route is sent unconditionally to a peer with the next hop as itself.
Example
Specify a peer group "test" to import the default route.
[3Com-bgp] peer test as-number 100
651
peer description
Syntax
peer { group-name | peer-address } description description-line
undo peer { group-name | peer-address } description
View
BGP view
Parameter
group-name: Specifies the name of peer group.
peer-address: Specifies the IP address of the peer.
description-line: Description information configured, which can be described in
characters or numerals with the length not exceeding 79.
Description
Using the peer description command, you can configure the description
information of the peer/peer group. Using the undo peer description command,
you can remove the description information of the peer/peer group.
By default, description information of peers/peer group is not configured.
For the related command, see display current-configuration, display bgp
peer, and display bgp routing-table group.
Example
Configure the description information of the peer named group1 as beijing1.
[3Com-bgp] peer group1 description beijing1
peer ebgp-max-hop
Syntax
peer group-name ebgp-max-hop [ ttl ]
undo peer group-name ebgp-max-hop
View
BGP view
Parameter
group-name: Specifies the name of peer group.
ttl: Specifies the maximum hop value. The range is 1 to 255. By default, the value
is 64.
Description
Using the peer ebgp-max-hop command, you can allow establishing EBGP
connection with the peer on indirectly connected network. Using the undo peer
ebgp-max-hop command, you can cancel the existing configuration.
By default, this feature is disabled.
652
Example
Establish EBGP connection with the peer group "test" on the indirectly connected
network.
[3Com-bgp] peer test ebgp-max-hop
peer enable
Syntax
peer { group-name | peer-address } enable
undo peer { group-name | peer-address } enable
View
BGP unicast address family view, IPv4 multicast address family view, VPNv4 address
family view, L2VPN address family view
Parameter
group-name: Specifies the name of the peer group, which specifies the entire peer
group.
peer-address: IP address of the peer, which specifies a certain peer.
Description
Using the peer enable command, you can enable the specified peer (group) and
can exchange information with a peer. Using the undo peer enable command,
you can disable the specified peer (group).
Here,
The peer peer-address enable command can be configured in unicast address
family only. Using this command, you can disable the unicast function of the peer.
You can delete the peer from the group in the corresponding address to disable its
multicast function or VPNv4 function.
By default, BGP peer (group) is enabled in unicast address family, but disabled in
VPN and MBP address families.
If the specified peer/peer group is disabled, the router will not exchange routing
information with the specified peer (group).
Example
Deactivate the specified peer.
[3Com] bgp 180
[3Com-bgp] peer 18.10.0.9 as-number 180
[3Com-bgp] undo peer 18.10.0.9 enable
peer filter-policy
Syntax
peer { group-name | peer-address } filter-policy list-number { import | export }
undo peer { group-name | peer-address } filter-policy list-number { import | export }
View
BGP view, IPv4 multicast sub-address family view
653
Parameter
group-name: Specifies the name of peer group.
peer-address: IP address of the peer.
list-number: Specifies the IP acl number.
import: Peer filter-policy used for imported routes
export: Peer filter-policy used for exported routes
Description
Using the peer filter-policy command, you can set the filter-policy list of a peer
group. Using the undo peer filter-policy command, you can cancel the existing
configuration.
By default, a peer group has no access control list (acl).
For the related commands, see ip as-path acl and peer as-path-acl.
Example
Set the filter-policy list of a peer group test.
[3Com-bgp] peer test as-number 100
[3Com-bgp] peer test filter-policy 3 import
peer group
Syntax
For multicast address family or VPNv4 address family:
View
BGP view
Parameter
group-name: Specifies the name of peer group. It can be described in character
and numeral with the length being 1 to 47.
peer-address: Specifies the IP address of the peer.
as-number: Specifies AS number for the peer.
Description
Using the peer group command, you can add a peer to the peer group. Using the
undo peer group command, you can delete the specified peer in the peer group.
In the unicast/VPN-INSTANCE address family view, when adding a peer to an
external peer group without specified AS number, you should specify the peer AS
654
number at the same time. While it is unnecessary when adding the peer to an
internal peer group or an external peer group with specified AS number.
In the multicast/VPNv4 address family view, it is required that the peer to be added
should exist and has been added to a peer group in the unicast address family
view (The peer can be disabled).
In different address family views, a peer can be added to different peer groups and
a peer group can have different members.
Example
Add the peer with IP address being 10.1.1.1 to the peer group TEST.
[3Com-bgp] group TEST
[3Com-bgp] peer 10.1.1.1 group TEST
peer ip-prefix
Syntax
peer { group-name | peer-address } ip-prefix prefixname { import | export }
undo peer { group-name | peer-address } ip-prefix prefixname { import | export }
View
BGP view, VPNv4 view, VPN instance view
Parameter
group-name: Name of peer group.
peer-address: Specifies the IP address of the peer.
prefixname: Name of the specified ip-prefix.
import: Applies the filtering policy on the route received by the specified
peer/peer group.
export: Applies the filtering policy on the route transmitted to the specified
peer/peer group.
Description
Using the peer ip-prefix command, you can configure the route filtering policy of
the peer/peer group based on the ip-prefix. Using the undo peer ip-prefix
command, you can cancel the route filtering policy of the peer/peer group based
on the ip-prefix.
By default, the route filtering policy of the peer/peer group is not specified.
For the related command, see ip ip-prefix.
Example
Configure the route filtering policy of the peer group based on the ip-prefix 1.
[3Com-bgp] peer group1 ip-prefix list1 import
peer next-hop-local
Syntax
peer { group-name } next-hop-local
undo peer { group-name } next-hop-local
655
View
BGP view
Parameter
group-name: Specifies the name of peer group.
Description
Using the peer next-hop-local command, you can perform the process of the
next hop in the route to be advertised to the peer/peer group and take the address
of itself as the next hop. Using the undo peer next-hop-local command, you can
cancel the existing configuration.
Example
When BGP distributes the route to the peer group "test", it will take its own
address as the next hop.
[3Com-bgp] peer test next-hop-local
peer password
Syntax
peer { group-name | peer-address } password { cipher | simple } password
undo peer { group-name | peer-address } password
View
BGP view, MBGP VPN-instance address family view
Parameter
group-name: Name of the peer group.
peer-address: IP address of the peer, in dotted decimal format.
cipher: Displays the configured password in cipher text mode.
simple: Displays the configured password in simple text mode.
password: Password in character string form with 1 to 16 characters when
parameter simple is configured in the command or in the event of inputting the
password in simple text mode but parameter cipher is configured in the
command; with 24 characters in the event of inputting the password in cipher text
mode when parameter cipher is configured in the command.
Description
Using the peer password command, you can configure MD5 authentication for
BGP during TCP connection setup. Using the undo peer password command,
you can cancel the configuration.
By default, BGP does not perform MD5 authentication when TCP connection is set
up.
Once MD5 authentication is enabled, both parties involved in the authentication
must be configured with identical authentication modes and passwords.
Otherwise, TCP connection will not be set up because of the failed authentication.
656
This command is used to configure MD5 authentication for the specific peer only
when the peer group to which the peer belongs is not configured with MD5
authentication. Otherwise, the peer should be consistent with the peer group.
Example
Adopt MD5 authentication on the TCP connection set up between the local
router at 10.1.100.1 and the peer router at 10.1.100.2.
[3Com-bgp] peer 10.1.100.2 password simple 3Com
peer public-as-only
Syntax
peer { group-name } public-as-only
undo peer { group-name } public-as-only
View
BGP view
Parameter
group-name: Specifies the name of a peer group.
peer-address: Specifies IP address of a peer.
Description
Using the peer public-as-only command, you can configure not to carry the AS
number when transmitting BGP update packets. Using the undo peer
public-as-only command, you can configure to carry the AS number when
transmitting BGP update packets.
By default, private AS number is carried when transmitting BGP update packets.
Generally, BGP transmits BGP update packets with the AS number (either public
AS number or private AS number). To enable some outbound routers to ignore the
AS number when transmitting update packets, you can configure not to carry the
AS number when transmitting BGP update packets.
Example
Configure not to carry the private AS number when transmitting BGP update
packets to the peer named test.
[3Com-bgp] peer test public-as-only
peer reflect-client
Syntax
peer { group-name } reflect-client
undo peer { group-name } reflect-client
View
BGP view or VPNv4 view
657
Parameter
group-name: Specifies the name of peer group.
Description
Using the peer reflect-client command, you can configure a peer/peer group as
the route reflector client. Using the undo peer reflect-client command, you can
cancel the existing configuration.
By default, no route reflector is in AS.
Generally speaking, it is not necessary to configure this command for the peer
group, because IBGP peers are in its default group. A single peer peer-address
reflect-client command should be used to configure the route reflector clients.
For the related commands, see reflect between-clients and reflect cluster-id.
Example
Configure the peer group "test" as the route reflector client.
[3Com-bgp] peer test reflect-client
peer route-policy
Syntax
peer { group-name | peer-address } route-policy route-policy-name { import | export }
undo peer { group-name | peer-address } route-policy route-policy-name { import |
export }
View
BGP view, VPNv4 view, VPN instance view
Parameter
group-name: Specifies the name of peer group.
peer-address: Specifies IP address of a peer.
route-policy-name: Specifies route-policy.
import: Applies the route-policy to the routes coming from the peer (group).
export: Applies the route-policy to the routes advertised to the peer (group).
Description
Using the peer route-policy command, you can assign the route-policy to the
route coming from the peer (group) or the route advertised to the peer (group).
Using the undo peer route-policy command, you can delete the specified
route-policy.
By default, the peer (group) has no route-policy association.
Example
Apply the route-policy named test-policy to the route coming from the peer
group "test".
[3Com-bgp] peer test route-policy test-policy import
658
peer
route-update-interval
Syntax
peer { group-name } route-update-interval seconds
undo peer { group-name } route-update-interval
View
BGP view, VPNv4 view, VPN instance view
Parameter
group-name: Specifies the name of peer group.
seconds: The minimum interval of sending UPDATE message. The range is 0 to
600. By default, the advertisement interval is: 5 seconds for internal peer (group),
and 30 seconds for external peer (group).
Description
Using the peer route-update-interval command, you can configure the interval
for the transmission route of a peer (group). Using the undo peer
route-update-interval command, you can restore the default value.
Example
Configure the interval of the BGP peer 172.168.10.1 sending the route update
packet as 10 seconds.
[3Com-bgp] peer 172.168.10.1 as-number 100
[3Com-bgp] peer 172.168.10.1 route-update-interval 10
peer timer
Syntax
peer { group-name | peer-address } timer keep-alive keepalive-interval hold
holdtime-interval
undo peer { group-name | peer-address } timer
View
BGP view
Parameter
group-name: Specifies the name of peer group.
peer-address: Specifies the IP address of the peer.
keepalive-interval: Keepalive interval to be specified. The range is 1 to
4294967295 seconds. By default, its value is 60 seconds.
holdtime-interval: Holdtime interval to be specified. The range is 3 to 4294967295
seconds. By default, its value is 180 seconds.
Description
Using the peer timer command, you can configure Keepalive and Keepalive
interval for a peer (group). Using the undo peer timer command, you can restore
the interval default value.
659
The timer configured by using this command has a higher priority than the one
configured by using the timer command.
Example
Configure Keepalive and Holdtime intervals of the peer group "test".
[3Com-bgp] peer test timer keep-alive 60 hold 180
policy vpn-target
Syntax
policy vpn-target
undo policy vpn-target
View
VPN instance view
Parameter
None
Description
Using the policy vpn-target command, you can configure whether to perform
the filtering on the vpn-target extended community of the received routing
information. Using the undo policy vpn-target command, you can cancel the
filter function.
By default, the system performs the filtering on the vpn-target extended
community of the received routing information.
Example
Perform the filtering on the vpn-target extended community of the received
routing information.
[3Com-bgp] policy vpn-target
preference
Syntax
preference value
undo preference
View
BGP protocol view, BGP multicast address family view
Parameter
value: Specifies the preference, ranging from 1 to 256. By default, the value is
170.
Description
Using the preference command, you can configure the preference of BGP
protocol. Using the undo preference command, you can restore the default
preference.
Each kind of routing protocol has its own preference, by which the routing policy
will select the optimal one from the routes of different protocols. The greater the
preference value is, the lower the preference is. BGP defines two kinds of routes:
660
One is learned from external peer. The other is learned from internal peer. The
preferences of the two routes can be different, which can be set manually.
The system supports to configure different preferences for different sub-address
families, including unicast address family and multicast address family at present.
Example
Configure the preference of BGP protocol to 150.
[3Com-bgp] preference 150
reflect between-clients
Syntax
reflect between-clients
undo reflect between-clients
View
BGP view, VPNv4 view, VPN instance view
Parameter
None
Description
Using the reflect between-clients command, you can set the between-client
reflection of a route. Using the undo reflect between-clients command, you
can disable this function.
By default, the reflection between clients is disabled.
After route reflector is configured, it reflects the routes of a client to other clients.
For the related commands, see reflector cluster-id and peer reflect-client.
Example
Disable the reflection between clients.
[3Com-bgp] undo reflect between-clients
reflector cluster-id
Syntax
reflector cluster-id { cluster-id | address }
undo reflector cluster-id
View
BGP unicast view, BGP multicast view, VPNv4 view
Parameter
cluster-id: Specifies the cluster ID of the route reflector, in integer or IP address
format, with the range from 1 to 4294967295.
address: Interface address of the route reflectors cluster ID.
661
Description
Using the reflector cluster-id command, you can configure the cluster ID of the
route reflector. Using the undo reflector cluster-id command, you can remove
the cluster ID of the route reflector.
By default, each route reflector uses its Router ID as the cluster ID.
Usually, there is only one route reflector in a cluster. It is the router ID of the
reflector to identify the cluster. You can configure multiple route reflectors to
improve the stability of the network. If a cluster is configured multiple route
reflectors, you can use this command to configure identical cluster ID for all the
reflectors.
For the related commands, see reflect between-clients and peer reflect-client.
Example
Set cluster ID for local router to identify the cluster.
[3Com-bgp] reflector cluster-id 80
[3Com-bgp] peer 11.128.160.10 reflect-client
refresh bgp
Syntax
refresh bgp { all | peer-address | { group group-name } } [ multicast | vpnv4 |
vpn-instance vpn-instance-name ] { import | export }
View
User view
Parameter
all: Refreshes all the peers.
peer-address: Refreshes the peer specified address.
group-name: Refreshes all the members in the specified peer group.
vpnv4: Refreshes routes of VPNv4 address family for the peer.
multicast: Refreshes routes of multicast address family for the peer.
vpn-instance vpn-instance-name: Refreshes VPN routes for the peer in the
specified VPN-INSTANCE.
import: Sends ROUTE-REFRESH packet to the peer to require retransmission of all
the routes.
export: Retransmits all the routes to the peer.
Description
Using the refresh bgp command, you can request the peer for route
retransmission or retransmit routes to the peer.
After BGP connection is created, only incremental routes are transmitted. But in
some cases, for example, when routing policy is changed, retransmission of routes
is required on both ends. And the routes should be filtered again according to the
new policy.
662
Example
Request all the peers to retransmit multicast routes.
<3Com> refresh bgp all multicast import
reset bgp
Syntax
reset bgp { all | peer-address } [ vpn-instance vpn-instance-name ]
View
User view
Parameter
all: Resets all the connections with BGP.
peer-address: Resets connection with a specified BGP peer.
vpn-instance vpn-instance-name: Name of specified VPN-INSTANCE. The range is
1 to 19.
Description
Using the reset bgp peer-address command, you can reset the connection of
BGP with a specified BGP peer.
Using the reset bgp all command, you can reset all the connections with BGP.
After changing the BGP policy or protocol configuration, resetting BGP connection
can make the newly configured policy in effect immediately.
Example
Reset all the BGP connections to enable the new configuration (after configuring
the new Keepalive interval and Holdtime interval using the timer command).
<3Com> reset bgp all
Syntax
reset bgp flap-info [ regular-expression as-regular-expression | as-path-acl acl-number |
network-address [ mask ] } ]
reset bgp network-address [ flap-info ]
View
User view
Parameter
regular-expression as-regular-expression: Clears the flap information matching the
AS path regular expression.
as-path-acl acl-number: Clears the flap information in consistency with a specified
filter list. The range of the parameter acl-number is 1 to 199.
663
Syntax
reset bgp group group-name [ vpn-instance vpn-instance-name ]
View
User view
Parameter
group-name: Specifies the name of the peer group, in characters ranging from 1
to 47.
vpn-instance vpn-instance-name: Name of specified VPN-INSTANCE.The range is 1
to 19.
Description
Using the reset bgp group command, you can reset the connections between
the BGP and all the members of a group.
For the related command, see peer group.
Example
Reset BGP connections of all members from group1.
<3Com> reset bgp group group1
reset dampening
Syntax
reset dampening [ network-address [ mask ] ]
View
User view
Parameter
network-address: Network IP address related to the clearing attenuation
information.
mask: Network mask.
664
Description
Using the reset dampening command, you can clear the attenuation information
of a route and release the suppression of a suppressed route.
For the related commands, see dampening and display bgp routing-table
dampened.
Example
Clear the attenuation information of the route to the network 20.1.0.0, and
release the suppression of a suppressed route.
<3Com> reset dampening 20.1.0.0 255.255.0.0
summary automatic
Syntax
summary automatic
undo summary automatic
View
BGP unicast view, BGP multicast view, VPN instance view
Parameter
None
Description
Using the summary automatic command, you can make automatic aggregation
of sub-network routes and disable it by using undo summary automatic
command.
By default, no automatic aggregation of sub-network routes is executed.
After the summary automatic is configured, BGP cannot receive the sub-network
routes imported from the IGP, so the amount of the routing information can be
reduced.
Example
Make the automatic aggregation of the sub-network routes.
[3Com-bgp] summary automatic
Syntax
timer keep-alive keepalive-interval hold holdtime-interval
undo timer
View
BGP unicast view, BGP multicast view, VPNv4 view, VPN instance view
Parameter
keepalive-interval: Interval for sending Keepalive, ranging from 1 to 4294967295.
By default, its value is 60 seconds.
holdtime-interval: Keepalive time of BGP, ranging from 3 to 4294967295. By
default, its value is 180 seconds.
665
Description
Using the timer keep-alive hold command, you can configure the Keepalive and
Holdtime timer of BGP. Using the undo timer keep-alive hold command, you
can restore the default value of the Keepalive and Holdtime timer.
Example
Configure the Keep-alive and Hold-time timer as 30 seconds and 60 seconds.
[3Com-bgp] timer keep-alive 30 hold 60
undo synchronization
Syntax
undo synchronization
View
BGP view, VPN instance view
Parameter
None
Description
Using the undo synchronization command, you can remove the synchronization
between BGP and IBGP.
Example
[3Com-bgp] undo synchronization
MBGP Configuration
Commands
In the following command description, BGP unicast view indicates the common
BGP view.
For the specific configuration of MBGP multicast extension, refer to the
"Multicast" module of this manual.
For the specific configuration of VPN instance and VPNv4, refer to "MPLS" module
in this manual.
ipv4-family
Syntax
ipv4-family { multicast | vpn-instance vpn-instance-name }
undo ipv4-family [ multicast | vpn-instance vpn-instance-name ]
View
BGP view, VPN instance view
Parameter
multicast: Enters the BGP multicast extended address family view with the
parameter.
vpn-instance vpn-instance-name: Associates the specified VPN instance with the
IPv4 address family. Enter the MBGP address family view of BGP with this
parameter.
666
Description
Using the ipv4-family command, you can enter IPv4 extended address family
view of BGP. Using the undo ipv4-family command, you can remove all
configurations in extended address family view and return to IPv4 unicast address
view of BGP.
This command is used to enter the IPv4 extended address family view. In this view,
parameters related to the address family can be configured for BGP.
The undo ipv4-family multicast command can exit the multicast extended
address family view, remove all configurations in the address family view and
return to BGP unicast view.
The undo ipv4-family vpn-instance vpn-instance-name command is used to
remove the association between the specified VPN instance and IPv4 address
family and delete all configurations in the address family and return to BGP unicast
view.
The ipv4-family multicast command is used for multicast. For relevant contents,
refer to "MBGP Multicast Extended" chapter in module "Multicast" of this
manual.
The ipv4-family vpn-instance command is used for BGP/MPLS VPN. For related
description, refer to "MPLS VPN" chapter in module "MPLS" module of this
manual.
For the related commands, see ipv4-family vpnv4 and peer enable.
Example
None
ipv4-family vpnv4
Syntax
ipv4-family vpnv4 [ unicast ]
undo ipv4-family vpnv4 [ unicast ]
View
BGP view
Parameter
unicast: Enters VPN-IPv4 unicast address family view with this parameter.
Description
Using the ipv4-family vpnv4 command, you can enter VPNv4 address family
view of BGP. Using the undo ipv4-family vpnv4 command, you can delete all
configurations in VPNv4 address family view and return to IPv4 unicast address
family view of BGP.
The ipv4-family vpnv4 command is used for BGP/MPLS VPN. For related
description, refer to "MPLS VPN" chapter in module "MPLS" of this manual.
The present VRP software platform only supports IPv4 unicast address of VPN.
Execution of the ipv4-family vpnv4 command will enter VPN-IPv4 unicast
address family view even if the unicast parameter is not specified.
For the related commands, see ipv4-family and peer enable.
667
Example
None
peer enable
Syntax
peer { group-name | peer-address } enable
undo peer { group-name | peer-address } enable
View
BGP view, VPNv4 view, VPN instance view
Parameter
group-name: Specifies the name of the peer group, which specifies the entire peer
group.
peer-address: IP address of the peer, which specifies a certain peer.
Description
Using the peer enable command, you can enable the specified peer/peer group
and disable it by using undo peer enable command.
By default, the unicast peer/peer group of IPv4 address family is enabled and other
peers/peer groups are disabled.
Using this command, you can enable/disable the routing exchange between the
peers (peer groups).
By default, the peer (group) of IPv4 unicast is enabled. The undo command is used
to disable them. When a connection is used in both unicast and multicast, you can
configure to disable unicast peer to delete unicast connection only.
By default, the peer (group) in other address families is disabled. It cannot
exchange routing information normally until it is enabled.
Example
Configure and enable the specified peer of VPNv4 unicast address family.
[3Com] bgp 100
[3Com-bgp] peer 10.15.0.15 as-number 100
[3Com-bgp] ipv4-family vpnv4 unicast
[3Com-bgp-af-vpn] peer 10.15.0.15 enable
Configure and enable the specified peer of IPv4 multicast address family.
[3Com] bgp 200
[3Com-bgp] peer 20.10.0.1 as-number 200
[3Com-bgp] ipv4-family multicast
[3Com-bgp-af-mul] peer 20.10.0.1 enable
668
IP Routing Policy
Configuration
Commands
apply as-path
Syntax
apply as-path as-number-1 [ as-number-2 [ as-number-3 ... ] ]
undo apply as-path
View
Routing policy view
Parameter
as-number-1... as-number-n: AS number to be added.
Description
Using the apply as-path command, you can specify AS number to be added in
front of the original AS path in route-policy. Using the undo apply as-path
command, you can cancel the AS sequence number added in front of the original
AS path.
By default, no AS number is set.
If the match condition of route-policy is matched, the AS attribute of the
transmitting route will be changed. At least 10 AS numbers can be added.
Example
Add AS 200 in front of the original AS path in route-policy.
[3Com-route-policy] apply as-path 200
apply community
Syntax
apply community { { {aa:nn | no-export-sunconfed | no-export | no-advertise} [
additive ] } | additive | none }
undo apply community
View
Routing policy view
Parameter
aa:nn: Community number.
no-export-subconfed: Not sends the matched route outside AS.
no-advertise: Not sends the matched route to any peer.
no-export: Not passes route through AS but advertise to other sub Ass.
additive: Community attributes of additional routes.
none: Community attributes of deleted routes.
669
Description
Using the apply community command, you can specify the set BGP community
attribute of route-policy. Using the undo apply community command, you can
cancel the set BGP community attribute.
By default, BGP community attribute is not set.
Configure BGP community attribute after matching the route-policy conditions.
For the related command, see ip community-list, if-match community-list,
route-policy, and display bgp routing-table community.
Example
Display how to configure one route-policy named setcommunity, whose node
serial number is 16 and match mode is permit, and enter route policy view to set
match conditions and attribute modification actions to be executed.
[3Com] route-policy setcommunity permit node 16
[3Com-route-policy] if-match as-path 8
[3Com-route-policy] apply community no-export
apply cost
Syntax
apply cost value
undo apply cost
View
Routing policy view
Parameter
value: Specifies the route cost value of route information.
Description
Using the apply cost command, you can set the route cost value of route
information. Using the undo apply cost command, you can cancel the apply
clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply origin, and apply tag.
Example
Display how to define one apply clause. When it is used for setting route
information attribute, it sets the route cost value of route information as 120.
[3Com-route-policy] apply cost 120
apply cost-type
Syntax
apply cost-type [ internal | external ]
undo apply cost-type
View
Routing policy view
670
Parameter
internal: Uses the cost type of IGP as MED value of BGP to advertise route to
EBGP peer.
external: External cost type value of IS-IS.
Description
Using the apply cost-type command, you can set the route cost type of route
information. Using the undo apply cost-type command, you can cancel the
apply clause.
By default, route cost type is not set.
Example
Set the cost type of IGP as MED value of BGP
[3Com-route-policy] apply cost-type internal
apply ip-address
Syntax
apply ip-address { ip-address [ ip-address ] | acl acl-number }
undo apply ip-address [ ip-address [ ip-address ] | acl acl-number ]
View
Routing policy view
Parameter
ip-address: Next-hop address. Two next-hop addresses can be specified at most.
acl-number: Specifies the number of the access control list used for filtering,
ranging from 1 to 99
Description
Using the apply ip-address command, you can set the next hop address of route
information. Using the undo apply ip-address command, you can cancel the
apply clause.
By default, no apply clause is defined.
One of the apply clauses of the route-policy: When this command is used for
setting routing information attribute, it sets the next hop address of the packets
passed filtering.
If multiple next hop addresses are set through apply ip-address command, other
next hop addresses will be tried by turn when the first next hop address is invalid.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply local-preference, apply cost, apply origin, and apply tag.
Example
Define an apply clause to set the next hop address of routing information as
193.1.1.8 when it is used for setting routing information attribute.
[3Com-route-policy] apply ip-address 193.1.1.8
apply local-preference
671
Syntax
apply local-preference local-preference
undo apply local-preference
View
Routing policy view
Parameter
local-preference: Newly set local preference.
Description
Using the apply local-preference command, you can apply the local preference
of route information. Using the undo apply local-preference command, you can
cancel the apply clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply origin, and apply tag.
Example
Apply the local preference level of route information as 130 when this apply
clause is used for setting route information attribute.
[3Com-route-policy] apply local-preference 130
apply origin
Syntax
apply origin { igp | egp as-number | incomplete }
undo apply origin
View
Routing policy view
Parameter
igp: Sets the BGP route information source as internal route
egp: Sets the BGP route information source as external route
as-number: Specifies AS number of external route.
incomplete: Sets the BGP route information source as unknown source.
Description
Using the apply origin command, you can set the routing source of BGP routing
information. Using the undo apply origin command, you can cancel the apply
clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply cost, and apply tag.
672
Example
Display how to define one apply clause. When it is used for setting routing
information attribute, it sets the routing source of the routing information as igp.
[3Com-route-policy] apply origin igp
apply tag
Syntax
apply tag value
undo apply tag
View
Routing policy view
Parameter
value: Specifies the tag value of route information.
Description
Using the apply tag command, you can set the tag area of OSPF route
information. Using the undo apply tag command, you can cancel the apply
clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply cost, and apply origin.
Example
Display how to define one apply clause. When it is used for setting route
information attribute, it sets the tag area of route information as 100.
[3Com-route-policy] apply tag 100
display ip ip-prefix
Syntax
display ip ip-prefix [ ip-prefix-name ]
View
Any view
Parameter
ip-prefix-name: Specifies displayed address prefix list name.
Description
Using the display ip ip-prefix command, you can view the address prefix list.
Display all the configured address prefix lists when no ip-prefix-name is specified.
For the related command, see ip ip-prefix.
Example
Display the information of the address prefix list named p1.
<3Com> display ip ip-prefix p1
ip-prefix p1
index 10: permit 192.168.10.10/16 greater-equal 17 less-equel 18
display route-policy
673
Syntax
display route-policy [ route-policy-name ]
View
Any view
Parameter
route-policy-name: Specifies displayed route-policy name.
Description
Using the display route-policy command, you can view the configured
route-policy
Display all the configured route-policy when no route-policy-name is specified.
For the related command, see route-policy.
Example
Display the information of route-policy named policy1.
<3Com> display route-policy policy1
Route-policy : policy1
Permit 10 : if-match (prefixlist) p1
apply cost 100
matched : 0 denied : 0
filter-policy export
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
View
Routing protocol view
Parameter
acl-number: Number of the access control list used for matching the destination
address field of the routing information.
ip-prefix-name: Address prefix list used for matching the routing information
destination address field.
protocol: Routing information of which kind of route protocol to be filtered.
Description
Using the filter-policy export command, you can configure the filtering
conditions of the routing information advertised by a certain type of routing
protocols. Using the undo filter-policy export command, you can cancel the
filtering conditions set.
By default, the advertised routing information is not filtered.
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. Then, the filter-policy command can be used to set
674
the filtering conditions for the routing information to be advertised. Only the
routing information passing the filtering can be advertised.
For the related command, see filter-policy import.
Example
Define the filtering rules for advertising the routing information of RIP. Only the
routing information passing the filtering of address prefix list p1 will be advertised
by RIP.
[3Com-rip] filter-policy ip-prefix p1 export
filter-policy import
Syntax
filter-policy gateway ip-prefix-name import
undo filter-policy gateway ip-prefix-name import
filter-policy { acl-number | ip-prefix ip-prefix-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name } import
View
Routing protocol view
Parameter
acl-number: Access control list number used for matching the destination address
field of the routing information.
ip-prefix ip-prefix-name: Prefix address list name. Its matching object is the
destination address field of the routing information.
gateway ip-prefix-name: Prefix address list name of the neighbor router address.
Its matching object is the routing information advertised by the specified neighbor
router.
Description
Using the filter-policy gateway import command, you can filter the routing
information advertised by a specified router. Using the undo filter-policy
gateway import command, you can cancel the setting of the filtering condition.
Using the filter-policy import command, you can configure the condition for
filtering the routing information. Using the undo filter-policy import command,
you can cancel the setting of filter condition.
By default, the received routing information is not filtered.
In some cases, it may be required that only the routing information meeting some
conditions can be received. Then, the filter-policy command can be used to set
the filtering conditions. acl-number is the access control list number used for
filtering the destination addresses of the routing information and ip-prefix
parameter is used to filter the routing information specified destination address.
For the related command, see filter-policy export.
Example
Define the filtering rule for receiving routing information of RIP. Only the routing
information filtered through the address prefix list p1 can be received by RIP.
675
if-match acl
Syntax
if-match acl acl-number
undo if-match acl acl-number
View
Routing policy view
Parameter
acl-number: Specifies the number of the access control list used for filtering.
ip-prefix-name: Specifies the name of the prefix address list used for filtering.
Description
Using the if-match acl command, you can configure the IP address range to
match the route-policy. Using the undo if-match acl command, you can cancel
the setting of the match rule.
Filtering is performed by quoting an ACL.
For the related command, see if-match ip-prefix, if-match interface, if-match
ip next-hop, if-match cost, if-match tag, route-policy, apply ip-address,
apply cost, apply local-preference, apply origin, and apply tag.
Example
Display how to define one if-match clause. When the clause is used for filtering
route information, the route information filtered by route destination address
through address ACL 10 is enabled to pass the if-match clause.
[3Com-route-policy] if-match acl 10
if-match as-path
Syntax
if-match as-path acl-number
undo if-match as-path
View
Routing policy view
Parameter
acl-number: AS path list number. The range is 1 to 199.
Description
Using the if-match as-path command, you can configure the matched AS path
list number of route-policy. Using the undo if-match as-path command, you can
cancel the matched path list number.
By default, AS path list number is not matched.
This if-match clause of route-policy is used to filter BGP routing information. The
match condition is specified according to the AS path attributes of the routing
information.
676
Example
Define an as-path numbered as 2 and allow the autonomous system number to
contain the routing information of 200 and 300. Then, define a route-policy
named test. The node No.10 of this route-policy defines a if-match clause, which
quotes the definition of as-path.
[3Com] ip as-path acl 2 permit 200:300
[3Com] route-policy test permit node 10
[3Com-route-policy] if-match as-path 2
if-match community
Syntax
if-match community { standard-community-list-number [ whole-match ] |
extended-community-list-number }
undo if-match community
View
Routing policy view
Parameter
standard-community-list-number: Standard community list number, ranging from
1 to 99.
extended-community-list-number: Extended community list number, ranging from
100 to 199.
whole-match: Fully matching, i.e., all the communities must appear.
Description
Using the if-match community command, you can configure the community list
number to be matched in route-policy. Using the undo if-match community
command, you can cancel the configuration of the matched community list
number.
By default, community list is not matched.
The if-match clause of route-policy is used to filter BGP routing information. The
match condition is specified according to the community attributes of the routing
information.
For the related commands, see route-policy and ip community-list.
Example
Define a community-list numbered as 1, and allow the autonomous system
number to contain the routing information of 100 and 200. Then, the
route-policy named test is defined. The node No.10 of the route-policy defines a
if-match clause, which quotes the definition of the community-list.
[3Com] ip community-list 1 permit 100:200
[3Com] route-policy test permit node 10
[3Com-route-policy] if-match community 1
if-match cost
Syntax
if-match cost value
undo if-match cost
677
View
Routing policy view
Parameter
value: Specifies the required route cost value, ranging from 0 to 4294967295.
Description
Using the if-match cost command, you can configure one of the matching rules
of route-policy to match the cost of the routing information. Using the undo
if-match cost command, you can cancel the configuration of the matching rule.
By default, no if-match clause is defined.
This if-match clause of route-policy is used to specify the route cost value of the
matched routing information.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match tag, route-policy, apply ip-address,
apply local-preference, apply cost, apply origin, and apply tag.
Example
Define an if-match clause, which allows the routing information with routing cost
8 to pass this if-match clause.
[3Com-route-policy] if-match cost 8
if-match interface
Syntax
if-match interface { interface-name | interface-type interface-number }
undo if-match interface
View
Routing policy view
Parameter
interface-type: Specifies interface type.
interface-number: Specifies interface number.
interface-name: Specifies interface name.
Description
Using the if-match interface command, you can match the route whose next
hop is designated interface. Using the undo if-match interface command, you
can cancel the setting of match condition.
By default, no if-match clause is defined.
This if-match clause of the route-policy is used to match the corresponding
interface of the route next hop when it filters the route.
For the related command, see if-match acl, if-match ip-prefix, if-match ip
next-hop, if-match cost, if-match tag, route-policy, apply ip-address, apply
cost, apply local-preference, apply origin, and apply tag.
678
Example
Display how to define one if-match clause to match the route whose next hop
interface is ethernet 1/0/2.
[3Com-route-policy] if-match interface Ethernet1/0/2
if-match ip next-hop
Syntax
if-match ip next-hop { acl acl-number | ip-prefix ip-prefix-name }
undo if-match ip next-hop [ ip-prefix ]
View
Routing policy view
Parameter
acl-number: Specifies the number of the access control list used for filtering. The
range is 1 to 99.
ip-prefix-name: Specifies the name of the prefix address list used for filtering. The
range is 1 to 19.
Description
Using the if-match ip next-hop command, you can configure one of the match
rules of route-policy on the next hop address of the routing information. Using the
undo if-match ip next-hop command, you can cancel the setting of match
condition.
By default, no if-match clause is defined.
This if-match clause of the route-policy is used to specify the next hop address
field matching the routing information when it filters the routing information and
implement its filtering function by referring to an ACL or address prefix list.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match cost, if-match tag, route-policy, apply ip-address, apply
cost, apply local-preference, apply origin, and apply tag.
Example
Define an if-match clause. It permits the routing information, whose route next
hop address passes the filtering of the prefix address list p1, to pass this if-match
clause.
[3Com-route-policy] if-match ip next-hop ip-prefix p1
if-match ip-prefix
Syntax
if-match ip-prefix ip-prefix-name
undo if-match [ ip-prefix ip-prefix-name ]
View
Routing policy view
Parameter
ip-prefix-name: Specifies the name of the prefix address list used for filtering.
679
Description
Using the if-match ip-prefix command, you can configure one of the match rules
of route-policy on the IP address range of the routing information. Using the undo
if-match ip next-hop command, you can cancel the setting of match condition.
The filtering is achieved through importing an IP address prefix name.
For the related command, see if-match acl, if-match interface, if-match ip
next-hop, if-match cost, if-match tag, route-policy, apply ip-address, apply
cost, apply local-preference, apply origin, and apply tag.
Example
Define an if-match sub-statement in which the IP address prefix list p1 is used in
routing information filtering.
[3Com-route-policy] if-match ip-prefix p1
if-match tag
Syntax
if-match tag value
undo if-match tag
View
Routing policy view
Parameter
value: Specifies the required tag value.
Description
Using the if-match tag command, you can match the tag field of OSPF route
information. Using the undo if-match tag command, you can cancel the existing
matching rules.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, route-policy, apply
ip-address, apply cost, apply local-preference, apply origin, and apply tag.
Example
Display how to define one if-match clause and enable the OSPF route information
whose tag field is 8 to pass the if-match clause.
[3Com-route-policy] if-match tag 8
ip ip-prefix
Syntax
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } network len [
greater-equal greater-equal | less-equal less-equal ]
undo ip ip-prefix ip-prefix-name [ index index-number | permit | deny ]
View
System view
680
Parameter
ip-prefix-name: Specifies an address prefix list name. It identifies one address
prefix list uniquely.
index-number: Identifies an item in the prefix address list. The item with smaller
index-number will be tested first.
permit: Specifies the match mode of the defined address prefix list items as
permit mode. In the permit mode, if the IP address to be filtered is in the defined
range, it will not be tested by the next node. Otherwise, it has to go on with the
test.
deny: Specifies the match mode of the defined address prefix list items as deny
mode. In the deny mode, the IP address in the defined range cannot pass the
filtering and is refused to go on with the next test. Otherwise, it will have the next
test.
network: IP address prefix range (IP address). If it is 0.0.0.0 0, all the IP addresses
are matched.
len: IP address prefix range (mask length). If it is 0.0.0.0 0, all the IP addresses are
matched.
greater-equal, less-equal: Specifies the address prefix range [greater-equal,
less-equal] to be matched after the address prefix network len has been matched.
The meaning of greater-equal is "greater than or equal to" , and the meaning of
less-equal is "less than or equal to". The range is len <= greater-equal <=
less-equal <= 32. When only greater-equal is used, it indicates the prefix range
[greater-equal, 32]. When only less-equal is used, it indicates the prefix range [len,
less-equal].
Description
Using the ip ip-prefix command, you can configure an address prefix list or one
of its items. Using the undo ip ip-prefix command, you can delete an address
prefix list or one of its items.
The address prefix list is used for IP address filtering. An address prefix list may
contain several items, and each item specifies one address prefix range. The
inter-item filtering relation is "OR", i.e. passing an item means passing the filtering
of this address prefix list. Not passing the filtering of all items means not passing
the filtering of this prefix address list.
The address prefix range may contain two parts, which are determined by len and
[greater-equal, less-equal] respectively. If the prefix ranges of these two parts are
both specified, the IP to be filtered must match the prefix ranges of these two
parts.
If you specify network len as 0.0.0.0 0, it only matches the default route.
Specify network len as 0.0.0.0 0 less-equal 32 to match all the routes.
Example
Configure an address prefix list named p1. It permits the routes with the mask of
17 or 18 bits long and in network segment 10.0.192.0.8 to pass.
681
route-policy
Syntax
route-policy route-policy-name { permit | deny } node { node-number }
undo route-policy route-policy-name [ permit | deny | node node-number ]
View
System view
Parameter
route-policy-name: Specifies the route-policy name to identify one route-policy
uniquely.
permit: Specifies the match mode of the defined route-policy node as permit
mode. If a route matches all the if-match clauses, it is permitted to pass the
filtering and execute the apply clauses of this node. If not, it will take the test of
next node of this route-policy.
deny: Specifies the match mode of the defined route-policy node as deny mode.
When a route matches all the if-match clauses of this node, it will be refused to
pass the filtering and will not take the next test.
node: Node of the route policy.
node-number: Index of the node in the route-policy. When this route-policy is used
for routing information filtering, the node with smaller node-number will be
tested first.
Description
Using the route-policy command, you can create and enter route-policy view.
Using the undo route-policy command, you can cancel the established
route-policy.
By default, no route-policy is defined.
Route-policy is used for route information filtering or route policy. One
route-policy comprises of some nodes and each node comprises of some if-match
and apply clauses. The if-match clause defines the match rules of this node and
the apply clause defines the actions after passing the filtering of this node. The
filtering relationship between the if-match clauses of the node is "and", i.e., all
if-match clauses that meet the node. The filtering relation between route-policy
nodes is "OR", i.e. passing the filtering of one node means passing the filtering of
this route-policy. If the information does not pass the filtering of any nodes, it
cannot pass the filtering of this route-policy.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, apply
ip-address, apply local-preference, apply cost, apply origin, and apply tag.
Example
Display how to configure one route-policy policy1, whose node number is 10 and
the match mode is permit, and enter route policy view.
[3Com] route-policy policy1 permit node 10
682
[3Com-route-policy]
Route Capacity
Configuration
Commands
display memory limit
Syntax
dispaly memory limit
View
Any view
Parameter
None
Description
Using the display memory limit command, you can view the memory setting
and state information related to the router capacity.
It includes available memory and state information about connections such as
times for disconnecting connections, times for reestablishing connections and
whether the current system is in the emergent state or not.
Example
Display the current memory setting and state information.
<3Com> display memory limit
The information displayed by this command includes the router memory limit, the
size of the idle memory, the times of connection disconnecting, the times of
connection reestablishment and the current state.
The displayed information is described specifically in the following table:
Table 5 Description of the information displayed by the display memory limit command
Item
Description
memory safety: 30
memory limit: 20
memory auto-establish The system allows recovering the connection automatically. (If the
enabled
automatic recover is disabled, the "auto-establish disabled" will
be displayed.)
Free Memory:
73855332 (Byte)
The size of the current idle memory is 73855332 bytes, that is,
73.855M.
683
Table 5 Description of the information displayed by the display memory limit command
memory auto-establish
disable
Item
Description
The times of
disconnect: 0
The times of
reconnect: 0
The current state is normal. (If entering the emergent state, the
system will display "Exigency" .)
Syntax
memory auto-establish disable
View
System view
Parameter
None
Description
Using the memory auto-establish disable command, you can disable the
function of restoring the connections of all the routing protocols (even if the idle
memory reduces to a safety value).
By default, when the idle memory of the router recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory
of the router reduces to a lower limit, the connection will be disconnected
forcibly).
Using the memory auto-establish disable command, you can disable the above
function. Thus, connections of all the routing protocols will not recover when the
idle memory of the router recovers to a safety value. In this case, you need to
restart the routing protocol to recover the connections.
You shall use the command cautiously.
For the related commands, see memory auto-establish enable, memory {
safety | limit }, and display memory limit.
Example
Disable to recover the connections of all the protocols automatically when the
current router memory resumes.
[3Com] memory auto-establish disable
[3Com]
%3/13/2003 15:47:2-RM-5-S1-RTLOG:You have changed the model of connection
memory auto-establish
enable
Syntax
memory auto-establish enable
View
System view
684
Parameter
None
Description
Using the memory auto-establish enable command, you can resume
connections of all the routing protocols when the idle memory of the router
recovers to a safety value.
By default, when the idle memory of the router recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory
of the router reduces to a lower limit, the connection will be disconnected
forcibly).
Using the memory auto-establish disable command, you can disable the above
function. Using the memory auto-establish enable command, you can enable
the above function again. By default, the function is always enabled.
For the related command, see memory auto-establish disable, memory {
safety | limit }, and display memory limit.
Example
Enable memory resume of the current router and recover connections of all the
protocols automatically.
[3Com] memory auto-establish enable
[3Com]
%3/13/2003 15:48:2-RM-5-S1-RTLOG:You have changed the model of connection
memory limit
Syntax
memory limit limit-value
undo memory limit
View
System view
Parameter
limit-value: Lower limit of the router idle memory, in the unit of Mbytes. Its value
range depends on the idle memory of the current router. The default value is
20Mbytes.
Description
Using the memory limit command, you can configure the lower limit of the
router idle memory. When the idle memory of the router is less than this limit, all
the routing protocol connections will be disconnected forcibly. Using the undo
memory limit command, you can configure the safety value and the lower limit
of the router idle memory to the default configuration.
The limit-value in the command must be less than the current idle memory safety
value, and otherwise the configuration will fail.
685
This command can be used with memory safety command to change the safety
value and lower limit of the router idle memory. The safety-value must be more
than the limit-value in the command, and otherwise the configuration will fail.
For the related commands, see memory auto-establish disable, memory
auto-establish enable, memory safety, and display memory limit.
Example
Set the lower limit of the router idle memory to 25Mbytes.
[3Com] memory limit 25
[3Com]
%8/19/2002 16:35:41-RM-5-RTLOG:You have changed the memory limit/safety value
Set the lower limit of the router idle memory to 25Mbytes and the safety value to
30Mbytes.
[3Com] memory safety 35 limit 25
[3Com]
%8/19/1995 15:45:58-RM-5-RTLOG:Changed the system memory limit(20->25)/ safety(30->35)
successfully
memory safety
Syntax
memory safety safety-value
undo memory safety
View
System view
Parameter
safety-value: Safety value of the router idle memory, in the unit of Mbytes. Its
value range depends on the idle memory of the active router. The default value is
30Mbytes.
Description
Using the memory safety command, you can configure the safety value of the
router idle memory. Using the undo memory safety command, you can
configure the safety value and the lower limit of the router idle memory to the
default configuration.
The safety-value in the command must be more than the current idle memory
lower limit, and otherwise the configuration will fail.
This command can be used with memory limit command to change the safety
value and lower limit of the router idle memory. The safety-value must be more
than the limit-value in the command, and otherwise the configuration will fail.
For the related commands, see memory auto-establish disable, memory
auto-establish enable, memory limit, and display memory limit.
Example
Set the safety value of the router to 35Mbytes.
[3Com] memory safety 35
[3Com]
686
Set the lower limit of the router idle memory to 25Mbytes and the safety value to
30Mbytes.
[3Com] memory safety 35 limit 25
[3Com3Com]
%8/19/1995 15:45:58-RM-5-RTLOG:Changed the system memory limit(20->25)/ safety(30->35)
successfully
Multicast Common
Configuration
Commands
debugging multicast
forwarding
Syntax
debugging multicast forwarding
undo debugging multicast forwarding
View
User view
Parameter
None
Description
Using the debugging multicast forwarding command, you can enable
multicast packet forwarding debugging functions. Using the undo debugging
multicast forwarding command, you can disable the debugging functions.
By default, the debugging function is disabled.
Example
Enable multicast packet forwarding debugging functions.
<3Com> debugging multicast forwarding
debugging multicast
kernel-routing
Syntax
debugging multicast kernel-routing
undo debugging multicast kernel-routing
688
View
User view
Parameter
None
Description
Using the debugging multicast kernel-routing command, you can enable
multicast kernel routing debugging functions. Using the undo debugging
multicast kernel-routing command, you can disable the debugging functions.
By default, the multicast kernel routing debugging function is disabled.
Example
Enable multicast kernel routing debugging functions.
<3Com> debugging multicast kernel-routing
debugging multicast
status-forwarding
Syntax
debugging multicast status-forwarding
undo debugging multicast status-forwarding
View
User view
Parameter
None
Description
Using the debugging multicast status-forwarding command, you can enable
multicast forwarding status debugging functions. Using the undo debugging
multicast status-forwarding command, you can disable the debugging
functions.
By default, the multicast status debugging function is disabled.
Example
Enable multicast forwarding status debugging functions.
<3Com> debugging multicast status-forwarding
display multicast
forwarding-table
Syntax
display multicast forwarding-table [ group-address [ mask { mask | mask-length } ] |
source-address [ mask { mask | mask-length } ] | incoming-interface { interface-type
interface-number | register } ] *
View
Any view
689
Parameter
group-address: Multicast group address, used to specify a multicast group,
ranging from 224.0.0.0 to 239.255.255.255.
mask: Mask.
mask-length: Length of mask. Because 1s in 32-bit mask are required to be
continuous, the mask in dotted decimal notation format can be replaced by
mask-length (mask-length is the number of continuous 1s in the mask).
source-address: Unicast IP address of the multicast source.
incoming-interface: Incoming interface of the multicast forwarding entry.
register: Register interface of PIM-SM.
Description
Using the display multicast forwarding-table command, you can view the
information of multicast forwarding table.
Source-address and group-address of multicast forwarding table are displayed in
hexadecimal notation format and its incoming and outgoing port numbers are
displayed by virtual port number. This information can be viewed via display pim
interface command.
For the related command, see display multicast routing-table.
Example
Display the multicast forwarding table information.
<3Com> display multicast forwarding-table
display multicast
routing-table
Syntax
display multicast routing-table [ group-address [ mask { mask | mask-length } ] |
source-address [ mask { mask | mask-length } ] | incoming-interface { interface-type
interface-number | register } ]*
View
Any view
Parameter
group-address: Multicast group address, used to specify a multicast group and
display the corresponding routing table information of the group. The value
ranges from 224.0.0.0 to 239.255.255.255.
source-address: Unicast IP address of the multicast source.
mask: Mask.
mask-length: Length of mask. Because 1 in 32-bit mask is required to be
continuous, the mask in dotted decimal notation format can be replaced by
mask-length (mask-length is the number of continuous 1s in the mask).
incoming-interface: Incoming interface of the multicast route entry.
register: Register interface of PIM-SM.
690
Description
Using the display multicast routing-table command, you can view the
information of an IP multicast routing table.
This command displays the multicast routing table information, while the display
multicast forwarding-table command displays the multicast forwarding table
information.
The entry (S, G) in the multicast routing table, i.e., (multicast source, multicast
group) acts as the independent entry in the table. Each entry has an unique
Upstream, indicating the interface through which RPF goes to the multicast
source. Each entry also has a Downstream List indicating which interfaces need
multicast forwarding. The related information about (S, G) includes:
proto - The multicast protocol number which possesses the (S, G) (in
hexadecimal notation format).
Flags - All kinds of flags, such as RPT 0x1, WC 0x2, SPT 0x4, NEG CACHE
0x8 and JOIN SUPP 0x10. All the flags are marked by binary bit. In which,
RPT indicates the (S, G) is in the shared tree status. WC is the abbreviation
of wildcard. SPT indicates the shortest path tree. NEG CACHE indicates the
cache record that the downstream interface list is null. JOIN SUPP indicates
the prune suppression status.
Example
Display the corresponding route entry information of multicast group in the
multicast routing table.
<3Com> display multicast routing-table
Multicast Routing Table
Total 1 entry
(10.10.1.2, 225.1.1.1)
UpTime: 00:01:28, Timeout in 278 sec
Upstream interface: Ethernet0/0/0(10.10.1.20)
Downstream interface list:
LoopBack0(20.20.20.30), Protocol 0x1: IGMP
display multicast
routing-table static
Syntax
display multicast routing-table static [ config ] [ source-address [ mask | mask-length ] ]
View
Any view
Parameter
config: When this parameter is chosen, all the routing information configured will
be displayed. If this parameter is not chosen, only effective routing information is
displayed.
source-address: IP address of the multicast source.
mask: Mask.
691
display multicast
rpf-info
Syntax
display multicast rpf-info source-address
View
Any view
Parameter
source-address: IP address of the multicast source.
Description
Using the display multicast rpf-info command, you can view the Reverse Path
Forwarding (RPF) routing information for specified a multicast source.
Example
Display all the RPF routing information.
<3Com> display multicast rpf-info 192.193.194.192
Multicast source's RPF route information about 192.193.194.192
RPF interface: InLoopBack0, RPF neighbor: 127.0.0.1
Referenced route/mask: 192.193.194.192/32
Referenced route type: unicast (DIRECT)
RPF-route selecting rule: preference-preferred
mtracert
Syntax
mtracert { source-address } [ last-hop-address ] [ group-address ]
View
Any view
Parameter
source-address: Address of the multicast source.
last-hop-address: Unicast address, which is the starting address of path tracing.
This address must be an interface address of a hop router. By default, it is a
physical interface address of the local router.
692
Trace reversely the path information of multicast group 225.1.1.1 from the
multicast source 10.10.1.3 to the destination address 12.110.0.2.
<3Com>mtracert 10.10.1.3 12.110.0.2 225.1.1.1
Type Ctrl+C to abort
Mtrace from 10.10.1.3 to 12.110.0.2 via group 225.1.1.1
Querying full reverse path...
-1 12.110.0.2
Incoming Interface Address: 11.110.0.2
Previous-Hop Router Address: 11.110.0.4
693
multicast minimum-ttl
Syntax
multicast minimum-ttl ttl-value
undo multicast minimum-ttl
View
Interface view
Parameter
ttl-value: The minimum TTL value, ranging from 0 to 255.
Description
Using the multicast minimum-ttl command, you can configure the minimum TTL
value for multicast forwarding. Using the undo multicast minimum-ttl
command, you can remove the minimum TTL value configured.
By default, no minimum TTL value for multicast forwarding is configured.
Example
Configure the minimum TTL value for multicast forwarding to 8.
<3Com-Ethernet1/0/1] multicast minimum-ttl 8
multicast
packet-boundary
Syntax
multicast packet-boundary acl-number
undo multicast packet-boundary
View
Interface view
Parameter
acl-number: Number of basic or advanced ACL, ranging from 1 to 199.
694
Description
Using the multicast packet-boundary command, you can configure a multicast
forwarding boundary. Using the undo multicast packet-boundary command,
you can remove the multicast forwarding boundary configured.
By default, no multicast forwarding boundary is configured.
You can set boundary conditions for multicast packets on an interface via basic or
advanced Access Control List (ACL). Packets denied by the ACL will be discarded.
The source address of a multicast packet can be filtered through the basic ACL.
Both the source address and the destination address (source group address) of a
multicast packet can be filtered through the advanced ACL.
Example
Set boundary conditions for multicast packets through the basic ACL 1.
<3Com-Ethernet1/0/1] multicast packet-boundary 1
multicast route-limit
Syntax
multicast route-limit limit
View
System view
Parameter
limit: Limit of multicast routing table capacity, ranging from 0 to
MAX_MROUTE_LIMIT. In which, MAX_MROUTE_LIMIT differs with the different
router types.
Description
Using the multicast route-limit command, you can limit the multicast routing
table capacity. If the capacity exceeds the limit, the router will discard protocols
and data packets of the newly-added (S, G).
By default, the limit of multicast routing table capacity is MAX_MROUTE_LIMIT.
If the number of route entries in the routing table has exceeded the configured
number when configuring the command, the previous route entry in the routing
table will not be deleted. The system will prompt The number of current route
entries is more than that configured.
If this command is executed repeatedly, the new configuration will overwrite the
previous one.
Example
Limit the multicast routing table capacity to 1000.
<3Com] multicast route-limit 1000
multicast routing-enable
Syntax
multicast routing-enable
undo multicast routing-enable
695
View
System view
Parameter
None
Description
Using the multicast routing-enable command, you can enable IP multicast
routing. Using the undo multicast routing-enable command, you can disable IP
multicast routing.
By default, IP multicast routing is disabled.
The system will not forward any multicast packet when IP multicast routing is
disabled.
For the related commands, see pim dm and pim sm.
Example
Enable IP multicast routing.
<3Com> system-view
<3Com] multicast routing-enable
reset multicast
forwarding-table
Syntax
reset multicast forwarding-table [ statistics ] { all | { group-address [ mask { group-mask
| group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ] |
{ incoming-interface interface-type interface-number } | { slot slot-number } } * }
View
User view
Parameter
statistics: If this parameter is used, the statistics of MFC forwarding entries will be
cleared. Otherwise, the MFC forwarding entries will be cleared.
all: All the MFC forwarding entries.
group-address: Address of the specified group.
group-mask: Address mask of the specified group.
group-mask-length: Address mask length of the specified group.
source-address: Address of the specified source.
source-mask: Address mask of the specified source.
source-mask-length: Address mask length of the specified source.
incoming-interface: Incoming interface of the specified forwarding entry.
interface-type interface-number: Interface type and interface number.
696
slot-number: Number of the slot where the interface board resides. This parameter
is only present in the distributed router.
Description
Using the reset multicast forwarding-table command, you can clear MFC
forwarding entries or the statistics of MFC forwarding entries.
The sequence of group-address and source-address can be reversed, but the input
group-address and source-address must be valid. Otherwise, the system will
prompt input error.
For the related commands, see reset pim routing-table, reset multicast
routing-table, and display multicast forwarding-table.
Example
Clear the forwarding entry whose group address is 225.5.4.3 from the MFC
forwarding table.
<3Com> reset multicast forwarding-table 225.5.4.3
Clear the statistics of the forwarding entry whose group address is 225.5.4.3 from
MFC forwarding table.
<3Com> reset multicast forwarding-table statistics 225.5.4.3
reset multicast
routing-table
Syntax
reset multicast routing-table { all | { group-address [ mask { group-mask |
group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ] | {
incoming-interface interface-type interface-number } } * }
View
User view
Parameter
all: All the route entries in multicast kernel routing table.
group-address: Address of the specified group.
group-mask: Address mask of the specified group.
group-mask-length: Address mask length of the specified group.
source-address: Address of the specified source.
source-mask: Address mask of the specified source.
source-mask-length: Address mask length of multicast source.
incoming-interface: Incoming interface of the specified route entry.
interface-type interface-number: Interface type and interface number.
697
Description
Using the reset multicast routing-table command, you can clear the route entry
in the multicast kernel routing table and remove the corresponding forwarding
entry in MFC.
The sequence of group-address and source-address can be reversed, but the input
group-address and source-address must be valid. Otherwise, the system will
prompt input error.
For the related commands, see reset pim routing-table, reset multicast
forwarding-table. and display multicast forwarding-table.
Example
Clear the route entry whose group address is 225.5.4.3 from the multicast kernel
routing table.
<3Com> reset multicast routing-table 225.5.4.3
IGMP Configuration
Commands
debugging igmp
Syntax
debugging igmp { all | event | host | packet | timer }
undo debugging igmp { all | event | host | packet | timer }
View
User view
Parameter
all: All the debugging information of IGMP.
event: Debugging information of IGMP event.
host: Debugging information of IGMP host.
packet: Debugging information of IGMP packets.
timer: Debugging information of IGMP timers.
Description
Using the debugging igmp command, you can enable IGMP debugging
functions. Using the undo debugging igmp command, you can disable the
debugging functions.
By default, IGMP debugging functions are disabled.
Example
Enable all IGMP debugging functions
<3Com> debugging igmp all
698
Syntax
display igmp group [ group-address | interface interface-type interface-number | local ]
View
Any view
Parameter
group-address: Multicast group address.
interface-type interface-number: Interface type and interface number of the
router, used to specify the interface.
local: Information of the local interface which receives and sends multicast data.
Description
Using the display igmp group command, you can view the member information
of the IGMP multicast group.
You can view the information of a group, or the member information of the
multicast group, on an interface. The information displayed includes the multicast
groups joined through IGMP, and those joined statically through command lines by
the downstream host.
For the related command, see igmp host-join.
Example
Display the member information of the directly connected sub-network.
<3Com> display igmp group
LoopBack0 (20.20.20.20): Total 3 IGMP Groups reported:
Group Address
Last Reporter Uptime
Expires
225.1.1.1
20.20.20.20 00:02:04 00:01:15
225.1.1.3
20.20.20.20 00:02:04 00:01:15
225.1.1.2
20.20.20.20 00:02:04 00:01:17
Item
Description
Group address
Last Reporter
Report the last host which becomes the multicast group member
Uptime
The time since the multicast group is found (hour, minute, second)
Expires
The predicted time when the record will be removed from the
IGMP group table (hour, minute, second)
Syntax
display igmp interface [ interface-type interface-number ]
View
Any view
699
Parameter
interface-type interface-number: Interface type and interface number of the
router, used to specify the interface. If the parameters are not specified,
information about all the interfaces running IGMP will be displayed.
Description
Using the display igmp interface command, you can view the IGMP
configuration, and running information on an interface.
The information displayed through display igmp interface will be different
according to the configuration of IGMP proxy on an interface.
Example
Display the IGMP configuration and running information on an interface.
<3Com> display igmp interface
Ethernet0/0/0 (10.10.1.20):
IGMP is enabled
Current IGMP version is 2
Value of query interval for IGMP(in seconds): 60
Value of other querier time out for IGMP(in seconds): 120
Value of maximum query response time for IGMP(in seconds): 10
Policy to accept IGMP reports: none
Querier for IGMP: 10.10.1.10
Total 2 IGMP groups reported
LoopBack0 (20.20.20.30):
IGMP is enabled
Current IGMP version is 2
Value of query interval for IGMP(in seconds): 60
Value of other querier time out for IGMP(in seconds): 120
Value of maximum query response time for IGMP(in seconds): 10
Policy to accept IGMP reports: none
Querier for IGMP: 20.20.20.30 (this router)
No IGMP group reported
Syntax
display igmp local
View
Any view
Parameter
local: Information of the local interface which receives and sends multicast data.
Description
Using the display igmp local command, you can view the IGMP configuration
and running information of the local interface, which receives and sends multicast
data.
700
Example
Display the IGMP configuration and running information of the local interface
which receives and sends multicast data.
<3Com> display igmp local
Mcast_Out_IF (127.0.0.6):
IGMP is enabled on interface
Current IGMP version is 2
No IGMP group reported
Mcast_In_IF (127.0.0.5):
IGMP is disabled on interface
igmp enable
Syntax
igmp enable
undo igmp enable
View
Interface view
Parameter
None
Description
Using the igmp enable command, you can enable IGMP on an interface. Using
the undo igmp enable command, you can disable IGMP on an interface.
By default, IGMP is disabled on an interface.
Only after multicast is enabled can this command take effect. After this command
is configured, the configuration of other attributes of IGMP can be performed.
For the related command, see multicast routing-enable.
Example
Enable IGMP on the interface Ethernet0/0/0.
<3Com-Ethernet0/0/0] igmp enable
igmp group-limit
Syntax
igmp group-limit limit
undo igmp group-limit
View
Interface view
Parameter
limit: Number of IGMP groups, ranging from 0 to MAX_IF_IGMP_GROUP_LIMIT.
The value of MAX_IF_IGMP_GROUP_LIMIT on routers is MAX_MROUTE_LIMIT,
which differs with the different router types.
701
Description
Using the igmp group-limit command, you can limit the number of IGMP groups
joined on the interface. If the number exceeds the limit, the router will not process
the joined IGMP packet any more. Using the undo igmp group-limit command,
you can restore the default configuration.
By default, the maximum number of IGMP groups joined on the interface is 1024.
If the number of IGMP groups joined on the interface has exceeded the
configuration value during configuration, the previously joined IGMP groups will
not be deleted.
If this command is executed repeatedly, the new configuration will overwrite the
previous one.
Example
Limit the maximum number of IGMP groups joined on the interface Ethernet1/0/0
to 100.
<3Com-Ethernet1/0/0] igmp group-limit 100
igmp group-policy
Syntax
igmp group-policy acl-number [ 1 | 2 ]
undo igmp group-policy
View
Interface view
Parameter
acl-number: Number of basic IP ACL, defining the range of a multicast group. The
value ranges from 1 to 99.
1: IGMP Version 1.
2: IGMP Version 2. If IGMP version is not specified, IGMP Version 2 is used by
default.
Description
Using the igmp group-policy command, you can set the filter of multicast groups
on an interface to control the accessing to the IP multicast groups. Using the undo
igmp group-policy command, you can remove the filter configured.
By default, no filter is configured, that is, a host can join any multicast group.
If you do not want the hosts on the network, that the interface is on, to join some
multicast groups and receive the packets from the multicast groups, you can use
this command to limit the range of the multicast groups served by the interface.
For the related command, see igmp host-join.
702
Example
Permit the hosts on the interface Ethernet1/0/0 to join multicast group 225.1.1.1
only.
<3Com] acl number 5
<3Com-acl-basci-5] rule permit source 225.1.1.1 0
<3Com-acl-basci-5] quit
<3Com] interface ethernet 1/0/0
<3Com-Ethernet1/0/0] igmp group-policy 5
igmp host-join
Syntax
igmp host-join group-address
undo igmp host-join group-address
View
Interface view
Parameter
group-address: Multicast address of the multicast group that an interface will join.
Description
Using the igmp host-join command, you can enable an interface of a router to
join a multicast group. Using the undo igmp host-join command, you can
disable the configuration.
By default, an interface does not join any multicast group.
On one router, up to 1024 interfaces can be configured with igmp host-join
command at best.
For the related command, see igmp group-policy.
Example
Configure Ethernet1/0/0 to join the multicast group 255.0.0.1.
<3Com-Ethernet1/0/0] igmp host-join 225.0.0.1
igmp
lastmember-queryinterv
al
Syntax
igmp lastmember-queryinterval seconds
undo igmp lastmember-queryinterval
View
Interface view
Parameter
seconds: Interval at which IGMP querier sends the IGMP specified group query
packet when it receives IGMP Leave packet from the host, in second. The value
ranges from 1 to 5 seconds. By default, the value is 1 second.
703
Description
Using the igmp lastmember-queryinterval command, you can set the interval
at which IGMP querier sends the IGMP specified group query packet when it
receives IGMP Leave packet from the host. Using the undo igmp
lastmember-queryinterval command, you can restore the default value.
On a shared network, that is, when there are multiple hosts and multicast routers
on a network segment, the query router (querier for short) takes charge of
maintaining IGMP group membership on an interface. When the host in IGMP
Version 2 leaves a group, the host should send IGMP Leave packet. If IGMP querier
receives the packet, it must send the IGMP specified group query packet for
robust-value times according to the interval seconds configured via igmp
lastmember-queryinterval command (if the command is not configured, seconds is
1) and the robust coefficient robust-value configured via igmp robust-count (if the
command is not configured, robust-value is 2). If another host receives the IGMP
specified group query packet from IGMP querier and is interested in the group, it
will send IGMP Membership Report packet within the maximum response time
regulated by the packet. If IGMP querier receives IGMP Membership Report packet
from another host within the time robust-value x seconds, it will go on
maintaining the group membership. If not, it will regard the group is timeout and
stop maintaining the group membership.
The command is only valid when IGMP query router is running in IGMP Version 2.
If the host runs in IGMP Version 1, it may not send IGMP Leave packet when it
leaves a group. At that time, the command is invalid to the host.
For the related commands, see igmp robust-count and display igmp interface.
Example
Configure the query interval of the querier for the last group member on the
interface Ethernet1/0/0 to 3 seconds.
<3Com-Ethernet1/0/0] igmp lastmember-queryinterval 3
igmp max-response-time
Syntax
igmp max-response-time seconds
undo igmp max-response-time
View
Interface view
Parameter
seconds: The maximum response time in the IGMP query packet in second,
ranging from 1 to 25. By default, the value is 10 seconds.
Description
Using the igmp max-response-time command, you can configure the maximum
response time contained in the IGMP query packet. Using the undo igmp
max-response-time command, you can restore the default value.
The maximum query response time determines the period for a router to quickly
detect that there are no more directly connected group members in a LAN.
704
igmp proxy
Syntax
igmp proxy interface-type interface-number
undo igmp proxy
View
Interface view
Parameter
interface-type: Proxy interface type.
interface-number: Proxy interface number.
Description
Using the igmp proxy command, you can specify an interface of a leaf network
router as the IGMP proxy of another interface. Using the undo igmp proxy
command, you can remove the configuration.
By default, IGMP proxy function is disabled.
An interface cannot act as the IGMP proxy of two or more other interfaces at the
same time.
If an interface is configured with IGMP proxy multiple times, the last one overrides
all the previous configurations.
For the related command, see pim neighbor-policy.
Example
Configure the IGMP proxy of router Ethernet0/0/0 to Ethernet1/0/0.
<3Com-Ethernet0/0/0] igmp proxy ethernet 1/0/0
igmp robust-count
Syntax
igmp robust-count robust-value
undo igmp robust-count
View
Interface view
Parameter
robust-value: IGMP robust coefficient, indicating the times IGMP querier sends the
IGMP specified group query packet when it receives IGMP Leave packet from the
host. The value ranges from 2 to 5. By default, the value is 2.
705
Description
Using the igmp robust-count command, you can set the times IGMP querier
sends the IGMP specified group query packet when it receives IGMP Leave packet
from the host. Using the undo igmp robust-count command, you can restore
the default value.
On a shared network, with multiple hosts and multicast routers on a network
segment, the query router (querier for short) takes charge of maintaining IGMP
group membership on an interface. When the host in IGMP Version 2 leaves a
group, the host should send an IGMP Leave packet. If IGMP querier receives the
packet, it must send the IGMP specified group query packet for robust-value times
according to the interval seconds configured via igmp
lastmember-queryinterval command (if the command is not configured,
seconds is 1) and the robust coefficient robust-value configured via igmp
robust-count (if the command is not configured, robust-value is 2).
If another host receives the IGMP specified group query packet from IGMP querier
and is interested in the group, it will send IGMP Membership Report packet within
the maximum response time regulated by the packet. If IGMP querier receives
IGMP Membership Report packet from another host within the time robust-value x
seconds, it will go on maintaining the group membership. If not, it will regard the
group as overtime and stop maintaining the group membership.
The command is only valid when IGMP query router is running in IGMP Version 2.
If the host runs in IGMP Version 1, it may not send IGMP Leave packet when it
leaves a group. At that time, the command is invalid to the host.
For the related commands, see igmp lastmember-queryinterval and display
igmp interface.
Example
Configure the robust-value of querier on the interface Ethernet1/0/0 to 3.
<3Com-Ethernet1/0/0] igmp robust-count 3
igmp timer
other-querier-present
Syntax
igmp timer other-querier-present seconds
undo igmp timer other-querier-present
View
Interface view
Parameter
seconds: IGMP querier present time, in second. The value ranges from 60 to 300
seconds. By default, the value is twice of IGMP query messages interval. It is 120
seconds in general.
Description
Using the igmp timer other-querier-present command, you can configure the
overtime value of the presence of an IGMP querier. Using the undo igmp timer
other-querier-present command, you can restore the default value.
706
On a shared network, i.e., there are multiple multicast routers on the same
network segment, the query router (querier for short) takes charge of sending
query messages periodically on the interface. If other non-queriers receive no
query messages within the valid period, the router will consider the previous query
to be invalid and the router itself becomes a querier.
In IGMP Version 1, the selection of a querier is determined by the multicast routing
protocol. In IGMP Version 2, the router with the lowest IP address on the shared
network segment acts as the querier.
For the related commands, see igmp timer query and display igmp interface.
CAUTION: If the querier present time configured is less than the twice of query
interval, it may lead to the repeated changes of queriers in the network.
Example
Configure the querier present time on the interface Ethernet1/0/0 to 200 seconds.
<3Com-Ethernet1/0/0] igmp timer other-querier-present 200
Syntax
igmp timer query seconds
undo igmp timer query
View
Interface view
Parameter
seconds: Interval at which the router sends the IGMP query messages, in second. It
ranges from 1 to 18000. By default, the value is 60 seconds.
Description
Using the igmp timer query command, you can configure the interval at which a
router interface sends IGMP query messages. Using the undo igmp timer query
command, you can restore the default value.
A multicast router sends IGMP query messages at intervals to find out whether
there are multicast group members on the network. The query interval can be
modified according to the practical conditions of the network.
For the related command, see igmp timer other-querier-present.
Example
Configure the interval at which multicast router Ethernet1/0/0 sends IGMP query
packet to 125 seconds.
<3Com-Ethernet1/0/0] igmp timer query 125
igmp version
Syntax
igmp version { 1 | 2 }
undo igmp version
707
View
Interface view
Parameter
1: IGMP Version 1.
2: IGMP Version 2. By default, IGMP Version 2 is used.
Description
Using the igmp version command, you can specify the version of IGMP that a
router uses. Using the undo igmp version command, you can restore the default
value.
All systems running in the same sub-network must support the same version of
IGMP. When a router finds the system of Version 1, it cannot switch to Version 1
by itself.
Example
Specify Ethernet1/0/0 to use IGMP Version 1.
<3Com-Ethernet1/0/0] igmp version 1
Syntax
reset igmp group { all | interface interface-type interface-number { all | group-address [
group-mask ] } }
View
User view
Parameter
all: All IGMP groups.
interface interface-type interface-number: Interface type and interface number.
group-address: IGMP group address.
group-mask: Network segment mask of group address.
Description
Using the reset igmp group command, you can delete the IGMP group joined on
the interface. The deletion of the group does not affect its joining again.
Example
Delete all the IGMP groups on all interfaces.
<3Com> reset igmp group all
708
Delete the IGMP groups ranging between the network segment 225.1.1.0 and
225.1.1.255 on the interface Ethernet0/0/0.
<3Com> reset igmp group interface ethernet0/0/0 225.1.1.0 255.255.255.0
PIM Configuration
Commands
bsr-policy
Syntax
bsr-policy acl-number
undo bsr-policy
View
PIM view
Parameter
acl-number: ACL number used by BSR filter policy , ranging from 1 to 99.
Description
Using the bsr-policy command, you can restrict the range for valid BSR so as to
prevent BSR spoofing. Using the undo bsr-policy command, you can restore the
normal state without any range restriction, and all the messages received will be
considered valid.
In PIM SM network which uses BSR mechanism, any router can set itself as C-BSR
and will take charge of advertising BP information in the network, if it succeeds in
competition. To prevent the valid BSR in the network from being replaced, the
following two measures should be taken:
709
The above two points can partially protect the security of BSR in the network.
However, if a legal BSR router is controlled by an attacker, it will lead to the above
problem.
The source parameter in the related rule command is translated as BSR address in
bsr-policy command.
For the related commands, see acl and rule.
Example
Configure BSR filter policy on a router. Only permit 1.1.1.1/32 to act as BSR and
regard others are invalid.
<3Com-pim] bsr-policy 1
<3Com-pim] quit
<3Com] acl number 1
<3Com-acl-basic-1] rule 0 permit source 1.1.1.1 0
c-bsr
Syntax
c-bsr interface-type interface-number hash-mask-len [ priority ]
undo c-bsr
View
PIM view
Parameter
interface-type interface-number: Interface type and interface number of a router.
A candidate BSR is configured on this interface. PIM-SM must be enabled on this
interface, the configuration can take effect.
hash-mask-len: Mask length. The mask performs And operation with multicast
address at first and then performs the operation of searching for RP. The value
ranges from 0 to 32.
priority: Priority of the candidate BSR. The larger the value is, the higher the
priority of candidate BSR is. The value ranges from 0 to 255. By default, the
priority is 0.
Description
Using the c-bsr command, you can configure a candidate BSR. Using the undo
c-bsr command, you can remove the candidate BSR configuration.
By default, no candidate BSR is set.
Since BSR and other devices in PIM domain need to exchange a great deal of
information during candidate BSR configuration, a relatively large bandwidth must
be guaranteed.
For the related command, see pim sm.
710
Example
Configure the IP address of the router on Ethernet1/0/0 as a candidate BSR with
the priority 2.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] c-bsr ethernet1/0/0 30 2
c-rp
Syntax
c-rp interface-type interface-number [ group-policy acl-number ] [ priority
priority-value ]
undo c-rp interface-type interface-number
View
PIM view
Parameter
interface-type interface-number: Specified interface with the IP address
advertised as a candidate RP address.
acl-number: Number of basic ACL that defines a group range, which is the service
range of the advertised RP. The value ranges from 1 to 99.
priority-value: Priority of a candidate RP. The larger the value is, the lower the
priority is. The value ranges from 0 to 255. By default, the value is 0.
Description
Using the c-rp command, you can configure the router to advertise itself as a
candidate RP to BSR. Using the undo c-rp command, you can remove the
configuration.
By default, no candidate RP is configured.
When configuring a candidate RP a relatively large bandwidth should be reserved
for the router and other devices in PIM domain.
For the related command, see c-bsr.
Example
Configure the interface Ethernet1/0/0 as the candidate RP for all groups.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] c-rp ethernet 1/0/0
crp-policy
Syntax
crp-policy acl-number
undo crp-policy
711
View
PIM view
Parameter
acl-number: ACL number used by C-RP filter policy, ranging from 100 to 199.
Description
Using the crp-policy command, you can restrict the range for valid C-RP, and the
group range served by each C-RP so as to prevent C-RP cheating. Using the undo
crp-policy command, you can restore the normal state without any range
restriction and regard all the messages received as valid.
In PIM SM network which uses BSR mechanism, any router can set itself as a C-RP
serving the specific group range. If it is elected in RP election, it will become an RP
serving in the group range.
In BSR mechanism C-RP router unicasts C-RP information to BSR router which is
responsible for advertising all C-RP information to the whole network by using BRP
information.
To prevent C-RP cheating, crp-policy needs to be configured on a BSR router to
restrict the range for valid C-RP and the group address range it serves. Each C-BSR
may become a BSR, so the same filter policy should be configured on each C-BSR.
This command uses the ACL numbered from 100 to 199. The parameter source in
the related rule command indicates C-RP address, and the destination indicates
the group range the C-RP serves. Upon matching the received C-RP message, only
when the C-RP address in the packet matches source address and the group
address range is the subset of that in ACL can this configuration be regarded
successful.
For the related commands, see acl and rule.
Example
Configure C-RP policy on C-BSR router. Only permit 1.1.1.1/32 to act as C-RP
which only serves the group range 225.1.0.0/16.
<3Com-pim] crp-policy 100
<3Com-pim] quit
<3Com] acl number 100
<3Com-acl-adv-100] rule 0 permit ip source 1.1.1.1 0 destination 225.1.0.0 0.0.255.255
Syntax
debugging pim common { all | event | packet | timer }
undo debugging pim common { all | event | packet | timer }
View
User view
Parameter
all: All the common debugging information of PIM.
712
debugging pim dm
Syntax
debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all | assert | graft |
graft-ack | join | prune } }
undo debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all | assert |
graft | graft-ack | join | prune } }
View
User view
Parameter
all: All the debugging information of PIM-DM.
alert: Debugging information of PIM-DM interoperation event.
mrt: Debugging information of PIM-DM multicast routing table.
timer: Debugging information of PIM-DM timer.
warning: Debugging information of PIM-DM warning message.
recv: Debugging information of PIM-DM receiving packets.
send: Debugging information of PIM-DM sending packets.
all: All packet types.
assert: Packet type, assert packet.
graft: Packet type, graft packet.
graft-ack: Packet type, graft acknowledgment packet.
join: Packet type, join packet.
prune: Packet type, prune packet.
713
Description
Using the debugging pim dm command, you can enable PIM-DM debugging
functions. Using the undo debugging pim dm command, you can disable the
debugging functions.
By default, PIM-DM debugging functions are disabled.
Example
Enable all PIM-DM debugging functions
<3Com> debugging pim dm all
debugging pim sm
Syntax
debugging pim sm { all | mbr | mrt | timer | msdp | verbose | warning | { recv | send } {
assert | bootstrap | crpadv | jp | reg | regstop } }
undo debugging pim sm { all | mbr | mrt | msdp | timer | verbose | warning | { recv | send
} { assert | bootstrap | crpadv | jp | reg | regstop } }
View
User view
Parameter
mbr: Debugging information of PIM-SM multicast boundary router event.
mrt: Debugging information of PIM-SM multicast routing table.
msdp: Functions between PIM-SM and MSDP.
timer: Debugging information of PIM-SM timer.
warning: Debugging information of PIM-SM warning message.
recv: Debugging information of PIM-SM receiving packets.
send: Debugging information of PIM-SM sending packets.
assert | bootstrap | crpadv | jp | reg | regstop: Packet type.
Description
Using the debugging pim sm command, you can enable PIM-SM debugging
functions. Using the undo debugging pim sm command, you can disable the
debugging functions.
By default, PIM-SM debugging functions are disabled.
The command debugging pim sm register-proxy, is only suitable for the
distributed router. This command can enable the debugging when an interface
board acts as a proxy of a main control board, to send register packets.
Example
Enable all PIM-SM debugging functions
<3Com> debugging pim sm all
714
Syntax
display pim bsr-info
View
Any view
Parameter
None
Description
Using the display pim bsr-info command, you can view Bootstrap Router (BSR)
information.
For the related commands, see c-bsr and c-rp.
Example
Execute this command on a router running PIM-SM and display the current BSR
information.
<3Com> display pim bsr-info
Current BSR Address: 20.20.20.30
Priority: 0
Mask Length: 30
Expires: 00:01:55
Local host is BSR
Syntax
display pim interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Interface type and interface number.
Description
Using the display pim interface command, you can view the PIM interface
information.
Example
Display the PIM information about the interface Ethernet1/0/0.
<3Com> display pim interface ethernet 1/0/0
PIM information of interface Ethernet1/0/0:
IP address of the interface is 10.10.1.20
PIM is enabled on interface
PIM version is 2
PIM mode is Sparse
PIM query interval is 30 seconds
Total 1 PIM neighbor on interface
715
Item
Description
IP address of DR is 10.10.1.20.
Syntax
display pim neighbor [ interface interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Interface type and interface number.
Description
Using the display pim neighbor command, you can view the PIM neighbor
information.
Example
Display the PIM neighbor information of the interface Ethernet1/0/0 on the router.
<3Com> display pim neighbor ethernet 1/0/0
Neighbor's Address Interface Name Uptime Expires
10.10.1.10
Ethernet1/0/0 00:41:59 00:01:16
display pim
routing-table
Syntax
display pim routing-table [ *g [ group-address [ mask { mask-length | mask } ] ] [
incoming-interface { interface-name | null } ] [ dense-mode | sparse-mode ]
display pim routing-table [ **rp [ rp-address [ mask { mask-length | mask } ] ] [
incoming-interface { interface-name | null } ] [ dense-mode | sparse-mode]
display pim routing-table [ source-address [ mask { mask-length | mask } ] [
group-address [ mask { mask-length | mask } ] ] [ incoming-interface { interface-name |
null } ] [ dense-mode | sparse-mode ]
View
Any view
Parameter
**rp: (*, *, RP) route entry.
*g: (*, G) route entry.
group-address: Address of the multicast group.
source-address: IP address of the multicast source.
incoming-address: Route entry of the specified incoming interface.
716
Description
Using the display pim routing-table command, you can view the contents of
the PIM multicast routing table.
For the related command, see display multicast routing-table.
Example
Display the contents of the PIM multicast routing table on the router.
<3Com> display pim routing-table
PIM-SM Routing Table
Total 0 (S,G) entry, 2 (*,G) entries, 0 (*,*,RP) entry
(*, 224.0.1.40), RP 20.20.20.30
Protocol 0x20: PIMSM, Flag 0x2003: RPT WC NULL_IIF
UpTime: 00:17:25, never timeout
Upstream interface: Null, RPF neighbor: 0.0.0.0
Downstream interface list:
Ethernet0/0/0, Protocol 0x1: IGMP, never timeout
(*, 225.1.1.1), RP 20.20.20.30
Protocol 0x20: PIMSM, Flag 0x2003: RPT WC NULL_IIF
UpTime: 00:08:45, never timeout
Upstream interface: Null, RPF neighbor: 0.0.0.0
Downstream interface list:
Ethernet0/0/0, Protocol 0x1: IGMP, never timeout
Matched 0 (S,G) entry, 2 (*,G) entries, 0 (*,*,RP) entry
Syntax
display pim rp-info [ group-address ]
View
Any view
Parameter
group-address: Group address.
Description
Using the display pim rp-info command, you can view the corresponding RP
information of a multicast group; BSR and static RP information.
If no group address is specified in this command, the corresponding RP
information of all groups will be displayed.
Example
Display the currently corresponding RP of 224.0.0.0.
<3Com> display pim rp-info 224.0.0.0
PIM-SM RP-SET information:
BSR is: 20.20.20.20
Group/MaskLen: 224.0.0.0/4
RP 20.20.20.20
Version: 2
Priority: 0
Uptime: 00:00:05
Expires: 00:02:25
pim
717
Syntax
pim
undo pim
View
System view
Parameter
None
Description
Using the pim command, you can enter PIM view. Using the undo pim
command, you can clear the configuration in PIM view.
The global parameter which is related with the PIM must be configured in PIM
view.
Example
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim]
pim bsr-boundary
Syntax
pim bsr-boundary
undo pim bsr-boundary
View
Interface view
Parameter
None
Description
Using the pim bsr-boundary command, you can configure an interface to
become the PIM domain boundary. Using the undo pim bsr-boundary
command, you can remove the boundary.
By default, no domain boundary is set.
After this command is configured on an interface, Bootstrap messages cannot
pass the boundary, whereas other PIM packets can. This command can effectively
divide the network into domains which use different BSRs.
For the related command, see c-bsr.
Example
Configure a domain boundary on the interface Pos1/0/0.
<3Com-Pos1/0/0] pim bsr-boundary
718
pim dm
Syntax
pim dm
undo pim dm
View
Interface view
Parameter
None
Description
Using the pim dm command, you can enable PIM-DM. Using the undo pim dm
command, you can disable PIM-DM.
By default, PIM-DM is disabled.
Once PIM-DM is enabled on an interface PIM-SM cannot be enabled on the same
interface and vice versa.
Example
Enable PIM-DM on the interface Ethernet1/0/0.
<3Com] multicast routing-enable
<3Com] interface ethernet1/0/0
<3Com-Ethernet1/0/0] pim dm
pim neighbor-limit
Syntax
pim neighbor-limit limit
undo pim neighbor-limit
View
Interface view
Parameter
limit: Upper limit of PIM neighbor number on an interface, ranging from 0 to 128.
Description
Using the pim neighbor-limit command, you can limit PIM neighbor number on
a router interface. If the number exceeds the limit configured, no new neighbor
can be added to the router. Using the undo pim neighbor-limit command, you
can restore the default configuration.
By default, the upper limit of PIM neighbor number on an interface is 128.
If the PIM neighbor number on an interface has exceeded the value configured
during configuration, the previous PIM neighbor will not be deleted.
Example
Limit the upper limit of PIM neighbor number on the interface Ethernet1/0/0/ to
50.
719
pim neighbor-policy
Syntax
pim neighbor-policy acl-number
undo pim neighbor-policy
View
Interface view
Parameter
acl-number: Number of basic ACL. The value ranges from 1 to 99.
Description
Using the pim neighbor-policy command, you can configure a router to filter the
PIM neighbor of the current interface. Using the undo pim neighbor-policy
command, you can cancel the filtering.
Only the router, which is permitted by ACL, can act as PIM neighbor of the current
interface, while other routers cannot.
If this command is configured repeatedly the new configuration will overwrite the
previous one.
Example
Configure 10.10.1.2 rather than 10.10.1.1 as the PIM neighbor of Ethernet1/0/0.
<3Com-Ethernet1/0/0] pim neighbor-policy 1
<3Com-Ethernet1/0/0] quit
<3Com] acl number 1
<3Com-acl-basic-1] rule permit source 10.10.1.2 0
<3Com-acl-basic-1] rule deny source 10.10.1.1 0
pim sm
Syntax
pim sm
undo pim sm
View
Interface view
Parameter
None
Description
Using the pim sm command, you can enable PIM-SM protocol on an interface.
Using the undo pim sm command, you can disable PIM-SM protocol.
By default, PIM-SM is disabled.
Once PIM-SM is enabled on an interface, PIM-DM cannot be enabled on the same
interface and vice versa.
720
Example
Enable PIM-SM on the interface Ethernet1/0/0.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] interface ethernet 1/0/0
<3Com-Ethernet1/0/0] pim sm
Syntax
pim timer hello seconds
undo pim timer hello
View
Interface view
Parameter
seconds: Interval of sending Hello message in second, ranging from 1 to 18000.
By default, the value is 30 seconds.
Description
Using the pim timer hello command, you can configure the interval of sending a
PIM router Hello message. Using the undo pim timer hello command, you can
restore the default value.
Example
Configure the interval of sending Hello message on the interface Ethernet1/0/0 on
the PIM router to 40 seconds.
<3Com-Ethernet1/0/0] pim sm
<3Com-Ethernet1/0/0] pim timer hello 40
register-policy
Syntax
register-policy acl-number
undo register-policy
View
PIM view
Parameter
acl-number: Number of advanced IP ACL, defining the rule of filtering the source
and group addresses. The value ranges from 100 to 199.
Description
Using the register-policy command, you can configure a RP to filter the register
packet sent by the DR in the PIM-SM network, and to accept a specific packet
only. Using the undo register-policy command, you can remove the configured
packet filtering.
721
Example
If the local device is the RP in the network, using the following command can only
accept the multicast data register packets sent by the source on the network
segment 10.10.0.0/16 to the multicast address in the range of 225.1.0.0/16.
<3Com> system-view
<3Com] acl number 110
<3Com-acl-adv-110] rule permit ip source 10.10.0.0 255.255.0.0 destination 225.1.0.0
255.255.0.0
<3Com-acl-adv-110] quit
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] register-policy 110
Syntax
reset pim neighbor { all | { neighbor-address | interface interface-type interface-number
}*}
View
User view
Parameter
all: All PIM neighbors.
neighbor-address: Specifies neighbor address.
interface: Specifies the interface.
interface-type interface-number: Interface type and interface number.
Description
Using the reset pim neighbor command, you can clear PIM neighbor.
For the related command, see display pim neighbor.
Example
Clear the PIM neighbor of the interface addressed with 25.5.4.3.
<3Com> reset pim neighbor 25.5.4.3
Syntax
reset pim routing-table all
reset pim routing-table { group-address [ mask group-mask | group-mask-length ] [
source-address [ mask source-mask | source-mask-length ] [ incoming-interface {
interface-type interface-number | null } ] } *
View
User view
Parameter
all: All PIM route entries.
722
source-policy
Syntax
source-policy acl-number
undo source-policy
View
PIM view
723
Parameter
acl-number: Number of basic or advanced ACL. The value ranges from 1 to 199.
Description
Using the source-policy command, you can configure a router to filter the
multicast data packet received according to source (group) address. Using the
undo source-policy command, you can remove the configuration.
If source address filtering and basic ACL are configured all the multicast data
packets received will be matched with source addresses. The packet that does not
pass the matching will be discarded.
If source address filtering and advanced ACL are configured, all the multicast data
packets received will be matched with source and group addresses. The packet
that does not pass the matching will be discarded.
This command filters not only multicast data, but also the multicast data
encapsulated in a register packet.
If this command is executed repeatedly, the new configuration will overwrite the
previous one.
Example
Configure to accept the multicast data packets with source address of 10.10.1.2
and discard the multicast data packets with source address of 10.10.1.1.
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] source-policy 1
<3Com-pim] quit
<3Com] acl number 1
<3Com-acl-basic-1] rule permit source 10.10.1.2 0
<3Com-acl-basic-1] rule deny source 10.10.1.1 0
spt-switch-threshold
Syntax
spt-switch-threshold { traffic-rate | infinity } [ group-policy acl-number ]
undo spt-switch-threshold { traffic-rate | infinity } [ group-policy acl-number ]
View
PIM view
Parameter
traffic-rate: Switch rate threshold from the RPT to the SPT in Kbps, ranging from 0
to 65535. By default, the switch threshold value is 0, i.e., switching starts when
the RPT receives the first data packet.
infinity: Indicates never to switch to SPT.
acl-number: Number of basic IP ACL, defining the range of a multicast group. The
value ranges from 1 to 99.
724
Description
Using the spt-switch-threshold command, you can set the packet rate threshold
when the PIM leaf router switches from the RPT to the SPT. Using the undo
spt-switch-threshold command, you can restore the default setting.
Example
Set the threshold value to 4Kbps. If the transmission rate from the source to the
multicast group is higher than it, the router will switch to the SPT toward the
source.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] spt-switch-threshold 4
static-rp
Syntax
static-rp rp-address [ acl-number ]
undo static-rp
View
PIM view
Parameter
rp-address: Static RP address. This address must be valid unicast IP address and
cannot be configured as the address in 127 network segment.
acl-number: Number of basic ACL, used in controlling the multicast group range
that static RP serves. The value ranges from 1 to 99.
Description
Using the static-rp command, you can configure static RP. Using the undo
static-rp command, you can remove the configuration.
RP is the kernel router in multicast routing. If the dynamic RP elected through BSR
mechanism is invalid for some reason, static RP can be configured as a backup of
the dynamic RP to improve the robustness of the network and operation
management capability of the multicast network.
All routers in the PIM domain should be configured with this command, and be
configured with the same RP address. If the configured static RP address is the
address of an UP interface on the local device, the local device will act as static RP.
PIM is not necessarily enabled on the interface which acts as static RP.
If this command is configured, but ACL is not specified, the static RP configured
will serve all the multicast groups. If ACL is specified, the static RP configured will
only serve the multicast group permitted by the ACL.
In the case that the RP elected through BSR mechanism is valid, static RP does not
take effect.
If this command is executed repeatedly, the new configuration will overwrite the
previous one.
725
MSDP Configuration
Commands
cache-sa-enable
Syntax
cache-sa-enable
undo cache-sa-enable
View
MSDP view
Parameter
None
Description
Using the cache-sa-enable command, you can enable the router to cache SA
state. Using the undo cache-sa-enable command, you can remove the cache
from the router.
By default, the router caches the SA state, i.e., (S, G) entry after it receives SA
messages.
If the router is in cache state, it will not send SA request message to the specified
MSDP peer when it receives a new group join message.
Example
Configure the router to cache all the SA states.
<3Com> system-view
<3Com] msdp
<3Com-msdp] cache-sa-enable
debugging msdp
Syntax
debugging msdp { all | connect | event | packet | source-active }
undo debugging msdp { all | connect | event | packet | source-active }
View
User view
Parameter
all: All the debugging information of MSDP.
726
Syntax
display msdp brief
View
Any view
Parameter
None
Description
Using the display msdp brief command, you can view the state of MSDP peer.
Example
Display the state of MSDP peer.
<3Com> display msdp brief
MSDP Peer Brief Information
Peer's Address State Up/Down time AS SA Count Reset Count
20.20.20.20
Up
00:00:13
100 0
0
Syntax
display msdp peer-status [ peer-address ]
View
Any view
Parameter
peer-address: Address of MSDP peer.
Description
Using the display msdp peer-status command, you can view the detailed
information of MSDP peer.
727
Syntax
display msdp sa-cache [ group-address ] [ source-address ] [
autonomous-system-number ]
View
Any view
Parameter
group-address: Group address of (S, G) entry.
source-address: Source address of (S, G) entry. With no source address specified,
all the source information of the specified group will be displayed.
If neither group address nor source address is determined, all SA caches will be
displayed.
autonomous-system-number: Displays (S, G) entries from specified autonomous
system.
Description
Using the display msdp sa-cache command, you can view (S, G) state learnt
from MSDP peer.
728
Uptime Expires
100 00:00:10 00:05:50
100 00:00:11 00:05:49
100 00:00:11 00:05:49
100 00:00:11 00:05:49
100 00:00:11 00:05:49
Syntax
display msdp sa-count [ autonomous-system-number ]
View
Any view
Parameter
autonomous-system-number: Number of sources and groups from the specified
autonomous system.
Description
Using the display msdp sa-count command, you can view the number of
sources and groups in MSDP cache.
The cache-sa-enable command must be configured before the configuration of
this command.
Example
<3Com> display msdp sa-count
Number of cached Source-Active entries, counted by Peer
Peer's Address Number of SA
10.10.10.10
5
Number of source and group, counted by AS
AS Number of source Number of group
?
3
3
Total Source-Active entries: 5
import-source
Syntax
import-source [ acl acl-number ]
undo import-source
View
MSDP view
Parameter
acl-number: Number of basic or advanced IP ACL, ranging from 1 to 199,
controlling which sources SA messages will advertise and to which groups it will
be sent in the domain. Basic ACL performs filtering to source and advanced ACL
729
msdp
Syntax
msdp
undo msdp
View
System view
Parameter
None
Description
Using the msdp command, you can enable MSDP and enter the MSDP view. Using
the undo msdp command, you can clear all configurations of MSDP, release all
resources that MSDP occupies, and restore the initial state.
For the related command, see peer.
Example
Clear all configurations of MSDP.
<3Com> system-view
<3Com] undo msdp
msdp-tracert
Syntax
msdp-tracert source-address group-address rp-address [ max-hops max-hops ] [
next-hop-info ] [ sa-info ] [ peer-info ] [ skip-hops skip-hops ]
730
View
Any view
Parameter
source-address: Multicast address address.
group-address: Multicast group address.
rp-address: IP address of RP.
max-hops: The maximum number of hops that are traced, ranging from 1 to 255.
By default, the value is 16.
next-hop-info: Flag bit for collecting the next hop information.
sa-info: Flag bit for collecting SA entity information.
peer-info: Flag bit for collecting MSDP peer information.
skip-hops: Number of hops that are skipped before collecting detailed
information, ranging from 0 to 255. By default, the value is 0.
Description
Using the msdp-tracert command, you can trace the transmission path of SA
messages in the network, which helps to locate the faults, such as information loss
and configuration error. After the transmission path of the SA messages is
determined, the correct configuration can avoid the overflow of SA messages.
Example
Trace (10.10.1.1, 225.2.2.2, 20.20.20.20) path information.
<3Com> msdp-tracert 10.10.1.1 225.2.2.2 20.20.20.20
Specify the maximum number of hops that are traced and collect detailed
information of SA and MSDP peer.
<3Com> msdp-tracert 10.10.1.1 225.2.2.2 20.20.20.20 max-hops 10 sa-info peer-info
MSDP tracert: press CTRL_C to break
D-bit: set if have this (S,G) in cache but with a different RP
RP-bit: set if this router is an RP
NC-bit: set if this router is not caching SA's
C-bit: set if this (S,G,RP) tuple is in the cache
MSDP Traceroute path information:
Router Address: 20.20.1.1
Fixed-length response info:
Peer Uptime: 10 minutes, Cache Entry Uptime: 30 minutes
D-bit: 0, RP-bit: 1, NC-bit: 0, C-bit: 1
Return Code: Reached-max-hops
Next Hop info:
Next-Hop Router Address: 0.0.0.0
SA info:
Count of SA messages received for this (S,G,RP): 0
Count of encapsulated data packets received for this (S,G,RP):0
SA cache entry uptime: 00:30:00 , SA cache entry expiry time: 00:03:32
Peering info:
731
Description
Router Address
Peer Uptime
Time for which the local router performs Peering session with
Peer-RPF neighbor in minute, with the maximum value of 255.
D-bit: 1
RP-bit: 1
NC-bit: 0
C-bit: 1
Count of SA messages Number of SA messages received for tracing this (S, G, RP) entry.
received for this
(S,G,RP)
Count of encapsulated Number of encapsulated data packets received for tracing this (S,
data packets received G, RP) entry.
for this (S,G,RP)
SA cache entry uptime Present time of SA cache entry.
originating-rp
Peering Uptime: 10
minutes
Time for which the local router performs Peering session with
Peer-RPF neighbor.
Count of Peering
Resets
Syntax
originating-rp interface-type interface-number
undo originating-rp
View
MSDP view
Parameter
interface-type: Interface type.
732
peer
Syntax
peer peer-address connect-interface interface-type interface-number
undo peer peer-address
View
MSDP view
Parameter
peer-address: Address of MSDP peer.
connect-interface interface-type interface-number: Interface type and number
whose primary address is used by the local router as the source IP address to
establish TCP connection with remote MSDP peers.
Description
Using the peer command, you can configure an MSDP peer. Using the undo peer
command, you can remove the MSDP peer configured.
If the local router is also in BGP peer relation with a MSDP peer, the MSDP peer
and the BGP peer should use the same IP address.
For the related command, see static-rpf-peer.
Example
Configure the router using IP address 125.10.7.6 as an MSDP peer of the local
router.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 connect-interface ethernet 0/1/0
peer description
Syntax
peer peer-address description text
733
View
MSDP view
Parameter
peer-address: Address of MSDP peer.
text: Descriptive text, being case sensitive. The maximum length is 80 characters.
Description
Using the peer description command, you can configure descriptive text to
MSDP peer. Using the undo peer description command, you can remove the
descriptive text configured.
By default, an MSDP peer has no descriptive text.
Administrator can conveniently differentiate MSDP peers by configuring
descriptive text.
For the related command, see display msdp peer-status.
Example
Add descriptive text CstmrA to router 125.10.7.6 to specify that the router is
Client A.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 description router CstmrA
peer mesh-group
Syntax
peer peer-address mesh-group name
undo peer peer-address mesh-group name
View
MSDP view
Parameter
name: Name of an Mesh Group, being case sensitive. The maximum length is 32
characters.
peer-address: Address of an MSDP peer to be a member of the Mesh Group.
Description
Using the peer mesh-group command, you can configure an MSDP peer to join a
Mesh Group. Using the undo peer mesh-group command, you can remove the
configuration.
By default, an MSDP peer is not a member of any Mesh Group.
734
Example
Configure the MSDP peer with address 125.10.7.6 to be a member of the Mesh
Group Grp1.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 mesh-group Grp1
peer minimum-ttl
Syntax
peer peer-address minimum-ttl ttl
undo peer peer-address minimum-ttl
View
MSDP view
Parameter
peer-address: Address of the MSDP peer to which the TTL limitation applies.
ttl: TTL threshold, ranging from 0 to 255.
Description
Using the peer minimum-ttl command, you can configure the minimum TTL
(Time-to-Live) value of the multicast data packets encapsulated in SA messages to
be sent to specified MSDP peer. Using the undo peer minimum-ttl command,
you can restore the default TTL threshold.
By default, the value of TTL threshold is 0.
For the related command, see peer.
Example
Configure the TTL threshold value to 10, i.e., only those multicast data packets
with a TTL value greater than or equal to 10 can be forwarded to the MSDP peer
110.10.10.1.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 110.10.10.1 minimum-ttl 10
peer request-sa-enable
Syntax
peer peer-address request-sa-enable
undo peer peer-address request-sa-enable
View
MSDP view
Parameter
peer-address: Address of MSDP peer.
735
Description
Using the peer request-sa-enable command, you can enable the router to send
a SA request message to the specified MSDP peer when receiving a new group
join message. Using the undo peer request-sa-enable command, you can
remove the configuration.
By default, when receiving a new group join message, the router sends no SA
request messages to MSDP peers but waits to receive the next SA message.
For the related command, see cache-sa-enable.
Example
Configure to send SA request message to the MSDP peer 125.10.7.6.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 request-sa-enable
peer sa-cache-maximum
Syntax
peer peer-address sa-cache-maximum sa-limit
undo peer peer-address sa-cache-maximum
View
MSDP view
Parameter
peer-address: Address of MSDP peer.
sa-limit: Maximum value that the SA cache allows, ranging from 1 to 2048.
Description
Using the peer sa-cache-maximum command, you can limit the number of
caches originated when the router receives SA messages from an MSDP peer.
Using the undo peer sa-cache-maximum command, you can restore the default
configuration.
By default, the maximum number of SA caches is 2048.
This configuration is recommended for all MSDP peers in the networks possibly
attacked by DoS.
For the related commands, see display msdp, sa-count, display msdp
peer-status and display msdp brief.
Example
Limit the number of caches originated to 100 when the router receives SA
messages from the MSDP peer 125.10.7.6.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 sa-cache-maximum 100
736
peer sa-policy
Syntax
peer peer-address sa-policy { import | export } [ acl acl-number ]
undo peer peer-address sa-policy { import | export }
View
MSDP view
Parameter
import: Receives SA messages from the specified MSDP peer.
export: Forwards SA messages from the specified MSDP peer.
peer-address: Address of the MSDP peer whose SA messages need to be filtered.
acl acl-number: Number of advanced IP ACL, ranging from 100 to 199. If no ACL
is specified, all (S, G) entries are filtered.
Description
Using the peer sa-policy command, you can configure a filter list for SA
messages received or forwarded from the specified MSDP peer. Using the undo
peer sa-policy command, you can remove the configuration.
By default, messages received or forwarded will not be filtered. All SA messages
are received or forwarded from an MSDP peer.
For the related command, see peer.
Example
Forward only those SA messages that passed the advanced IP ACL.
<3Com> system-view
<3Com] acl number 100
<3Com-acl-adv-100] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0
0.0.255.255
<3Com-acl-adv-100] quit
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 connect-interface ethernet 0/0/0
<3Com-msdp] peer 125.10.7.6 sa-policy export acl 100
peer sa-request-policy
Syntax
peer peer-address sa-request-policy [ acl acl-number ]
undo peer peer-address sa-request-policy
View
MSDP view
Parameter
peer-address: Address from which the local router receives SA request messages
sent by the specified MSDP peer.
737
Syntax
reset msdp peer peer-address
View
User view
Parameter
peer-address: Address of MSDP peer.
Description
Using the reset msdp peer command, you can reset TCP connection with the
specified MSDP peer, and clear all the statistics of the specified MSDP peer.
For the related command, see peer.
Example
Clear TCP connection and statistics of the MSDP peer 125.10.7.6.
<3Com> reset msdp peer 125.10.7.6
Syntax
reset msdp sa-cache [ group-address ]
738
View
User view
Parameter
group-address: Address of the group, (S, G) entries matching which are cleared
from the SA cache. If no multicast group address is specified, all SA cache entries
will be cleared.
Description
Using the reset msdp sa-cache command, you can clear SMDP SA cache entries.
For the related commands, see cache-sa-enable and display msdp sa-cache.
Example
Clear the cache entries with group address 225.5.4.3 from the SA cache.
<3Com> reset msdp sa-cache 225.5.4.3
Syntax
reset msdp statistics [ peer-address ]
View
User view
Parameter
peer-address: Address of the MSDP peer whose statistics, resetting information
and input/output information will be cleared. If no MSDP peer address is specified,
all MSDP peers statistics will be cleared.
Description
Using the reset msdp statistics command, you can clear statistics of one or more
MSDP peers without resetting the MSDP peer.
Example
Clear the statistics of the MSDP peer 25.10.7.6.
<3Com> reset msdp statistics 125.10.7.6
shutdown
Syntax
shutdown peer-address
undo shutdown peer-address
View
MSDP view
Parameter
peer-address: IP address of MSDP peer.
739
Description
Using the shutdown command, you can disable the MSDP peer specified. Using
the undo shutdown command, you can remove the configuration.
By default, no MSDP peer is disabled.
For the related command, see peer.
Example
Disable the MSDP peer 125.10.7.6.
<3Com> system-view
<3Com] msdp
<3Com-msdp] shutdown 125.10.7.6
static-rpf-peer
Syntax
static-rpf-peer peer-address [ rp-policy list ]
undo static-rpf-peer peer-address
View
MSDP view
Parameter
peer-address: Address of the static RPF peer to receive SA messages.
rp-policy list: Filter policy based on RP address, which filters the RP in SA messages.
If the parameter is not specified, all SA messages from static RPF peer will be
accepted. If the parameter rp-policy list is specified and filter policy is configured,
the router will only accept SA messages from the RP which passes filtering. If no
filter policy is configured, the router will still accept all SA messages from the static
RPF peer.
Description
Using the static-rpf-peer command, you can configure static RPF peer.. Using the
undo static-rpf-peer command, you can remove the static RPF peer.
By default, no static RPF peer is configured.
You must configure the peer command before using the static-rpf-peer
command.
If you do not want to perform RPF check to SA messages from a same MSDP peer.
If only an MSDP peer is configured on a router, this MSDP peer will be regarded as
static RPF peer.
For the related commands, see peer and ip prefix-list.
Example
Configure two static RPF peers.
<3Com> system-view
<3Com] ip ip-prefix list1 permit 130.10.0.0 16
<3Com] ip ip-prefix list2 permit 130.10.0.0 16
740
<3Com] msdp
<3Com-msdp] peer 130.10.7.6 connect-interface ethernet 1/0/0
<3Com-msdp] peer 130.10.7.5 connect-interface ethernet 1/0/0
<3Com-msdp] static-rpf-peer 130.10.7.6 rp-policy list1
<3Com-msdp] static-rpf-peer 130.10.7.5 rp-policy list2
timer retry
Syntax
timer retry seconds
undo timer retry
View
MSDP view
Parameter
seconds: Value of connection request re-try period in second, ranging from 1 to
60.
Description
Using the timer retry command, you can configure the value of connection
request re-try period. Using the undo timer retry command, you can restore the
default value.
By default, the value of connection request re-try period is 30 seconds.
For the related command, see peer.
Example
Configure the connection request re-try period to 60 seconds.
<3Com> system-view
<3Com] msdp
<3Com-msdp] timer retry 60
MBGP Multicast
Extension
Configuration
Commands
aggregate
Syntax
aggregate address mask [ as-set ] [ attribute-policy route-policy-name ] [
detail-suppressed ] [ origin-policy route-policy-name ] [ suppress-policy
route-policy-name ]
undo aggregate address mask [ as-set ] [ attribute-policy route-policy-name ] [
detail-suppressed ] [ origin-policy route-policy-name ] [ suppress-policy
route-policy-name ]
View
IPv4 multicast sub-address family view
741
Parameter
address: Address of the aggregated route.
mask: Network mask of the aggregated route.
as-set: Generates a route with AS_SET segment. This parameter is not
recommended to use when many AS paths are aggregated.
attribute-policy: Attributes of the aggregated route.
detail-suppressed: No detailed route but the aggregated route is advertised.
origin-policy: Filters the detailed route involved in aggregation.
suppress-policy: Detailed route determined is not advertised.
Description
Using the aggregate command, you can create a multicast aggregated record in
the BGP routing table. Using the undo aggregate command, you can remove the
aggregation.
By default, no route is aggregated.
Using the aggregate command without parameters, you can create one local
aggregated route and set atomic aggregation attributes.
Example
Create a multicast aggregated record in the BGP routing table and set the address
of aggregated route is 192.213.0.0.
<3Com-bgp-af-mul] aggregate 192.213.0.0 255.255.0.0
debugging bgp
mp-update
Syntax
debugging bgp mp-update
undo debugging bgp mp-update
View
User view
Parameter
updates: Debug information of MBGP update packets.
Description
Using the debugging bgp mp-update command, you can enable the MBGP
packet debugging functions. Using the undo debugging bgp mp-update
command, you can disable the functions.
Example
Enable MBGP packet information debugging function.
<3Com> debugging bgp mp-update
742
Syntax
display bgp multicast group [ group-name ]
View
Any view
Parameter
group-name: Name of peer group. If no peer group is specified, the information
about all peer groups will be displayed.
Description
Using the display bgp multicast group command, you can view the information
about peer groups.
Example
Display the information about the peer group named my_peer.
<3Com> display bgp multicast group my_peer
Syntax
display bgp multicast network
View
Any view
Parameter
None
Description
Using the display bgp multicast network command, you can view the routing
information that MBGP advertises.
Example
Display the network segment routing information that MBGP advertises.
<3Com> display bgp multicast network
Syntax
display bgp multicast routing-table ip-address [ mask ]
View
Any view
Parameter
ip-address: MBGP routing information whose IP address is specified in the BGP
routing table.
Description
Using the display bgp multicast routing-table command, you can view the
MBGP routing information whose IP address is specified in the BGP routing table.
743
Example
Display the MBGP routing information with destination network segment
14.1.0.0.
<3Com> display bgp multicast routing-table 14.1.0.0
Syntax
display bgp multicast routing-table cidr
View
Any view
Parameter
None
Description
Using the display bgp multicast routing-table cidr command, you can view the
routing information with non-natural network mask (i.e., classless inter-domain
routing, CIDR).
Example
Display CIDR routing information.
<3Com> display bgp multicast routing-table cidr
Syntax
display bgp multicast routing-table community [ community-number |
no-export-subconfed | no-advertise | no-export | whole-match ]
View
Any view
Parameter
community-number: Specifies community number.
no-export-subconfed: Not advertises matched routes outside the local
autonomous system.
no-advertise: Not advertises matched routes to any peer.
no-export: Not advertises routes outside the local autonomous system but
advertise routes to other sub-autonomous systems.
whole-match: Exact match.
Description
Using the display bgp multicast routing-table community command, you can
view the routing information that belongs to the specified MBGP community.
Example
Display the routing information that belongs to the specified MBGP community.
<3Com> display bgp multicast routing-table community 600:1
744
Syntax
display bgp multicast routing-table community-list list-number [ whole-match ]
View
Any view
Parameter
list-number: Number of community list.
whole-match: Exact match.
Description
Using the display bgp multicast routing-table community-list command, you
can view the routing information that is permitted by the MBGP community list.
Example
Display the routing information that is permitted by the MBGP community list.
<3Com> display bgp multicast routing-table community-list
Syntax
display bgp multicast routing-table different-origin-as
View
Any view
Parameter
None
Description
Using the display bgp multicast routing-table different-origin-as command,
you can view AS routes with different origins.
Example
Display AS routes with different origins.
<3Com> display bgp multicast routing-table different-origin-as
Syntax
display bgp multicast routing-table peer peer-address { received | advertised }
View
Any view
Parameter
peer-address: Address of multicast neighbor, in dotted decimal notation format.
received: Routing information received from the specified neighbor.
745
Syntax
display bgp multicast routing-table [ regular-expression as-regular-expression ]
View
Any view
Parameter
as-regular-expression: AS regular expression matched.
Description
Using the display bgp multicast routing-table regular-expression command,
you can view the routing information matching the specified AS regular
expression.
Example
Display the MBGP routing information matching the regular expression ^600$.
<3Com> display bgp multicast routing-table regular-expression ^600$
Syntax
display bgp multicast routing-table statistic
View
Any view
Parameter
None
Description
Using the display bgp multicast routing-table statistic command, you can
view statistics of MBGP route information.
Example
Display statistics of MBGP route information.
<3Com> display bgp multicast routing-table statistic
import-route
Syntax
import-route protocol [ route-policy policy-name ] [ med metric ]
undo import-route protocol
746
View
IPv4 multicast sub-address family view
Parameter
protocol: Source routing protocols that can be imported, which can be direct,
ospf, ospf-ase, ospf-nssa, rip, isis and static at present.
metric: Metric value loaded by an imported route.
policy-name: Route policy used by an imported route.
Description
Using the import-route command, you can import routing information from
other protocols to BGP. Using the undo import-route command, you can cancel
the import of routing information from other protocols.
By default, BGP will not import routing information from other protocols.
Example
Configure to import a static route.
<3Com-bgp-af-mul] import-route static
ipv4-family multicast
Syntax
ipv4-family multicast
undo ipv4-family multicast
View
BGP view
Parameter
None
Description
Using the ipv4-family multicast command, you can enter the IPv4 multicast
sub-address family view. Using the undo ipv4-family multicast command, you
can remove all the configurations in the IPv4 multicast sub-address family view.
Example
Enter the IPv4 multicast sub-address family view.
<3Com> system-view
<3Com] bgp 100
<3Com-bgp] ipv4-family multicast
<3Com-bgp-af-mul]
network
Syntax
network ip-address [ address-mask ] [ route-policy policy-name ]
undo network ip-address [ address-mask ] [ route-policy policy-name ]
747
View
IPv4 multicast sub-address family view
Parameter
ip-address: Network address that BGP advertises.
address-mask: Mask of the network address.
route-policy policy-name: Route policy applied to the routes advertised.
Description
Using the network command, you can configure the network addresses to be
sent by the local BGP. Using the undo network command, you can remove the
existing configuration.
By default, the local BGP does not advertise any route.
Example
Advertise routes to the network segment 10.0.0.0/16.
<3Com-bgp-af-mul] network 10.0.0.1 255.255.0.0
peer
advertise-community
Syntax
peer { group-name | peer-address } advertise-community
undo peer { group-name | peer-address } advertise-community
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
peer-address: IP address of the peer.
Description
Using the peer advertise-community command, you can advertise community
attributes to a peer (group). Using the undo peer advertise-community
command, you can remove the existing configuration.
By default, no community attribute is advertised to any peer (group).
Example
Advertise community attributes to the peer group named test.
<3Com-bgp-af-mul] peer test advertise-community
peer allow-as-loop
Syntax
peer { group-name | peer-address } allow-as-loop asn_limit
undo peer ip-address allow-as-loop asn_limit
748
View
IPv4 multicast sub-address family view
Parameter
group-name: Peer group name
peer-address: Peer IP address
asn_limit: Acceptable maximum of local AS number in the route update
messages received.
Description
Using the peer allow-as-loop command, you can choose to contain the local AS
number in the AS-PATH attributes recieved. Using the undo peer allow-as-loop
command, you can decide not to contain the local AS number in the AS-PATH
attributes received. The routing loop should be removed in the route update
messages received in Hub&Spoke networking mode.
By default, the local AS number is unacceptable in the route update messages
received.
For the standard BGP routing loop test is based on AS numbers but in Hub&Spoke
networking mode, if EBGP runs between a PE and a CE, the local AS number is
contained in the PE's advertising routing information to the CE, then the PE will
not be able to receive the updated messages for this route.
The peer allow-as-loop command can solve this problem, for it allows the
containment of the local AS number in the route update messages received from
the CE. The acceptable maximum of the local AS number is defined via the
asn_limit parameter.
Example
Specify to contain the local AS number in the AS_PATH attributes received.
<3Com-bgp] ipv4-family multicast
<3Com-bgp-af-vpn] peer 1.1.1.1 allow-as-loop 1
peer as-path-acl
Syntax
peer { group-name | peer-address } as-path-acl number { import | export }
undo peer { group-name | peer-address } as-path-acl number { import | export }
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
peer-address: IP address of the peer.
as-path-acl number: Number of AS path list matched, ranging from 1 to 199.
import: Filter list applied to incoming routes.
749
peer enable
Syntax
peer { group-name | peer-address} enable
undo peer { group-name | peer-address} enable
View
IPv4 multicast sub-address family view
Parameter
peer-address: IP address of the multicast peer.
group-name: Name of the multicast peer group.
Description
Using the peer enable command, you can enable the multicast peer or peer
group. Using the undo peer enable command, you can disable the multicast
peer or peer group.
By default, the multicast peer (or peer group) is disabled.
Only after the peer (peer group) is enabled, can it establish connection with the
multicast peer.
Example
Enable the multicast peer 1.1.11.1.
<3Com-bgp-af-mul] peer 1.1.11.1 enable
<3Com-bgp] peer test enable
peer filter-policy
Syntax
peer { group-name | peer-address } filter-policy acl-number { import | export }
undo peer { group-name | peer-address } filter-policy acl-number { import | export }
750
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
peer-address: IP address of the peer.
acl-number: IP ACL number, ranging from 1 to 199.
import: Specifies an import policy.
export: Specifies an export policy.
Description
Using the peer filter-policy command, you can set the filter policy list for a peer
(group). Using the undo peer filter-policy command, you can remove the
existing setting.
By default, the peer (group) has no ACL.
For the related command, see peer as-path-acl.
Example
Set the filter policy list for a peer.
<3Com-bgp] peer test as-number 100
<3Com-bgp] ipv4-family multicast
<3Com-bgp-af-mul] peer test enable
<3Com-bgp-af-mul] peer test filter-policy 3 import
peer ip-prefix
Syntax
peer { group-name | peer-address } ip-prefix prefixname { import | export }
undo peer { group-name | peer-address } ip-prefix prefixname { import | export }
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
peer-address: IP address of the peer.
ip-prefix prefixname: Specifies ip-prefix name, ranging from 1 to 19 characters.
import: Applies the filter policy to routes accepted by the specified peer (group).
export: Applies the filter policy to routes sent by the specified peer (group).
751
Description
Using the peer ip-prefix command, you can configure the route filter policy
based on the address prefix-list for the peer (group). Using the undo peer
ip-prefix command, you can remove the configuration.
By default, no route filter policy is configured for the peer (group).
Example
Configure the route filter policy based on the address prefix-list for the peer.
<3Com-bgp-af-mul] peer group1 ip-prefix list1 import
peer next-hop-local
Syntax
peer { group-name | peer-address } next-hop-local
undo peer { group-name | peer-address } next-hop-local
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
peer-address: IP address of the peer.
Description
Using the peer next-hop-local command, you can remove the processing of the
next hop in routes which BGP will advertise to the peer (group), and set the local
address as the next hop. Using the undo peer next-hop-local command, you
can remove the existing setting.
Example
Set the local address as the next hop when advertising routes to peer group
named test.
<3Com-bgp-af-mul] peer test next-hop-local
peer public-as-only
Syntax
peer { group-name | peer-address } public-as-only
undo peer { group-name | peer-address } public-as-only
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
peer-address: IP address of the peer.
752
Description
Using the peer public-as-only command, you can configure only to carry public
AS number rather than private AS number when BGP sends update packets. Using
the undo peer public-as-only command, you can choose to carry a private AS
number when BGP sends update packets.
By default, the private AS number is carried when BGP sends update packets.
Generally, BGP sends update packets with the AS number (which can be either the
public AS number or private AS number). To enable some external routers to
ignore the private AS number when sending update packets, you can configure
not to carry the private AS number when BGP sends update packets.
Example
Configure not to carry private AS number when BGP sends update packets to peer
group named test.
<3Com-bgp-af-mul] peer test public-as-only
peer reflect-client
Syntax
peer { group-name | peer-address } reflect-client
undo peer { group-name | peer-address } reflect-client
View
IPv4 multicast sub-address family view
Parameter
group-name: Name of the peer group.
peer-address: IP address of the peer.
Description
Using the peer reflect-client command, you can configure a peer (group) as a
client of the route reflector. Using the undo peer reflect-client command, you
can remove the existing configuration.
By default, there is no route reflector in the autonomous system.
Example
Configure peer group named test to be client of the route reflector.
<3Com-bgp-af-mul] peer test reflect-client
peer route-policy
Syntax
peer { group-name | peer-address } route-policy policy-name { import | export }
undo peer { group-name | peer-address } route-policy policy-name { import | export }
View
IPv4 multicast sub-address family view
753
Parameter
group-name: Name of the peer group.
peer-address: IP address of the peer.
route-policy policy-name: Route policy specified.
import: Applies route policy to the routes received from the peer (group).
export: Applies route policy to the routes advertised to the peer (group).
Description
Using the peer route-policy command, you can configure route policy for the
specified peer (group). Using the undo peer route-policy command, you can
remove the route policy of the peer (group).
By default, no route policy is specified for the peer (group).
Example
Apply route policy policy 1 to the routes received from the peer group named test.
<3Com-bgp-af-mul] peer test route-policy policy1 import
Syntax
delete rpf-route-static all
View
System view
Parameter
None
Description
Using the delete rpf-route-static all command, you can delete all the static
multicast routes.
When using this command, the system will prompt you to acknowledge. All static
multicast routes will be deleted after your acknowledgement.
For the related command, see ip rpf-route-static and display multicast
routing-table static.
Example
Delete all the static multicast routes.
<3Com] delete rpf-route-static all
754
display multicast
routing-table static
Syntax
display multicast routing-table static [ source mask ]
View
Any view
Parameter
source: IP address of multicast source (unicast address).
mask: IP address mask of multicast source.
Description
Using the display multicast routing-table static command, you can view the
active multicast static routes.
If no multicast source address is specified, all active multicast static routes will be
displayed.
For the related command, see display multicast routing-table static config.
Example
Display all active multicast static routes.
<3Com> display multicast routing-table static
22.22.0.0/16 [inactive]
RPF interface = serial0/0/0, RPF neighbor = 66.55.99.88
Matched routing protocol = = <none>, route-policy = <none>, preference = 1
Running config = ip mroute 22.22.0.0 16 66.55.99.88 preference 1
Display the multicast static routes that exactly match the address 10.10.0.0/16.
<3Com> display multicast routing-table static 10.10.0.0 255.255.0.0
display multicast
routing-table static
config
Syntax
display multicast routing-table static config [ source mask ]
View
Any view
Parameter
source: IP address of multicast source (unicast address).
mask: IP address mask of multicast source.
Description
Using the display multicast routing-table static config command, you can
view multicast static routes configured.
If no multicast source address is specified, all configured multicast static routes will
be displayed.
For the related command, see display multicast routing-table static.
755
Example
Display all the configured multicast static routes.
<3Com> display multicast routing-table static config
Display the multicast static routes that exactly match the address 1.0.0.0/8.
<3Com> display multicast routing-table static config 1.0.0.0 255.0.0.0
ip rpf-longest-match
Syntax
ip rpf-longest-match
undo ip rpf-longest-match
View
System view
Parameter
None
Description
Using the ip rpf-longest-match command, you can configure the longest-match
rule to be the multicast RPF route selecting policy. Using the undo ip
rpf-longest-match command, you can restore the default configuration.
By default, routes are selected according to the preference-preferred rule.
Example
Set the longest-match rule to be the multicast RPF route selecting policy.
<3Com] ip rpf-longest-match
ip rpf-route-static
Syntax
ip rpf-route-static source { mask | mask-length } [ protocol ] [ route-policy policyname ] {
rpf-nbr | interface-name } [ order order-num | preference preference ]
undo ip rpf-route-static source { mask | mask-length } [ protocol ] [ route-policy
policyname ]
View
System view
Parameter
source: IP address of multicast source (unicast address).
mask: IP address mask of multicast source.
mask-length: IP address mask length of multicast source.
protocol: Indicates that matched routes must appear in the specified unicast
routing protocol. Protocol can be such unicast routing protocols as bgp, isis, ospf,
rip and static.
route-policy: Match rule for static multicast routes.
756
Basic Configuration
Commands
debugging mpls lspm
Syntax
debugging mpls lspm { all | packet | event | ftn | process | agent | interface | policy | vpn }
undo debugging mpls lspm { all | packet | event | ftn | process | agent | interface | policy
| vpn }
View
User view
Parameter
agent: Enables all MPLS Agent information debugging.
all: Enables all MPLS-related information debugging.
event: Enables information debugging of various MPLS events.
ftn: Enables MPLS ftn debugging.
interface: Enables the MPLS information debugging on the message
sending/receiving interface.
packet: Enables MPLS packet debugging.
policy: Enables MPLS information debugging.
process: Enables internal processing of MPLS information debugging.
vpn: Enables all MPLS VPN information debugging.
758
Description
Using the debugging mpls lspm command, you can enable various LSP
information debugging. Using the undo debugging mpls lspm command, you
can disable corresponding debugging.
By default, all debugging is disabled.
This command is used for the debugging of the problem that occurred while using
MPLS LSPM. Enabling the debugging will affect the performance of the router, so
it is recommended that the command be used with caution.
Example
Enable all relevant debugging of MPLS VPN.
<3Com> debugging mpls lspm vpn
Syntax
display mpls interface
View
Any view
Parameter
None
Description
Using the display mpls interface command, you can view all MPLS-enabled
interfaces.
For the related commands, see display mpls lsp, display mpls statistics,
display static-lsp.
Example
Display all MPLS-enabled interfaces.
[3Com] display mpls interface
Syntax
display mpls lsp { verbose | include text }
View
Any view
Parameter
include text: Displays the information with the specified string included.
verbose: Displays detailed information.
Description
Using the display mpls lsp command, you can view LSP information.
759
By default, the display mpls lsp command displays all LSP information.
For the related commands, see display mpls interface, display mpls statistics,
and display static-lsp.
Example
Display all LSPs whose incoming interfaces are Serial 3/0/0.
[3Com] display mpls lsp include incoming-interface serial3/0/0
View
Any view
Parameter
include text: Displays the information with the specified string included.
verbose: Displays detailed information.
Description
Using the display mpls static-lsp command, you can display the information of
all or single static LSP(s).
For the related commands, see display mpls interface, display mpls lsp, and
display mpls statistics.
Example
Display information of the static LSP named marlborough.
[3Com] display mpls static-lsp include marlborough
Syntax
display mpls statistics { interface { all | interface-type interface-num } } | { lsp [ lsp-Index
| all | name ] } }
View
Any view
Parameter
interface-type: Type of network interface.
Interface-num: Number of network interface.
lsp-Index: LSP index
all: All LSPs
name lsp-name: LSP name
760
Description
Using the display mpls statistics command, you can display statistics of all or
single LSP(s) and LSP statistics on all or single interface(s).
Specifically, the displayed information includes the bytes, packets, errors and
discarded packets processed on each LSP ingress and each LSP egress, and those
received and transmitted on each MPLS-enabled interface.
For the related commands, see display mpls interface and display mpls lsp.
Example
Display MPLS statistics.
[3Com] display mpls statistics lsp all
Building the information...
LSP Index/LSP Name : 1/lsp1
InSegment Octets of LSP is: 0
Bytes processed on each LSP ingress
InSegment Packets of LSP is: 0
Packets processed on each LSP ingress
InSegment Errors of LSP is: 0
Errors processed on each LSP ingress
InSegment Discard Packets of LSP is: 0 Discarded packets processed on each LSP ingress
LSP Index/LSP Name : 1/lsp1
OutSegment Octets of LSP is: 0
Bytes processed on each LSP egress
OutSegment Packets of LSP is: 0
Packets processed on each LSP egress
OutSegment Errors of LSP is: 0
Errors processed on each LSP egress
OutSegment Discard Packets of LSP is: 0 Discarded packets processed on each LSP egress
LSP Index/LSP Name : 17416/dynamic-lsp
InSegment Octets of LSP is: 0
InSegment Packets of LSP is: 0
InSegment Errors of LSP is: 0
InSegment Discard Packets of LSP is: 0
LSP Index/LSP Name : 17416/dynamic-lsp
OutSegment Octets of LSP is: 0
OutSegment Packets of LSP is: 0
OutSegment Errors of LSP is: 0
OutSegment Discard Packets of LSP is: 0
761
Table 1 Description of the Output Information of the Display mpls statistics interface all
Command
lsp-trigger
Field
Description
Syntax
lsp-trigger { all | ip-prefix ip-prefix }
undo lsp-trigger { all | ip-prefix ip-prefix }
View
MPLS view
Parameter
all: Sets up LSPs at any routes.
ip-prefix: Sets up LSPs only at those routes with the specified IP prefix.
ip-prefix: IP address prefix list, in the range of 1~19.
Description
Using the lsp-trigger command, you can configure topology-triggered LSP
creation policy. Using the undo lsp-trigger command, you can remove the
filtering conditions specified by parameters and enable no route to trigger LSP
creation.
By default, all kinds of routing protocols are filtered out.
If no topology-triggered policy is configured, LSPs can be established at all host
routes with 32-bit masks.
If you import an IP-prefix rule without contents, LSPs can be established at all host
routes according to the IP-prefix usage convention in VRP.
For the related command, see ip ip-prefix.
Example
Allow to set up LSPs at all routes.
762
mpls
Syntax
mpls
View
System view, routing protocol view, interface view, virtual interface view
Parameter
None
Description
Using the mpls command in system view, you can enter MPLS view.
Using the mpls command in interface view, you can enable MPLS on the interface.
By default, MPLS view is not to be entered.
After executing the command, the user can enter MPLS view. Only after entering
MPLS view, can the user configure other MPLS commands.
To enter MPLS view, the user should configure the mpls lsr-id command first.
For the related command, see mpls enable | disable.
Example
Enter MPLS view in system view.
[3Com] mpls
[3Com-mpls]
mpls lsr-id
Syntax
mpls lsr-id ip-address
undo mpls lsr-id
View
System view
Parameter
ip-address: LSR ID, with a form like IP address, used to identify an LSR.
Description
Using the mpls lsr-id command, you can configure an LSR ID. Using the undo
mpls lsr-id command, you can delete an LSR ID.
By default, an LSR has no ID.
763
As a premise for configuring other MPLS commands, using this command you can
configure an LSR ID.
The form of an LSR ID resembles that of an IP address. It is recommended to use a
loopback address of LSR.
For the related command, see display mpls interface.
Example
Configure the ID of the LSR as 202.17.41.246.
[3Com] mpls lsr-id 202.17.41.246
% Mpls lsr-id changed.
Syntax
reset mpls statistics { { interface { all | interface-type interface-num } } | { lsp lsp-index |
all | name lsp-name } }
View
MPLS view
Parameter
all: All interfaces or all LSPs
interface-type: Type of a network interface.
Interface-num: Number of a network interface.
lsp-Index: LSP index
name lsp-name: Name of LSP.
Description
Using the reset mpls statistics command, you can clear MPLS statistics.
This command clears statistics on all or single interface(s) or on all or single LSP(s).
For the related command, see display mpls statistics.
Example
Clear statistics on the LSP named Marlborough.
[3Com] reset mpls statistics lsp name marlborough
Syntax
snmp-agent trap enable ldp
undo snmp-agent trap enable ldp
View
System view
764
Parameter
None
Description
Using the snmp-agent trap enable ldp command, you can enable Trap function
in MPLS LDP creation. Using the snmp-agent trap enable ldp command, you
can disable Trap function in MPLS LDP creation.
By default, TRAP function is not enabled during MPLS LDP creation.
Example
Enable TRAP function during MPLS LDP creation.
[3Com] snmp-agent trap enable lDp
Syntax
snmp-agent trap enable lsp
undo snmp-agent trap enable lsp
View
System view
Parameter
None
Description
Using the snmp-agent trap enable lsp command, you can enable Trap function
in MPLS LSP creation. Using the snmp-agent trap enable lsp command, you
can disable Trap function in MPLS LSP creation.
By default, TRAP function is not enabled during MPLS LSP creation.
Example
Enable TRAP function during MPLS LSP creation.
[3Com] snmp-agent trap enable lsp
static-lsp egress
Syntax
static-lsp egress lsp-name incoming-interface { interface-type interface-num in-label
in-label-value
undo static-lsp egress lsp-name
View
MPLS view
Parameter
lsp-name: Name of LSP.
interface-type: Type of network interface.
Interface-num: Number of network interface.
765
static-lsp ingress
Syntax
static-lsp ingress lsp-name destination dest-addr { addr-mask | mask-length } { {
nexthop next-hop-addr } | { outgoing-interface interface-type interface-num } } }
out-label out-label-value
undo static-lsp ingress lsp-name
View
MPLS view
Parameter
lsp-name: Name of LSP.
dest-addr: Destination IP address.
addr-mask: Destination IP address mask.
mask-length: Mask length of destination IP address
next-hop-addr: Next-hop address.
interface-type: Type of network interface.
Interface-num: Number of network interface.
out-label-value: Value of outbound label, ranging from 16 to 1024.
Description
Using the static-lsp ingress command, you can configure a static LSP for an
ingress LSR. Using the undo static-lsp ingress command, you can delete an LSP
for an ingress LSR.
This command can be used to configure a static LSP for ingress LSR and
simultaneously set precedence value and metric value for the LSP.
For the related commands, see static-lsp egress, static-lsp transit, and
debugging mpls.
766
Example
Configure a static LSP for the ingress LSR heading for the destination address
202.25.38.1.
[3Com-mpls] static-lsp ingress bj-sh destination 202.25.38.1 24 nexthop 202.55.25.33
out-label 237
static-lsp transit
Syntax
static-lsp transit lsp-name incoming-interface interface-type interface-num in-label
in-label-value { nexthop next-hop-addr | outgoing-interface interface-type
interface-num } out-label out-label-value
undo static-lsp transit lsp-name
View
MPLS view
Parameter
lsp-name: Name of LSP.
interface-type: Type of an incoming or outgoing interface.
Interface-num: Number of an incoming or outgoing interface.
next-hop-addr: Next-hop address.
in-label-value: Value of inbound label, ranging from 16 to 1024.
out-label-value: Value of outbound label, ranging from 16 to 1024.
Description
Using the static-lsp transit command, you can configure a static LSP for transit
LSR. Using the undo static-lsp transit command, you can delete an LSP for
transit LSR.
This command can be used to configure a static LSP for transmit LSR.
For the related commands, see static-lsp egress and static-lsp ingress.
Example
Configure a static LSP for the serial interface Serial3/0/0 on transit LSR, with an
inbound label of 123 and an outbound label of 253.
[3Com-mpls] static-lsp transit bj-sh incoming-interface serial3/0/0 in-label 123 nexthop
202.34.114.7 out-label 253
statistic interval
Syntax
statistics interval interval-time
undo statistics interval
View
MPLS view
767
Parameter
interval-time: Time interval in seconds. It ranges from 30 to 65535.
Description
Using the statistic interval command, you can configure the time interval for
reporting statistics. Using the undo statistic interval command, you can restore
the default value.
By default, the interval is 0 seconds, that is, not to report statistics.
Example
Configure the time interval as 30 seconds, that is, to report statistics every 30
seconds.
[3Com-mpls] statistics interval 30
LDP Configuration
Commands
debugging mpls ldp
Syntax
debugging mpls ldp { all | main | advertisement | session | pdu | notification | remote } [
interface interface-type interface-num ]
undo debugging mpls ldp { all | main | advertisement | session | pdu | notification |
remote } [ interface interface-type interface-num ]
View
User view
Parameter
all: displays all debugging information related to LDP.
main: displays the debugging information of main LDP task.
advertisement: Displays the debugging information during processing LDP
advertisement.
session: Displays debugging information during processing LDP session.
pdu: Displays the debugging information during processing PDU data packets.
notification: displays the debugging information while handling notification
messages.
remote: Displays debugging information of all remote peers.
interface interface-type interface-num: Displays all the debugging information of
a specified interface.
768
Description
Using the debugging ldp command, you can enable the debugging of various
LDP messages. Using the undo debugging ldp command, you can disable the
debugging of various LDP messages.
This command displays various LDP debugging information. You are
recommended to use the command cautiously.
Example
Enable LDP debugging.
<3Com> debugging mpls ldp all
Syntax
display mpls ldp
View
Any view
Parameter
None
Description
Using the display mpls ldp command, you can view LDP and LSR information.
By default, the command displays LDP and LSR information.
For the related command, see mpls ldp.
Example
Display LDP and LSR information.
[3Com] display mpls ldp
Syntax
display mpls ldp buffer-info
View
Any view
Parameter
None
Description
Using the display mpls ldp buffer-info command, you can view the buffer
information of LDP.
Example
Display LDP buffer information.
[3Com] display mpls ldp buffer-info
-----------------------------------------------------------------
769
Syntax
display mpls ldp interface
View
Any view
Parameter
None
Description
Using the display mpls ldp interface command, you can view the information of
an LDP-enabled interface.
For the related commands, see mpls ldp enable and display mpls ldp session.
Example
Display the information of an LDP-enabled interface.
[3Com-Ethernet3/0/0] display mpls ldp interface
Syntax
display mpls ldp lsp
View
Any view
Parameter
None
Description
Using the display mpls ldp lsp command, you can view relevant LSP information
created via LDP.
770
Syntax
display mpls ldp peer
View
Any view
Parameter
None
Description
Using the display mpls ldp peer command, you can display peer information.
By default, all peer information is displayed.
Example
Display peer information.
[3Com] display mpls ldp peer
Syntax
display mpls ldp remote
View
Any view
Parameter
None
Description
Using the display mpls ldp remote command, you can display the configured
remote peer information.
By default, all configured remote-peer information is displayed.
For the related commands, see mpls ldp remote and remote-peer.
Example
Display the configured remote-peer information.
[3Com] display mpls ldp remote
Syntax
display mpls ldp session
771
View
Any view
Parameter
None
Description
Using the display mpls ldp session command, you can display the session
between peers.
By default, the session between peers is displayed.
For the related command, see mpls ldp enable.
Example
Display the session between peers.
[3Com] display mpls ldp session
mpls ldp
Syntax
mpls ldp
undo mpls ldp
View
System view
Parameter
None
Description
Using the mpls ldp command, you can enable LDP. Using the undo mpls ldp
command, you can disable LDP.
By default, LDP is disabled.
Before enabling LDP, you must enable MPLS and configure LSR ID first.
For the related command, see mpls lsr-id.
Example
Enable LDP.
[3Com] mpls ldp
Syntax
mpls ldp advertise { implicit-null | explicit-null | non-null }
undo mpls ldp advertise { implicit-null | explicit-null | non-null }
View
System view
772
Parameter
explicit-null: Specifies to assign explicit null label to the penultimate hop at egress.
implicit-null: Specifies to assign implicit null label to the penultimate hop at egress.
non-nul: Specifies to assign normal label to the penultimate hop at egress.
Label value 0 stands for IPv4 Explicit NULL Label, which is valid only at the
bottom of label stack. That is, the label stack must be popped and
forwarded as IPv4 header.
Label value 1 stands for Router Alert Label, which is valid except at the
bottom of label stack. When receiving messages with label value 1 at the
top of the label stack, the system forwards them into local software module
for further processing. If a lower-layer label is to be forwarded, it must be
put with Router Alert Label.
Label value 2 stands for IPv6 Explicit NULL Label, which is valid only at the
bottom of label stack. That is, the label stack must be popped and
forwarded as IPv4 header.
Label value 3 stands for Implicit NULL Label, which can be distributed and
forwarded, but cannot be placed in encapsulation. When LSR switches
top-layer labels, it only need to pop the labels, but cannot replace them
when using label 3 to replace the original label.
Labels 4~15 are reserved.
Description
Using the mpls label advertise command, you can specify what label is to be
assigned to the penultimate hop at egress node. Using the undo mpls label
advertise command, you can restore the default value.
When the keyword explicit-null is selected, the m-layer label of a packet with
m-layer label parameter will be popped at the penultimate LSR of the LSP, but not
the egress LSR. This can lower operation restriction at egress node and mitigate
the traffic at the egress node to a degree.
By default, implicit label is assigned to the penultimate hop at egress node.
If explicit null label is assigned to the penultimate hop, it can only reside at the
bottom of the label stack.
Example
Specify at the egress to allocate general labels to the penultimate hop.
[3Com-mpls] mpls label advertise non-null
Syntax
mpls ldp enable
mpls ldp disable
View
Interface view
773
Parameter
None
Description
Using the mpls ldp enable command, you can enable LDP on an interface. Using
the undo mpls ldp enable command, you can disable LDP on an interface.
By default, LDP is not enabled on an interface.
To enable an interface, you must enable LDP first. After LDP is enabled on an
interface, peer discovery and session creation proceed.
Example
Enable LDP on the interface.
[3Com-Ethernet3/0/0] mpls ldp disable
Syntax
mpls ldp hops-count hop-number
undo mpls ldp hops-count
View
System view
Parameter
hop-number: The maximum hops of loop detection, ranging from 1 to 32.
Description
Using the mpls ldp hops-count command, you can set the maximum hops of
loop detection. Using the undo mpls ldp hops-count command, you can restore
the default value.
By default, the maximum hops of loop detection is 32.
This command should be configured before enabling LDP on all interfaces. Its
value, which depends on actual networking situation, decides the loop detection
speed during LSP creation
For the related commands, see mpls ldp loop-detection and mpls ldp
path-vector.
Example
Set the maximum hops of loop detection to be 22.
[3Com] mpls ldp hops-count 22
Set the maximum hops of loop detection as 32, the default value.
[3Com] undo mpls ldp hops-count
Syntax
mpls ldp loop-detect
774
View
System view
Parameter
None
Description
Using the mpls ldp loop-detect command, you can enable loop detection. Using
the undo mpls ldp loop-detect command, you can disable loop detection.
By default, loop detection is disabled in the system.
This command should be configured before enabling LDP on all interfaces.
For the related commands, see mpls ldp hops-count, mpls ldp path-vectors.
Example
Enable loop detection.
[3Com] mpls ldp loop-detect
Syntax
mpls ldp password [cipher | simple ] password
undo mpls ldp password
View
Interface view, remote-peer view
Parameter
simple: Transmitted in plain text.
cipher:Transmitted in encrypted text.
password: User password.
Description
Using the mpls ldp password command, you can configure LDP authentication
mode. Using the undo mpls ldp password command, you can remove the
configuration.
Example
Configure the LDP authentication mode to be in plain text, with a password of
123.
[3Com-Ethernet0/0/0.1] mpls ldp password simple 123
775
Syntax
mpls ldp path-vectors pv-number
undo mpls ldp path-vectors
View
System view
Parameter
pv-number: The configured maximum value of path vector, ranging from 1 to 32.
Description
Using the mpls ldp path-vectors command, you can set the maximum value of
path vector. Using the undo mpls ldp path-vectors command, you can restore
the maximum value of path vector.
By default, pv-number is 32.
This command should be configured before enabling LDP on all interface. Its
value, which depends on actual networking situation, decides the loop detection
speed in LSP creation.
For the related commands, see mpls ldp loop-detection and mps ldp
hops-count.
Example
Set the maximum value of path vector to be 23
[3Com] mpls ldp path-vectors 23
Syntax
mpls ldp remote-peer Index
undo mpls ldp remote-peer Index
View
System view or remote-peer view
Parameter
Index: Index of remote peer, used to identify an entity. It ranges from 0 to 99.
Description
Using the mpls ldp remote-peer command, you can create a remote-peer entity
and enter remote-peer view. Using the undo mpls ldp remote-peer command,
you can delete a remote-peer entity.
This command can create/delete a remote-peer so as to create remote session.
For the related command, see remote-peer.
776
Example
Create a remote-peer.
[3Com] mpls ldp remote-peer 22
[3Com-mpls-remote22]
Delete a remote-peer.
[3Com-mpls-remote22] undo mpls ldp remote-peer 12
[3Com]
Syntax
mpls ldp reset-session peer-address
View
Interface view
Parameter
peer-address: Corresponding LDP Peer address (in IP address format).
Description
Using the mpls ldp reset-session command, you can reset a specified session on
an interface.
After LDP is configured on an interface and LDP session is created, this command
can be used to reset a specified session on the interface only by specifying the
address of the peer corresponding to the session to be reset.
For the related commands, see mpls ldp and mpls ldp enable.
Example
Reset the sessions at the interface Ethernet0/0/0.
[3Com-Ethernet0/0/0] mpls ldp reset-session 10.1.1.1
Syntax
mpls ldp timer { session-hold session-holdtime | hello hello-holdtime }
undo mpls ldp timer { session-hold | hello }
View
Interface view, remote-peer view
Parameter
hello hello-holdtime: Specifies hold time of hello timer, in seconds and the range
of 6 seconds to 65535 seconds.
session-hold session-holdtime: Specifies hold time of session timer, in the range
of 1 second to 65535 seconds.
By default,hello secs is 15 seconds, session-hold secs is 5 seconds.
777
Description
Using the mpls ldp timer command, you can set the duration of a Hello timer.
Using the undo mpls ldp timer command, you can restore the default value.
Timeout of Hello timer means that the adjacency relation with the peer is down,
while timeout of hold timer means that the session relation with the peer is down.
Generally speaking, the default value can be directly adopted. In special cases, it
needs to be modified according to requirements. It should be noted that the
modification of hello parameter may cause the original session to be recreated and
the LSP created on the basis of this session will also be deleted and needs to be
recreated.
In general, the transmission interval of hello/keepalive packets is one-third of the
hold time of hello/session timer.
For the related commands, see mpls ldp and mpls ldp enable.
Example
Modify the duration of a Hello timer.
[3Com-Ethernet3/0/0] mpls ldp timer hello 30
Syntax
mpls ldp transport-ip { interface | ip-address }
undo mpls ldp transport-ip
View
Interface view
Parameter
interface: Takes the IP address of the interface as the transport address.
ip-address: Takes the IP address as the transport address.
Description
Using the mpls ldp transport-ip command, you can configure an LDP transport
address. Using the undo mpls ldp transport-ip command, you can restore the
default LDP transport address.
By default, the transport address is the LSR ID of an LSR.
For a remote-peer, the configuration of transport address is not supported and its
transport address is fixed as an LSR ID.
By default, LSR ID is required to be an address of a certain loopback interface and
its peer should have route to the address of the loopback interface. Only in this
way, can the session be successfully created. In the case of local peer, the address
of the local interface or the Router ID of LSR can be adopted as its transport
address.
778
Example
Take the address of the local interface as a transport address.
[Quidwa-Ethernet3/0/0] mpls ldp transport-ip interface
remote-ip
Syntax
remote-ip remoteip
View
Remote-peer view
Parameter
remote-ip: IP address of a remote peer.
Description
Using the remote-ip command, you can configure a remote IP address. The
address should be the LSR ID of the remote LSR. For remote peers, as they adopt
LSR ID as their transport address, two remote peers take their LSR ID as their
transport addresses for creating TCP connection.
For the related command, see mpls ldp remote-peer.
Example
Configure the address of remote-peer.
[3Com] mpls ldp remote-peer 12
[3Com-remote-peer12] remote-ip 192.168.1.
BGP/MPLS VPN
Configuration
Commands
apply access-vpn
vpn-instance
Syntax
apply access-vpn vpn-instance { vpn-name1 vpn-name2 }
undo apply access-vpn vpn-instance { vpn-name1 vpn-name2 }
View
Route-policy view
Parameter
vpn-name: Name of the configured VPN instance. At most, 6 VPN names can be
configured.
Description
Using the apply access-vpn vpn-instance command, you can specify packet to
search private network forwarding route in vpn-name1, vpn-name2, vpn-name3,
vpn-name4, vpn-name5, vpn-name6(if they all exist) and perform the
779
corresponding forwarding after policy route to be enabled. Using the undo apply
access-vpn vpn-instance command, you can remove this function.
Example
Specify the configured VPN instance.
[3Com-route-policy] apply access-vpn vpn-instance vpn1
debugging bgp
Syntax
debugging bgp [ { { keepalive | open | packet | update | route-refresh } [ receive | send |
verbose ] } { all | event | normal }
undo debugging bgp [ { { keepalive | open | packet | update | route-refresh } [ receive |
send | verbose ] } { all | event | normal }
View
User view
Parameter
keepalive: Displays BGP keepalives.
open: Displays BGP OPEN packet information.
packet: Displays BGP packets.
update: Displays BGP updates.
route-refresh: Displays BGP route refreshing packets.
receive: Displays received information.
send: Displays sent information.
verbose: Displays detailed information
all: Displays debugging of all levels.
event: Displays BGP event.
normal: Displays BGP normal debugging function.
Description
The debugging bgp command you can display the information concerning BGP
processing. The undo debugging bgp command you can disable debugging
function.
Example
<3Com> debugging bgp vpnv4
description
Syntax
description vpn-instance-description
undo description
780
View
Vpn-instance view
Parameter
vpn-instance-description: Specify the description information of VPN instance.
Description
Using the description command, you can configure description information for
specified VPN instance. Using the undo description command, you can remove
the description of VPN instance.
Example
Display description information of VPN.
[3Com-vpn-vpna] description 3com
Syntax
display bgp vpnv4 { all | route-distinguisher rd-value | vpn-instance vpn-instance-name
} { group | network | peer | routing-table }
View
Any view
Parameter
all: Displays all VPNv4 database.
route-distinguisher: rd-value: Displays matching route distinguisher(RD) and
network layer reachable information(NLRI).
vpn-instance: vpn-instance-name: Displays network layer reachable
information(NLRI) associated with the specified vpn-instance.
group: Displays the information related to peer groups.
network: Displays the networks advertised through BGP.
peer: Displays the information of the connections.
routing-table: Displays BGP routes.
Description
Using the display bgp vpnv4 command, you can display VPNv4 information in
BGP database.
Example
Display the information about all BGP VPNV4 peers.
[3Com] display bgp vpnv4 all
BGP local router ID is 1.1.248.23
Status codes: s suppressed, d damped, h history, * valid, > best, i internal
Origin codes: i IGP, e EGP, ? - incomplete
Network
Next Hop
Label Metric LocPrf Path
Route Distinguisher:100:9 (default for vpn-instance vpn-instance_1)
*> 192.5.1.0
display ip routing-table
vpn-instance
0.0.0.0
781
16/0
Syntax
display ip routing-table vpn-instance vpn-instance-name [ ip-address ] [ verbose ]
View
Any view
Parameter
vpn-instance-name: Name assigned to vpn-instance.
ip-address: Displays information of the specified address.
verbose: Displays the detailed information.
Description
Using the display ip routing-table vpn-instance command, you can view the
specified information in the IP routing table of vpn-instance.
Example
Display the IP routing table associated with the vpn-instance.
[3Com] display ip routing-table vpn-instance vpn-instance1
Routing Table: vpn-instance1 RD: 1233:11
Destination/Mask ProtoPreMetric Nexthop
Interface
192.1.1.0/24 Direct0 0192.1.1.1 GigabitEthernet1/0/0
192.1.1.1/32 Direct0 0127.0.0.1
InLoopBack0
192.1.1.255/32 Direct0 0127.0.0.1
InLoopBack0
display ip vpn-instance
Syntax
display ip vpn-instance [ vpn-instance-name | verbose ]
View
Any view
Parameter
vpn-instance-name: Name assigned to vpn-instance.
verbose: Displays the detailed information.
Description
Using the display ip vpn-instance command, you can view such information
associated with vpn-instance as the VPN instance RD, description and associated
interface.
Example
Display the information about vpn-instance 3Com.
[3Com] display ip vpn-instance 3com
VPN-Instance : vpn1
No description
Route-Distinguisher : 100:6
Interfaces :
782
Ethernet0/0/0.101
Syntax
display ospf sham-link
View
Any view
Parameter
None
Description
Using the display ospf sham-link command, you can view the information of
sham links.
For the related command, see sham-link.
Example
Display the information of sham links.
<3Com>display ospf sham-link
OSPF Process 1 with Router ID 1.1.1.1
Sham Links
Sham-link 3.3.3.3 -> 5.5.5.5, State: Down
Area: 0.0.0.1
Cost: 1 State: Down Type: Sham
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
Syntax
display mpls l3vpn-lsp [ verbose] [ include text ]
View
Any view
Parameter
include text: Displays the MPLS L3VPN LSPs with the specified FEC string.
verbose: Displays detailed information.
Description
Using the display mpls l3vpn-lsp include command, you can view the
information of MPLS L3VPN LSPs.
Example
Display the label swith path vpn-instance relative information of mpls l3vpn.
<3Com> display mpls l3vpn-lsp transit
--------------------------------------------------------------------LSP Information: L3vpn Transit Lsp
-------------------------------------------------------------------TOTAL: 0 Record(s) Found.
783
Syntax
display mpls l3vpn-lsp [ vpn-instance vpn-instance-name ] [ transit | egress | ingress ]
[include ip-address length-prefix | verbose ]
View
Any view
Parameter
transit: LSP of ASBR VPN
egress: LSP of egress VPN
ingress: LSP of ingress VPN
vpn-instance: VPN Routing/Forwarding instance name.
include text: Displays the MPLS L3VPN LSPs with the specified FEC string.
verbose: Displays detailed information.
Description
Using the display ip routing-table vpn-instance command, you can view the
vpn-instance information of MPLS L3VPN LSPs.
Example
Display the vpn-instance information of MPLS L3VPN LSPs.
<3Com> display mpls l3vpn-lsp transit
--------------------------------------------------------------------LSP Information: L3vpn Transit Lsp
-------------------------------------------------------------------TOTAL: 0 Record(s) Found.
domain-id
Syntax
domain-id { id-number | id-addr }
undo domain-id
View
OSPF protocol view
Parameter
id-number: Domain ID for a VPN instance, in range of 0~4294967295. By default,
it is 0.
id-addr: IP address format of the domain ID in VPN instance. By default, it is
0.0.0.0.
Description
Using the domain-id command, you can specify domain ID for a VPN instance.
Using the undo domain-id command, you can restore the default domain ID.
784
import-route
Syntax
import-route { ospf | ospf-ase | ospf-nssa } [ process-id ] [ med value | route-policy
route-policyname ]
undo import-route { ospf | ospf-ase | ospf-nssa } [ process-id ]
View
BGP unicast/multicast VPN-instance address family view, MBGP Interface
VPN-instance address family view
Parameter
process-id: OSPF procedure ID. By default, it is 1.
ospf: When only OSPF procedure ID is imported, ASE internal route is taken as
external route information.
ospf-ase: When only OSPF procedure ID is imported, OSPF-ASE route is taken as
external route information.
ospf-nssa: When only OSPF procedure ID is imported, OSPF-NSSA route is taken as
external route information.
med value: Route cost value
route-policyname: Route policy name
Description
Using the ip binding vpn-instance command, you can enable to import OSPF
route. Using the undo ip binding vpn-instance command, you can disable to
import OSPF route.
785
ip binding vpn-instance
Syntax
ip binding vpn-instance vpn-instance-name
undo ip binding vpn-instance vpn-instance-name
View
Interface view
Parameter
vpn-instance-name: Name assigned to vpn-instance.
Description
Using the ip binding vpn-instance command, you can connect an interface or
sububterface with a vpn-instance. Using the undo ip binding vpn-instance
command, you can remove the connection.
By default, global routing table is configured.
The IP address of the interface will be removed if executing this command on it, so
the IP address of the interface needs to be reconfigured.
Example
Bind VPN instance vpn1 to the interface atm0/0/0.
[3Com] interface atm1/0/0
[3Com-Atm1/0/0] ip binding vpn-instance vpn1
ip route-static
vpn-instance
Syntax
ip route-static vpn-instance { vpn--name1 vpn-name2 | ip-address1 } { mask |
mask-length } { interface-name | [ vpn-instance vpn-name-nexthop ip-address2 ] } [
public ] [ preference preference-value ] [ reject | blackhole ]
undo ip route-static vpn-instance { vpn-name1 vpn-name2 | ip-address1 } { mask |
mask-length } { interface-name | [ vpn-instance vpn-name-nexthop ip-address2 ] } [
preference preference-value ] [ reject | blackhole ]
View
System view
Parameter
vpn-name: Name of VPN instance can be configured 6 names at most.
786
ip vpn-instance
Syntax
ip vpn-instance vpn-name
undo ip vpn-instance vpn-name
View
System view, routing protocol view
Parameter
vpn-name: Name assigned to vpn-instance.
Description
Using the ip vpn-instance command, you can create and configure a
vpn-instance. Using the undo ip vpn-instance command, you can delete the
specified vpn-instance.
By default, vpn-instance is not defined. Neither input nor output list is associated
with vpn-instance. No route-map is associated with vpn-instance.
787
ipv4-family
Syntax
ipv4-family [ vpnv4 [ unicast ] | multicast | vpn-instance vpn-instance-name ]
undo ipv4-family [ vpnv4 [ unicast ] | multicast | vpn-instance vpn-instance-name ]
View
BGP view
Parameter
multicast: IPv4 multicast address used by the address family. This parameter is
used to enter MBGP multicast address family view.
vpn-instance vpn-instance-name: Associates the specified vpn-instance example
with the IPv4 address family. This parameter is used to enter MBGP vpn-instance
address family view.
unicast: IPv4 unicast address used by the address family.
Description
Using the ipv4-family command, you can enter BGP IPv4 address family view or
MBGP VPNv4 address family view. Using the undo ipv4-family command, you
can delete the configuration of specified address family view or MBGP VPNv4
address family view.
By default, unicast address is used when configuring VPNv4 address family.
By default, unicast address is used when configuring IPv4 address family.
Use this command to enter address family view and configure parameters
associated with address family for BGP in this view.
The ipv4-family vpn-instance command you can enter MBGP vpn-instance
address family view.
The undo ipv4-family vpn-instance vpn-instance-name command you can
remove the association of the specified vpn-instance example with IPv4 address
family to exit to BGP unicast view.
For the related command, see peer enable.
Example
Associate the specified vpn-instance example with IPv4 address family to enter
MBGP vpn-instance address family view, which can be configured only after
vpn-instance has been configured.
[3Com] bgp 100
788
ospf
Syntax
ospf process-id [ router-id router-id-number ] [ vpn-instance vpn-instance-name ]
undo ospf process-id
View
System view
Parameter
process-id: OSPF procedure ID. By default, it is 1.
router-id-number: Router ID for OSPF procedure, optional
vpn-instance-name: VPN instance bound to the OSPF procedure
Description
Using the ospf command, you can an enable OSPF procedure. Using the undo
ospf command, you can disable an OSPF procedure.
After enabling OSPF procedure, you can perform OSPF configurations in the OSPF
protocol view.
By default, no OSPF protocol is enabled.
VRP supports multiple OSPF procedures, so you can specify different procedure IDs
to enable multiple OSPF procedures on a router.
It is recommended to specify procedure route-id with the router-id parameter in
enabling OSPF procedure. If you want to enable multiple processes on a router you
are recommended to specify different router IDs for different procedures.
To enable an OSPF procedure belonging to public network without specifying
router ID, the following conditions should be satisfied:
If router ID is not specified in enabling OSPF procedure, but binding the procedure
with a VPN instance is required. An interface must exist that has been configured
with IP address.
If you want to bind a procedure to a VPN instance, you must specify VPN instance
name.
One VPN instance may include several procedures. For example, for the VPN
instance 1, you can configure it into OSPF procedures 1, 2 and 3 with the
789
Enable OSPF procedure 100, specify its route ID as 2.2.2.2 and bind it to the VPN
instance vpn1.
[3Com] ospf 100 router-id 2.2.2.2 vpn-instance vpn1
[3Com-ospf-100]
peer allow-as-loop
Syntax
peer { group-name | peer-address } allow-as-loop asn-limit
undo peer { group-name | peer-address } allow-as-loop asn-limit
790
View
BGP view, MBGP IPv4-family view
Parameter
group-name: Name of the peer group
ip-address: specified IP address of peer.
asn-limit: The maximum number allowed in received route updates of the local
autonomous system number AS.
Description
Using the peer allow-as-loop command, you can enable route loop detection in
the received route updates in hub&spoke networking mode. Using the undo peer
allow-as-loop command, you can prohibit loop to occur in the received route
updates.
By default, loop information is prohibited in the received route update
information.
In the case of standard BGP, BGP tests routing loop via AS number. In the case of
Hub&Spoke networking, however, PE carries the AS number of the local
autonomous system when advertising the routing information to CE, if EBGP is
run between PE and CE. Accordingly, the updated routing information will carry
the AS number of the local autonomous system when route update is received
from CE. In this case, PE cannot receive the route update information.
This phenomenon can be avoided by using the peer allow-as-loop command,
which makes PE router allow the route update information received from CE to
contain AS number of itself. The allowed maximum number is controlled by using
the parameter asn-imit.
Example
Enable route loop detection in the received route updates.
[3Com-bgp] ipv4-family vpn-instance one
[3Com-bgp-af-vpn-instance] peer 1.1.1.1 allow-as-loop 1
peer as-number
Syntax
peer { group-name | [ peer-address group group-name ] } as-number as-number
undo peer { group-name | [ peer-address group group-name] } as-number as-number
View
BGP view, MBGP vpn-instance view
Parameter
group-name: Peer group name.
peer-address: IP address of a peer.
as-number: Peer end AS number of a peer (group).
791
Description
Using the peer as-number command, you can configure the remote AS number
of the specified peer (group). Using the undo peer as-number command, you
can remove the remote AS number of the specified peer (group).
By default, a peer of the peer (group) has no AS number.
Example
Set the remote AS number of the specified peer (group) to 100.
[3Com-bgp] peer test as-number 100
peer enable
Syntax
peer group-name enable
undo peer group-name enable
View
BGP view, MBGP VPNv4 view
Parameter
group-name: Peer group name
Description
Using the peer enable command, you can enable the specified peer (group).
Using the undo peer enable command, you can disable the specified peer
(group).
For IPv4 address family, address switching is enabled by default.
Example
Enable the peer (group) 168.
[3Com-bgp-af-vpn] peer 168 enable
peer connect-interface
Syntax
peer { group-name | ip-address } connect-interface interface-type interface-number
undo peer { group-name | ip-address } connect-interface interface-type
interface-number
View
BGP view, MBGP vpn-instance view
Parameter
group-name: Peer group name.
peer-address: IP address of a peer.
interface-type: Interface type.
interface-number: Name of the interface.
792
Description
Using the peer connect-interface command, you can configure to allow the
internal BGP session to use any operable interface that connects with TCP. Using
the undo peer connect-interface command, you can restore to use the best
local address to implement TCP connection.
By default, BGP uses the best local address to implement TCP connection.
Generally, BGP uses the best local address to implement TCP connection. In order
to make the TCP connection valid even when the interface fails, the internal BGP
session can be configured to be allow use of any operable TCP-connected
interface (For example, Loopback interface).
Example
Allow the internal BGP session to use any operable interface that connects with
TCP.
[3Com-bgp-af-vpn-instance] peer 1.1.1.1 connect-interface loopback 0
peer
default-route-advertise
Syntax
peer { group-name | peer-address } default-route-advertise
undo peer { group-name | peer-address } default-route-advertise
View
BGP view, MBGP IPv4-family view
Parameter
group-name: Peer group name.
peer-address: IP address of a peer.
Description
Using the peer default-route-advertise command, you can enable a peer
(group) to import a default route. Using the undo peer default-route-advertise
command, you can remove the existing setting.
By default, no default route is redistributed to a peer (group).
This command does not require any default route in the routing table but
transmits a default route whose next hop address is itself to the peer
unconditionally.
Example
Enable the peer (group) test to import a default route.
[3Combgp] peer test as-number
[3Combgp] peer test default-route-advertise
peer next-hop-local
Syntax
peer { group-name | peer-address } next-hop-local
undo peer { group-name | peer-address } next-hop-local
793
View
BGP view, MBGP IPv4-family view
Parameter
group-name: Peer group name.
peer-address: IP address of a peer.
Description
Using the peer next-hop-local command, you can remove the processing of the
next hop in the routes that BGP advertises to a peer (group) and configure to use
its self-address as the next-hop. Using the undo peer next-hop-local command,
you can remove the existing setting.
Example
Specify the local IP address as the next hop in BGP's route advertising to the peer
(group).
[3Com-bgp-af-vpn] peer test next-hop-local
peer public-as-only
Syntax
peer { group-name | peer-address } public-as-only
undo peer { group-name | peer-address } public-as-only
View
BGP view, MBGP IPv4-family view
Parameter
group-name: Peer group name.
peer-address: IP address of a peer.
Description
Using the peer public-as-only command, you can configure not to carry private
AS number when transmitting BGP update packets. Using the undo peer
public-as-only command, you can configure to carry private AS number when
transmitting BGP update packets.
By default, private AS number is carried when transmitting BGP update packets.
Generally, BGP carries the AS number (either public or private AS number) when
transmitting BGP update packets. BGP can be configured not to carry the private
AS number so that some output routers may ignore the private AS number when
transmitting BGP update packets.
Example
Send MBGP update packets without bearing private AS number.
[3Com-bgp-af-vpn] peer 168 public-as-only
794
peer upe
Syntax
peer peer-address upe
undo peer peer-address} upe
View
BGP view
Parameter
peer-address: IP address of a peer.
Description
Using the peer upe command, you can configure BGP peer as the UPE of
hierarchical BGP/MPLS VPN. Using the undo peer upe command, you can remove
this configuration.
Example
Configure BGP peer as the UPE of hierarchical BGP/MPLS VPN.
[3Com-bgp] ipv4-family vpnv4
[3Com-bgp-af-vpn] peer 1.1.1.1 upe
route-distinguisher
Syntax
route-distinguisher route-distinguisher
View
vpn-instance view
Parameter
route-distinguisher: Configures a VPN IPv4 prefix by adding an 8-byte value to a
IPv4 prefix.
Description
Using the route-distinguisher command, you can configure RD for an MPLS VPN
instance. A vpn-instance cannot run until it is configured with an RD.
A route distinguisher (RD) creates route and forwarding list for a VPN and specify
default route identifier. Add RD to a specific IPv4 prefix start to make it the only
VPN IPv4 prefix.
If ID is associated with an autonomous system number(ASN), it is a combination of
an autonomous system number and an arbitrary number; if RD is associated with
IP address, it is a combination of an IP address and an arbitrary number.
RD has the following formats:
Example
Configure RD for the MPLS VPN instance.
795
route-tag
Syntax
route-tag tag-number
undo route-tag
View
OSPF protocol view
Parameter
tag-number: Tag value to identify VPN import route, in range of 0~4294967295.
By default, its first two fields are fixed to 0xD000, while the last two fields are the
ASN of local BGP. For example, if local BGP ASN is 100, then the default tag value
in decimal is 3489661028.
Description
Using the route-tag command, you can specify a tag value to identify VPN import
route. Using the undo route-tag command, you can restore the default value.
If a VPN site is linked to multiple PEs, when the route learned from MPLS/BGP is
advertised by a PE router via its type-5 or type-7 LSA to the VPN site, the route may
be received by another PE router. This will result in route loop. To avoid route loop,
you should configure route-tag and it is recommended to configure the same
route-tag for the PEs in the same VPN domain. The route-tag is included in the
type-5/-7 LSA. The route-tag is not transmitted in the extended community
attributes of BGP, but can only be configured and function on the PE router which
receives BGP route and generates OSPF LSA.
Configure route-tag in OSPF protocol view. Different processes can be configured
with the same route-tag. You can configure the same route-tag with different
commands, but with different priority levels:
If the route-tag included in the type-5/-7 LSA is identical with its existing tag, the
LSA received will be neglected in route calculation.
CAUTION: The route-tag configured will not take effect until the reset ospf
command is executed.
For the related commands, see import-route and default.
Example
Configure route-tag 100 to OSPF procedure 100.
796
vpn-target
Syntax
vpn-target vpn-target-ext-community [ import-extcommunity | export-extcommunity |
both ]
undo vpn-target vpn-target-ext-community [ import-extcommunity |
export-extcommunity | both ]
View
Vpn-instance view
Parameter
import-extcommunity: Ingress route information from the extended community of
target VPN.
export-extcommunity: Egress route information to the extended community of
target VPN.
both: Imports ingress and egress route information to the extended community of
target VPN.
vpn-target-ext-community: Adds vpn-target extended community attribute to the
ingress and egress of vpn-instance or the vpn-target extended community list of
ingress and egress.
Description
Using the vpn-target command, you can create vpn-target extended community
for vpn-instance. Using the undo vpn-target command, you can remove the
vpn-target extended community attribute.
By default, the default value is both.
The vpn-target command you can create ingress and egress route target
extended community list for specified vpn-instance. Execute this command once
for each target community. Import the received route bearing the specific route
target extended community to all vpn-instances, which are configured extended
community as ingress route target. Vpn-target specifies a target VPN extended
community. Same as RD, an extended community is either composed with an
autonomous system number and an arbitrary number or composed with an IP
address and an arbitrary number.
Extended community has the following formats:
Example
Create vpn-target extended community for the vpn-instance.
[3Com] ip vpn-instance vpn_red
797
routing-table limit
Syntax
routing-table limit { warn threshold | simply-alert }
undo routing-table limit
View
MBGP vpn-instance view
Parameter
limit: Specifies the route maximum allowed in a vpn-instance.
warn threshold: Rejects routes when the threshold value is reached. This threshold
value is the percentage of the specified route maximum from 1 to 100.
simply-alert: When the route maximum specified for a vpn-instance exceeds the
threshold, routes can be added and only a SYSLOG error message is sent out.
Description
Using the routing-table limit command, you can limit the route maximum in a
vpn-instance, to avoid too many routes in the ingress interface of the PE router.
Using the undo routing-table limit command, you can remove the limitation.
It is necessary to enter the vpn-instance sub-view before using the routing-table
command. Create a vpn-instance routing table in this view and allocate a route
distinguisher (RD) in one of the following formats:
sham-link
Syntax
sham-link source-addr destination-addr [ cost cost-value ] [ dead seconds ] [ hello
seconds ] [ md5 keyid key seconds ] [ retransimit seconds ] [ simple password ] [
trans-delay seconds ]
undo sham-link source-addr destination-addr
View
OSPF area view
798
Parameter
source-addr: Source address of sham-link, a loopback interface address with 32-bit
mask
destination-addr: Destination address of sham-link, a loopback interface address
with 32-bit mask
cost-value: Cost at sham link, in the range of 1~65535. By default, it is 1.
password: Specify authentication string in plain text at the interface, 8 characters
at most. It must be consistent with the authentication string of sham link peer.
keyid: Specifies MD5 authentication string at the interface, in range of 1~255
characters. It must be consistent with the authentication string of sham link peer.
key: Specifies authentication string at the interface, 16 characters at most. It must
be consistent with the authentication string of sham link peer. When the display
current-configuration command is executed, the system displays the 24-character
MD5 authentication string in cipher text. You can also input 24-character
authentication string in cipher text.
dead seconds: Specifies interval for the dead timer, in range of 1~8192 seconds.
By default, it is 40 seconds. It must be consistent with the dead seconds value for
sham link peer.
hello seconds: Specifies interval between Hello message transmission at the
interface, in range of 1~8192 seconds. By default, it is 10 seconds. It must be
consistent with the hello seconds value for sham link peer.
retransmit seconds: Specifies internal for LSA message retransmission at the
interface, in range of 1~8192 seconds. By default, it is 5 seconds.
trans-delay seconds: Specifies delay period for LSA message transmission at the
interface, in range of 1~8192 seconds. By default, it is 1 second.
Description
Using the sham-link command, you can configure a sham link. Using the undo
sham-link command, you can delete a sham link.
In the OSPF PE-CE connection, suppose that in an OSPF area there are two sites
which belong to the same VPN, with each connected to different PE router and an
intra-domain link (backdoor) established between them. Though there may be
other routes connecting the two sites via the PE router, these routes are just
intra-domain routes, so OSPF will select those routes through the backdoor first.
Sometimes, the routes through VPN backbone are desired to be selected first, then
it is required to establish sham link between PE routers. In this case, the routes
through VPN backbone are of the highest priority within the OSPF area.
The sham link between VPN PE routers is taken as a link within the OSPF area. Its
source and destination addresses are both loopback interface addresses with
32-bit mask. This loopback interface must be bound with a VPN instance and
imported into BGP through a direct-connect route. The optional parameters can
be appended in the sham link command and only those appended in the sham
link command can be selected in the undo command.
799
CAUTION
The source and destination addresses of a sham link are both loopback interface
addresses with 32-bit mask. This loopback interface must be bound with a VPN
instance and imported into BGP through a direct-connect route.
The source and destination addresses of a sham link cannot be the same.
The same sham link cannot be configured in the different OSPF procedures.
A maximum of 50 sham link can be configured in an OSPF procedure.
Example
Configure a sham link, with source address 1.1.1.1 and destination address
2.2.2.2.
[3Com-ospf-100-area-0.0.0.1] sham-link 1.1.1.1 2.2.2.2 cost 100
vpn-instance-capability
simple
Syntax
vpn-instance-capability simple
undo vpn-instance-capability
View
OSPF protocol view
Parameter
None
Description
Using the routing-table limit command, you can configure a router as
Multi-VPN-Instance CE. Using the undo routing-table limit command, you can
remove the configuration.
OSPF multi-VPN-instance application is often run at the PE router, so the CE router
on which OSPF multi-VPN-instance application runs is called Multi-VPN-Instance
CE. Though they both support multi-VPN-instance application, Multi-VPN-Instance
CE does not necessarily support BGP/OSPF interoperability.
When OSPF procedures are bound with VPN instances, the default OSPF router
serves as PE router. This command will remove the default configuration and
change a router into Multi-VPN-Instance CE. Then OSPF procedure will set up all
peers again. DN bits and route-tag will not be check in routing calculation. To
prevent route loss, loop test function is disabled on PE routes. MGP/OSPF
interoperability is also disabled to save system resources.
After the display ospf brief command is executed successfully, the system
prompts the information Multi-VPN-Instance enable on CE router.
CAUTION: OSPF process will set up all peers again after this command is run.
Example
Configure OSPF procedure 100 as Multi-VPN-Instance CE.
800
Syntax
ccc ccc-connection-name interface interface-type interface-number transmit-lsp
transmit-lsp-name receive-lsp receive-lsp-name
undo ccc ccc-connection-name
View
System view
Parameter
interface-type interface-number: Interface for the remote connection.
ccc-connection-name: CCC connection name of 1 to 20 characters in length,
which uniquely identifies a CCC inside a PE.
transmit-lsp-name: Name of the transmit-LSP.
receive-lsp-name: Name of the receive-LSP.
Description
Using the ccc interface transmit-lsp receive-lsp command, you can create a
remote CCC connection. Using the undo ccc command, you can delete a remote
CCC connection.
You can delete a CCC connection in the interface or system view.
For the related command, see ccc interface out-interface.
Example
Create a remote CCC connection clink, with the transmit-LSP being tlsp and the
receive-LSP being rlsp.
[3Com-Ethernet3/0/0] ccc clink interface serial0/0/0 transmit-lsp tlsp receive-lsp rlsp
ccc interface
out-interface
Syntax
ccc ccc-connection-name interface interface-type interface-number out-interface
outinterface-type outinterface-num
undo ccc ccc-connection-name
View
System view
801
Parameter
ccc-connection-name: CCC connection name of 1 to 20 characters, which is used
for uniquely identifying the CCC inside the PE.
interface-type interface-number: Interface connected to the first CE
outinterface-type outinterface-num: Interface connected to the second CE.
Description
Using the ccc interface out-interface command, you can create a local CCC
connection. Using the undo ccc command, you can delete the local CCC
connection.
The supported interfaces include serial, asynchronous serial, ATM, Ethernet, VE,
and GE interfaces, as well as ATM, Ethernet, and GE sub-interfaces.
For a serial, asynchronous serial, Ethernet, GE, or VE interface, CCC encapsulation
defaults to link layer encapsulation and the command does not have any
parameter in this case. This is also applies to the CCC encapsulation on an
Ethernet sub-interface or GE sub-interface. For an ATM sub-interface, CCC
encapsulation defaults to ATM AAL5. In this case, the command can bring with it
a parameter indicating whether the encapsulation is ATM AAL5 or ATM CELL.
Example
Create a local CCC connection clink, with two CEs connected respectively to
Ethernet0/0/0 and Ethernet2/0/0.
[3Com] ccc clink interface serial0/0/0 out-interface Ethernet 2/0/0
Syntax
debugging mpls l2vpn { all | advertisement | error | event | connections [ interface
interface-name | interface-type interface-num ] }
undo debugging mpls l2vpn { all | advertisement | error | event | connections [ interface
interface-name | interface-type interface-num ] }
View
User view
Parameter
all: Enables/Disables all L2VPN debugging.
advertisement: Enables/Disables BGP/LDP notify information debugging of
L2VPN.
error: Enables/Disables L2VPN error information debugging.
event: Enables/Disables L2VPN event information debugging.
connections: Enables/Disables connection information debugging.
interface-type interface-num: Specifies CE interface for information connection
debugging.
802
Description
Using the debugging mpls l2vpn command, you can view L2VPN link
information. Using the undo debugging mpls l2vpn command, you can disable
the debug function.
Example
<3Com> debugging mpls l2vpn all
display ccc
Syntax
display ccc [ ccc-name | type [ local | remote ] ]
View
Any view
Parameter
ccc-name: Name of the connection to be displayed.
local: Displays local CCC connection only.
remote: Displays remote CCC connection only.
Description
Using the display ccc command, you can view CCC connection information.
Example
Display CCC connection information.
[3Com] display ccc c-link
Syntax
static-lsp egress lsp-name l2vpn incoming-interface interface-type interface-num
in-label in-label
undo static-lsp egress lsp-name l2vpn
View
MPLS view
Parameter
lsp-name: LSP name
interface-type Interface-num: Interface type and interface number
in-label-value: Inbound label value, in range of 16~1024
Description
Using the static-lsp egress l2vpn command, you can configure a static LSP used
in L2VPN for egress LSR. Using the undo static-lsp egress l2vpn command, you
can delete an LSP used in L2VPN of egress LSR.
Two LSPs (one in each direction) should be created in advance before creating
remote CCC connection.
803
For related commands, see static-lsp ingress l2vpn and debugging mpls.
Example
Add the static LSP bj-sh at egress LSR.
[3Com-mpls] static-lsp egress bj-sh l2vpn incoming-interface serial8/0/0 in-label 233
Syntax
static-lsp ingress lsp-name { l2vpn | destination ip_addr } { nexthop next-hop-addr |
outgoing-interface interface-type interface-num } out-label out-label
undo static-lsp ingress lsp-name l2vpn
View
MPLS view
Parameter
lsp-name: LSP name
next-hop-addr: Next hop address
interface-type Interface-num: Interface type and interface number
out-label-value: Outbound label value, in range of 16~1024
Description
Using the static-lsp egress l2vpn command, you can configure a static LSP used
in L2VPN for ingress LSR. Using the undo static-lsp egress l2vpn command, you
can delete an LSP used in L2VPN of ingress LSR.
With this command, you can configure a static LSP for ingress LSR, as well as
setting preference and measurement value for it.
Two LSPs (one in each direction) should be created in advance before creating
remote CCC connection.
For related commands, see static-lsp egress lvpn, static-lsp transit, and
debugging mpls.
Example
Add the static LSP with destination address 202.25.38.1 at ingress LSR.
[3Com-mpls] static-lsp ingress bj-sh destination 202.25.38.1 24 nexthop 202.55.25.33
out-label 237
Syntax
static-lsp transit lsp-name l2vpn incoming-interface interface-type interface-num
in-label in-label { nexthop next-hop-addr | outgoing-interface interface-type
interface-num } out-label out-label
undo static-lsp transit lsp-name l2vpn
View
MPLS view
804
Parameter
lsp-name: LSP name
interface-type Interface-num: Interface type and interface number
next-hop-addr: Next hop address
in-label-value: Inbound label value, in range of 16~1024
out-label-value: Outbound label value, in range of 16~1024
Description
Using the static-lsp transit command, you can configure a static LSP used in
L2VPN for transit LSR. Using the undo static-lsp transit command, you can
delete an LSP used in L2VPN of transit LSR.
Two LSPs (one in each direction) should be created in advance and configured to
the transit LSR before creating remote CCC connection.
For related commands, see static-lsp egress l2vpn and static-lsp ingress
l2vpn.
Example
Add a static LSP used in 12vpn for the Serial0/0/0 of transit LSR, with inbound
label being 123 and outbound label being 253.
[3Com-mpls] static-lsp transit bj-sh l2vpn incoming-interface serial0/0/0 in-label 123
nexthop 202.34.114.7 out-label 253
Syntax
display mpls static-l2vc [ interface interface-type interface -num ]
View
Any view
Parameter
interface-type interface -num: Interface type and interface number
Description
Using the display mpls static-l2vc command, you can view the connection
information of static MPLS L2VPN.
Example
Display basic information of static connection.
[3Com-Ethernet1/0/1] display mpls static-l2vc
total connections: 1, 0 up, 1 down
ce-intf state destination tr-label rcv-label tnl-type tnl-index
805
mpls static-l2vc
Syntax
mpls static-l2vc destination destination-ip-address transmit-vpn-label
transmit-label-value receive-vpn-label receive-label-value
View
Interface view
Parameter
destination-ip-address: ROUTER ID of destination router.
transmit-label-value: Transmit-label value of VPN.
receive-label-value: Receive-label value of VPN.
Description
Using the mpls static-l2vc command, you can create an SVC MPLS L2VPN
connection. Using the undo mpls static-l2vc command, you can delete the
connection.
Example
Create SVC MPLS L2VPN connection.
[3Com-s1/1/0] mpls static-l2vc destination 192.1.1.1 transmit-vpn-label 333
receive-vpn-label 111
Syntax
display mpls l2vc [ interface interface-type interface-num | verbose ]
View
Any view
Parameter
verbose: Displays the detailed information.
interface-type interface-num: Name of the interface connected with CE.
Description
Using the display mpls l2vc command, you can view the VC information in LDP
mode.
806
Example
None
mpls l2vc
Syntax
mpls l2vc ip-address vc-id
undo mpls l2vc
View
Interface view
Parameter
ip-address: lsr-id address of peer PE.
vc-id: Connected VC ID.
Description
Using the mpls l2vc command, you can create an LDP connection. Using the
undo mpls l2vc command, you can delete the connection.
Supporting interface types: Serial, Asy Serial, POS, ATM, ATM subinterface,
Ethernet, Ethernet subinterface, VE, GE, GE subinterface.
Enable MPLS L2VPN and encapsulate CCC on the interface before using this
command.
For the related command, see mpls l2vpn and ccc.
Example
Create LDP connection.
[3Com-Ethernet3/0/0] mpls l2vc 10.0.0.11
Syntax
ce name [ id id range range ] [ default-offset offset ] ]
undo ce name
View
MPLS L2VPN view
Parameter
name: CE name, unique in the current PE VPN.
id: CE ID, unique in VPN, represents a CE, ranging from 1 to 65535.
offset:Specifies default offset value of the original CE.
807
range: CE range, in other words, the maximum CE number local CE can connect
with, ranging from 1 to 100. Default value is 10.
Description
Using the ce command, you can create CE or modify CE range. Using the undo ce
command, you can delete CE.
After CE is created, the system will create a CE mode and all the configurations of
CE will be performed in this mode.
To facilitate VPN expansion, CE range can be configured larger than the real
capacity. But its a waste of identifier because the system will distribute an
identifier block as large as the CE range.
If the CE range is smaller than need in VPN expansion, for example, the CE range
is 10 while the needed CE number is 20, you can modify the CE range to 20.
For the related command, see mpls l2vpn encapsulation, connection.
Example
Create a CE for vpna, named Marlborough, with CEID being 1, range default
value being 10.
[3Com]mpls l2vpn
[3Com] mpls l2vpn vpna encapsulation ppp
[3Com-mpls-l2vpn-vpna] ce marlborough id 1
[3Com-mpls-l2vpn-ce-vpna-marlborough]
connection
Syntax
connection [ ce-offset offset ] { interface interface-type interface-num }
undo connection [ ce-offset offset ] { interface interface-type interface-num }
View
MPLS L2VPN CE view
Parameter
offset: Specifies remote CE ID for L2VPN connection in establishing local
connection
interface-type interface-num: Specifies CE interface in establishing remote
connection.
Description
Using the connection command, you can create a CE connection. Using the
undo connection command, you can delete a CE connection.
Configure RD for MPLS L2VPN first before establishing a CE connection.
For related commands, see mpls l2vpn encapsulation and ccc.
Example
Establish a CE connection.
808
Syntax
display bgp l2vpn { all | peer | route-distinguisher }
View
Any view
Parameter
all: All L2VPN information in local address family.
peer: Information of the specified BGP peer.
route-distinguisher: Information of the specified VPN RD.
Description
Using the display bgp l2vpn all command, you can view system operating
information and all L2VPN information.
Example
Display all L2VPN information.
[3Com] display bgp l2vpn all
BGP local router ID is 172.16.1.5 , Origin codes: i - IGP, e - EGP, ? - incomplete
bgp.l2vpn: 3 destinations
CE ID
Label Offset Label Base
nexthop pref as-path
Route Distinguisher: 100:1
2
1
800000
1.1.1.1
100 I 200 600
3
1
500000
1.1.1.1
100 I 200 600
Route Distinguisher: 100:2
1
1
700000
1.1.1.1
100 I 200 600
Syntax
display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interface-num
View
Any view
Parameter
vclabel: VC label
interface-type interface-num: Interface type and interface number
Description
Using the display mpls l2vpn forwarding-info command, you can view the
L2VPN information under a specific interface.
Example
Display the L2VPN information under a specific interface.
[3Com] display mpls l2vpn forwarding-info interface serial1/0/0
809
l2vpn-family
Syntax
l2vpn-family
undo l2vpn-family
View
BGP view
Parameter
None
Description
Using the l2vpn-family command, you can create an L2VPN address family view.
Using the undo l2vpn-family command, you can delete the L2VPN address
family view.
By default, it is BGP unicast view.
Using this command, you can enter L2VPN address family view.
Execute the undo l2vpn-family command to exit multicast extended address
family view. Delete all the configurations in this address family and back to BGP
unicast view.
Example
Create L2VPN address family view.
[3Com] bgp 100
[3Com-bgp] l2vpn-family
[3Com-bgp-af-l2vpn]
mpls l2vpn
Syntax
mpls l2vpn
undo mpls l2vpn
View
System view
Parameter
None
Description
Using the mpls l2vpn command, you can enable L2VPN. Using the undo mpls
l2vpn command, you can disable L2VPN.
Enable MPLS before using this command.
For the related commands, see mpls and mpls lsr-id.
810
Example
Enter MPLS view, then configure LSR ID and enable MPLS.
[3Com] undo mpls
[3Com-mpls] mpls lsr-id 10.0.0.1
[3Com] mpls
Enable L2VPN.
[3Com] mpls l2vpn
mpls l2vpn
encapsulation
Syntax
mpls l2vpn vpn-name encapsulation { atm-aal5 | ethernet | fr | vlan | hdlc | ppp }
undo mpls l2vpn vpn-name
View
System view
Parameter
vpn-name: Unique VPN name in PE with 1 to 20 bytes.
atm-aal5 | ethernet | fr | vlan | hdlc | ppp: VPN encapsulation types. The CCC
encapsulation type on CE interface must keep accordance with that of VPN when
creating BGP L2VPN connection. Otherwise, the connection can not be performed
normally.
Description
Using the mpls l2vpn encapsulation command, you can create Kompella MPLS
L2VPN and specify encapsulation mode. Using the undo mpls l2vpn
encapsulation command, you can remove the encapsulation.
Create Kompella MPLS L2VPN after global enable MPLS L2VPN.
After creating Kompella MPLS L2VPN, system will create a L2VPN mode, all the
parameters of which are configured in L2VPN mode.
For related commands, see ce and mtu.
Example
Create a Kompella MPLS L2VPN, named 3Com, with encapsulation type being
vlan:
[3Com] mpls l2vpn 3Com encapsulation vlan
mtu
Syntax
mtu mtu
View
L2VPN view
Parameter
mtu: Layer2 MTU value of VPN. MTU is defaulted as 1500.
811
Description
Using the mtu command, you can configure MTU of Kompella MPLS L2VPN.
When configuring VPN layer2 mtu, the mtu value of the same VPN on different
PEs must be the consistent in the whole SP network. Otherwise, VPN will not work
normally.
For the related command, see mpls l2vpn encapsulation.
Example
Configure the mtu of VPN 3Com as 1000.
[3Com-l2vpn-3Com] mtu 1000
peer enable
Syntax
peer { group-name | peer-address } enable
undo peer { group-name | peer-address } enable
View
L2VPN address family view
Parameter
group-name: Peer group name, specifying the whole peer group.
peer-address: IP address of peer, specifying some specified peer.
Description
Using the peer enable command, you can activate specified peer (group) in
L2VPN address family view. Using the undo peer enable command, you can
deactivate specified peer (group) in L2VPN address family view.
By default, unicast peer (group) of IPv4 address family is activated, while other
peer (groups) are deactivated.
Example
Activate the peer (group) 192 in the L2VPN address family view.
[3Com-bgp] peer 1.1.1.1 as-number 100
[3Com-bgp] l2vpn-family
[3Com-bgp-af-l2vpn] peer 1.1.1.1 enable
812
SECURITY
AAA Configuration
Commands
access-limit
Syntax
access-limit { disable | enable max-user-number }
undo access-limit
View
ISP domain view
Parameter
disable: No limit to the supplicant number in the current ISP domain.
enable max-user-number: Specifies the maximum supplicant number in the
current ISP domain, ranging from 1 to 1024
Description
Using the access-limit command, you can configure a limit to the amount of
supplicants in the current ISP domain. Using the undo access-limit command,
you can restore the limit to the default setting.
By default, there is no limit to the amount of supplicants in the current ISP domain.
This command limits the amount of supplicants contained in the current ISP
domain. The supplicants may contend with each other for the network resources.
So setting a suitable limit to the amount will guarantee the reliable performance
for the existing supplicants.
Example
# Set a limit of 500 supplicants for the ISP domain "3com163.net".
[3Com-isp-3com163.net] access-limit enable 500
accounting optional
Syntax
accounting optional
undo accounting optional
View
ISP domain view
814
CHAPTER 9: SECURITY
Parameter
None
Description
Using the accounting optional command, you can enable optional accounting.
Using the undo accounting optional command, you can disable it.
By default, optional accounting is disabled.
With the accounting optional command, a user that will be disconnected
otherwise can use the network resources even when there is no available
accounting server or the communication with the current accounting server fails.
This command is normally used for the authentication without accounting.
Example
# Enable optional accounting for users in the domain 3com163.net.
[3Com] domain 3com163.net
[3Com-isp-3com163.net] accounting optional
display connection
Syntax
display connection [ domain isp-name | interface portnum | ip
ip-address | mac mac-address | radius-scheme radius-scheme-name |
HWHWTACACSHWHWTACACS-scheme HWHWTACACS-scheme-name | ucibindex
ucib-index | user-name user-name ]
View
Any view
Parameter
domain isp-name: Displays all the user connections belonging to the ISP domain
specified by isp-name, a character string not exceeding 24 characters. The
specified ISP domain must an existing one.
ip ip-address: Displays all the user connections related to the specified IP
address.
mac mac-address: Displays a user connection by specifying its hexadecimal MAC
address in the format of x-x-x.
radius-scheme radius-scheme-name: Displays all the user connections
connected to the RADIUS server specified by radius-scheme-name, a character
string not exceeding 32 characters.
HWHWTACACS-scheme HWHWTACACS-scheme-name: Displays all the user connections
connected to the HWHWTACACS server specified by
HWHWTACACS-scheme-name, a character string not exceeding 32 characters.
ucibindex ucib-index: Displays information on a user connection by specifying
its connection index number, that is, ucib-index ranging from 0 to 1023.
815
Description
Using the display connection command, you can view the relevant information
on the specified user connection or all the connections. The output can help you
troubleshoot user connections.
By default, information about all user connections is displayed.
For the related command, see cut connection.
Example
# Display the relevant information of all the users.
<3Com> display connection
Total 0 connections matched, 0 listed.
display domain
Syntax
display domain [ isp-name ]
View
Any view
Parameter
isp-name: Specifies the ISP domain name, with a character string not exceeding
816
CHAPTER 9: SECURITY
Domain = 2
State = Active
Access-limit = Disable
Domain = ls
State = Active
Access-limit = Disable
The following table describes information about the above terminal display.
Table 1 Information displayed after executing display domain (when no ISP domain is
specified)
Field
Description
0 Domain=2
State
State
Access-limit
Syntax
display local-user [ domain isp-name | service-type { telnet | ssh |
terminal | pad | ftp | ppp } | state { active | block } | user-name
user-name ]
View
Any view
Paramet
domain isp-name: Displays all the local users in the ISP domain specified by
isp-name, a character string not exceeding 24 characters. The specified ISP domain
must be an existing one.
service-type: Displays local users by specifying service type, which can be telnet,
ssh, terminal (terminal users logging on from Console, AUX, or Asyn port), ftp,
ppp, or PAD (X.25 PAD).
state { active | block }: Displays local users by specifying user state, where
active means users allowed to request for network services and block means the
opposite.
817
string not exceeding 80 characters and excluding "/", ":", "*", "?", "<" and
">". The @ character can be used only once in one username. The username
without domain name (the part before @, namely the user ID) cannot exceed 24
characters.
Description
Using the display local-user command, you can view the relevant information on
the specified local user or all the local users. The output can help you troubleshoot
faults related to local user.
By default, information on all local users is displayed.
For the related command, see local-user.
Example
# Display the relevant information of all the local users.
<3Com> display local-user
The contents of local user user1:
State:
Active
Idle-Cut:
Disable
Access-Limit:
Disable
Bind location:
Disable
Vlan ID:
Disable
IP address:
Disable
MAC address:
Disable
Current AccessNum: 0
Description
State
State
Idle-cut
Idle-cut switch
Access-limit
Bind location
VLAN ID
IP address
IP address of user
MAC address
818
CHAPTER 9: SECURITY
domain
Syntax
domain [ isp-name | default { disable | enable isp-name } ]
undo domain isp-name
View
System view
Parameter
isp-name: Specifies an ISP domain name. The name is expressed with a character
string not exceeding 24 characters, excluding "/", ": ", "*", "? ", "<", and ">".
default: Configures the default ISP domain. The default ISP domain of the system
is "system".
disable: Disables the configured default ISP domain. The users that have
usernames without a domain name are to be refused as a result.
enable: Enables the configured default ISP domain. It is to be appended to the
usernames that are received without domain name before they are sent to the
intended AAA servers.
Description
Using the domain command, you can configure an ISP domain or enter the view
of an existing ISP domain. Using the undo domain command, you can cancel a
specified ISP domain.
By default, the default domain in the system is "system".
ISP domain is a group of users belonging to the same ISP. Generally, for a
username in the userid@isp-name format, gw20010608@3com163.net for
example, the isp-name ("3com163.net" in the example) following the "@" is the
ISP domain name. When an AAA server controls user access, for an ISP user whose
username is in userid@isp-name format, the system takes the part "userid" as
username for identification and takes the part "isp-name" as domain name.
The purpose of introducing ISP domain settings is to support the application
environment with several ISP domains. In this case, an access device may have
supplicants from different ISP domains. Because the attributes of ISP users, such as
username and password structures, service types, may be different, it is necessary
to separate them by setting ISP domains. In ISP domain view, you can configure a
complete set of ISP domain attributes for each ISP domain, including an AAA
scheme (the RADIUS scheme applied).
For a router, each supplicant belongs to an ISP domain. The system supports to
configure up to 16 ISP domains.
When this command is used, if the specified ISP domain does not exist, the system
will create a new ISP domain. All the ISP domains are in the active state when
they are created.
For the related commands, see access-limit, scheme, state, and display
domain.
819
Example
# Create a new ISP domain, 3com163.net, and enters its view.
[3Com] domain 3com163.net
New Domain added.
[3Com-isp-3com163.net]
ip pool
Syntax
ip pool pool-number low-ip-address [ high-ip-address ]
undo ip pool pool-number
View
System view, ISP domain
Parameter
pool-number: Address pool number, ranging from 0 to 99.
low-ip-address and high-ip-address: The start and end IP addresses of the
address pool. The number of in-between addresses cannot exceed 1024. If end IP
address is not specified, there will be only one IP address in the pool, namely the
start IP address.
Description
Using the ip pool command, you can configure a local address pool for assigning
addresses to PPP users. Using the undo ip pool command, you can delete the
specified local address pool.
By default, no local IP address pool is configured.
You can configure an IP address pool in system view and use the remote address
command in interface view to assign IP addresses from the pool to PPP users.
You can also configure an IP address pool in ISP domain view for assigning IP
addresses to PPP users in the current ISP domain. This applies to the case where an
interface serves a great amount of PPP users but with inadequate address
resources for allocation. For example, an Ethernet interface running PPPoE can
accommodate 4095 users at most. However, only one address pool with up to
1024 addresses can be configured on its Virtual Template (VT). This is obviously far
from what is required. To address the issue, you can configure address pools for
ISP domains and assign addresses from them to their PPP users.
For the related command, see remote address.
Example
# Configure the local IP address pool 0 with the address range of 129.102.0.1 to
129.102.0.10.
[3Com] domain 3com163.net
[3Com-isp-3com163.net] ip pool 0 129.102.0.1 129.102.0.10
level
Syntax
level level
undo level
820
CHAPTER 9: SECURITY
View
Local user view
Parameter
level: Specifies user priority level, an integer ranging from 0 to 3.
Description
Using the level command, you can configure user priority level. Using the undo
level command, you can restore the default user priority level.
By default, user priority level is 3.
For the related command, see local user.
If the configured authentication mode is none authentication or password
authentication, the command level that a user can access after login depends on
the priority of user interface. In the case of authentication requiring both
username and password, however, the accessible command level depends on user
priority level.
Example
# Set the priority level of the user to 3.
[3Com-luser-3com1] level 3
local-user
Syntax
local-user user-name
undo local-user { user-name | all }
View
System view
Parameter
user-name: Specifies a local username with a character string not exceeding 80
characters, excluding "/", ":", "*", "?", "<" and ">". The @ character can be
used only once in one username. The username without domain name (the part
before @, namely the user ID) cannot exceed 24 characters. user-name is
case-insensitive, so UserA and usera are the same for example.
all: All the users.
Description
Using the local-user command, you can add a local user and enter the local user
view. Using the undo local-user command, you can remove the specified local
user.
By default, no local user is configured
For the related command, see display local user.
Example
# Add a local user named 3com1.
821
local-user
password-display-mode
Syntax
local-user password-display-mode { cipher-force | auto }
undo local-user password-display-mode
View
System view
Parameter
cipher-force: Forced cipher mode specifies that the passwords of all the accessed
users must be displayed in cipher text.
auto: The auto mode specifies that a user is allowed to use the password
command to set a password display mode.
Description
Using the local-user password-display-mode command, you can configure the
password display mode of all the local users. Using the undo local-user
password-display-mode command, you can restore the default password display
mode of all the local users.
If cipher-force applies, the effort of specifying in the password command to display
passwords in simple text is rendered useless.
By default, auto applies when displaying passwords of local users.
For the related commands, see display local-user and password.
Example
Force all the local users to have passwords displayed in cipher text.
[3Com] local-user password-display-mode cipher-force
password
Syntax
password { simple | cipher } password
undo password
View
Local user view
Parameter
simple: Specifies to display passwords in simple text.
cipher: Specifies to display passwords in cipher text.
password: Defines a password, which is a character string of up to 16 characters if
it is in simple text or of up to 24 characters if it is in cipher text.
822
CHAPTER 9: SECURITY
Description
Using the password command, you can configure a password for a local user.
Using the undo password command, you can cancel the password of the local
user.
If local-user password-display-mode cipher-force applies, the effort of
specifying in the password command to display passwords in simple text is
rendered useless.
For the related command, see display local-user.
Example
# Display the password of the user 3com1 in simple text, with the password being
20030422.
[3Com-luser-3com1] password simple 20030422
Scheme
Syntax
scheme { radius-scheme radius-scheme-name | HWHWTACACS-scheme
HWHWTACACS-scheme-name | local | none }
undo scheme { radius-scheme | HWHWTACACS-scheme | none }
View
ISP domain view
Parameter
radius-scheme-name: RADIUS scheme, a character string not exceeding 32
characters
HWHWTACACS-scheme-name: HWHWTACACS scheme, a character string not
exceeding 32 characters
local: Local authentication
none: No authentication
Description
Using the scheme command, you can configure the AAA scheme to be
referenced by the current ISP domain. Using the undo scheme command, you
can restore the default AAA scheme.
The default AAA scheme in the system is local.
With this command, the current ISP domain can reference a
RADIUS/HWHWTACACS scheme that has been configured.
If the local or none scheme applies, no RADIUS or HWHWTACACS scheme can
be adopted.
For the related commands, see radius scheme and HWHWTACACS scheme.
Example
# Specify the current ISP domain, 3com163.net, to use the RADIUS scheme 3com.
[3Com-isp-3com163.net] scheme radius 3com
service-type
823
Syntax
service-type { telnet | ssh | terminal | pad }
undo service-type { telnet | ssh | terminal | pad }
View
Local user view
Parameter
telnet: Authorizes the user to use the Telnet service.
ssh:Authorizes the user to use the SSH service.
terminal: Authorizes the user to use the terminal service (login from the Console,
AUX or Asyn port).
pad: Authorizes the user to use the PAD service.
Description
Using the service-type command, you can configure a service type for a
particular user. Using the undo service-type command, you can delete one or all
service types configured for the user.
By default, no service is available for the user.
For the related commands, see service-type ppp and service-type ftp.
Example
# Authorize the user to use the Telnet service.
[3Com-luser-3com1] service-type telnet
service-type ftp
Syntax
service-type ftp [ ftp-directory directory]
undo service-type ftp [ ftp-directory ]
View
Local user view
Parameter
ftp-directory directory: Specifies a directory accessible for the FTP user.
Description
Using the service-type ftp command, you can specify a directory accessible for
the FTP user. Using the undo service-type ftp command, you can restore the
default directory accessible for the FTP user.
By default, no services of any type are authorized to any user and access of
anonymous FTP users is not allowed, but a user that is granted the FTP service is
authorized to access the root directory flash:/.
For the related commands, see service-type and service-type ppp.
824
CHAPTER 9: SECURITY
Example
# Authorize the user to use the FTP service.
[3Com-luser-3com1] service-type ftp
service-type ppp
Syntax
service-type ppp [ callback-nocheck | callback-number
callback-number | call-number call-number [ subcall-number ] ]
undo service-type ppp [ callback-nocheck | callback-number |
call-number ]
View
Local user view
Parameter
callback-nocheck: Specifies PPP user callback without authentication.
callback-number callback-number: Specifies a callback number.
call-number call-number: Specifies a caller number in ISDN user authentication,
with a length up to 64 bytes.
[ subcall-number ]: Specifies the sub-caller number. If included, the total length
of it plus the caller number cannot exceed 62 bytes.
Description
Using the service-type command, you can configure the callback attribute and
caller number of the PPP user. Using the undo service-type command, you can
restore their default settings.
By default, PPP users are allowed to call back without authentication and no
callback number is specified; the system does not authenticate caller numbers of
ISDN users.
For the related commands, see service-type and service-type ftp.
Example
# Set PPP user to call back without authentication.
[3Com-luser-3com1] service-type ppp callback-nocheck
state
Syntax
state { active | block }
View
ISP domain view, local user view
Parameter
active: Configured to allow users in the current ISP domain or the current local
user to request for network services.
825
block: Configured to block users in the current ISP domain or the current local
Syntax
acl { number acl-number | name acl-name [ basic | advanced | interface ] } [ match-order
{ config | auto } ]
undo acl { number acl-number | name acl-name | all }
View
System View
Parameter
number: Defines a number-typed ACL ( access control list). The number used for
basic ACL is ranges from 1 to 99, and that for advanced ACL ranges from
100-199, and that for interface-based ACL ranges from 1000-1999.
name: Defines an ACL by name.
basic: Defines a basic ACL.
advanced: Defines an advanced ACL.
interface: Defines an interface-based ACL.
826
CHAPTER 9: SECURITY
Example
# Create an ACL numbered 10.
[3Com] acl number 10
[3Com-acl-basic-10]
display acl
827
Syntax
display acl { all | acl-number | acl-name }
View
Any view
Parameter
all: All ACL rules.
acl-number: ACL expressed by number.
acl-name: ACL expressed by name.
Description
Using the display acl command, you can view the rules of access control list.
The default match order of the system is the configuration order (config). If you
select match order as auto-match (auto), the system will display the information
with the match order as "auto". If the default match order (config) is selected,
the system will display without the configuration order information.
Example
# Display the contents of ACL1 rule.
[3Com-acl-basic-1] display acl 1
Basic ACL 1, 2 rules,
rule 1 permit (0 times matched)
rule 2 permit source 1.1.1.1 0 (0 times matched)
Syntax
reset acl counter { all | acl-number | acl-name }
View
User View
Parameter
acl-number: ACL expressed by number.
acl-name: ACL expressed by name.
all: All ACL rules.
Description
Using the reset acl counter command, you can clear the statistics of access
control list.
Example
# Reset the statistics of access control list 1.
<3Com> reset acl counter 1
828
CHAPTER 9: SECURITY
rule
Syntax
1.)> Create or delete a rule of a basic access control list.
rule [ rule-id ] { permit | deny } [ source source-addr source-wildcard | any ] [ time-range
time-name ] [ logging ] [ fragment ] [ vpn-instance vpn-instance-name ]
undo rule rule-id [ source ] [ time-range ] [ logging ] [ fragment ] [ vpn-instance
vpn-instance-name ]
View
The first group of commands is used in basic ACL view.
The second group of commands is used in advanced ACL view.
The third group of commands is used in interface-based ACL view.
Parameter
In the rule command:
deny: Discards the qualified packets that meet the condition to pass.
protocol: protocol type over IP, expressed by name or number. The number
range is from 0 to 255, and the name range covers gre, icmp, igmp, ip,
ipinip, ospf, tcp and udp.
source: Optional, specify source address information of ACL rule. If it is not
configured, it indicates that any source address of the packets matches.
source-addr: Source IP address of packets in dotted decimal format. Or use
"any" to represent the source address 0.0.0.0 with the wildcard
255.255.255.255.
829
830
CHAPTER 9: SECURITY
fragment: Specifies that this rule is only valid for the fragment packets that
are not the first fragment. When this parameter is contained, it indicates
that the rule is only valid for the fragment packets that are not the first
fragment.
interface: Optional, specify the interface information of the packets. If it is
not specified, it indicates that all interfaces match.
interface-name: Specifies packets to enter from the interface. Or any can
be used to indicate all interfaces.
vpn-instance: Optional parameter specifying the vpn-instance to which the
packets belongs. If it is not specified, the ACL rule will be valid for the
packets in all the vpn-instances. If it is specified, the ACL rule will be valid
only for the specified vpn-instance.
831
Description
Using the rule command, you can add a rule in current ACL view. Using the undo
rule command, you can delete a rule.
The rule ID is needed when you try to delete a rule. If you do not know the ID,
using the display acl command to find it out.
Example
# Create ACL 101 and add a rule to prohibit the receiving or sending of RIP
packets.
[3Com] acl number 101
[3Com-acl-adv-101] rule deny udp destination-port eq rip
# Add a rule to permit hosts in the network segment 129.9.0.0 to send WWW
packet to hosts in the network segment 202.38.160.0.
[3Com-acl-adv-101] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0
0.0.0.255 destination-port eq www
# Add a rule to deny the WWW access (80) from the host in network segment
129.9.0.0 to the host in network segment 202.38.160.0, and log events that
violate the rule.
[3Com-acl-adv-101] rule deny tcp source 129.9.0.0 0.0.255.255 destination 202.38.160. 0
0.0.0.255 eq www logging
# Add a rule to permit the WWW access (80) from the host in network segment
129.9.8.0 to the host in network segment 202.38.160.0.
[3Com-acl-adv-101] rule permit tcp source 129.9.8.0 0.0.0.255 destination 202.38.160.0
0.0.0.255 destination-port eq www
# Add a rule to prohibit all hosts from establishing Telnet (23) connection to the
host with the IP address 202.38.160.1.
[3Com-acl-adv-101] rule deny tcp destination 202.38.160.1 0 destination-port eq telnet
# Add a rule to prohibit create UDP connections with port number greater than
128 from the hosts in network segment 129.9.8.0 to the hosts in network
segment 202.38.160.0
[3Com-acl-adv-101] rule deny udp source 129.9.8.0 0.0.0.255 destination 202.38.160.0
0.0.0.255 destination-port gt 128
# Add a rule, denying the packets carrying the source address 1.1.1.1 from VPN
vrf1.
[3Com-acl-adv-101] rule deny ip source 1.1.1.1 vpn-instance vrf1
Add/delete a
MAC-based ACL rule
832
CHAPTER 9: SECURITY
Parameter
type-code: Data frame type, a 16-bit hexadecimal number equivalent to the
type-code field in Ethernet_II and Ethernet_SNAP frames.
type-mask: A 16-bit hexadecimal number used for specifying the mask bits.
lsap-code: Encapsulation format of data frames, a 16-bit hexadecimal number.
lsap-mask: LSAP mask, a 16-bit hexadecimal number used to specify mask bits.
sour-addr: Source MAC address in the format of xxxx-xxxx-xxxx.
sour-mask: Source MAC address mask.
dest-addr: Destination MAC address in the format of xxxx-xxxx-xxxx.
dest-mask: Destination MAC address mask.
Ethernet Type-Code
Values
The following table lists the Ethernet type-code values recommended in RFC 1700
and their meanings.
Table 3 0BAD0888-088AEthernet type-code values
Ethernet type-code value (in hexadecimal)
0000-05DC
0101-01FF
200
201
400
600
660
661
800
801
802
803
804
805
806
807
081C
0888-088A
900
0A00
0A01
0BAD
1000
1001-100F
1600
4242
5208
6000
6001
6002
6003
Represents
IEEE802.3 Length Field
Experimental
XEROX PUP (see 0A00)
PUP Addr Trans (see 0A01)
Nixdorf
XEROX NS IDP
DLOG
DLOG
Internet IP (IPv4)
X.75 Internet
NBS Internet
ECMA Internet
Chaosnet
X.25 Level 3
ARP
XNS Compatability
Symbolics Private
Xyplex
Ungermann-Bass net debugr
Xerox IEEE802.3 PUP
PUP Addr Trans
Banyan Systems
Berkeley Trailer nego
Berkeley Trailer encap/IP
Valid Systems
PCS Basic Block Protocol
BBN Simnet
DEC Unassigned (Exp.)
DEC MOP Dump/Load
DEC MOP Remote Console
DEC DECNET Phase IV Route
Represents
DEC LAT
DEC Diagnostic Protocol
DEC Customer Protocol
DEC LAVC, SCA
DEC Unassigned
3Com Corporation
Ungermann-Bass download
Ungermann-Bass dia/loop
LRT
Proteon
Cabletron
Cronus VLN
Cronus Direct
HP Probe
Nestar
AT&T
Excelan
SGI diagnostics
SGI network games
SGI reserved
SGI bounce server
Apollo Computers
Tymshare
Tigan, Inc.
Reverse ARP
Aeonic Systems
DEC LANBridge
DEC Unassigned
DEC Ethernet Encryption
DEC Unassigned
DEC LAN Traffic Monitor
DEC Unassigned
Planning Research Corp.
AT&T
AT&T
ExperData
Stanford V Kernel exp.
Stanford V Kernel prod.
Evans & Sutherland
Little Machines
Counterpoint Computers
Univ. of Mass. @ Amherst
Univ. of Mass. @ Amherst
Veeco Integrated Auto.
General Dynamics
AT&T
Autophon
ComDesign
Computgraphic Corp.
Landmark Graphics Corp.
833
834
CHAPTER 9: SECURITY
Represents
Matra
Dansk Data Elektronik
Merit Internodal
Vitalink Communications
Vitalink TransLAN III
Counterpoint Computers
Appletalk
Datability
Spider Systems Ltd
Nixdorf Computers
Siemens Gammasonics Inc.
DCA Data Exchange Cluster
Banyan Systems
Banyan Systems
Pacer Software
Applitek Corporation
Intergraph Corporation
Harris Corporation
Taylor Instrument
Rosemount Corporation
IBM SNA Service on Ether
Varian Associates
Integrated Solutions TRFS
Allen-Bradley
Datability
Retix
AppleTalk AARP (Kinetics)
Kinetics
Apollo Computer
Wellfleet Communications
Symbolics Private
Hayes Microcomputers
VG Laboratory Systems
Bridge Communications
Novell, Inc.
KTI
Logicraft
Network Computing Devices
Alpha Micro
SNMP
BIIN
BIIN
Technically Elite Concept
Rational Corp
Qualcomm
Computer Protocol Pty Ltd
Charles River Data System
Protocol Engines
Motorola Computer
Time-range
Configuration
Commands
display time-range
Syntax
display time-range { all | time-name }
View
Any view
Parameter
time-name: name of the time range.
Represents
Qualcomm
ARAI Bunkichi
RAD Network Devices
Xyplex
Apricot Computers
Artisoft
Polygon
Comsat Labs
SAIC
VG Analytical
Quantum Software
Ascom Banking Systems
Advanced Encryption Systems
Athena Programming
Charles River Data System
Inst Ind Info Tech
Taurus Controls
Walker Richer & Quinn
Idea Courier
Computer Network Tech
Gateway Communications
SECTRA
Delta Controls
ATOMIC
Landis & Gyr Powers
Motorola
Invisible Software
Loopback
3Com(Bridge) XNS Sys Mgmt
3Com(Bridge) TCP-IP Sys
3Com(Bridge) loop detect
BBN VITAL-LanBridge cache
ISC Bunker Ramo
835
836
CHAPTER 9: SECURITY
time-range
Syntax
time-range time-name [ start-time to end-time ] [ days ] [ from time1 date1 ] [ to time2
date2 ]
undo time-range time-name [ start-time to end-time ] [ days ] [ from time1 date1 ] [ to
time2 date2 ]
View
System view
Parameter
time-name: Name of time range.
start-time: Start time of a time range, in the format of HH:MM.
end-time: End time of a time range, in the format of HH:MM.
days: Indicates on which day of a week the time range is valid or from which day
in a week the time range is valid. The following parameters can be input:
Number (0 to 6);
Monday to Sunday (Monday, Tuesday, Wednesday, Thursday, Friday, Saturday,
Sunday);
Working-day, from Monday to Friday;
837
# Configure the time range valid between 14:00 and 16:00 in every weekend
from 20:00 on Apr.01, 2003 to 20:00 on Dec.10, 2003.
[3Com] time test 14:00 to 16:00 off-day from 20:00 04-01-2003 to 20:00 12-10-2003
# Configure the time range valid between 8:00 and 18:00 in each working day.
[3Com] time-range test 8:00 to 18:00 working-day
# Configure the time range valid between 14:00 and 18:00 in each weekend day.
[3Com] time-range test 14:00 to 18:00 off-day
838
CHAPTER 9: SECURITY
Syntax
debugging firewall { all | icmp | tcp | udp | fragments-inspect | others } [ interface
interface-name ]
undo debugging firewall { all | icmp | tcp | udp | fragments-inspect | others } [ interface
interface-name ]
View
User view
Parameter
icmp: Debugging information of ICMP packet filtering.
tcp: Debugging information of TCP packet filtering.
udp: Debugging information of UDP packet filtering.
fragments-inspect: Fragment debugging information.
others: Debugging information of all the other packets except ICMP, TCP and
UDP.
interface interface-name: Debugging information of the corresponding packets
passing the interface. The debugging information of all the interfaces will be
displayed if this parameter is not configured.
all: Debugging information of all the packets.
Description
Using the debugging firewall command, you can enable the information
debugging of the firewall packet filtering. Using the undo debugging firewall
command, you can disable the information debugging of the firewall packet
filtering.
By default, all the information debugging of the firewall is disabled.
For the related command, see display debugging.
Example
# Enable the debugging information about UDP packet filtering.
[3Com] debugging firewall udp
display firewall-statistics
Syntax
display firewall-statistics { all | interface interface-name | fragments-inspect }
839
View
Any view
Parameter
all: Displays the filtering packet statistics of all the interfaces.
interface: Displays the filtering packet statistics of a certain interface.
interface-name: Name of the interface.
fragments-inspect: Displays the fragment inspection information.
Description
Using the display firewall-statistics command, you can view the firewall
statistics.
For the related command, see firewall fragments-inspect.
Example
# Display the information of fragment inspection.
<3Com> display firewall-statistics fragments-inspect
Fragments inspection is enabled.
The high-watermark for clamping is 10000.
The low-watermark for clamping is 1000.
Current records for fragments inspection is 0.
firewall default
Syntax
firewall default { permit | deny }
View
System view
Parameter
permit: Default filter rule is permitting packets to pass.
deny: Default filter rule is denying packets to pass.
Description
Using the firewall default command, you can configure the default filtering rule
of the firewall, whether to be permit or deny.
By default, the system permits packets.
Example
# Set the default filtering rule of the firewall to deny.
[3Com] firewall default deny
840
CHAPTER 9: SECURITY
firewall enable
Syntax
firewall enable
undo firewall enable
View
System view
Parameter
none.
Description
Using the firewall enable command, you can enable the firewall. Using the
undo firewall enable command, you can disable the firewall.
By default, the firewall is disabled.
Example
# Enables the firewall
[3Com] firewall enable
firewall
fragments-inspect
Syntax
Firewall fragments-inspect
841
Only when the fragment packet inspection is enabled, can the exact match really
take effect.
For the related commands, see display firewall fragments-inspect and
firewall packet-filter.
Example
# Enable the fragment inspection switches
[3Com] firewall fragments-inspect
firewall
fragments-inspect { high
| low }
Syntax
firewall fragments-inspect { high | low } { default | number }
undo firewall fragments-inspect { high | low }
View
System view
Parameter
high number: Specifies the high threshold of the fragment status records. It is in
the range from 100 to 10000.
low number: Specifies the low threshold of the fragment status records. It is in the
range from 100 to 10000.
default: Default number of fragment status records. The default high threshold of
the fragment status records is 2000 and the default low threshold of the fragment
status records is 1500.
Description
Using the firewall fragments-inspect { high | low } command, you can
configure the high and low thresholds of records for fragment inspection. Using
the undo firewall fragments-inspect { high | low } command, you can restore
the default high and low thresholds.
If fragment inspection switch is enabled and exact match filtering is applied, the
executing efficiency of the packet filtering will be slightly reduced. The more
matching entries are configured, the more the efficiency is reduced. Therefore, the
(high and low) thresholds should be set. When the number of fragment status
records reaches the high threshold, those status entries first reserved will be
deleted till the number of records is below the low threshold.
The low threshold must be no greater than the high threshold.
For the related commands, see display firewall-statistics fragments-inspect
and firewall packet-filter.
Example
# Configure the high threshold for fragment packet inspection to 3000 and
configure the low threshold to the default value.
[3Com] firewall fragments-inspect high 3000
842
CHAPTER 9: SECURITY
firewall packet-filter
Syntax
firewall packet-filter { acl-number | acl-name } { inbound | outbound } [
match-fragments { normally | exactly } ]
undo firewall packet-filter { acl-number | acl-name } { inbound | outbound }
View
Interface view
Parameter
acl-number: Serial number of access control list rule.
acl-name: Name of ACL rule, in character string.
inbound: Filters the packet received from the interface.
outbound: Filters the packet forwarded from the interface.
normally: Normal matching mode, the default mode.
exactly: Exact matching mode.
Description
Using the firewall packet-filter command, you can apply the access control list
to the corresponding interface. Using the undo firewall packet-filter command,
you can delete the corresponding setting.
Interface-based ACL (namely ACL rule with sequence number from 1000 to 1999)
can only use the parameter outbound.
For related command, see acl, display acl and firewall fragments-inspect.
Example
# Apply access control list rule 101 to the "in" direction of the interface serial
1/0/0.
[3Com-Serial1/0/0] firewall packet-filter 101 inbound
reset firewall-statistics
Syntax
reset firewall-statistics { all | interface interface-name }
View
User view
Parameter
all: Clears the filtering packet statistics of all the interfaces.
interface: Clears the filtering packet statistics of a certain interface.
interface-name: Name of the interface.
843
Description
Using the reset firewall-statistics command, you can clear the firewall statistics.
Example
# Clear filtering packet statistics of the interface E3/1/0.
[3Com] reset firewall-statistics interface e3/1/0
844
CHAPTER 9: SECURITY
Example
# Specify the ISAKMP Sa duration for IKE proposal 10 as 600 seconds (10
minutes).
[3Com] ike proposal 10
[3Com-ike-proposal-10] sa duration 600
ASPF Configuration
Commands
aging-time
Syntax
aging-time { syn | fin | tcp | udp } seconds
undo aging-time { syn | fin | tcp | udp } seconds
View
ASPF policy view
Parameter
seconds: Specifies the idle timeout time of SYN, FIN, TCP and UDP session entries
respectively when the related packets are inspected. The default timeout time of
SYN, FIN, TCP and UDP is 30s, 5s, 3600s and 30s respectively.
Description
Using the aging-time command, you can configure SYN status waiting timeout
value and FIN status waiting timeout value of TCP, session entry idle timeout value
of TCP and UDP. Using the undo aging-time command, you can restore the
default value.
Before the aging-time expires, the system will retain the connections and the
sessions that have been set up.
For related commands, see display aspf all, display aspf policy, display aspf
session and display aspf interface.
Example
# Configure SYN status waiting timeout value of TCP as 20 seconds.
[3Com-aspf-policy-1] aging-time syn 20
aspf-policy
845
Syntax
aspf-policy aspf-policy-number
undo aspf-policy aspf-policy-number
View
System view
Parameter
aspf-policy-number: ASPF policy number, ranging from 1 to 99.
Description
Using the aspf-policy command, you can define an ASPF policy. For a defined
policy, the policy can be invoked through its policy number.
Example
# Define an ASPF policy and enter ASPF view.
[3Com] aspf-policy 1
[3Com-aspf-policy-1]
debugging aspf
Syntax
debugging aspf { all | verbose | events | ftp | h323 | http | rtsp | session | smtp | tcp | timer
| udp }
undo debugging aspf { all | verbose | events | ftp | h323 | http | rtsp | session | smtp | tcp
| timer | udp }
View
User view
Parameter
all: All ASPF debugging switch.
verbose: Detailed debugging switch.
events: Event debugging switch.
ftp: Debugging switch for FTP detect information .
h323: Debugging switch for H.323 information detection.
http: Debugging switch for HTTP information detection.
rtsp: Debugging switch for RSTP information detection.
session: Debugging switch for Session information .
smtp: Debugging switch for SMTP information detection.
tcp : Debugging switch for TCP information detection.
846
CHAPTER 9: SECURITY
detect
Syntax
detect protocol [ java-list acl-number ] [ aging-time seconds ]
undo detect protocol
View
ASPF policy view
Parameter
seconds: Configures the idle timeout time of the protocol, ranging from 10 to
43200 seconds. The default TCP-based timeout time is 3600 seconds, and the
default UDP-based timeout time is 30 seconds.
java-list: Configures to block the Java Applets to specified network segment
packets, valid only when the protocol is HTTP.
acl-number: Basic ACL number, ranging from 1 to 99.
protocol: Name of the protocols supported by ASPF, the value can be ftp, http,
h323, smtp, rtsp, tcp and udp.
Description
Using the detect command, you can specify ASPF policy for application layer
protocols. Using the undo detect command, you can cancel the configuration.
When the protocol is HTTP, Java blocking is permitted.
For related commands, see display aspf all, display aspf policy, display aspf
session and display aspf interface.
Example
# Configure to specify an ASPF policy for HTTP protocol with policy number 1. At
the same time, permit Java blocking and set ACL1 to make ASPF able to filter Java
Applets from destination server 10.1.1.1.
847
Syntax
display aspf all
View
Any view
Parameter
none
Description
Using the display aspf all command, you can view the information of all ASPF
policies and sessions.
Example
# View the information of ASPF policy and session.
[3Com] display aspf all
[ASPF Policy 1]
Session audit trail:
disabled
tcp synwait-time:
30
tcp finwait-time:
sec
tcp idle-time:
3600
sec
udp idle-time:
30
sec
h323 timeout:
tcp timeout:
sec
3600
33
[Interface Configuration]
Interface:
Ethernet0/0/0
none
848
CHAPTER 9: SECURITY
Description
tcp finnwait-time
tcp idle-time
udp idle-time
http java-list 1 timeout Detect the HTTP traffic and filter the Java Applets from some
particular sites by using ACL 1. The HTTP timeout time is set to
3000 seconds. h323 timeout indicates the timeout time of the
h323 session entry.
h323 timeout
The policy inspects h323 traffic. The timeout time of h323 is 3600
seconds.
tcp timeout
Syntax
display aspf interface
View
Any view
Parameter
none
Description
Using the display aspf interface command, you can view the interface
configuration of the inspection policy.
Example
# View the interface configuration of the inspection policy.
<3Com> display aspf interface
[Interface Configuration]
Interface:
Ethernet0/0/0
none
849
Item
Description
Syntax
display aspf policy aspf-policy-number
View
Any view
Parameter
aspf-policy-number: ASPF policy number, ranging from 1 to 99.
Description
Using the the display aspf policy command, you can view the configuration of a
specific inspection policy.
Example
# Display the configuration information of the inspection policy with policy
number of 1.
[3Com] display aspf policy 1
[ASPF Policy 1]
Session audit trail:
tcp synwait-time:
30
tcp finwait-time:
sec
tcp idle-time:
3600
sec
udp idle-time:
30
sec
h323 timeout:
tcp timeout:
disabled
sec
3600
33
Syntax
display aspf session [ verbose ]
View
Any view
Parameter
verbose: Displays the detail information of the sessions.
850
CHAPTER 9: SECURITY
Description
Using the display aspf session command, you can view the information of the
ASPF sessions.
Example
# Display the information of current ASPF sessions.
[3Com] display aspf session
[Established Sessions]
[ Session 0xC7E5E4 ]
(192.168.0.1:2124)=>(13.1.0.5:1720) h323 H323_CALL_ACTIVE
Description
TransProt: 6
AppProt: 21
Interface: Ethernet1/0/0
Direction: outbound
Bytes/Packets sent
Timeout 00:02:00(120)
851
Description
firewall aspf
Syntax
firewall aspf aspf-policy-number { inbound | outbound }
undo firewall aspf aspf-policy-number { inbound | outbound }
View
Interface view
Parameter
aspf-policy-number: ASPF policy number used on the interface.
inbound: Applies ASPF policy in inbound direction of the interface.
outbound: Applies ASPF policy in outbound direction of the interface.
Description
Using the firewall aspf command, you can apply ASPF policy in specified
direction to an interface. Using the undo firewall aspf command, you can delete
the applied ASPF policy on the interface.
There are two concepts in ASPF, inbound interface and outbound interface. If the
router connects with both intranet and internet, and uses ASPF to protect the
servers of intranet, the router interface connected with intranet is regarded as
inbound interface and the one connected with internet is regarded as outbound
interface.
When ASPF is applied on outbound interface, ASPF will refuse the access of
intranet from internet users, but the returning packets of intranet users accessing
internet can pass the detection of ASPF.
Example
# Configure ASPF firewall function in outbound direction of the interface
ethernet1/0/0.
[3Com-Ethernet1/0/0] firewall aspf 1 outbound
log enable
Syntax
log enable
undo log enable
View
ASPF policy view
Description
Using the log enable command, you can enable ASPF session logging function.
Using the undo log enable command, you can disable logging function.
852
CHAPTER 9: SECURITY
PAM Configuration
Commands
display port-mapping
Syntax
display port-mapping [ application-name | port port-number ]
View
Any view
Parameter
application-name: Specifies the name of application for PAM. Optional
applications include ftp, http, h323, smtp and rtsp.
port-number: Port number in the range from 0 to 65535.
Description
Using the display port-mapping command, you can view PAM information.
For the related command, see port-mapping.
Example
# Display all PAM information.
[3Com] display port-mapping
port-mapping
Syntax
port-mapping application-name port port-number [ acl acl-number ]
undo port-mapping [ application-name port port-number [ acl acl-number ] ]
View
System view
Parameter
application-name: Specifies the name of the application for PAM. Optional
applications include ftp, http, h323, smtp and rtsp.
853
Firewall Configuration
Commands
debugging firewall
Syntax
debugging firewall { all | icmp | tcp | udp | fragments-inspect | others } [ interface
interface-name ]
undo debugging firewall { all | icmp | tcp | udp | fragments-inspect | others } [ interface
interface-name ]
View
User view
Parameter
icmp: Debugging information of ICMP packet filtering.
tcp: Debugging information of TCP packet filtering.
udp: Debugging information of UDP packet filtering.
fragments-inspect: Fragment debugging information.
854
CHAPTER 9: SECURITY
others: Debugging information of all the other packets except ICMP, TCP and
UDP.
interface interface-name: Debugging information of the corresponding packets
passing the interface. The debugging information of all the interfaces will be
displayed if this parameter is not configured.
all: Debugging information of all the packets.
Description
Using the debugging firewall command, you can enable the information
debugging of the firewall packet filtering. Using the undo debugging firewall
command, you can disable the information debugging of the firewall packet
filtering.
By default, all the information debugging of the firewall is disabled.
For the related command, see display debugging.
Example
# Enable the debugging information about UDP packet filtering.
[3Com] debugging firewall udp
display firewall-statistics
Syntax
display firewall-statistics { all | interface interface-name | fragments-inspect }
View
Any view
Parameter
all: Displays the filtering packet statistics of all the interfaces.
interface: Displays the filtering packet statistics of a certain interface.
interface-name: Name of the interface.
fragments-inspect: Displays the fragment inspection information.
Description
Using the display firewall-statistics command, you can view the firewall
statistics.
For the related command, see firewall fragments-inspect.
Example
# Display the information of fragment inspection.
<3Com> display firewall-statistics fragments-inspect
Fragments inspection is enabled.
The high-watermark for clamping is 10000.
The low-watermark for clamping is 1000.
855
firewall default
Syntax
firewall default { permit | deny }
View
System view
Parameter
permit: Default filter rule is permitting packets to pass.
deny: Default filter rule is denying packets to pass.
Description
Using the firewall default command, you can configure the default filtering rule
of the firewall, whether to be permit or deny.
By default, the system permits packets.
Example
# Set the default filtering rule of the firewall to deny.
[3Com] firewall default deny
firewall enable
Syntax
firewall enable
undo firewall enable
View
System view
Parameter
none.
Description
Using the firewall enable command, you can enable the firewall. Using the
undo firewall enable command, you can disable the firewall.
By default, the firewall is disabled.
Example
# Enables the firewall
[3Com] firewall enable
firewall
fragments-inspect
Syntax
Firewall fragments-inspect
856
CHAPTER 9: SECURITY
View
System view
Parameter
none
Description
Using the firewall fragments-inspect command, you can enable fragment
inspection switch. Using the undo firewall fragments-inspect command, you
can disable fragment inspection switch.
By default, fragment inspection switch is disabled.
This command is the premise of realizing exact match. Only after fragment
inspection switch is enabled, can fragment exact match be implemented. Packet
filtering firewall will record the status of a fragment, and perform the exact
matching to advanced ACL rules according to the information beyond the layer 3
(IP layer).
Packet filtering firewall will consume some system resources for recording the
fragment status. If the exact match mode is not used, you are recommended to
disable this function so as to improve the running efficiency of system and reduce
the system cost.
Only when the fragment packet inspection is enabled, can the exact match really
take effect.
For the related commands, see display firewall fragments-inspect and
firewall packet-filter.
Example
# Enable the fragment inspection switches
[3Com] firewall fragments-inspect
firewall
fragments-inspect { high
| low }
Syntax
firewall fragments-inspect { high | low } { default | number }
undo firewall fragments-inspect { high | low }
View
System view
Parameter
high number: Specifies the high threshold of the fragment status records. It is in
the range from 100 to 10000.
low number: Specifies the low threshold of the fragment status records. It is in the
range from 100 to 10000.
default: Default number of fragment status records. The default high threshold of
the fragment status records is 2000 and the default low threshold of the fragment
status records is 1500.
857
Description
Using the firewall fragments-inspect { high | low } command, you can
configure the high and low thresholds of records for fragment inspection. Using
the undo firewall fragments-inspect { high | low } command, you can restore
the default high and low thresholds.
If fragment inspection switch is enabled and exact match filtering is applied, the
executing efficiency of the packet filtering will be slightly reduced. The more
matching entries are configured, the more the efficiency is reduced. Therefore, the
(high and low) thresholds should be set. When the number of fragment status
records reaches the high threshold, those status entries first reserved will be
deleted till the number of records is below the low threshold.
The low threshold must be no greater than the high threshold.
For the related commands, see display firewall-statistics fragments-inspect
and firewall packet-filter.
Example
# Configure the high threshold for fragment packet inspection to 3000 and
configure the low threshold to the default value.
[3Com] firewall fragments-inspect high 3000
[3Com] firewall fragments-inspect low default
firewall packet-filter
Syntax
firewall packet-filter { acl-number | acl-name } { inbound | outbound } [
match-fragments { normally | exactly } ]
undo firewall packet-filter { acl-number | acl-name } { inbound | outbound }
View
Interface view
Parameter
acl-number: Serial number of access control list rule.
acl-name: Name of ACL rule, in character string.
inbound: Filters the packet received from the interface.
outbound: Filters the packet forwarded from the interface.
normally: Normal matching mode, the default mode.
exactly: Exact matching mode.
Description
Using the firewall packet-filter command, you can apply the access control list
to the corresponding interface. Using the undo firewall packet-filter command,
you can delete the corresponding setting.
858
CHAPTER 9: SECURITY
Interface-based ACL (namely ACL rule with sequence number from 1000 to 1999)
can only use the parameter outbound.
For related command, see acl, display acl and firewall fragments-inspect.
Example
# Apply access control list rule 101 to the "in" direction of the interface serial
1/0/0.
[3Com-Serial1/0/0] firewall packet-filter 101 inbound
reset firewall-statistics
Syntax
reset firewall-statistics { all | interface interface-name }
View
User view
Parameter
all: Clears the filtering packet statistics of all the interfaces.
interface: Clears the filtering packet statistics of a certain interface.
interface-name: Name of the interface.
Description
Using the reset firewall-statistics command, you can clear the firewall statistics.
Example
# Clear filtering packet statistics of the interface E3/1/0.
[3Com] reset firewall-statistics interface e3/1/0
IPSec Configuration
Commands
ah
authentication-algorith
m
Syntax
ah authentication-algorithm { md5 | sha1 }
undo ah authentication-algorithm
View
IPSec proposal view
Parameter
md5: MD5 algorithm is adopted.
sha1: SHA1 algorithm is adopted.
859
Description
Using the ah authentication-algorithm command, you can set the
authentication algorithm adopted by Authentication Header protocol in IPSec
proposal. Using the undo ah authentication-algorithm command, you can
restore the default setting.
By default, the md5 authentication algorithm is adopted by Authentication
Header protocol in IPSec proposal.
AH proposal cant be used to encrypt, but to authenticate.
MD5 algorithm uses the 128-bit key, and SHA1 uses the 160-bit key. By
comparison, MD5 is faster than SHA1, while SHA1 is securer than MD5.
The IPSec proposal adopted by the security policy at both ends of the security
tunnel must be set as using the same authentication algorithm.
Can the AH authentication algorithm be configured only if AH or AH-ESP security
protocol was selected by executing the transform command.
For the related commands, see ipsec proposal, proposal, sa sip and transform.
Example
# Set IPSec proposal using AH and SHA1.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal- prop1] transform ah
[3Com-ipsec-proposal- prop1] ah authentication-algorithm sha1
debugging encrypt-card
Syntax
debugging encrypt-card {all | command | error | misc | packet | sa} [
slot-id ]
debugging encrypt-card host {all | command | error | misc | packet |
sa}
View
Any view
Parameter
all: Enables all debugging on the encryption card.
command: Enables command debugging on the encryption card.
error: Enables error debugging on the encryption card.
misc: Enables other debugging on the encryption card.
packet: Enables packet debugging on the encryption card.
sa: Enables security association (SA) debugging on the encryption card.
host: Enables host debugging on the encryption card.
860
CHAPTER 9: SECURITY
slot-id: Slot ID for the encryption card, whose range depends on the slot number on the router.
It is in 3-dimentional format, for example, x/y/z, where x stands for slot ID on the router, y and z
are fixed to 0 for the encryption card. If you do not specify a value for the parameter, the system
will display the log of all encryption cards.
Description
Using the debugging encrypt-card command, you can enable debugging on the encryption
card. Using the undo debugging ipsec command, you can disable debugging on the
encryption card.
The command is only available on the encryption card.
Example
# Enable command debugging on the encryption card at slot 5/0/0.
[Router] debugging encrypt-card command 5/0/0 d
debugging ipsec
Syntax
debugging ipsec { all | sa | misc | packet [ policy policy-name [ seq-number ] | parameters
ip-address protocol spi-number ] | misc }
undo debugging ipsec { all | sa | misc | packet [ policy policy-name [ seq-number ] |
parameters ip-address protocol spi-number ] | misc }
View
User view
Parameter
all: Displays all debugging information.
sa: Displays debugging information of SA.
packet: Displays debugging information of IPSec packets.
policy policy-name: Displays debugging information of IPSec policy whose name is
policy-name.
seq-number: Displays debugging information of IPSec policy whose sequence
number is seq-number.
parameters: Displays debugging information of a SA whose remote address is
ip-address, Security protocol is protocol, and SPI is spi-number.
misc: Displays other debugging information of IPSec.
Description
Using the debugging ipsec command, you can turn IPSec debugging on, Using
the undo debugging ipsec command, you can turn IPSec debugging off.
By default, IPSec debugging is off.
Example
# Enable IPSec SA debugging function.
861
display encrypt-card sa
Syntax
display encrypt-card sa [ slot-id ]
View
Any view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.
Description
Using the display encrypt-card sa command, you can view SA information.
The command is only available on the encryption card.
These kinds of information shall be displayed: SA proposal name, local address,
remote address, SA remaining key duration, schedule performance index (SPI), slot
ID and other similar information.
Example
# Display all SA information on the encryption card at slot 5/0/0.
[Router] display encrypt-card sa 5/0/0
AH SAs
proposal: ESP-AUTH-SHA1HMAC96
local address: 20.0.0.2
remote address: 20.0.0.1
sa remaining key duration (bytes/sec): 1887435992/2401
spi: 1081108020 (0x40706634)
Uses Encrypt5/0
ESP SAs
proposal: ESP-ENCRYPT-3DES
proposal: ESP-AUTH-SHA1HMAC96
local address: 20.0.0.2
remote address: 20.0.0.1
sa remaining key duration (bytes/sec): 1887436136/2401
spi: 891512401 (0x35236651)
862
CHAPTER 9: SECURITY
Uses Encrypt5/0/0
ESP SAs
proposal: ESP-ENCRYPT-3DES
proposal: ESP-AUTH-SHA1HMAC96
local address: 20.0.0.1
remote address: 20.0.0.2
sa remaining key duration (bytes/sec): 1887436532/2401
spi: 3024247997 (0xb4425cbd)
Uses Encrypt5/0/0
AH SAs
proposal: ESP-AUTH-SHA1HMAC96
local address: 20.0.0.1
remote address: 20.0.0.2
sa remaining key duration (bytes/sec): 1887436464/2401
spi: 2937733563 (0xaf1a41bb)
Uses Encrypt5/0/0
display encrypt-card
statistics
Syntax
display encrypt-card statistics [ slot-id ]
View
Any view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.
Description
Using the display encrypt-card statistics command, you can view statistics on
the encryption cards.
The command is only available on the encryption card.
The statistics includes the processing information of ESP/AH packets on the
encryption card. More details are displayed in the following example.
863
If the slot ID you type in is greater than the available slot number on the router, the
error information "Invalid encrypt-card slot-id" will be prompted.
For the related command, see reset encrypt-card statistic.
Example
# Display the statistics on the encryption card at slot 5/0/0.
[Router] display encrypt-card statistics 5/0/0
Encrypt5/0/0 security packets statistics :
input/output security packets: 8/4
input/output security bytes: 1472/604
dropped security packet detail:
no enough memory: 0
can't find SA: 0
queue is full: 0
authentication is failed: 0
wrong length: 0
replay packet: 0
too long packet: 0
wrong SA: 0
invalid proposal: 0
invalid protocol: 0
buffer error: 0
wrap error: 0
crypto error: 0
pad error: 0
display encrypt-card
syslog
Syntax
display encrypt-card syslog [ slot-id ]
View
Any view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.
864
CHAPTER 9: SECURITY
Description
Using the display encrypt-card syslog command, you can view the current
system log on the encryption cards.
The command is only available on the encryption card.
If the slot ID you type in is greater than the available slot number on the router, the
error information "Invalid encrypt-card slot-id" shall be prompted.
For the related command, see encrypt-card set syslog.
Example
# Display the system log on the encryption card at slot 5/0/0.
[Router] display encrypt-card syslog 5/0/0
Date: 2004-03-27, Time: 11:45
cmd.
Syntax
display interface encrypt [ slot-id ]
View
Any view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.
Description
Using the display interface encrypt command, you can view the information
about the ports on the encryption cards.
The command is only available on the encryption card.
With this command, you can view the status of the encryption card, total number
of packets transmitted or received on it, maximum number of packets dropped
per second, information during the last five seconds.
For the related command, see interface encrypt.
865
Example
# Display the port information on the encryption card at slot 5/0/0.
[Router] display interface Encrypt 5/0/0
Description :
Encrypt5/0/0 Interface
Protocol Status:
READY
Driver Status
READY
Total Statistics
Packets sent to card
10
1216
584
Dropped packets
Dropped packets
Syntax
display ipsec policy [ brief | name policy-name [ seq-number ] ]
View
Any view
Parameter
brief: Displays brief information about all the ipsec policies.
name: Displays information of the ipsec policy with the name policy-name and
sequence number seq-number.
policy-name: Name of an ipsec policy.
seq-number: Sequence number of an ipsec policy.
If no argument has been specified, the details of all the IPSec policies will be
displayed. If name policy-name has been specified but seq-number has not, the
information of the specified IPSec policy group will be listed out.
Description
Using the display ipsec policy command, you can view information about the
ipsec policy.
866
CHAPTER 9: SECURITY
The brief keyword is used for displaying brief information about all the ipsec
policies, whose display format is the brief format (see the following example). The
brief command can be used to quickly display all the ipsec policies. Brief
information includes, name and sequence number, negotiation mode, access
control list, proposal, local address, and remote address.
The other command words are used to display the detailed information about the
ipsec policy, whose display format is the detailed format (refer to the following
example).
For the related commands, see ipsec policy(system view).
Example
# View brief information about all the ipsec policies.
<3Com> display ipsec policy brief
Ipsec-policy-Name Mode
policy1-100
test-300
manual 100
isakmp
150.1.1.2
120
150.1.1.1
202.38.160.66
Description
Ipsec-policy-Name
Mode
acl
Local Address
local IP address
Remote Address
remote IP address
867
868
CHAPTER 9: SECURITY
display ipsec
policy-template
Item
Description
ipsec policy
proposal name
local IP address
remote IP address
PFS (Y/N)
Syntax
display ipsec policy-template [ brief | name template-name [ seq-number ] ]
View
Any view
Parameter
brief: Displays brief information about all the ipsec policy templates.
name: Displays information of the ipsec policy template with the name
template-name and sequence number seq-number.
template-name: Name of an ipsec policy template.
seq-number: Sequence number of an ipsec policy template. If seq-number is not
specified, then the information about all the ipsec policy templates named
template-name is shown.
If no parameter is specified, then the detail information about all the ipsec policy
templates will be displayed. If name template-name has been specified but
seq-number has not, the information of the specified IPSec policy template group
will be listed out.
Description
Using the display ipsec policy-template command, you can view information
about the ipsec policy template.
Parameter brief is for showing brief information about all the ipsec policy
templates, whose display format is the brief format (see the following example). It
can be used to quickly display all the ipsec policy templates. Brief information
includes, template name and sequence number, access control list, and remote
address.
Any of the sub-commands can be used to display detail information of the IPSec
policy template.
869
acl
Remote-Address
-----------------------------------------------------test-tplt300
120
Item
Description
Policy-template-Name
acl
Remote Address
remote IP address
Syntax
display ipsec proposal [ proposal-name ]
View
Any view
Parameter
proposal-name: Name of the proposal.
Description
Using the display ipsec proposal command, you can view information about the
proposal.
If the name of the proposal is not specified, then information about all the
proposals will be shown.
For the related commands, see ipsec proposal, display ipsec sa and display
ipsec policy.
Example
# View all the proposals.
[3Com] display ipsec proposal
Ipsec proposal name: prop2
encapsulation mode: tunnel
transform: ah-new
ah protocol: authentication-algorithm sha1-hmac-96
Ipsec proposal name: prop1
870
CHAPTER 9: SECURITY
display ipsec sa
Item
Description
encapsulation mode
transform
ah protocol
esp protocol
Syntax
display ipsec sa [ brief | remote ip-address | policy policy-name [ seq-number ] | duration
]
View
Any view
Parameter
brief: Displays brief information about all the SAs.
remote: Displays information about the SA with remote address as ip-address.
ip-address: Specifys the remote address in dotted decimal format.
policy: Displays information about the SA created by the ipsec policy whose name
is policy-name.
policy-name: Specifys the name of the ipsec policy.
seq-number: Specifys the sequence number of the ipsec policy.
duration: Global sa duration to be shown.
Description
Using the display ipsec sa command, you can view the relevant information
about the SA.
The command with brief parameter shows brief information about all the SAs,
whose display format is the brief format (refer to the following example). Brief
information includes source address, destination address, SPI, protocol, and
algorithm. A display beginning with "E" in the algorithm stands for the encryption
algorithm, and a display beginning with "A" stands for the authentication
algorithm. The brief command can be used to quickly display all the SAs already
set up.
871
The commands with remote and policy parameters both display the detailed
information about the SA. In display mode, part of the information about the
ipsec policy is shown first and then the detailed information of the SA in this ipsec
policy.
The command with duration parameter shows the global sa duration, including
"time-based" and "traffic-based" sa duration. Referring to the following
examples.
Information of all the SAs will be shown when no parameter is specified.
For the related commands, see reset ipsec sa, ipsec sa duration, display ipsec
sa and display ipsec policy.
Example
# View brief information about all the SAs.
<3Com> display ipsec sa brief
Src Address Dst Address SPI
Protocol
Algorithm
10.1.1.1
10.1.1.2
300
ESP
E:DES; A:HMAC-MD5-96
10.1.1.2
10.1.1.1
400
ESP
E:DES; A:HMAC-MD5-96
Description
Src Address
Local IP address
Dst Address
Remote Ip address
SPI
Protocol
Algorithm
872
CHAPTER 9: SECURITY
Description
Interface
path MTU
873
Item
Description
ipsec policy
connection id
in use settings
tunnel local
local IP address
tunnel remote
remote IP address
inbound
transform
rest sa duration of SA
outbound
Syntax
display ipsec statistics
View
Any view
Parameter
none
Description
Using the display ipsec statistics command, you can view the IPSec packet
statistics information, including the input and output security packet statistics,
bytes, number of packets discarded and detailed description of discarded packets.
For the related command, see reset ipsec statistics.
Example
# View IPSec packet statistics.
<3Com> display ipsec statistics
the security packet statistics:
input/output security packets: 5124/8231
input/output security bytes: 52348/64356
input/output dropped security packets: 0/0
dropped security packet detail:
no enough memory: 0
874
CHAPTER 9: SECURITY
encapsulation-mode
Item
Description
Syntax
encapsulation-mode { transport | tunnel }
undo encapsulation-mode
View
IPSec proposal view
Parameter
transport: Sets that the encapsulation mode of IP packets is transport mode.
tunnel: Sets that the encapsulation mode of IP packets is tunnel mode.
Description
Using the encapsulation-mode command, you can set the encapsulation mode
that the security protocol applies to IP packets which can be transport or tunnel.
Using the undo encapsulation-mode command, you can restore it to the
default.
By default, tunnel mode is used.
There are two encapsulation modes where IPSec is used to encrypt and
authenticate IP packets: transport mode and tunnel mode. In transport mode,
IPSec does not encapsulate a new header into the IP packet. The both ends of
security tunnel is of source and destination of original packets. In tunnel mode,
IPSec protects the whole IP packet, and adds a new IP header in the front part of
the IP packet. The source and destination addresses of the new IP header are the IP
addresses of both ends of the tunnel.
Generally, the tunnel mode is used between two security gateways (routers). A
packet encrypted in a security gateway can only be decrypted in another security
875
encrypt-card backuped
Syntax
encrypt-card backuped
undo encrypt-card backuped
View
Any view
Parameter
None
Description
Using the encrypt-card backuped command, you can enable backup function
for the encryption card. Using the undo encrypt-card backuped command, you
can disable backup function for the encryption card.
This command is only available on the encryption card.
For the IPSec SA implemented by the encryption card, if the card is normal, IPSec is
processed by the card. If the card fails, backup function is enabled on the card and
the selected encryption/authentication algorithms for the SA are supported by the
IPSec module on VRP platform, IPSec shall be implemented by the IPSec module
on VRP platform. In the event that the selected algorithms are not supported by
the IPSec module, the system drops packets.
876
CHAPTER 9: SECURITY
Example
# Enable backup function for the encryption card.
[Router] encrypt-card backuped
esp
authentication-algorith
m
Syntax
esp authentication-algorithm { md5 | sha1 }
undo esp authentication-algorithm
View
IPSec proposal configuration view
Parameter
md5: Use MD5 algorithm with the length of the key 128 bits.
sha1: Use SHA1 algorithm with the length of the key 160 bits.
Description
Using the esp authentication-algorithm command, you can set the
authentication algorithm used by ESP. Using the undo esp
authentication-algorithm command, you can set ESP not to authenticate
packets.
By default, MD5 algorithm is used.
MD5 is faster than SHA1, while SHA1 is securer than MD5.
ESP permits a packet to be encrypted or authenticated or both.
The encryption and authentication algorithm used by ESP cannot be set to vacant
at the same time.
The undo esp authentication-algorithm command is not used to restore the
authentication algorithm to the default; instead it is used to set the authentication
algorithm to vacant, i.e. not authentication. When the encryption algorithm is not
vacant, the undo esp authentication-algorithm command is valid.
The proposal used by the ipsec policies, set at both ends of the security tunnel,
must be set as having the same authentication algorithm.
For the related commands, see ipsec proposal, esp encryption-algorithm,
proposal, sa encryption-hex and transform.
Example
# Set a proposal that adopts ESP, and uses SHA1.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal- prop1] transform esp
[3Com-ipsec-proposal- prop1] esp authentication-algorithm sha1
esp
encryption-algorithm
877
Syntax
esp encryption-algorithm { 3des | des }
undo esp encryption-algorithm
View
IPSec proposal view
Parameter
des: Data Encryption Standard (DES), a universal encryption algorithm with the
length of the key being 56 bits.
3des: 3DES (Triple DES), another universal encryption algorithm with the length of
the key being 168 bits.
Description
Using the esp encryption-algorithm command, you can set the encryption
algorithm adopted by ESP. Using the undo esp encryption-algorithm command,
you can set the ESP not to encrypt packets.
By default, DES algorithm is used.
3des can meet the requirement of high confidentiality and security, but it is
comparatively slow. And DES can satisfy the normal security requirements.
ESP permits a packet to be encrypted or authenticated or both.
The encryption and authentication methods used by ESP cannot be set to a vacant
value at the same time. The undo esp encryption-algorithm command can take
effect only if the authentication algorithm is not null.
For the related commands, see ipsec proposal, esp authentication-algorithm,
proposal, sa encryption-hex and transform.
Example
# Set ESP to use 3des.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal-prop1] transform esp
[3Com-ipsec-proposal-prop1] esp encryption-algorithm 3des
interface encrypt
Syntax
interface encrypt [ slot-id ]
View
System view
878
CHAPTER 9: SECURITY
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the interface encrypt command, you can enter encryption card interface
mode.
This command is only available on the encryption card.
In encryption card interface mode, you only can the shutdown and undo
shutdown commands, respectively to shut down the encryption card or turn the
card up.
Example
# Enter the interface mode of the encryption card at slot 5/0/0.
[Router] interface encrypt 5/0/0
[Router-Encrypt5/0/0]
ipsec card-proposal
Syntax
ipsec card-proposal proposal-name
undo ipsec card-proposal proposal-name
View
System view
Parameter
proposal-name: Name of the SA proposal view, a string of less than 32 characters.
It is case-sensitive.
Description
Using the ipsec card-proposal command, you can create an SA proposal for the
encryption card and enter the corresponding view. Using the undo ipsec
card-proposal command, you can delete an SA proposal of the encryption card.
This command is used in encryption card SA proposal view (the corresponding
encryption/decryption/authentication are implemented on the encryption card),
whereas the host software is also compatible with host proposal view (the ipsec
proposal command), in which the encryption/decryption/authentication are
implemented by the host. In encryption card SA proposal view, you can also
specify the slot ID of the encryption card for the SA proposal, with the use encrypt
card command, while other configurations are identical with the ipsec proposal
command.
After completing SA proposal configuration, you need to return to system view
using the quit command, so that you can initiate other configuration.
879
Example
# Create the SA proposal "card" using the encryption card at slot 5/0/0, configure
security and encryption algorithm.
[Router] ipsec card-proposal card
[Router-ipsec-card-proposal] use encrypt-card 5/0/0
[Router-ipsec-card-proposal-card] transform ah-esp
[Router-ipsec-card-proposal-card] ah authentication-algorithm sha1
[Router-ipsec-card-proposal-card] esp authentication-algorithm sha1
[Router-ipsec-card-proposal-card] esp encryption-algorithm 3des
[Router-ipsec-card-proposal-card]quit
[Router]
ipsec policy(interface
view)
Syntax
ipsec policy policy-name
undo ipsec policy
View
Interface view
Parameter
policy-name: Specifies the name of an ipsec policy group applied at the interface.
The ipsec policy group with name policy-name should be configured in system
view.
Description
Using the ipsec policy(interface view) command, you can apply an ipsec policy
group with the name policy-name at the interface,. Using the undo ipsec
policy(interface view) command, you can cancel the ipsec policy group so as to
disable the IPSec function of the interface.
At an interface only one ipsec policy group can be applied. An ipsec policy group
can be applied at multiple interfaces.
When a packet is sent from an interface, it searches for each ipsec policy in the
ipsec policy group by number in an ascending order. If the packet matches an
access control list used by an ipsec policy, then this ipsec policy is used to process
the packet, otherwise it continues to search for the next ipsec policy. If the packet
does not match any of the access control lists used by all the ipsec policies, it will
be directly transmitted (that is, IPSec will not protect the packet).
To prevent transmitting any unencrypted packet from the interface, it is necessary
to use the firewall together with IPSec; the firewall is for dropping all the packets
that do not need to be encrypted.
For the related command, see ipsec policy(system view).
880
CHAPTER 9: SECURITY
Example
# Apply an ipsec policy whose name is policy1 to interface Serial 4/1/2.
[3Com] interface serial 4/1/2/
[3Com-Serial4/1/2] ipsec policy policy1
Syntax
ipsec policy policy-name seq-number [ manual | isakmp [ template template-name ] ]
undo ipsec policy policy-name [ seq-number ]
View
System view
Parameter
policy-name: Name of the ipsec policy. The naming rule is: the length of the name
is 1 to 15 characters, the name is case insensitive and the characters can be
English characters or numbers, cannot include -.
seq-number: Sequence number of the ipsec policy, ranging 1 to 10000, with lower
value indicating higher sequence priority.
manual: Sets up SA manually.
isakmp: Sets up SA through IKE negotiation.
template: Dynamically sets up SA by using policy template. The policy-name
discussed here will reference template-name which is a created policy template
thus named.
template-name: Name of the template.
Description
Using the ipsec policy command, you can establish or modify an ipsec policy, and
enter ipsec policy view. Using the undo ipsec policy policy-name command, you
can delete an ipsec policy group whose name is policy-name. Using the undo
ipsec policy policy-name seq-number command. you can delete an ipsec policy
whose name is policy-name and sequence number is seq-number.
By default, no ipsec policy exists.
To establish an ipsec policy, it is necessary to specify the negotiation mode
(manual or isakmp). To modify the ipsec policy, it is not necessary to specify a
negotiation mode.
Once the ipsec policy is established, its negotiation mode cannot be modified. For
example, if an ipsec policy is established in manual mode it cannot be changed to
isakmp mode--this ipsec policy must be deleted and then recreated, if
appropriate, with the negotiation mode being isakmp.
Ipsec policies with the same name constitute an ipsec policy group. The name and
sequence number are used together to define a unique ipsec policy. In an ipsec
881
policy group, at most 100 ipsec policies can be set. In an ipsec policy, the smaller
the sequence number of an ipsec policy is, the higher is its preference. Apply an
ipsec policy group at an interface means applying all ipsec policies in the group
simultaneously, so that different data streams can be protected by adopting
different SAs.
Using the ipsec policy policy-name seq-number isakmp template
template-name command, you can establish an ipsec policy according the
template through IKE negotiation. Before using this command, the template
should have been created. During the negotiation and policy matching, the
parameters defined in the template should be compliant, the other parameters are
decided by the initiator. The proposal must be defined in policy template, other
parameters are optional.
Note that IKE will not use a policy with a template argument to initiate a
negotiation. Rather, it uses such a policy to response the negotiation initiated by
its peer.
For the related commands, see ipsec policy (interface view), security acl, tunnel
local, tunnel remote, sa duration, proposal, display ipsec policy, ipsec
policy-template, and ike-peer.
Example
# Set an ipsec policy whose name is newpolicy1, sequence number is 100, and
negotiation mode is isakmp.
[3Com] ipsec policy newpolicy1 100 isakmp
[3Com-ipsec-policy-isakmp-newpolicy1-100]
ipsec policy-template
Syntax
ipsec policy-template policy-name seq-number
undo ipsec policy-template policy-name [ seq-number ]
View
System view
Parameter
policy-name: Name of the ipsec policy. The naming rule is as follows: length is 1 to
15 bytes, the name is case insensitive and the characters can be English characters
or numbers, cannot include -.
seq-number: Serial number of the ipsec policy, ranging 1 to 10000. In one ipsec
policy group, the smaller the serial number of the ipsec policy, the higher the
preference.
Description
Using the ipsec policy-template command, you can establish or modify an ipsec
policy template, and enter ipsec policy view. Using the undo ipsec
policy-template policy-name command, you can delete the ipsec policy group
named policy-name. Using the undo ipsec policy-template policy-name
882
CHAPTER 9: SECURITY
seq-number command, you can delete an ipsec policy with the name
policy-name and the serial number seq-number.
By default, no ipsec policy template exists.
A policy template that has been created with the name being template-name can
be referenced by the ipsec policy policy-name seq-number isakmp template
template-name command to create an IPSec policy.
The IPSec policy template and the security policy of IPSec IPSAMP negotiation
share the same kinds of arguments, including the referenced IPSec proposal, the
protected traffic, PFS feature, lifetime, and the address of the remote tunnel end.
However, you should note that the proposal argument is compulsory to be
configured whereas other arguments are optional. If an IPSec policy template is
used for the policy match operation undertaken in an IKE negotiation, the
configured arguments must be matched, and the settings of the initiator will be
used if the corresponding arguments have not been configured.
For the related commands, see ipsec policy, security acl, tunnel local, tunnel
remote, proposal, display ipsec policy, and ike-peer.
Example
# Establish an ipsec policy template with the name template1 and the serial
number 100.
[3Com] ipsec policy-template template1 100
[3Com-ipsec-policy-template- template1-100]
ipsec proposal
Syntax
ipsec proposal proposal-name
undo ipsec proposal proposal-name
View
System view
Parameter
proposal-name: Name of the specified proposal. The naming rule is: the length of
the name is 1 to 15 characters, case insensitive.
Description
Using the ipsec proposal proposal-name command, you can establish or modify
a proposal named proposal-name, and enter IPSec proposal view. Using the undo
ipsec proposal proposal-name command, you can delete the proposal named
proposal-name.
By default, no proposal exists.
This proposal is a combination of the security protocol, encryption and
authentication algorithm and packet encapsulation format for implementing IPSec
protection.
883
ipsec sa global-duration
Syntax
ipsec sa global-duration { time-based seconds | traffic-based kilobytes }
undo ipsec sa global-duration { time-based | traffic-based }
View
System view
Parameter
time-based seconds: Time-based global SA duration in second, ranging 30 to
604800 seconds. It is 3600 seconds (1 hour) by default.
traffic-based kilobytes: Traffic-based global SA duration in kilobyte, ranging 256
to 4194303 kilobytes. It is 1843200 kilobytes by default and when the traffic
reaches this value, the duration expires.
Description
Using the ipsec sa global-duration command, you can set a global SA duration.
Using the undo ipsec sa global-duration command, you can restore to the
default setting of the global SA duration.
When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration
specified by this command to negotiate with the peer. If the IPSec policy is
configured with its own duration, the system will use the duration of the IPSec
policy to negotiate with the peer. When IKE negotiates to set up an SA for IPSec,
the smaller one of the lifetime set locally and that proposed by the remote is
selected.
There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA,
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first the SA will become invalid. Before the SA is about to become
884
CHAPTER 9: SECURITY
invalid IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.
Modifying the global SA duration will not affect a map that has individually set up
its own SA duration, or an SA already set up. But the modified global SA duration
will be used to set up a new SA in the future IKE negotiation.
The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.
For the related commands, see sa duration and display ipsec sa duration.
Example
# Set the global SA duration to 2 hours.
[3Com] ipsec sa global-duration time-based 7200
pfs
Syntax
pfs { dh-group1 | dh-group2 }
undo pfs
View
IPSec policy view, IPSec policy template view
Parameter
dh-group1: Specifies that the 768-bit Diffie-Hellman group is used.
dh-group2: Specifies that the 1024-bit Diffie-Hellman group is used.
Description
Using the pfs command, you can set the Perfect Forward Secrecy (PFS) feature for
the IPSec policy to initiate the negotiation. Using the undo pfs command, you can
set not to use the PFS feature during the negotiation.
By default, no PFS feature is used.
The command is used to add a PFS exchange process when IPSec uses the ipsec
policy to initiate a negotiation. This additional key exchange is performed during
the phase 2 negotiation to enhance the communications safety. The DH group
specified by the local and remote ends must be consistent, otherwise the
negotiation will fail.
Can this command be used only when the security alliance is established through
IKE style.
For the related commands, see ipsec policy-template, ipsec policy(system
view), ipsec policy(interface view), tunnel local, tunnel remote, sa duration
and proposal.
885
Example
# Set that PFS must be used when negotiating through ipsec policy shanghai 200.
[3Com] ipsec policy shanghai 200 isakmp
[3Com-ipsec-policy-isakmp-shanghai-200] pfs group1
proposal
Syntax
proposal proposal-name1 [ proposal-name2...proposal-name6 ]
undo proposal [ proposal-name ]
View
IPSec policy view, IPSec policy template view
Parameter
proposal-name1,, proposal-name6: Name of the proposals adopted.
Description
Using the proposal command, you can set the proposal used by the IPSec policy.
Using the undo proposal command, you can cancel the proposal used by the
IPSec policy.
By default, no proposal is used.
Before using this command, the corresponding IPSec proposal must has been
configured.
If set up in manual mode, an SA can only use one proposal. If a proposal is
already set, it needs to be deleted by using the undo proposal command before a
new one can be set.
If set up in isakmp mode, an SA can use six proposals at most. IKE negotiation will
search for the matching proposal at both ends of the security tunnel.
If it is the IPSec template, each template can use six proposals at most, and the IKE
negotiation will search for the matching proposal.
For the related commands, see ipsec proposal, ipsec policy(system view), ipsec
policy(interface view), security acl, tunnel local and tunnel remote.
Example
# Set a proposal with name prop1, adopting ESP and the default algorithm, and
sets an IPSec policy as using a proposal name prop1.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal-prop1] transform esp
[3Com-ipsec-proposal-prop1] quit
[3Com] ipsec policy policy1 100 manual
[3Com-ipsec-policy-manual-policy1-100] proposal prop1
886
CHAPTER 9: SECURITY
Syntax
reset counters encrypt [ slot-id ]
View
User view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the reset counters encrypt command, you can clear the statistics on the
encryption card.
This command is only available on the encryption card.
The statistics record all the information starting from normal operation of the
encryption card, while system debugging requires statistics of a specific time
period for fault analysis. Then you may need to reset the existing statistics and get
the statistics of a required time period.
For the related commands, see ipsec card-proposal and display encrypt-card
sa.
Example
# Clear the statistics on the encryption card on the slot 5/0/0.
[Router] reset counters encrypt-card 5/0/0
reset encrypt-card sa
Syntax
reset
encrypt-card sa [ slot-id ]
View
User view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the reset encrypt-card sa command, you can clear the SAs on the
encryption card.
This command is only available on the encryption card.
You may need to clear the SA database information stored on the encryption card,
to output only the required information during debugging.
For the related commands, see ipsec card-proposal and display encrypt-card
sa.
887
Example
reset encrypt-card
statistics
Syntax
reset
View
User view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the reset encrypt-card statistics command, you can clear the statistics
during processing of the encryption card.
This command is only available on the encryption card.
The statistics record all the protocol processing information from the last
rebooting, including counts of incoming/outgoing ESP/AH packets, dropped
packets, failed authentications, erroneous SAs, invalid SA proposals, invalid
protocols.
For the related command, see display encrypt-card statistic.
Example
# Clear the processing statistics on the encryption card on the slot 5/0/0.
[Router] reset encrypt-card statistic 5/0/0
Syntax
reset encrypt-card syslog [ slot-id ]
View
User view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the reset encrypt-card syslog command, you can clear all the logging
information on the encryption card.
This command is only available on the encryption card.
888
CHAPTER 9: SECURITY
The encryption card records all logging history information. And all the
information (including those obsolete items) shall be reported for every query,
which imposes somewhat difficulties to log monitoring and locating. Then you
may need to clear the log buffer of the encryption card.
For the related commands, see display encrypt-card syslog.
Example
# Clear all the logging information on the encryption card on the slot 5/0/0.
[Router] reset encrypt-card syslog 5/0
reset ipsec sa
Syntax
reset ipsec sa [ remote ip-address | policy policy-name [ seq-number ] | parameters
dest-addr protocol spi ]
View
User view
Parameter
remote ip-address: Specifies remote address, in dotted decimal format.
policy: Specifies the IPSec policy.
policy-name: Specifies the name of the IPSec policy. The naming rule is as follows:
length is 1 to 15 characters, case sensitive, and the character can be English
character or number.
seq-number: Optional parameter specifying the serial number of the ipsec policy. If
no seq-number is specified, the IPSec policy refers to all the policies in the IPSec
policy group named policy-name.
parameters: Defines a Security Association (SA) by the destination address,
security protocol and SPI.
dest-address: Specifies the destination address in the dotted decimal IP address
format.
protocol: Specifies the security protocol by inputting the key word ah or esp, case
insensitive. ah indicates the Authentication Header protocol and esp indicates
Encapsulating Security Payload.
spi: Specifies the security parameter index (SPI), ranging 256 to 4294967295.
Description
Using the reset ipsec sa command, you can delete an SA already set up (manually
or through IKE negotiation). If no parameter (remote, policy, parameters) is
specified, all the SA will be deleted.
An SA is uniquely identified by a triplet of IP address, security protocol and SPI. A
SA can be set up either manually or through Internet Key Exchange (IKE)
negotiation.
889
# Delete the SA of the ipsec policy with the name policy1 and the serial number
10.
<3Com> reset ipsec sa policy policy1 10
Syntax
reset ipsec statistics
View
User view
Parameter
none
Description
Using the reset ipsec statistics command, you can clear IPSec message statistics,
and set all the statistics to zero.
For the related command, see display ipsec statistics.
Example
# Clear IPSec message statistics.
<3Com> reset ipsec statistics
890
CHAPTER 9: SECURITY
sa authentication-hex
Syntax
sa authentication-hex { inbound | outbound } { ah | esp } hex-key
undo sa authentication-hex { inbound | outbound } { ah | esp }
View
IPSec policy view in manual mode
Parameter
inbound: Configures the authentication-hex parameter for the inbound SA. IPSec
uses the inbound SA for processing the packet in the inbound direction (received).
outbound: Configures the authentication-hex parameter for the outbound SA.
IPSec uses the outbound SA for processing the packet in the outbound direction
(sent).
ah: Sets the authentication-hex parameter for the SA using AH. If the IPSec
proposal used by the ipsec policy adopts AH, the ah key word is used here to set
the AH relevant parameter of the SA.
esp: Sets the authentication-hex parameter for the SA using ESP. If the IPSec
proposal used by the ipsec policy adopts ESP, the esp key word is used here to set
the ESP relevant parameter of the SA.
hex-key: Specifies a key for the SA input in the hex format. If MD5 is used, then
input a 16-byte key; if SHA1 is used, input a 20-byte key.
Description
Using the sa authentication-hex command, you can set the SA authentication
key manually for the ipsec policy of manual mode. Using the undo sa
authentication-hex command, you can delete the SA authentication key already
set.
This command is only used for the ipsec policy in manual mode.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually. IKE will automatically negotiate the SA parameter and establish a SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.
891
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set SPI of the inbound SA to 10000, key to
0x112233445566778899aabbccddeeff00; sets the SPI of the outbound SA to
20000, and its key to 0xaabbccddeeff001100aabbccddeeff00 in the ipsec policy
using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5
[3Com-ipsec-proposal-prop_ah] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000
[3Com-ipsec-policy-manual-tianjin-100] sa authentication-key inbound ah
112233445566778899aabbccddeeff00
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000
[3Com-ipsec-policy-manual-tianjin-100] sa authentication-key outbound ah
aabbccddeeff001100aabbccddeeff00
sa duration
Syntax
sa duration { traffic-based kilobytes | time-based seconds }
undo sa duration { traffic-based | time-based }
View
IPSec policy view, IPSec policy template view
Parameter
time-based seconds: Time-based SA duration in second, ranging 30 to 604800
seconds. It is 3600 seconds (1 hour) by default.
traffic-based kilobytes: Traffic-based SA duration in kilobyte, ranging 256 to
4194303 kilobytes. It is 1843200 kilobytes by default.
Description
Using the sa duration command, you can set a SA duration of the ipsec policy.
Using the undo sa duration command, you can cancel the SA duration, i.e.,
restore the use of the global SA duration.
When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration to
negotiate with the peer. If the IPSec policy is configured with its own duration, the
system will use the duration of the IPSec policy to negotiate with the peer. When
892
CHAPTER 9: SECURITY
IKE negotiates to set up an SA for IPSec, the shorter one of the lifetime set locally
and that proposed by the remote is selected.
There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first, the SA will become invalid. Before the SA is about to become
invalid, IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.
The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.
For the related commands, see ipsec sa global-duration, ipsec policy(system
view), ipsec policy(interface view), security acl, tunnel local, tunnel remote
and proposal.
Example
# Set the Sa duration for the ipsec policy shenzhen 100 to 2 hours, that is, 7200
seconds.
[3Com] ipsec policy shenzhen 100 isakmp
[3Com-ipsec-policy-isakmp-shenzhen-100] sa duration time-based 7200
# Set the Sa duration for the ipsec policy shenzhen 100 to 20M bytes, that is, the
SA is overtime when the traffic exceeds 20000 kilobytes.
[3Com] ipsec policy shenzhen 100 isakmp
[3Com-ipsec-policy-isakmp-shenzhen-100] sa duration traffic-based 20000
sa encryption-hex
Syntax
sa encryption-hex { inbound | outbound } esp hex-key
undo sa encryption-hex { inbound | outbound } esp
View
IPSec policy view in manual mode
Parameter
inbound: Sets the encryption-hex parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).
outbound: Sets the encryption-hex parameter for outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).
esp: Sets the encryption-hex parameter for the SA using ESP. If the IPSec proposal
used by the ipsec policy adopts ESP, the esp key word is used here to set the ESP
relevant parameter of the SA.
hex-key: Specifies a key for the SA input in the hex format. When applied in ESP, if
DES is used, then input a 8-byte key; if 3DES is used, then input a 24-byte key.
893
Description
Using the sa encryption-hex command, you can set the SA encryption key
manually for the ipsec policy of manual mode. Using the undo sa
encryption-hex command, you can delete the SA parameter already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish an SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, and the key to 0x1234567890abcdef;
set the SPI of the outbound SA to 20000, and its key to 0xabcdefabcdef1234 in
the ipsec policy using ESP and DES.
[3Com] ipsec proposal prop_esp
[3Com-ipsec-proposal-prop_esp] transform esp
[3Com-ipsec-proposal-prop_esp] ah encryption-algorithm des
[3Com-ipsec-proposal-prop_esp] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_esp
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound esp 1001
[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex inbound esp 1234567890abcdef
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound esp 2001
[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex outbound esp
abcdefabcdef1234
sa spi
Syntax
sa spi { inbound | outbound } { ah | esp } spi-number
undo sa spi { inbound | outbound } { ah | esp }
View
IPSec policy view in manual mode
894
CHAPTER 9: SECURITY
Parameter
inbound: Sets the spi parameter for the inbound SA. IPSec uses the inbound SA
for processing the packet in the inbound direction (received).
outbound: Sets the spi parameter for outbound SA. IPSec uses the outbound SA
for processing the packet in the outbound direction (sent).
ah: Sets the spi parameter for the SA using AH. If the IPSec proposal set used by
the ipsec policy adopts AH, the ah key word is used here to set the spi relevant
parameter of the SA.
esp: Sets the spi parameter for the SA using ESP. If the IPSec proposal set used by
the ipsec policy adopts ESP, the esp key word is used here to set the spi relevant
parameter of the SA.
spi-number: Security Parameter Index (SPI) in the triplet identification of the SA,
ranging 256 to 4294967295. The triplet identification of the SA, which appears as
SPI, destination address, and protocol number, must be unique.
Description
Using the sa spi command, you can set the SA SPI manually for the ipsec policy of
manual mode. Using the undo sa spi command, you can delete the SA SPI
already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, set the SPI of the outbound SA to
20000, in the ipsec policy using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5
[3Com-ipsec-proposal-prop_ah] quit
[3Com] ipsec policy tianjin 100 manual
895
sa string-key
Syntax
sa string-key { inbound | outbound } { ah | esp } string-key
undo sa string-key { inbound | outbound } { ah | esp }
View
IPSec policy view in manual mode
Parameter
inbound: Sets the string-key parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).
outbound: Sets the string-key parameter for the outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).
ah: Sets the string-key parameter for the SA using AH. If the IPSec proposal set
used by the ipsec policy adopts AH, the ah key word is used here to set the
string-key relevant parameter of the SA.
esp: Sets the string-key parameter for the SA using ESP. If the IPSec proposal set
used by the ipsec policy adopts ESP, the esp key word is used here to set the
string-key relevant parameter of the SA.
string-key: Specifies the key for an SA input in the character string format, with a
length ranging 1 to 256 characters. For different algorithms, you can input
character strings of any length in the specified range, and the system will generate
keys meeting the algorithm requirements automatically according to the input
character strings. As for ESP, the system will automatically generate the key for the
authentication algorithm and that for the encryption algorithm at the same time.
Description
Using the sa string-key command, you can set the SA parameter manually for
the ipsec policy of manual mode. Using the undo sa string-key command, you
can delete the SA parameter already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
896
CHAPTER 9: SECURITY
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, and the key string to abcdef; sets the
SPI of the outbound SA to 20000, and its key string to efcdab in the ipsec policy
using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5
[3Com-ipsec-proposal-prop_ah] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000
[3Com-ipsec-policy-manual-tianjin-100] sa string-key abcdef
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000
[3Com-ipsec-policy-manual-tianjin-100] sa string-key efcdab
security acl
Syntax
security acl acl-number
undo security acl
View
IPSec policy view, IPSec policy template view
Parameter
acl-number: Specifies the number of the access control list used by the ipsec
policy, ranging 100 to199.
Description
Using the security acl command, you can set an access control list to be used by
the ipsec policy. Using the undo security acl command, you can remove the
access control list used by the ipsec policy.
By default, no ACL has been specified for the IPSec policies.
897
The data flow that will be protected by the IPSec policy is confined by the ACL in
this command. According to the rules in the ACL, IPSec determines which packets
need security protection and which do not. The packet permitted by the access
control list will be protected, and a packet denied by the access control list will not
be protected. The denied packets are sent out derectly without IPSec protection.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the ipsec policy as using access control list 101.
[3Com] acl number 101
[3Com-acl-adv-101] rule permit tcp source 10.1.1.1 0.0.0.255 destination 10.1.1.2
0.0.0.255
[3Com] ipsec policy beijing 100 manual
[3Com-ipsec-policy-manual-beijing-100] security acl 101
Syntax
snmp-agen trap enable encrypt-card
undo snmp-agen trap enable encrypt-card
View
System view
Parameter
None
Description
Using the snmp-agen trap enable encrypt-card command, you can enable
SNMP agent trap function on the encryption card. Using the undo snmp-agent
trap enable encrypt-card command, you can disable SNMP agent trap function
on the card.
By default, no ACL has been specified for the IPSec policies.
When combined with appropriate NM configuration, the trap function allow you
to view the information about card rebooting, status transition and packet loss
processing on the Console of the NM station or router.
Example
# Enable the trap function on the encryption card.
[Router]snmp-agent trap enable encrypt-card
transform
Syntax
transform { ah | ah-esp | esp }
undo transform
898
CHAPTER 9: SECURITY
View
IPSec proposal view
Parameter
ah: Uses AH protocol specified in RFC2402.
ah-esp: Uses ESP specified in RFC2406 to protect the packets and then use AH
protocol specified in RFC2402 to authenticate packets.
esp: Uses ESP specified in RFC2406.
Description
Using the transform command, you can set a security protocol used by a
proposal. Using the undo transform command, you can restore the default
security protocol.
By default, esp, that is, the ESP specified in RFC2406 is used.
If ESP is adopted, the default encryption algorithm is DES and the authentication
algorithm is MD5.
If AH is adopted, the default authentication algorithm is MD5.
If the parameter ah-esp is specified, the default authentication algorithm for AH is
MD5 and the default encryption algorithm for ESP is DES without authentication.
AH protocol provides data authentication, data integrity check and anti-replay
function.
ESP protocol provides data authentication, data integrity check, anti-replay
function and data encryption.
While establishing an SA manually, the proposals used by the ipsec policy set at
both ends of the security tunnel must be set as using the same security protocol.
The following figure illustrates the data encapsulation formats of different security
protocols in the transport mode and the tunnel mode.
Figure 1 Data encapsulation formats of security protocols
Security
protocol
Transfer
mode
transport
ah
IP
AH
esp
IP
ESP
ah-esp
IP
AH
tunnel
data
data
ESP
IP
ESP-T
data
ESP-T
AH
IP
IP ESP
IP
IP
AH
data
data
ESP IP
ESP-T
data
ESP-T
899
tunnel local
Syntax
tunnel local ip-address
undo tunnel local
View
IPSec policy view in Manual mode
Parameter
ip-address: Local address in dotted decimal format.
Description
Using the tunnel local command, you can set the local address of an ipsec policy.
Using the undo tunnel local command, you can delete the local address set in
the ipsec policy.
By default, the local address of an ipsec policy is not configured.
It is not necessary to set a local address for an ipsec policy in isakmp mode, so this
command is invalid in this situation. IKE can automatically obtain the local address
from the interface where this ipsec policy is applied.
As for the ipsec policy in manual mode, it is necessary to set the local address
before the SA can be established. A security tunnel is set up between the local and
remote end, so the local address and remote address must be correctly configured
before a security tunnel can be set up.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel remote, sa duration and proposal.
Example
# Set the local address for the ipsec policy, which is applied at serial 4/1/2 whose IP
address is 10.0.0.1.
[3Com] ipsec policy guangzhou 100 manual
[3Com-ipsec-policy-manual-guangzhou-100] tunnel local 10.0.0.1
[3Com-ipsec-policy-manual-guangzhou-100] quit
[3Com] interface serial 4/1/2
[3Com-if-Serial4/1/2] ipsec policy guangzhou
900
CHAPTER 9: SECURITY
tunnel remote
Syntax
tunnel remote ip-address
undo tunnel remote [ ip-address ]
View
Manually-established IPSec policy view
Parameter
ip-address: Remote address in dotted decimal format.
Description
Using the tunnel remote command, you can set the remote address of an ipsec
policy. Using the undo tunnel remote command, you can delete the remote
address in the ipsec policy.
By default, the remote address of an ipsec policy is not configured.
For the ipsec policy in manual mode, only one remote address can be set. If a
remote address is already set, this existing address must be deleted before a new
one can be set.
The security tunnel is established between the local and remote ends. The remote
address must be set correctly on both ends of the security tunnel.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, sa duration, proposal.
Example
# Set the remote address of the ipsec policy to 10.1.1.2.
[3Com] ipsec policy shanghai 10 manual
[3Com-ipsec-policy-shanghai-10] tunnel remote 10.1.1.2
use encrypt-card
Syntax
use encrypt-card [ slot-id ]
undo use encrypt-card [ slot-id ]
View
Card SA proposal view
Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.
Description
Using the use encrypt-card command, you can specify the SA proposal uses the
encryption card at a designated slot. Using the undo use encrypt-card
command, you can remove the configuration.
901
Syntax
ah authentication-algorithm { md5 | sha1 }
undo ah authentication-algorithm
View
IPSec proposal view
Parameter
md5: MD5 algorithm is adopted.
sha1: SHA1 algorithm is adopted.
Description
Using the ah authentication-algorithm command, you can set the
authentication algorithm adopted by Authentication Header protocol in IPSec
proposal. Using the undo ah authentication-algorithm command, you can
restore the default setting.
By default, the md5 authentication algorithm is adopted by Authentication
Header protocol in IPSec proposal.
AH proposal cant be used to encrypt, but to authenticate.
MD5 algorithm uses the 128-bit key, and SHA1 uses the 160-bit key. By
comparison, MD5 is faster than SHA1, while SHA1 is securer than MD5.
The IPSec proposal adopted by the security policy at both ends of the security
tunnel must be set as using the same authentication algorithm.
Can the AH authentication algorithm be configured only if AH or AH-ESP security
protocol was selected by executing the transform command.
For the related commands, see ipsec proposal, proposal, sa sip and transform.
Example
# Set IPSec proposal using AH and SHA1.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal- prop1] transform ah
[3Com-ipsec-proposal- prop1] ah authentication-algorithm sha1
902
CHAPTER 9: SECURITY
debugging ipsec
Syntax
debugging ipsec { all | sa | misc | packet [ policy policy-name [ seq-number ] | parameters
ip-address protocol spi-number ] | misc }
undo debugging ipsec { all | sa | misc | packet [ policy policy-name [ seq-number ] |
parameters ip-address protocol spi-number ] | misc }
View
User view
Parameter
all: Displays all debugging information.
sa: Displays debugging information of SA.
packet: Displays debugging information of IPSec packets.
policy policy-name: Displays debugging information of IPSec policy whose name is
policy-name.
seq-number: Displays debugging information of IPSec policy whose sequence
number is seq-number.
parameters: Displays debugging information of a SA whose remote address is
ip-address, Security protocol is protocol, and SPI is spi-number.
misc: Displays other debugging information of IPSec.
Description
Using the debugging ipsec command, you can turn IPSec debugging on, Using
the undo debugging ipsec command, you can turn IPSec debugging off.
By default, IPSec debugging is off.
Example
# Enable IPSec SA debugging function.
<3Com> debugging ipsec sa
Syntax
display ipsec policy [ brief | name policy-name [ seq-number ] ]
View
Any view
Parameter
brief: Displays brief information about all the ipsec policies.
name: Displays information of the ipsec policy with the name policy-name and
sequence number seq-number.
903
manual 100
isakmp
150.1.1.2
120
150.1.1.1
202.38.160.66
Description
Ipsec-policy-Name
Mode
acl
Local Address
local IP address
Remote Address
remote IP address
904
CHAPTER 9: SECURITY
905
Description
ipsec policy
proposal name
inbound/outbound
ah/esp setting
local IP address
display ipsec
policy-template
Syntax
display ipsec policy-template [ brief | name template-name [ seq-number ] ]
View
Any view
Parameter
brief: Displays brief information about all the ipsec policy templates.
name: Displays information of the ipsec policy template with the name
template-name and sequence number seq-number.
template-name: Name of an ipsec policy template.
seq-number: Sequence number of an ipsec policy template. If seq-number is not
specified, then the information about all the ipsec policy templates named
template-name is shown.
If no parameter is specified, then the detail information about all the ipsec policy
templates will be displayed. If name template-name has been specified but
seq-number has not, the information of the specified IPSec policy template group
will be listed out.
906
CHAPTER 9: SECURITY
Description
Using the display ipsec policy-template command, you can view information
about the ipsec policy template.
Parameter brief is for showing brief information about all the ipsec policy
templates, whose display format is the brief format (see the following example). It
can be used to quickly display all the ipsec policy templates. Brief information
includes, template name and sequence number, access control list, and remote
address.
Any of the sub-commands can be used to display detail information of the IPSec
policy template.
For the related commands, see ipsec policy-template.
Example
# View brief information about all the ipsec policy templates.
[3Com] display ipsec policy-template brief
Policy-template-Name
acl
Remote-Address
-----------------------------------------------------test-tplt300
120
Item
Description
Policy-template-Name
acl
Remote Address
remote IP address
Syntax
display ipsec proposal [ proposal-name ]
View
Any view
Parameter
proposal-name: Name of the proposal.
Description
Using the display ipsec proposal command, you can view information about the
proposal.
If the name of the proposal is not specified, then information about all the
proposals will be shown.
For the related commands, see ipsec proposal, display ipsec sa and display
ipsec policy.
907
Example
# View all the proposals.
[3Com] display ipsec proposal
Ipsec proposal name: prop2
encapsulation mode: tunnel
transform: ah-new
ah protocol: authentication-algorithm sha1-hmac-96
Ipsec proposal name: prop1
encapsulation mode: transport
transform: esp-new
esp protocol: authentication-algorithm md5-hmac96, encryption des
display ipsec sa
Item
Description
encapsulation mode
transform
ah protocol
esp protocol
Syntax
display ipsec sa [ brief | remote ip-address | policy policy-name [ seq-number ] | duration
]
View
Any view
Parameter
brief: Displays brief information about all the SAs.
remote: Displays information about the SA with remote address as ip-address.
ip-address: Specifys the remote address in dotted decimal format.
policy: Displays information about the SA created by the ipsec policy whose name
is policy-name.
policy-name: Specifys the name of the ipsec policy.
seq-number: Specifys the sequence number of the ipsec policy.
duration: Global sa duration to be shown.
908
CHAPTER 9: SECURITY
Description
Using the display ipsec sa command, you can view the relevant information
about the SA.
The command with brief parameter shows brief information about all the SAs,
whose display format is the brief format (refer to the following example). Brief
information includes source address, destination address, SPI, protocol, and
algorithm. A display beginning with "E" in the algorithm stands for the encryption
algorithm, and a display beginning with "A" stands for the authentication
algorithm. The brief command can be used to quickly display all the SAs already
set up.
The commands with remote and policy parameters both display the detailed
information about the SA. In display mode, part of the information about the
ipsec policy is shown first and then the detailed information of the SA in this ipsec
policy.
The command with duration parameter shows the global sa duration, including
"time-based" and "traffic-based" sa duration. Referring to the following
examples.
Information of all the SAs will be shown when no parameter is specified.
For the related commands, see reset ipsec sa, ipsec sa duration, display ipsec
sa and display ipsec policy.
Example
# View brief information about all the SAs.
<3Com> display ipsec sa brief
Src Address Dst Address SPI
Protocol
Algorithm
10.1.1.1
10.1.1.2
300
ESP
E:DES; A:HMAC-MD5-96
10.1.1.2
10.1.1.1
400
ESP
E:DES; A:HMAC-MD5-96
Description
Src Address
Local IP address
Dst Address
Remote Ip address
SPI
Protocol
Algorithm
909
910
CHAPTER 9: SECURITY
transform: AH-SHA1HMAC96
sa remaining key duration (bytes/sec): (1887436336/3594)
max sent sequence-number: 5
Item
Description
Interface
path MTU
ipsec policy
connection id
in use settings
IPSec mode, including two types: transport mode and tunnel mode
tunnel local
local IP address
tunnel remote
remote IP address
inbound
transform
sa remaining key
duration
rest sa duration of SA
max received
sequence-number
outbound
max sent
sequence-number
Syntax
display ipsec statistics
View
Any view
Parameter
none
Description
Using the display ipsec statistics command, you can view the IPSec packet
statistics information, including the input and output security packet statistics,
bytes, number of packets discarded and detailed description of discarded packets.
For the related command, see reset ipsec statistics.
Example
# View IPSec packet statistics.
<3Com> display ipsec statistics
the security packet statistics:
input/output security packets: 5124/8231
input/output security bytes: 52348/64356
911
encapsulation-mode
Item
Description
Syntax
encapsulation-mode { transport | tunnel }
undo encapsulation-mode
View
IPSec proposal view
Parameter
transport: Sets that the encapsulation mode of IP packets is transport mode.
tunnel: Sets that the encapsulation mode of IP packets is tunnel mode.
Description
Using the encapsulation-mode command, you can set the encapsulation mode
that the security protocol applies to IP packets which can be transport or tunnel.
Using the undo encapsulation-mode command, you can restore it to the
default.
By default, tunnel mode is used.
There are two encapsulation modes where IPSec is used to encrypt and
authenticate IP packets: transport mode and tunnel mode. In transport mode,
IPSec does not encapsulate a new header into the IP packet. The both ends of
security tunnel is of source and destination of original packets. In tunnel mode,
IPSec protects the whole IP packet, and adds a new IP header in the front part of
the IP packet. The source and destination addresses of the new IP header are the IP
addresses of both ends of the tunnel.
912
CHAPTER 9: SECURITY
Generally, the tunnel mode is used between two security gateways (routers). A
packet encrypted in a security gateway can only be decrypted in another security
gateway. So an IP packet needs to be encrypted in tunnel mode, that is, a new IP
header is added; the IP packet encapsulated in tunnel mode is sent to another
security gateway before it is decrypted.
The transport mode is suitable for communication between two hosts, or for
communication between a host and a security gateway (like the network
management communication between the gateway workstation and a router). In
transport mode, two devices responsible for encrypting and decrypting packets
must be the original sender and receiver of the packet. Most of the data traffic
between two security gateways is not of the security gateways own. So the
transport mode is not ofen used between security gateways.
The proposal used by the ipsec policies, set at both ends of the security tunnel,
must be set as having the same packet encapsulation mode.
For the related commands, see ah authentication-algorithm, ipsec proposal,
esp encryption-algorithm, esp authentication-algorithm, proposal and
transform.
Example
# Set the proposal whose name is prop2 as using the transport mode to
encapsulate IP packets.
[3Com] ipsec proposal prop2
[3Com-ipsec-proposal- prop2] encapsulation-mode transport
esp
authentication-algorith
m
Syntax
esp authentication-algorithm { md5 | sha1 }
undo esp authentication-algorithm
View
IPSec proposal configuration view
Parameter
md5: Use MD5 algorithm with the length of the key 128 bits.
sha1: Use SHA1 algorithm with the length of the key 160 bits.
Description
Using the esp authentication-algorithm command, you can set the
authentication algorithm used by ESP. Using the undo esp
authentication-algorithm command, you can set ESP not to authenticate
packets.
By default, MD5 algorithm is used.
MD5 is faster than SHA1, while SHA1 is securer than MD5.
ESP permits a packet to be encrypted or authenticated or both.
913
The encryption and authentication algorithm used by ESP cannot be set to vacant
at the same time.
The undo esp authentication-algorithm command is not used to restore the
authentication algorithm to the default; instead it is used to set the authentication
algorithm to vacant, i.e. not authentication. When the encryption algorithm is not
vacant, the undo esp authentication-algorithm command is valid.
The proposal used by the ipsec policies, set at both ends of the security tunnel,
must be set as having the same authentication algorithm.
For the related commands, see ipsec proposal, esp encryption-algorithm,
proposal, sa encryption-hex and transform.
Example
# Set a proposal that adopts ESP, and uses SHA1.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal- prop1] transform esp
[3Com-ipsec-proposal- prop1] esp authentication-algorithm sha1
esp
encryption-algorithm
Syntax
esp encryption-algorithm { 3des | des }
undo esp encryption-algorithm
View
IPSec proposal view
Parameter
des: Data Encryption Standard (DES), a universal encryption algorithm with the
length of the key being 56 bits.
3des: 3DES (Triple DES), another universal encryption algorithm with the length of
the key being 168 bits.
Description
Using the esp encryption-algorithm command, you can set the encryption
algorithm adopted by ESP. Using the undo esp encryption-algorithm command,
you can set the ESP not to encrypt packets.
By default, DES algorithm is used.
3des can meet the requirement of high confidentiality and security, but it is
comparatively slow. And DES can satisfy the normal security requirements.
ESP permits a packet to be encrypted or authenticated or both.
The encryption and authentication methods used by ESP cannot be set to a vacant
value at the same time. The undo esp encryption-algorithm command can take
effect only if the authentication algorithm is not null.
914
CHAPTER 9: SECURITY
ipsec policy(interface
view)
Syntax
ipsec policy policy-name
undo ipsec policy
View
Interface view
Parameter
policy-name: Specifies the name of an ipsec policy group applied at the interface.
The ipsec policy group with name policy-name should be configured in system
view.
Description
Using the ipsec policy(interface view) command, you can apply an ipsec policy
group with the name policy-name at the interface,. Using the undo ipsec
policy(interface view) command, you can cancel the ipsec policy group so as to
disable the IPSec function of the interface.
At an interface only one ipsec policy group can be applied. An ipsec policy group
can be applied at multiple interfaces.
When a packet is sent from an interface, it searches for each ipsec policy in the
ipsec policy group by number in an ascending order. If the packet matches an
access control list used by an ipsec policy, then this ipsec policy is used to process
the packet, otherwise it continues to search for the next ipsec policy. If the packet
does not match any of the access control lists used by all the ipsec policies, it will
be directly transmitted (that is, IPSec will not protect the packet).
To prevent transmitting any unencrypted packet from the interface, it is necessary
to use the firewall together with IPSec; the firewall is for dropping all the packets
that do not need to be encrypted.
For the related command, see ipsec policy(system view).
Example
# Apply an ipsec policy whose name is policy1 to interface Serial 4/1/2.
[3Com] interface serial 4/1/2/
[3Com-Serial4/1/2] ipsec policy policy1
915
Syntax
ipsec policy policy-name seq-number [ manual | isakmp [ template template-name ] ]
undo ipsec policy policy-name [ seq-number ]
View
System view
Parameter
policy-name: Name of the ipsec policy. The naming rule is: the length of the name
is 1 to 15 characters, the name is case insensitive and the characters can be
English characters or numbers, cannot include -.
seq-number: Sequence number of the ipsec policy, ranging 1 to 10000, with lower
value indicating higher sequence priority.
manual: Sets up SA manually.
isakmp: Sets up SA through IKE negotiation.
template: Dynamically sets up SA by using policy template. The policy-name
discussed here will reference template-name which is a created policy template
thus named.
template-name: Name of the template.
Description
Using the ipsec policy command, you can establish or modify an ipsec policy, and
enter ipsec policy view. Using the undo ipsec policy policy-name command, you
can delete an ipsec policy group whose name is policy-name. Using the undo
ipsec policy policy-name seq-number command. you can delete an ipsec policy
whose name is policy-name and sequence number is seq-number.
By default, no ipsec policy exists.
To establish an ipsec policy, it is necessary to specify the negotiation mode
(manual or isakmp). To modify the ipsec policy, it is not necessary to specify a
negotiation mode.
Once the ipsec policy is established, its negotiation mode cannot be modified. For
example, if an ipsec policy is established in manual mode it cannot be changed to
isakmp mode--this ipsec policy must be deleted and then recreated, if
appropriate, with the negotiation mode being isakmp.
Ipsec policies with the same name constitute an ipsec policy group. The name and
sequence number are used together to define a unique ipsec policy. In an ipsec
policy group, at most 100 ipsec policies can be set. In an ipsec policy, the smaller
the sequence number of an ipsec policy is, the higher is its preference. Apply an
ipsec policy group at an interface means applying all ipsec policies in the group
simultaneously, so that different data streams can be protected by adopting
different SAs.
916
CHAPTER 9: SECURITY
ipsec policy-template
Syntax
ipsec policy-template policy-name seq-number
undo ipsec policy-template policy-name [ seq-number ]
View
System view
Parameter
policy-name: Name of the ipsec policy. The naming rule is as follows: length is 1 to
15 bytes, the name is case insensitive and the characters can be English characters
or numbers, cannot include -.
seq-number: Serial number of the ipsec policy, ranging 1 to 10000. In one ipsec
policy group, the smaller the serial number of the ipsec policy, the higher the
preference.
Description
Using the ipsec policy-template command, you can establish or modify an ipsec
policy template, and enter ipsec policy view. Using the undo ipsec
policy-template policy-name command, you can delete the ipsec policy group
named policy-name. Using the undo ipsec policy-template policy-name
seq-number command, you can delete an ipsec policy with the name
policy-name and the serial number seq-number.
By default, no ipsec policy template exists.
917
A policy template that has been created with the name being template-name can
be referenced by the ipsec policy policy-name seq-number isakmp template
template-name command to create an IPSec policy.
The IPSec policy template and the security policy of IPSec IPSAMP negotiation
share the same kinds of arguments, including the referenced IPSec proposal, the
protected traffic, PFS feature, lifetime, and the address of the remote tunnel end.
However, you should note that the proposal argument is compulsory to be
configured whereas other arguments are optional. If an IPSec policy template is
used for the policy match operation undertaken in an IKE negotiation, the
configured arguments must be matched, and the settings of the initiator will be
used if the corresponding arguments have not been configured.
For the related commands, see ipsec policy, security acl, tunnel local, tunnel
remote, proposal, display ipsec policy, and ike-peer.
Example
# Establish an ipsec policy template with the name template1 and the serial
number 100.
[3Com] ipsec policy-template template1 100
[3Com-ipsec-policy-template- template1-100]
ipsec proposal
Syntax
ipsec proposal proposal-name
undo ipsec proposal proposal-name
View
System view
Parameter
proposal-name: Name of the specified proposal. The naming rule is: the length of
the name is 1 to 15 characters, case insensitive.
Description
Using the ipsec proposal proposal-name command, you can establish or modify
a proposal named proposal-name, and enter IPSec proposal view. Using the undo
ipsec proposal proposal-name command, you can delete the proposal named
proposal-name.
By default, no proposal exists.
This proposal is a combination of the security protocol, encryption and
authentication algorithm and packet encapsulation format for implementing IPSec
protection.
An ipsec policy determines the protocol, algorithm and encapsulation mode to be
adopted by the use of the proposal. Before the ipsec policy uses a proposal, this
proposal must have already been set up.
918
CHAPTER 9: SECURITY
After a new IPSec proposal is established by using the ipsec proposal command,
the ESP protocol, DES encryption algorithm and MD5 authentication algorithm are
adopted by default.
For the related commands, see ah authentication-algorithm, esp
encryption-algorithm, esp authentication-algorithm, encapsulation-mode,
proposal, display ipsec proposal and transform.
Example
# Establish a proposal named newprop1.
[3Com] ipsec proposal newprop1
ipsec sa global-duration
Syntax
ipsec sa global-duration { time-based seconds | traffic-based kilobytes }
undo ipsec sa global-duration { time-based | traffic-based }
View
System view
Parameter
time-based seconds: Time-based global SA duration in second, ranging 30 to
604800 seconds. It is 3600 seconds (1 hour) by default.
traffic-based kilobytes: Traffic-based global SA duration in kilobyte, ranging 256
to 4194303 kilobytes. It is 1843200 kilobytes by default and when the traffic
reaches this value, the duration expires.
Description
Using the ipsec sa global-duration command, you can set a global SA duration.
Using the undo ipsec sa global-duration command, you can restore to the
default setting of the global SA duration.
When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration
specified by this command to negotiate with the peer. If the IPSec policy is
configured with its own duration, the system will use the duration of the IPSec
policy to negotiate with the peer. When IKE negotiates to set up an SA for IPSec,
the smaller one of the lifetime set locally and that proposed by the remote is
selected.
There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA,
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first the SA will become invalid. Before the SA is about to become
invalid IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.
919
Modifying the global SA duration will not affect a map that has individually set up
its own SA duration, or an SA already set up. But the modified global SA duration
will be used to set up a new SA in the future IKE negotiation.
The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.
For the related commands, see sa duration and display ipsec sa duration.
Example
# Set the global SA duration to 2 hours.
[3Com] ipsec sa global-duration time-based 7200
pfs
Syntax
pfs { dh-group1 | dh-group2 }
undo pfs
View
IPSec policy view, IPSec policy template view
Parameter
dh-group1: Specifies that the 768-bit Diffie-Hellman group is used.
dh-group2: Specifies that the 1024-bit Diffie-Hellman group is used.
Description
Using the pfs command, you can set the Perfect Forward Secrecy (PFS) feature for
the IPSec policy to initiate the negotiation. Using the undo pfs command, you can
set not to use the PFS feature during the negotiation.
By default, no PFS feature is used.
The command is used to add a PFS exchange process when IPSec uses the ipsec
policy to initiate a negotiation. This additional key exchange is performed during
the phase 2 negotiation to enhance the communications safety. The DH group
specified by the local and remote ends must be consistent, otherwise the
negotiation will fail.
Can this command be used only when the security alliance is established through
IKE style.
For the related commands, see ipsec policy-template, ipsec policy(system
view), ipsec policy(interface view), tunnel local, tunnel remote, sa duration
and proposal.
Example
# Set that PFS must be used when negotiating through ipsec policy shanghai 200.
920
CHAPTER 9: SECURITY
proposal
Syntax
proposal proposal-name1 [ proposal-name2...proposal-name6 ]
undo proposal [ proposal-name ]
View
IPSec policy view, IPSec policy template view
Parameter
proposal-name1,, proposal-name6: Name of the proposals adopted.
Description
Using the proposal command, you can set the proposal used by the IPSec policy.
Using the undo proposal command, you can cancel the proposal used by the
IPSec policy.
By default, no proposal is used.
Before using this command, the corresponding IPSec proposal must has been
configured.
If set up in manual mode, an SA can only use one proposal. If a proposal is
already set, it needs to be deleted by using the undo proposal command before a
new one can be set.
If set up in isakmp mode, an SA can use six proposals at most. IKE negotiation will
search for the matching proposal at both ends of the security tunnel.
If it is the IPSec template, each template can use six proposals at most, and the IKE
negotiation will search for the matching proposal.
For the related commands, see ipsec proposal, ipsec policy(system view), ipsec
policy(interface view), security acl, tunnel local and tunnel remote.
Example
# Set a proposal with name prop1, adopting ESP and the default algorithm, and
sets an IPSec policy as using a proposal name prop1.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal-prop1] transform esp
[3Com-ipsec-proposal-prop1] quit
[3Com] ipsec policy policy1 100 manual
[3Com-ipsec-policy-manual-policy1-100] proposal prop1
reset ipsec sa
921
Syntax
reset ipsec sa [ remote ip-address | policy policy-name [ seq-number ] | parameters
dest-addr protocol spi ]
View
User view
Parameter
remote ip-address: Specifies remote address, in dotted decimal format.
policy: Specifies the IPSec policy.
policy-name: Specifies the name of the IPSec policy. The naming rule is as follows:
length is 1 to 15 characters, case sensitive, and the character can be English
character or number.
seq-number: Optional parameter specifying the serial number of the ipsec policy. If
no seq-number is specified, the IPSec policy refers to all the policies in the IPSec
policy group named policy-name.
parameters: Defines a Security Association (SA) by the destination address,
security protocol and SPI.
dest-address: Specifies the destination address in the dotted decimal IP address
format.
protocol: Specifies the security protocol by inputting the key word ah or esp, case
insensitive. ah indicates the Authentication Header protocol and esp indicates
Encapsulating Security Payload.
spi: Specifies the security parameter index (SPI), ranging 256 to 4294967295.
Description
Using the reset ipsec sa command, you can delete an SA already set up (manually
or through IKE negotiation). If no parameter (remote, policy, parameters) is
specified, all the SA will be deleted.
An SA is uniquely identified by a triplet of IP address, security protocol and SPI. A
SA can be set up either manually or through Internet Key Exchange (IKE)
negotiation.
If an SA set up manually is deleted, the system will automatically set up a new SA
according to the parameter manually set up.
If a packet re-triggers IKE negotiation after an SA set up through IKE negotiation is
deleted, IKE will reestablish an SA through negotiation.
The keyword parameters will take effect only after the spi of the outbound SA is
defined. Because SAs appear in pairs, the inbound SA will also be deleted after the
outbound SA is deleted.
For the related command, see display ipsec sa.
922
CHAPTER 9: SECURITY
Example
# Delete all the SAs.
<3Com> reset ipsec sa
# Delete the SA of the ipsec policy with the name policy1 and the serial number
10.
<3Com> reset ipsec sa policy policy1 10
Syntax
reset ipsec statistics
View
User view
Parameter
none
Description
Using the reset ipsec statistics command, you can clear IPSec message statistics,
and set all the statistics to zero.
For the related command, see display ipsec statistics.
Example
# Clear IPSec message statistics.
<3Com> reset ipsec statistics
sa authentication-hex
Syntax
sa authentication-hex { inbound | outbound } { ah | esp } hex-key
undo sa authentication-hex { inbound | outbound } { ah | esp }
View
IPSec policy view in manual mode
923
Parameter
inbound: Configures the authentication-hex parameter for the inbound SA. IPSec
uses the inbound SA for processing the packet in the inbound direction (received).
outbound: Configures the authentication-hex parameter for the outbound SA.
IPSec uses the outbound SA for processing the packet in the outbound direction
(sent).
ah: Sets the authentication-hex parameter for the SA using AH. If the IPSec
proposal used by the ipsec policy adopts AH, the ah key word is used here to set
the AH relevant parameter of the SA.
esp: Sets the authentication-hex parameter for the SA using ESP. If the IPSec
proposal used by the ipsec policy adopts ESP, the esp key word is used here to set
the ESP relevant parameter of the SA.
hex-key: Specifies a key for the SA input in the hex format. If MD5 is used, then
input a 16-byte key; if SHA1 is used, input a 20-byte key.
Description
Using the sa authentication-hex command, you can set the SA authentication
key manually for the ipsec policy of manual mode. Using the undo sa
authentication-hex command, you can delete the SA authentication key already
set.
This command is only used for the ipsec policy in manual mode.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually. IKE will automatically negotiate the SA parameter and establish a SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set SPI of the inbound SA to 10000, key to
0x112233445566778899aabbccddeeff00; sets the SPI of the outbound SA to
20000, and its key to 0xaabbccddeeff001100aabbccddeeff00 in the ipsec policy
using AH and MD5.
924
CHAPTER 9: SECURITY
sa duration
Syntax
sa duration { traffic-based kilobytes | time-based seconds }
undo sa duration { traffic-based | time-based }
View
IPSec policy view, IPSec policy template view
Parameter
time-based seconds: Time-based SA duration in second, ranging 30 to 604800
seconds. It is 3600 seconds (1 hour) by default.
traffic-based kilobytes: Traffic-based SA duration in kilobyte, ranging 256 to
4194303 kilobytes. It is 1843200 kilobytes by default.
Description
Using the sa duration command, you can set a SA duration of the ipsec policy.
Using the undo sa duration command, you can cancel the SA duration, i.e.,
restore the use of the global SA duration.
When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration to
negotiate with the peer. If the IPSec policy is configured with its own duration, the
system will use the duration of the IPSec policy to negotiate with the peer. When
IKE negotiates to set up an SA for IPSec, the shorter one of the lifetime set locally
and that proposed by the remote is selected.
There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first, the SA will become invalid. Before the SA is about to become
invalid, IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.
925
The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.
For the related commands, see ipsec sa global-duration, ipsec policy(system
view), ipsec policy(interface view), security acl, tunnel local, tunnel remote
and proposal.
Example
# Set the Sa duration for the ipsec policy shenzhen 100 to 2 hours, that is, 7200
seconds.
[3Com] ipsec policy shenzhen 100 isakmp
[3Com-ipsec-policy-isakmp-shenzhen-100] sa duration time-based 7200
# Set the Sa duration for the ipsec policy shenzhen 100 to 20M bytes, that is, the
SA is overtime when the traffic exceeds 20000 kilobytes.
[3Com] ipsec policy shenzhen 100 isakmp
[3Com-ipsec-policy-isakmp-shenzhen-100] sa duration traffic-based 20000
sa encryption-hex
Syntax
sa encryption-hex { inbound | outbound } esp hex-key
undo sa encryption-hex { inbound | outbound } esp
View
IPSec policy view in manual mode
Parameter
inbound: Sets the encryption-hex parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).
outbound: Sets the encryption-hex parameter for outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).
esp: Sets the encryption-hex parameter for the SA using ESP. If the IPSec proposal
used by the ipsec policy adopts ESP, the esp key word is used here to set the ESP
relevant parameter of the SA.
hex-key: Specifies a key for the SA input in the hex format. When applied in ESP, if
DES is used, then input a 8-byte key; if 3DES is used, then input a 24-byte key.
Description
Using the sa encryption-hex command, you can set the SA encryption key
manually for the ipsec policy of manual mode. Using the undo sa
encryption-hex command, you can delete the SA parameter already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
926
CHAPTER 9: SECURITY
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish an SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, and the key to 0x1234567890abcdef;
set the SPI of the outbound SA to 20000, and its key to 0xabcdefabcdef1234 in
the ipsec policy using ESP and DES.
[3Com] ipsec proposal prop_esp
[3Com-ipsec-proposal-prop_esp] transform esp
[3Com-ipsec-proposal-prop_esp] ah encryption-algorithm des
[3Com-ipsec-proposal-prop_esp] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_esp
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound esp 1001
[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex inbound esp 1234567890abcdef
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound esp 2001
[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex outbound esp
abcdefabcdef1234
sa spi
Syntax
sa spi { inbound | outbound } { ah | esp } spi-number
undo sa spi { inbound | outbound } { ah | esp }
View
IPSec policy view in manual mode
Parameter
inbound: Sets the spi parameter for the inbound SA. IPSec uses the inbound SA
for processing the packet in the inbound direction (received).
outbound: Sets the spi parameter for outbound SA. IPSec uses the outbound SA
for processing the packet in the outbound direction (sent).
927
ah: Sets the spi parameter for the SA using AH. If the IPSec proposal set used by
the ipsec policy adopts AH, the ah key word is used here to set the spi relevant
parameter of the SA.
esp: Sets the spi parameter for the SA using ESP. If the IPSec proposal set used by
the ipsec policy adopts ESP, the esp key word is used here to set the spi relevant
parameter of the SA.
spi-number: Security Parameter Index (SPI) in the triplet identification of the SA,
ranging 256 to 4294967295. The triplet identification of the SA, which appears as
SPI, destination address, and protocol number, must be unique.
Description
Using the sa spi command, you can set the SA SPI manually for the ipsec policy of
manual mode. Using the undo sa spi command, you can delete the SA SPI
already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately.
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, set the SPI of the outbound SA to
20000, in the ipsec policy using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5
[3Com-ipsec-proposal-prop_ah] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000
928
CHAPTER 9: SECURITY
sa string-key
Syntax
sa string-key { inbound | outbound } { ah | esp } string-key
undo sa string-key { inbound | outbound } { ah | esp }
View
IPSec policy view in manual mode
Parameter
inbound: Sets the string-key parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).
outbound: Sets the string-key parameter for the outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).
ah: Sets the string-key parameter for the SA using AH. If the IPSec proposal set
used by the ipsec policy adopts AH, the ah key word is used here to set the
string-key relevant parameter of the SA.
esp: Sets the string-key parameter for the SA using ESP. If the IPSec proposal set
used by the ipsec policy adopts ESP, the esp key word is used here to set the
string-key relevant parameter of the SA.
string-key: Specifies the key for an SA input in the character string format, with a
length ranging 1 to 256 characters. For different algorithms, you can input
character strings of any length in the specified range, and the system will generate
keys meeting the algorithm requirements automatically according to the input
character strings. As for ESP, the system will automatically generate the key for the
authentication algorithm and that for the encryption algorithm at the same time.
Description
Using the sa string-key command, you can set the SA parameter manually for
the ipsec policy of manual mode. Using the undo sa string-key command, you
can delete the SA parameter already set.
This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.
When configuring the SA of manual mode, the SA parameters of inbound and
outbound directions must be set separately
The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.
There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
929
is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the SPI of the inbound SA to 10000, and the key string to abcdef; sets the
SPI of the outbound SA to 20000, and its key string to efcdab in the ipsec policy
using AH and MD5.
[3Com] ipsec proposal prop_ah
[3Com-ipsec-proposal-prop_ah] transform ah
[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5
[3Com-ipsec-proposal-prop_ah] quit
[3Com] ipsec policy tianjin 100 manual
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000
[3Com-ipsec-policy-manual-tianjin-100] sa string-key abcdef
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000
[3Com-ipsec-policy-manual-tianjin-100] sa string-key efcdab
security acl
Syntax
security acl acl-number
undo security acl
View
IPSec policy view, IPSec policy template view
Parameter
acl-number: Specifies the number of the access control list used by the ipsec
policy, ranging 1000 to1999.
Description
Using the security acl command, you can set an access control list to be used by
the ipsec policy. Using the undo security acl command, you can remove the
access control list used by the ipsec policy.
By default, no ACL has been specified for the IPSec policies.
The data flow that will be protected by the IPSec policy is confined by the ACL in
this command. According to the rules in the ACL, IPSec determines which packets
need security protection and which do not. The packet permitted by the access
control list will be protected, and a packet denied by the access control list will not
be protected. The denied packets are sent out derectly without IPSec protection.
930
CHAPTER 9: SECURITY
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), tunnel local, tunnel remote, sa duration and proposal.
Example
# Set the ipsec policy as using access control list 101.
[3Com] acl number 101
[3Com-acl-adv-101] rule permit tcp source 10.1.1.1 0.0.0.255 destination 10.1.1.2
0.0.0.255
[3Com] ipsec policy beijing 100 manual
[3Com-ipsec-policy-manual-beijing-100] security acl 101
transform
Syntax
transform { ah | ah-esp | esp }
undo transform
View
IPSec proposal view
Parameter
ah: Uses AH protocol specified in RFC2402.
ah-esp: Uses ESP specified in RFC2406 to protect the packets and then use AH
protocol specified in RFC2402 to authenticate packets.
esp: Uses ESP specified in RFC2406.
Description
Using the transform command, you can set a security protocol used by a
proposal. Using the undo transform command, you can restore the default
security protocol.
By default, esp, that is, the ESP specified in RFC2406 is used.
If ESP is adopted, the default encryption algorithm is DES and the authentication
algorithm is MD5.
If AH is adopted, the default authentication algorithm is MD5.
If the parameter ah-esp is specified, the default authentication algorithm for AH is
MD5 and the default encryption algorithm for ESP is DES without authentication.
AH protocol provides data authentication, data integrity check and anti-replay
function.
ESP protocol provides data authentication, data integrity check, anti-replay
function and data encryption.
While establishing an SA manually, the proposals used by the ipsec policy set at
both ends of the security tunnel must be set as using the same security protocol.
931
The following figure illustrates the data encapsulation formats of different security
protocols in the transport mode and the tunnel mode.
Figure 2 Data encapsulation formats of security protocols
Transfer
Security mode
protocol
transport
ah
IP
AH
esp
IP
ESP
ah-esp
IP
AH
tunnel
data
data
ESP
IP
ESP-T
data
ESP-T
AH
IP
IP ESP
IP
IP
AH
data
data
ESP IP
ESP-T
data
ESP-T
tunnel local
Syntax
tunnel local ip-address
undo tunnel local
View
IPSec policy view in Manual mode
Parameter
ip-address: Local address in dotted decimal format.
Description
Using the tunnel local command, you can set the local address of an ipsec policy.
Using the undo tunnel local command, you can delete the local address set in
the ipsec policy.
By default, the local address of an ipsec policy is not configured.
It is not necessary to set a local address for an ipsec policy in isakmp mode, so this
command is invalid in this situation. IKE can automatically obtain the local address
from the interface where this ipsec policy is applied.
As for the ipsec policy in manual mode, it is necessary to set the local address
before the SA can be established. A security tunnel is set up between the local and
932
CHAPTER 9: SECURITY
remote end, so the local address and remote address must be correctly configured
before a security tunnel can be set up.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel remote, sa duration and proposal.
Example
# Set the local address for the ipsec policy, which is applied at serial 4/1/2 whose IP
address is 10.0.0.1.
[3Com] ipsec policy guangzhou 100 manual
[3Com-ipsec-policy-manual-guangzhou-100] tunnel local 10.0.0.1
[3Com-ipsec-policy-manual-guangzhou-100] quit
[3Com] interface serial 4/1/2
[3Com-if-Serial4/1/2] ipsec policy guangzhou
tunnel remote
Syntax
tunnel remote ip-address
undo tunnel remote [ ip-address ]
View
Manually-established IPSec policy view
Parameter
ip-address: Remote address in dotted decimal format.
Description
Using the tunnel remote command, you can set the remote address of an ipsec
policy. Using the undo tunnel remote command, you can delete the remote
address in the ipsec policy.
By default, the remote address of an ipsec policy is not configured.
For the ipsec policy in manual mode, only one remote address can be set. If a
remote address is already set, this existing address must be deleted before a new
one can be set.
The security tunnel is established between the local and remote ends. The remote
address must be set correctly on both ends of the security tunnel.
For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, sa duration, proposal.
Example
# Set the remote address of the ipsec policy to 10.1.1.2.
[3Com] ipsec policy shanghai 10 manual
[3Com-ipsec-policy-shanghai-10] tunnel remote 10.1.1.2
933
IKE Configuration
Commands
authentication-algorith
m
Syntax
authentication-algorithm { md5 | sha }
undo authentication-algorithm
View
IKE Proposal View
Parameter
md5: Selects the authentication algorithm: HMAC-MD5.
sha: Selects the authentication algorithm: HMAC-SHA1.
Description
Using the authentication-algorithm command, you can select the
authentication algorithm for an IKE proposal. Using the undo
authentication-algorithm command, you can restore the authentication
algorithm for an IKE proposal to the default.
By default, HMAC-SHA1 authentication algorithm is used.
For the related commands, see ike proposal, display ike proposal.
Example
# Set HMAC-MD5 as the authentication algorithm for IKE proposal 10.
[3Com] ike proposal 10
[3Com-ike-proposal-10] authentication-algorithm md5
authentication-method
Syntax
authentication-method { pre-share }
undo authentication-method
View
IKE proposal view
Parameter
pre-share: Specifies the pre-shared key authentication as the Internet Key
Exchange (IKE) proposal authentication method.
Description
Using the authentication-method command, you can select the authentication
method used by an IKE proposal. Using the undo authentication-method
command, you can restore the authentication method used by an IKE proposal to
the default.
934
CHAPTER 9: SECURITY
debugging ike
Syntax
debugging ike { error | exchange | message | misc }
undo debugging ike { error | exchange | message | misc }
View
User view
Parameter
error: Displays the IKE error debugging information.
exchange: Displays the IKE exchange mode debugging information.
message: Displays the IKE message debugging information.
misc: Displays all the other IKE debugging information.
Description
Using the debugging ike command, you can enable IKE debugging. Using the
undo debugging ike command, you can disable IKE debugging.
By default, IKE debugging is disabled.
Example
# Enable IKE error debugging.
<3Com> debugging ike error
dh
Syntax
dh { group1 | group2 }
undo dh
View
IKE proposal view
935
Parameter
group1: Selects group1, that is, the 768-bit Diffie-Hellman group.
group2: Selects group2, that is, the 1024-bit Diffie-Hellman group.
Description
Using the dh command, you can select the Diffie-Hellman group for an IKE
proposal. Using the undo dh command, you can restore the Diffie-Hellman group
for an IKE proposal to the default.
By default, group1, that is, 768-bit Diffie-Hellman group is used.
For the related commands, see ike proposal, display ike proposal.
Example
# Specify 768-bit Diffie-Hellman for IKE proposal 10.
[3Com] ike proposal 10
[3Com-ike-proposal-10] dh group1
Syntax
display ike proposal
View
Any view
Parameter
none
Description
Using the display ike proposal command, you can view the parameters
configured for each IKE proposal.
This command shows IKE proposals in the sequence of the priority.
For the related commands, see ike proposal, encryption-algorithm,
authentication-algorithm, dh and sa duration.
Example
# View the IKE proposal information after two IKE proposals are configured.
[3Com] display ike proposal
Protection suite priority 10
encryption algorithm: DES_CBC
authentication algorithm:
SHA
936
CHAPTER 9: SECURITY
sa duration(seconds): 5000
Protection suite priority 11
encryption algorithm: DES_CBC
authentication algorithm:
MD5
SHA
display ike sa
Item
Description
encryption algorithm
authentication algorithm
authentication method
Diffie-Hellman group
sa duration
Syntax
display ike sa
View
Any view
Parameter
none
Description
Using the display ike sa command, you can view the current security tunnels
established by IKE.
For the related command, see ike proposal.
937
Example
# View the security tunnels established by IKE.
[3Com] display ike sa
conn-id
remote
flag
phase
doi
202.38.0.2
RD|ST
IPSEC
202.38.0.2
RD|ST
IPSEC
flag meaning:
RD--READY ST--STAYALIVE RL--REPLACED FDFADING TO-TIMEOUT
The descriptions of the items displayed are listed in the following table.
Table 22 Display Information of IKE SA
Item
Description
conn-id
Security channel ID
remote
flag
doi
Domain of Interpretation
encryption-algorithm
Syntax
encryption-algorithm { des-cbc | 3des-cbc }
undo encryption-algorithm
View
IKE proposal view
Parameter
des-cbc: Selects the 56-bit DES-CBC encryption algorithm for an IKE proposal.
DES algorithm adopts 56-bit keys for encryption.
938
CHAPTER 9: SECURITY
3des-cbc: Setss the encryption algorithm to the 3DES algorithm in CBC mode. The
3DES algorithm uses 168-bit keys for encryption.
Description
Using the encryption command, you can specify the encryption algorithm for an
IKE proposal. Using the undo encryption command, you can restore to the
default.
By default, 56-bit DES-CBC encryption algorithm is used.
For the related commands, see ike proposal and display ike proposal.
Example
# Specify the 56-bit DES-CBC encryption algorithm for IKE proposal 10.
[3Com] ike proposal 10
[3Com-ike-proposal-10] encryption-algorithm des-cbc
exchange-mode
Syntax
exchange-mode [ aggressive | main ]
undo exchange-mode
View
IKE-peer view
Parameter
aggressive: Aggressive mode
main: Main mode.
Description
Using the exchange-mode command, you can select an IKE negotiation mode.
Using the undo exchange-mode command, you can restore the default
negotiation mode.
By default, main mode is adopted.
If the device at one end of a security tunnel obtains IP address dynamically, IKE
negotiation mode must be set to aggressive.
Example
# Adopt the main mode for IKE negotiation.
[Router] ike peer new_peer
[RouterA-ike-peer-new_peer] exchange-mode main
id-type
Syntax
id-type [ ip | name ]
939
undo id-type
View
IKE-peer view
Parameter
ip: Uses IP address as ID of the local GW.
name: Uses name of the local GW as its ID, i.e., IKE local ID designated by the ike
local id the command.
Description
Using the id-type command, you can select the type of ID used for identifying the
local GW in an IKE negotiation. Using the undo id-type command, you can
restore the default setting.
By default, the local GW is identified by its IP address.
If the id-type name command is configured, id configured in the ike local id
command will be used as ID of the local GW.
In main mode, only IP address can be used to identify the local GW. In IKE
aggressive mode, however, both IP address and name (configured using the ike
local id command) can be used to identify the local GW for SA setup. In the latter
case, regardless of the IP address assigned to a subscriber, whether static
or dynamic, an SA can be set up so long as the name and password used for
setting up the SA are correct.
For the related command, see ike local id.
Example
# Identify the local GW by name.
[Router] ike peer new_peer
[Router-ike-peer-new_peer] id-type name
ike local id
Syntax
ike local id id
undo ike local id
View
System view
Parameter
id: ID of the local GW, which can be a string of 1 to 32 characters.
Description
Using the ike local id command, you can configure ID of the local GW. Using the
undo ike local id command, you can restore the default ID of the local GW.
By default, router name is used as the ID of the local GW.
940
CHAPTER 9: SECURITY
Only if the id-type name command has been configured can the id configured
using the ike local id command be ID of the local GW.
Example
# Identify the local GW by the configured name (local ID) beijing_VPN
[Router] ike local id beijing_VPN
Syntax
ike peer peer-name
undo ike peer peer-name
View
System view
Parameter
peer-name: IKE peer name, which can be a string of up to 15 characters.
Description
Using the ike peer command, you can configure an IKE peer and access IKE-peer
view. Using the undo ike peer command, you can delete an IKE peer.
Example
# Configure an IKE peer new_peer and access its view.
[Router] ike peer new_peer
[3Com-ike-peer-new_peer]
Syntax
ike peer peer-name
undo ike peer peer-name
View
IPSec policy view, IPSec policy template view
Parameter
peer-name: IKE peer name, which is a string of up to 15 characters.
Description
Using the ike peer command, you can quote an IKE peer in an IPSec policy or
IPSec policy template. Using the undo ike peer command, you can remove the
quoted IKE peer from the IPSec policy or IPSec policy template.
For the related command, see ipsec policy.
Example
# Quote an IKE peer in the IPSec policy.
[Router-ipsec-policy-isakmp-policy-10] ike peer new_peer
ike proposal
941
Syntax
ike proposal priority-level
undo ike proposal priority-level
View
System view
Parameter
priority-level: An integer ranging 1 to 100, it is a priority level of an IKE proposal,
and can distinguish this proposal from other proposal, the bigger the
value(priority-level) be selected, the lower the priority level be set actually.
Description
Using the ike proposal command, you can define an IKE proposal. Using the
undo ike proposal command, you can delete an IKE proposal.
By default, the system provides default IKE proposal with the lowest priority.
Performing this command in system view will enter IKE proposal view. In the IKE
proposal, you can select encryption algorithm, authentication algorithm, DH group
ID, authentication method and specify sa duration for this IKE proposal. Default
IKE proposal has a default encryption algorithm, authentication algorithm, DH
group ID, authentication method and sa duration, as follows:
These parameters will be used to establish a security tunnel once these parameters
are confirmed by both sides of the negotiation.
Both sides of the negotiation can be configured in more then one IKE proposal.
During the negotiation, the IKE proposals in both sides are selected to match one
by one, by turns of their priority level. The parameters that must be same durning
the match are encryption algorithm, authentication algorithm, authentication
method, and DH group. The sa duration is decided by the initiator of the
negotiation, needing no agreement.
For the related commands, see authentication-algorithm,
encryption-algorithm, dh, authentication-algorithm, sa duration, display
crypto isakmp policy.
Example
# Define IKE proposal 10 with default encryption algorithm.
[3Com] ike proposal 10
[3Com-ike-proposal-10] authentication-algorithm md5
942
CHAPTER 9: SECURITY
ike sa keepalive-timer
interval
Syntax
ike sa keepalive-timer interval seconds
undo ike sa keepalive-timer interval
View
System view
Parameter
seconds: Specifies the interval for sending Keepalive packet to the remote end
through ISAKMP SA. It can be set to a value in the range 20 to 28800.
Description
Using the ike sa keepalive-timer interval command, you can configure the
interval for sending Keepalive packet to the remote end through ISAKMP SA.
Using the undo ike sa keepalive-timer interval command, you can disable the
function.
By default, this function is disabled.
This command is used to configure the interval for sending Keepalive packet to
the remote end through ISAKMP SA. IKE maintains the link state of the ISAKMP
SA by using the Keepalive packet. In general, if a timeout is configured at the
remote end by using the ike sa keepalive-timer timeout command, an interval
for sending Keepalive packet must be configured at the local end. When the
remote end in the configured timeout time does not receive the Keepalive packet,
the ISAKMP SA with the TIMEOUT flag and the IPSec SA corresponding to it will
be deleted, and otherwise the ISAKMP SA without the TIMEOUT flag will be
marked as TIMEOUT. Thus the configured timeout should be longer than the
interval for sending the Keepalive packet during configuration.
For the related command, see ike sa keepalive-timer timeout.
Example
# Configure the interval as 20 seconds for the local end to send Keepalive packet
to the remote end.
[3Com] ike sa keepalive-timer interval 20
ike sa keepalive-timer
timeout
Syntax
ike sa keepalive-timer timeout seconds
undo ike sa keepalive-timer timeout
View
System view
943
Parameter
seconds: Specifies the timeout for ISAKMP SA to wait for the Keepalive packet. It
can be set to a value in the range 20 to 28800.
Description
Using the ike sa keepalive-timer timeout command, you can configure a
timeout for ISAKMP SA to wait for the Keepalive packet. Using the undo ike sa
keepalive-timer timeout command, you can disable the function.
By default, this function is disabled.
This command is used to configure the timeout for the remote end to send the
Keepalive packet. IKE maintains the link state of the ISAKMP SA by using the
Keepalive packet. When the remote end in the configured timeout does not
receive the Keepalive packet, the ISAKMP SA with the TIMEOUT flag and the IPSec
SA corresponding to it will be deleted, and otherwise the ISAKMP SA without the
TIMEOUT flag will be marked as TIMEOUT. Thus the configured timeout should be
longer than the interval for sending the Keepalive packet during configuration.
Generally, packets will not be lost for more than three consecutive times in the
network, so the timeout can be configured as three times of the interval set for
the remote end to send Keepalive packets.
For the related command, see ike sa keepalive-timer interval.
Example
# Configure the timeout as 20 seconds for the local end to wait for the remote
end to send the Keepalive packet.
[3Com] ike sa keepalive-timer timeout 20
nat-traversal
Syntax
nat-traversal
undo nat-traversal
View
IKE-peer view
Parameter
None
Description
Using the nat-traversal command, you can configure the NAT traversal function
of IKE/IPSec. Using the undo nat-traversal command, you can disable the NAT
traversal function of IKE/IPSec.
This command fits for the application that the NAT GW functionality is included in
the VPN tunnel constructed by IKE/IPSec.
Example
# Enable the NAT traversal function.
944
CHAPTER 9: SECURITY
Syntax
pre-shared-key key
undo pre-shared-key
View
IKE-peer view
Parameter
key: Specifies a pre-shared key, which is a string of 1 to 128 characters.
Description
Using the pre-shared-key command, you can configure a pre-shared key to be
used in IKE negotiation. Using the undo pre-shared-key command, you can
remove the pre-shared key used in IKE negotiation.
Example
# Set the pre-shared key used in IKE negotiation to abcde.
[Router] ike peer new_peer
[Router-ike-peer-new_peer] pre-shared-key abcde
remote-address
Syntax
remote-address ip-address
undo remote-address
View
IKE-peer view
Parameter
ip-address: IP address.
Description
Using the remote-address command, you can configure IP address of the remote
GW. Using the undo remote-address command, you can delete IP address of the
remote GW.
ip-address configured in this command should comply with the one configured for
the remote GW.
Example
# Set IP address of the remote GW to 10.0.0.1.
[Router] ike peer new_peer
[Router-ike-peer-new_peer] remote-address 10.0.0.1
remote-id
945
Syntax
remote-id id
undo remote-id
View
IKE-peer view
Parameter
id: Specifies ID of the remote GW, which is a string of 1 to 32 characters.
Description
Using the remote-id command, you can specify a remote GW. Using the undo
remote-id command, you can remove the configuration of the remote GW.
id configured in this command must be the same one configured using the ike
local id command on the remote GW.
Example
# Set ID of the remote GW to beijing.
[Router] ike peer new_peer
[Router-ike-peer-new_peer] remote-id beijing
reset ike sa
Syntax
reset ike sa [ connection-id ]
View
User view
Parameter
connection-id: Specifies the SA to be deleted. If this parameter is not specified, all
the SAs at phase 1 and phase 2 will be deleted.
Description
Using the reset ike sa command, you can delete the security tunnel set up by IKE.
If connection-id is not specified, all the SAs at phase 1 and phase 2 will be deleted.
If ISAKMP SA at phase 1 exists when deleting the local security tunnel, a Delete
Message notification is sent to the remote under the protection of this security
tunnel to notify the remote to delete the SA database.
IKE uses ISAKMP of two phases: phase 1 or ISAKMP SA to establish SA, phase 2 or
IPSec SA to negotiate and establish IPSec SA, using the former established SA.
For the related command, see display ike sa.
Example
# Delete the security tunnel to 202.38.0.2.
<3Com> display ike sa
946
CHAPTER 9: SECURITY
conn-id
remote
flag
phase
doi
202.38.0.2
RD|ST
IPSEC
202.38.0.2
RD|ST
IPSEC
flag meaning:
RD--READY ST--STAYALIVE RT--REPLACED FD--FADING
<3Com> reset ike sa 2
<3Com> display ike sa
conn-id
2
remote
202.38.0.2
flag
RD|ST
phase
2
doi
IPSEC
flag meaning:
RD--READY ST--STAYALIVE RT--REPLACED FDFADING
Syntax
sa duration seconds
undo sa duration
View
IKE proposal view
Parameter
seconds: Specifies the ISAKMP Sa duration. When the sa duration expires, ISAKMP
SA will update automatically. It can be set to a value in the range 60 to 604800
seconds.
Description
Using the sa duration command, you can specify the ISAKMP Sa duration for an
IKE proposal. Using the undo sa duration command, you can restore it to the
default.
By default, the value of ISAKMP Sa duration is 86400 seconds (one day).
Before the sa duration for a SA expires, a new SA will be negotiated for replacing
the existing SA, and the old SA will be automatically cleared when the Sa duration
expires.
For the related commands, see ike proposal and display ike proposal.
authentication-algorith
m
Syntax
authentication-algorithm { md5 | sha }
undo authentication-algorithm
947
View
IKE Proposal View
Parameter
md5: Selects the authentication algorithm: HMAC-MD5.
sha: Selects the authentication algorithm: HMAC-SHA1.
Description
Using the authentication-algorithm command, you can select the
authentication algorithm for an IKE proposal. Using the undo
authentication-algorithm command, you can restore the authentication
algorithm for an IKE proposal to the default.
By default, HMAC-SHA1 authentication algorithm is used.
For the related commands, see ike proposal, display ike proposal.
Example
# Set HMAC-MD5 as the authentication algorithm for IKE proposal 10.
[3Com] ike proposal 10
[3Com-ike-proposal-10] authentication-algorithm md5
authentication-method
Syntax
authentication-method { pre-share }
undo authentication-method
View
IKE proposal view
Parameter
pre-share: Specifies the pre-shared key authentication as the Internet Key
Exchange (IKE) proposal authentication method.
Description
Using the authentication-method command, you can select the authentication
method used by an IKE proposal. Using the undo authentication-method
command, you can restore the authentication method used by an IKE proposal to
the default.
By default, the authentication method used by an IKE proposal is pre-shared key
authentication.
Authentication key must be configured to adopt the pre-shared key authentication
method.
For the related commands, see ike proposal and display ike proposal.
948
CHAPTER 9: SECURITY
Example
# Specify pre-shared key authentication as the authentication method for IKE
proposal 10.
[3Com] ike proposal 10
[3Com-ike-proposal-10] authentication-method pre-share
debugging ike
Syntax
debugging ike { error | exchange | message | misc }
undo debugging ike { error | exchange | message | misc }
View
User view
Parameter
error: Displays the IKE error debugging information.
exchange: Displays the IKE exchange mode debugging information.
message: Displays the IKE message debugging information.
misc: Displays all the other IKE debugging information.
Description
Using the debugging ike command, you can enable IKE debugging. Using the
undo debugging ike command, you can disable IKE debugging.
By default, IKE debugging is disabled.
Example
# Enable IKE error debugging.
<3Com> debugging ike error
dh
Syntax
dh { group1 | group2 }
undo dh
View
IKE proposal view
Parameter
group1: Selects group1, that is, the 768-bit Diffie-Hellman group.
group2: Selects group2, that is, the 1024-bit Diffie-Hellman group.
949
Description
Using the dh command, you can select the Diffie-Hellman group for an IKE
proposal. Using the undo dh command, you can restore the Diffie-Hellman group
for an IKE proposal to the default.
By default, group1, that is, 768-bit Diffie-Hellman group is used.
For the related commands, see ike proposal, display ike proposal.
Example
# Specify 768-bit Diffie-Hellman for IKE proposal 10.
[3Com] ike proposal 10
[3Com-ike-proposal-10] dh group1
Syntax
display ike proposal
View
Any view
Parameter
none
Description
Using the display ike proposal command, you can view the parameters
configured for each IKE proposal.
This command shows IKE proposals in the sequence of the priority.
For the related commands, see ike proposal, encryption-algorithm,
authentication-algorithm, dh and sa duration.
Example
# View the IKE proposal information after two IKE proposals are configured.
[3Com] display ike proposal
Protection suite priority 10
encryption algorithm: DES_CBC
authentication algorithm:
SHA
MD5
950
CHAPTER 9: SECURITY
SHA
Description
Protection suite priority priority of the IKE proposal, being any integer between 1 and 100.
The larger the priority value, the lower the priority.
encryption algorithm
authentication
algorithm
display ike sa
Diffie-Hellman group
sa duration
Default protection
suite
Syntax
display ike sa
View
Any view
Parameter
none
Description
Using the display ike sa command, you can view the current security tunnels
established by IKE.
For the related command, see ike proposal.
Example
# View the security tunnels established by IKE.
[3Com] display ike sa
conn-id
1
remote
flag
202.38.0.2
RD|ST
phase
1
doi
IPSEC
202.38.0.2
RD|ST
951
IPSEC
flag meaning:
RD--READY ST--STAYALIVE RL--REPLACED FDFADING TO-TIMEOUT
The descriptions of the items displayed are listed in the following table.
Table 24 Display information of IKE SA
Item
Description
conn-id
Security channel ID
remote
flag
RD (READY) means this SA has been established ST (STAYALIVE) means that SA duration is
successfully
negotiated, and this SA will be refreshed
in fixed interval.
RL (REPLACED) means that this SA has been
replaced by a new one, and will be
automatically deleted after a period of time.
phase
encryption-algorithm
Syntax
encryption-algorithm { des-cbc | 3des-cbc }
undo encryption-algorithm
View
IKE proposal view
Parameter
des-cbc: Selects the 56-bit DES-CBC encryption algorithm for an IKE proposal.
DES algorithm adopts 56-bit keys for encryption.
3des-cbc: Setss the encryption algorithm to the 3DES algorithm in CBC mode. The
3DES algorithm uses 168-bit keys for encryption.
Description
Using the encryption command, you can specify the encryption algorithm for an
IKE proposal. Using the undo encryption command, you can restore to the
default.
By default, 56-bit DES-CBC encryption algorithm is used.
952
CHAPTER 9: SECURITY
For the related commands, see ike proposal and display ike proposal.
Example
# Specify the 56-bit DES-CBC encryption algorithm for IKE proposal 10.
[3Com] ike proposal 10
[3Com-ike-proposal-10] encryption-algorithm des-cbc
exchange-mode
Syntax
exchange-mode [ aggressive | main ]
undo exchange-mode
View
IKE-peer view
Parameter
aggressive: Aggressive mode
main: Main mode.
Description
Using the exchange-mode command, you can select an IKE negotiation mode.
Using the undo exchange-mode command, you can restore the default
negotiation mode.
By default, main mode is adopted.
If the device at one end of a security tunnel obtains IP address dynamically, IKE
negotiation mode must be set to aggressive.
Example
# Adopt the main mode for IKE negotiation.
[Router] ike peer new_peer
[RouterA-ike-peer-new_peer] exchange-mode main
id-type
Syntax
id-type [ ip | name ]
undo id-type
View
IKE-peer view
Parameter
ip: Uses IP address as ID of the local GW.
name: Uses name of the local GW as its ID, i.e., IKE local ID designated by the ike
local id the command.
953
Description
Using the id-type command, you can select the type of ID used for identifying the
local GW in an IKE negotiation. Using the undo id-type command, you can
restore the default setting.
By default, the local GW is identified by its IP address.
If the id-type name command is configured, id configured in the ike local id
command will be used as ID of the local GW.
In main mode, only IP address can be used to identify the local GW. In IKE
aggressive mode, however, both IP address and name (configured using the ike
local id command) can be used to identify the local GW for SA setup. In the latter
case, regardless of the IP address assigned to a subscriber, whether static
or dynamic, an SA can be set up so long as the name and password used for
setting up the SA are correct.
For the related command, see ike local id.
Example
# Identify the local GW by name.
[Router] ike peer new_peer
[Router-ike-peer-new_peer] id-type name
ike local id
Syntax
ike local id id
undo ike local id
View
System view
Parameter
id: ID of the local GW, which can be a string of 1 to 32 characters.
Description
Using the ike local id command, you can configure ID of the local GW. Using the
undo ike local id command, you can restore the default ID of the local GW.
By default, router name is used as the ID of the local GW.
Only if the id-type name command has been configured can the id configured
using the ike local id command be ID of the local GW.
Example
# Identify the local GW by the configured name (local ID) beijing_VPN
[Router] ike local id beijing_VPN
Syntax
ike peer peer-name
954
CHAPTER 9: SECURITY
View
System view
Parameter
peer-name: IKE peer name, which can be a string of up to 15 characters.
Description
Using the ike peer command, you can configure an IKE peer and access IKE-peer
view. Using the undo ike peer command, you can delete an IKE peer.
Example
# Configure an IKE peer new_peer and access its view.
[Router] ike peer new_peer
[3Com-ike-peer-new_peer]
Syntax
ike peer peer-name
undo ike peer peer-name
View
IPSec policy view, IPSec policy template view
Parameter
peer-name: IKE peer name, which is a string of up to 15 characters.
Description
Using the ike peer command, you can quote an IKE peer in an IPSec policy or
IPSec policy template. Using the undo ike peer command, you can remove the
quoted IKE peer from the IPSec policy or IPSec policy template.
For the related command, see ipsec policy.
Example
# Quote an IKE peer in the IPSec policy.
[Router-ipsec-policy-isakmp-policy-10] ike peer new_peer
ike proposal
Syntax
ike proposal priority-level
undo ike proposal priority-level
View
System view
955
Parameter
priority-level: An integer ranging 1 to 100, it is a priority level of an IKE proposal,
and can distinguish this proposal from other proposal, the bigger the
value(priority-level) be selected, the lower the priority level be set actually.
Description
Using the ike proposal command, you can define an IKE proposal. Using the
undo ike proposal command, you can delete an IKE proposal.
By default, the system provides default IKE proposal with the lowest priority.
Performing this command in system view will enter IKE proposal view. In the IKE
proposal, you can select encryption algorithm, authentication algorithm, DH group
ID, authentication method and specify sa duration for this IKE proposal. Default
IKE proposal has a default encryption algorithm, authentication algorithm, DH
group ID, authentication method and sa duration, as follows:
These parameters will be used to establish a security tunnel once these parameters
are confirmed by both sides of the negotiation.
Both sides of the negotiation can be configured in more then one IKE proposal.
During the negotiation, the IKE proposals in both sides are selected to match one
by one, by turns of their priority level. The parameters that must be same durning
the match are encryption algorithm, authentication algorithm, authentication
method, and DH group. The sa duration is decided by the initiator of the
negotiation, needing no agreement.
For the related commands, see authentication-algorithm,
encryption-algorithm, dh, authentication-algorithm, sa duration, display
crypto isakmp policy.
Example
# Define IKE proposal 10 with default encryption algorithm.
[3Com] ike proposal 10
[3Com-ike-proposal-10] authentication-algorithm md5
[3Com-ike-proposal-10] authentication-method pre-share
[3Com-ike-proposal-10] sa duration 5000
ike sa keepalive-timer
interval
Syntax
ike sa keepalive-timer interval seconds
undo ike sa keepalive-timer interval
956
CHAPTER 9: SECURITY
View
System view
Parameter
seconds: Specifies the interval for sending Keepalive packet to the remote end
through ISAKMP SA. It can be set to a value in the range 20 to 28800.
Description
Using the ike sa keepalive-timer interval command, you can configure the
interval for sending Keepalive packet to the remote end through ISAKMP SA.
Using the undo ike sa keepalive-timer interval command, you can disable the
function.
By default, this function is disabled.
This command is used to configure the interval for sending Keepalive packet to
the remote end through ISAKMP SA. IKE maintains the link state of the ISAKMP
SA by using the Keepalive packet. In general, if a timeout is configured at the
remote end by using the ike sa keepalive-timer timeout command, an interval
for sending Keepalive packet must be configured at the local end. When the
remote end in the configured timeout time does not receive the Keepalive packet,
the ISAKMP SA with the TIMEOUT flag and the IPSec SA corresponding to it will
be deleted, and otherwise the ISAKMP SA without the TIMEOUT flag will be
marked as TIMEOUT. Thus the configured timeout should be longer than the
interval for sending the Keepalive packet during configuration.
For the related command, see ike sa keepalive-timer timeout.
Example
# Configure the interval as 20 seconds for the local end to send Keepalive packet
to the remote end.
[3Com] ike sa keepalive-timer interval 20
ike sa keepalive-timer
timeout
Syntax
ike sa keepalive-timer timeout seconds
undo ike sa keepalive-timer timeout
View
System view
Parameter
seconds: Specifies the timeout for ISAKMP SA to wait for the Keepalive packet. It
can be set to a value in the range 20 to 28800.
Description
Using the ike sa keepalive-timer timeout command, you can configure a
timeout for ISAKMP SA to wait for the Keepalive packet. Using the undo ike sa
keepalive-timer timeout command, you can disable the function.
By default, this function is disabled.
957
This command is used to configure the timeout for the remote end to send the
Keepalive packet. IKE maintains the link state of the ISAKMP SA by using the
Keepalive packet. When the remote end in the configured timeout does not
receive the Keepalive packet, the ISAKMP SA with the TIMEOUT flag and the IPSec
SA corresponding to it will be deleted, and otherwise the ISAKMP SA without the
TIMEOUT flag will be marked as TIMEOUT. Thus the configured timeout should be
longer than the interval for sending the Keepalive packet during configuration.
Generally, packets will not be lost for more than three consecutive times in the
network, so the timeout can be configured as three times of the interval set for
the remote end to send Keepalive packets.
For the related command, see ike sa keepalive-timer interval.
Example
# Configure the timeout as 20 seconds for the local end to wait for the remote
end to send the Keepalive packet.
[3Com] ike sa keepalive-timer timeout 20
nat-traversal
Syntax
nat-traversal
undo nat-traversal
View
IKE-peer view
Parameter
None
Description
Using the nat-traversal command, you can configure the NAT traversal function
of IKE/IPSec. Using the undo nat-traversal command, you can disable the NAT
traversal function of IKE/IPSec.
This command fits for the application that the NAT GW functionality is included in
the VPN tunnel constructed by IKE/IPSec.
Example
# Enable the NAT traversal function.
[Router] ike peer new_peer
[Router-ike-peer-new_peer] nat traversal
pre-shared-key
Syntax
pre-shared-key key
undo pre-shared-key
958
CHAPTER 9: SECURITY
View
IKE-peer view
Parameter
key: Specifies a pre-shared key, which is a string of 1 to 128 characters.
Description
Using the pre-shared-key command, you can configure a pre-shared key to be
used in IKE negotiation. Using the undo pre-shared-key command, you can
remove the pre-shared key used in IKE negotiation.
Example
# Set the pre-shared key used in IKE negotiation to abcde.
[Router] ike peer new_peer
[Router-ike-peer-new_peer] pre-shared-key abcde
remote-address
Syntax
remote-address ip-address
undo remote-address
View
IKE-peer view
Parameter
ip-address: IP address.
Description
Using the remote-address command, you can configure IP address of the remote
GW. Using the undo remote-address command, you can delete IP address of the
remote GW.
ip-address configured in this command should comply with the one configured for
the remote GW.
Example
# Set IP address of the remote GW to 10.0.0.1.
[Router] ike peer new_peer
[Router-ike-peer-new_peer] remote-address 10.0.0.1
remote-id
Syntax
remote-id id
undo remote-id
View
IKE-peer view
959
Parameter
id: Specifies ID of the remote GW, which is a string of 1 to 32 characters.
Description
Using the remote-id command, you can specify a remote GW. Using the undo
remote-id command, you can remove the configuration of the remote GW.
id configured in this command must be the same one configured using the ike
local id command on the remote GW.
Example
# Set ID of the remote GW to beijing.
[Router] ike peer new_peer
[Router-ike-peer-new_peer] remote-id beijing
reset ike sa
Syntax
reset ike sa [ connection-id ]
View
User view
Parameter
connection-id: Specifies the SA to be deleted. If this parameter is not specified, all
the SAs at phase 1 and phase 2 will be deleted.
Description
Using the reset ike sa command, you can delete the security tunnel set up by IKE.
If connection-id is not specified, all the SAs at phase 1 and phase 2 will be deleted.
If ISAKMP SA at phase 1 exists when deleting the local security tunnel, a Delete
Message notification is sent to the remote under the protection of this security
tunnel to notify the remote to delete the SA database.
IKE uses ISAKMP of two phases: phase 1 or ISAKMP SA to establish SA, phase 2 or
IPSec SA to negotiate and establish IPSec SA, using the former established SA.
For the related command, see display ike sa.
Example
# Delete the security tunnel to 202.38.0.2.
<3Com> display ike sa
conn-id
remote
flag
phase
doi
202.38.0.2
RD|ST
IPSEC
202.38.0.2
RD|ST
IPSEC
flag meaning:
RD--READY ST--STAYALIVE RT--REPLACED FD--FADING
960
CHAPTER 9: SECURITY
remote
202.38.0.2
flag
RD|ST
phase
2
doi
IPSEC
flag meaning:
RD--READY ST--STAYALIVE RT--REPLACED FDFADING
Syntax
sa duration seconds
undo sa duration
View
IKE proposal view
Parameter
seconds: Specifies the ISAKMP Sa duration. When the sa duration expires, ISAKMP
SA will update automatically. It can be set to a value in the range 60 to 604800
seconds.
Description
Using the sa duration command, you can specify the ISAKMP Sa duration for an
IKE proposal. Using the undo sa duration command, you can restore it to the
default.
By default, the value of ISAKMP Sa duration is 86400 seconds (one day).
Before the sa duration for a SA expires, a new SA will be negotiated for replacing
the existing SA, and the old SA will be automatically cleared when the Sa duration
expires.
For the related commands, see ike proposal and display ike proposal.
961
Example
# Specify the ISAKMP Sa duration for IKE proposal 10 as 600 seconds (10
minutes).
[3Com] ike proposal 10
[3Com-ike-proposal-10] sa duration 600
authentication-method
Syntax
authentication-method { pre-share | rsa-signature }
undo authentication-method
View
IKE proposal view
Parameter
pre-share: decides on pre-shared-key as the authentication method;
rsa-signature: decides on PKI digital signature as the authentication method.
Description
Using the authentication-method command, you can specify the authentication
method IKE policy uses. Using the undo authentication-method command, you
can reactivate the default authentication method.
pre-shared-key is the default authentication method.
This command is used to specify the authentication method for an IKE proposal.
Currently, both pre-shared-key and rsa-signature are practicable.
pre-shared-key requires the configuration of key, for which, you may refer to ike
pre-shared-key.
For related commands, see ike pre-shared-key, ike proposal, display ike
proposal, pki domain, and pki entity.
To configure PKI, please refer to PKI Configuration.
Example
# Specify pre-shared-key as the authentication method of IKE proposal 10
[Router] ike proposal 10
[Router-ike-proposal-10] authentication-method pre-share
authentication-method
Syntax
authentication-method { pre-share | rsa-signature }
undo authentication-method
View
IKE proposal view
Parameter
pre-share: decides on pre-shared-key as the authentication method;
rsa-signature: decides on PKI digital signature as the authentication method.
962
CHAPTER 9: SECURITY
Description
Using the authentication-method command, you can specify the authentication
method IKE policy uses. Using the undo authentication-method command, you
can reactivate the default authentication method.
pre-shared-key is the default authentication method.
This command is used to specify the authentication method for an IKE proposal.
Currently, both pre-shared-key and rsa-signature are practicable.
pre-shared-key requires the configuration of key, for which, you may refer to ike
pre-shared-key.
For related commands, see ike pre-shared-key, ike proposal, display ike
proposal, pki domain, and pki entity.
To configure PKI, please refer to PKI Configuration.
Example
# Specify pre-shared-key as the authentication method of IKE proposal 10
[Router] ike proposal 10
[Router-ike-proposal-10] authentication-method pre-share
PKI Configuration
Commands
PKI Domain
Configuration
Commands
ca identifier
Syntax
ca identifier name
undo ca identifier
View
PKI domain view
Parameter
name: CA identifier this device trusts, within the range of 1 to 63 characters.
Description
Using the ca identifier command, you can specify the CA this device trusts and
have the name CA bound with this device. Using the undo ca identifier
command, you can delete the CA this device trusts.
By default, no trusted CA is specified.
Before the CA is deleted, the request, retrieval, revocation, and polling of this
certificate are carried out.
963
Example
#Specify the name of the CA this device trusts.
[RouterCA-pki-domain-1]ca identifier new-ca
Syntax
certificate request from { ca | ra } entity entity-name
undo certificate request from { ca | ra }
View
PKI domain view
Parameter
ca: indicates that the entity registers by CA for certificate request.
ra: indicates that the entity registers by RA for certificate request.
entity entity-name: name of the entity under certificate request. Within the
Syntax
certificate request mode { manual | auto }
undo certificate request mode
View
PKI domain view
964
CHAPTER 9: SECURITY
Parameter
manual: refers to the manual certificate request mode;
auto: refers to the auto certificate request mode.
Description
Using the certificate request mode command, you can decide between the
manual or the auto request mode. Using the undo certificate request mode
command, you can restore the default request mode.
Auto mode enables the auto delivery of certificate request when there is no
certificate, or when the current certificate is about to expire. Manual mode
requires manual operation in the request process.
By default, certificate request is carried out manually.
For related command, see pki request certificate.
Example
# Set the request mode to Auto
[RouterCA-pki-domain-1]certificate request mode auto
[RouterCA-pki-domain-1]undo certificate request mode
certificate request
polling
Syntax
certificate request polling { interval minutes | count count }
undo certificate request polling { interval | count }
View
PKI domain view
Parameter
minutes: renders the interval between two polls. Specified in minutes, it ranges
from 5 to 60 minutes, and by default, it is 20 minutes;
count: indicates the retry times. It ranges from 1 to 100, and by default, is 50.
Description
Using the certificate request polling command, you can specify the interval
between two polls and the retry times. Using the undo certificate request
polling command, you can restore the default parameters.
When the request is delivered, if CA requires manual authentication, it will take a
long time before the certificate is issued. The client, therefore, needs to
periodically poll the request for the timely acquisition of the certificate after being
authorized.
For related command, see display pki certificate.
Example
# Specify the interval between two polls and the retry times
965
40
Syntax
certificate request url string
undo certificate request url
View
PKI domain view
Parameter
string: refers to the server URL of the registration authority. Ranging from 1 to
255 characters, it composes server location and CA CGI command interface script
location in the format of http://server_location/ca_script_location. Thereamong,
server_location is generally expressed as IP address, which if is to be replaced by
server name, DNS needs to be configured for the conversion match between IP
addressed and server names.
Description
Using the certificate request url command, you can specify the server URL for
certificate request through SCEP protocol. SCEP is a protocol specialized in the
communication with authentication authorities. Using the undo certificate
request url command, you can delete the concerned location setting.
By default, no server URL is specified.
Example
#Specify the server location for certificate request.
[RouterCA-pki-domain-1] certificate request url http:
//169.254.0.100/ certsrv/mscep.dll
Syntax
crl update period { default | days }
undo crl update period
View
PKI domain view
Parameter
default: identical with the validity period of CRL
days: number of days
Description
Using the crl update period command, you can specify the update period of
CRL, which is the interval between local downloads of CRLs from access server.
966
CHAPTER 9: SECURITY
Using the undo crl update period command, you can restpre the default CRL
update period.
By default, it updates according to CRL validity period.
Example
#Specify CRL update period.
[RouterCA-pki-domain-1] crl update period 20
crl url
Syntax
crl url url-string
undo crl url
View
PKI domain view
Parameter
url-string: refers to the distribution point location of CRL. Ranging from 1 to
server name, DNS needs to be configured for the match between IP addresses and
server names.
Description
Using the crl url command, you can specify the distribution point URL for CRL.
Using the undo crl url command, you can undo the specification.
By default, no CRL distribution point URL is specified.
Example
#Specify the URL location of CRL database.
[RouterCA-pki-domain-1] crl url ldap: // 169.254.0 30
Idap server
Syntax
Idap server ip ip-address [ port port-num ] [ version version-number]
undo Idap server ip
View
PKI domain view
Parameter
ip-address: IP address of LDAP server.
port-num: port number of LDAP server, ranging from 1 to 65535. By default, it is
389.
version-number: LDAP version number, alternatively 2 or 3. By default, it is 2.
967
Description
Using the Idap server ip command, you can configure the LDAP server IP address
and the port. Using the undo ldap server ip command, you can cancel the
related configuration.
By default, no LDAP server IP address or port is configured.
Example
#Specify the LDAP server address.
[RouterCA-pki-domain-1]ldap server ip 169.254.0 30
pki domain
Syntax
pki domain name
undo pki domain name
View
Any view
Parameter
name: PKI domain name specified for the quotation of other commands, indicating
the PKI domain this device belongs to. It can contain 1 to 15 characters.
Description
Using the pki domain command, you can enter PKI domain view, and configure
the parameters of LDAP server and for certificate request and authentication.
Using the undo pki domain command to delete the specified PKI domain.
By default, no PKI domain name is specified.
Example
#Enter PKI domain view.
[RouterCA]pki domain 1
Syntax
fqdn name-str
undo fqdn
View
PKI entity view
Parameter
name-str: FQDN of an entity, within the range of 1 to 255 characters.
968
CHAPTER 9: SECURITY
Description
Using the fqdn command, you can specify the FQDN of an entity. Using the undo
fqdn command, you can delete the entity FQDN.
By default, no entity FQDN is specified.
FQDN (Fully Qualified Domain Name) is the unique identifier an entity has in the
network, like email address. It can be resolved into IP address, usually in the form
of user.domain.
Example
#Configure the FQDN of an entity.
[RouterCA-pki-entity-1]fqdn pki.3com.com
common name
Syntax
common-name name-str
undo common-name
View
PKI entity view
Parameter
name-str: common name of an entity, within the range of 1 to 31 characters
Description
Using the common-name command, you can specify the common name of an
entity, for instance, User Name. Using the undo common-name command, you
can delete the common name of this entity.
By default, no common name is specified for any entity.
Example
#Configure the common name of an entity.
[RouterCA-pki-entity-1]common-name pki test
country code
Syntax
country country-code-str
undo country
View
PKI entity view
Parameter
country-code-str: country code of 2 bytes
969
Description
Using the country command, you can specify the code of the country the entity
belongs to. It is a standard 2-byte code, e.g., CN for China. Using the undo
country command, you can delete the country code of this entity.
By default, no country code is specified for any entity.
Example
#Set the country code of an entity.
[RouterCA-pki-entity-1]country CN
ip
Syntax
ip ip-address
undo ip
View
PKI entity view
Parameter
ip-address: IP address of an entity in the form of dotted decimal like A.B.C.D
Description
Using the ip command, you can specify the IP address of an entity. Using the
undo ip command, you can delete the specified IP address.
By default, no entity IP address is specified.
Example
#Configure the IP address of an entity.
[RouterCA-pki-entity-1]ip 161.12.2.3
locality
Syntax
locality locality-str
undo locality
View
PKI entity view
Parameter
locality-str: name of the geographical locality of an entity, in the range of 1 to
31 characters.
Description
Using the locality command, you can name the geographical locality of an entity,
by a city for example. Using the undo locality command you can cancel the
mentioned naming operation.
By default, no geographical locality is specifed for an entity.
970
CHAPTER 9: SECURITY
Example
#Configure the name of the city where the entity lives.
[RouterCA-pki-entity-1]locality bei jing
organization
Syntax
organization org-str
undo organization
View
PKI entity view
Parameter
org-str: organization name in the range of 1 to 31 characters.
Description
Using the organization command, you can specify the name of the organization
the entity belongs to. Using the undo organization command, you can delete
that name.
By default, no organization name is specified for any entity.
Example
#Configure the name of the organization to which an entity belongs.
[RouterCA-pki-entity-1]organization hua wei - 3com
organizational unit
Syntax
organizational-unit org-unit-str
undo organizational-unit
View
PKI entity view
Parameter
org-unit-str: organization unit name in the range of 1 to 31 characters.
Description
Using the organizational-unit command, you can specify the name of the
organization unit to which this entity belongs. Using the undo
organizational-unit command, you can delete the specified organization unit
name.
By default, no organization unit name is specified for any entity.
Example
#Configure the name of the organization unit to which an entity belongs.
[RouterCA-pki-entity-1]organizational-unit soft plat
state
971
Syntax
state state-str
undo state
View
PKI entity view
Parameter
state-str: state name within the range of 1 to 31 characters.
Description
Using the state command, you can clarify the name of the state where an entity
lies. Using the undo state command, you can cancel the previous operation.
By default, the state of an entity is not specified.
Example
#Specify the state where an entity lies.
[RouterCA-pki-entity-1]state bei jing
pki entity
Syntax
pki entity name-str
undo pki entity
View
Any view
Parameter
name-str: device-related unique character string of identification. Specified when
972
CHAPTER 9: SECURITY
Syntax
pki delete certificate { local | ca }
View
Any view
Parameter
local: indicates the deletion of all local certificates that are locally stored.
ca: indicated the deletion of all CA certificates that are locally stored.
Description
Using the pki delete certificate command, you can delete the locally stored
certificates.
Example
#Delete the local certificates.
[RouterCA] pki delete certificate local
Syntax
pki request certificate domain-name [ password ] [ pem ]
View
Any view
Parameter
domain-name: contains CA or RA related information. It is configured by using the
973
Syntax
pki retrieval certificate { local | ca } domain domain-name
View
Any view
Parameter
local: indicates the download of a local certificate.
ca: indicates the download of a CA certificate.
domain-name: contains CA or RA related information. It is configured by using the
Syntax
pki retrieval crl domain domain-name
View
Any view
Parameter
domain-name: contains CA or RA related information. It is configured by using the
974
CHAPTER 9: SECURITY
Syntax
pki validation certificate { local | ca } domain domain-name
View
Any view
Parameter
local: indicates the validation of a local certificate;
ca: indicates the validation of a CA certificate;
domain-name: specifies the domain of the certificate about to be verified. It is
Syntax
debugging pki { request | retrieval | verify | error }
undo debugging pki { request | retrieval | verify | error }
View
Any view
Parameter
request: debugging in certificate request;
retrieval: debugging in certificate retrieval;
verify: debugging in certification validation;
error: debugging in error cases
Description
Using the debugging pki command, you can enable PKI debugging functions.
Using the undo debugging pki command, you can disable PKI debugging
functions.
Unexpected problems do occur during the device operation. Debugging
commands enable the optional output and print of debugging information,
975
facilitating the network monitor and fault diagnosis for the network operators and
developers.
By default, all PKI debugging functions are disabled.
Example
# Enable the debugging function related to errors in PKI certificate operation
[RouterCA] debugging pki error
[RouterCA] pki delete certificate ca
[RouterCA] pki request certificate 1
Certificate enroll failed!
Cannot get the CA/RA certificate when creating the x509 Request
SHA1 fingerprint: 770E 2937 4E32 ACD4 4ACC 7CF1 0FF0 6FB8 6C34 E24A
Is the finger print correct?(Y/N): y
Saving the CA/RA certificate to flash.....................Done!
token seen:
CN=pki test
Certificate Request:
..
dir_name: certsrv/mscep/mscep.dll
host_name: 169.254.0.100
SCEP transaction id:
58D41D0C5A7B1E21C5F4A008B580B1A1
PKCS#7 envelope:
PKCS#7 envelope:
297 bytes
data payload:
.
PKCS#7 envelope:
PKCS#7 envelope:
PKCS#7 envelope:
PKCS#7 envelope:
PKCS#7 envelope:
976
CHAPTER 9: SECURITY
PKCS#7 envelope:
PKCS#7 envelope:
PKCS#7 envelope:
PKCS#7 envelope:
PKCS#7 envelope:
PKCS#7 envelope:
2145 bytes
PKCS#7 develope:
PKCS#7 develope:
PKCS#7 develope:
verifying signature
PKCS#7 develope:
signature ok
PKCS#7 develope:
PKCS#7 develope:
PKCS#7 develope:
1872 bytes
PKCS#7 develope:
PKCS#7 develope:
PKCS#7 develope:
PKCS#7 develope:
PKCS#7 develope:
PKCS#7 develope:
senderNonce in reply:
PKCS#7 develope:
PKCS#7 develope:
recipientNonce in reply:
PKCS#7 develope:
PKCS#7 develope:
pkistatus SUCCESS
PKCS#7 develope:
PKCS#7 develope:
PKCS#7 develope:
1003 bytes
/ CN=pki test
issuer:
/emailAddress=myca@.com/C=CN/ST=Beijing/L=Beijing/O=hw3c/OU=bjs/
977
CN=myca
Key usage:
general purpose
ok
Description
PKCS#7 envelope
inner PKCS#7
outer PKCS#7
PKCS#7 develope
host_name
dir_name
data payload
Data payload
token seen
DN information of an entity
pkistatus
SUCCESS
Succeeded
FAILURE
Failed
PENDING
fingerprint
base64 encoded
x509 Request
978
CHAPTER 9: SECURITY
Field
Description
Key usage
Issuer
Certificate issuer
Subject
Signed certificates
Certificates signed by CA
Syntax
display pki certificate { local | ca | request-status } [ domain
domain-name ]
View
Any view
Parameter
local: indicates the display of all local certificates;
ca: indicates the display of all CA certificates;
request-status: refers to the status of the certificate request after being
delivered;
domain-name: represents the domain of the certificate about to be verified. It is
3 (0x2)
Serial Number:
10B7D4E3 00010000 0086
Signature Algorithm:
md5WithRSAEncryption
Issuer:
emailAddress=myemail@3com.com
979
C=CN
ST=Beijing
L=Beijing
O=hw3c
OU=bjs
CN=new-ca
Validity
Not Before:
Not After :
Subject:
C=CN
ST=beijing
L=beijing
CN=pki test
Subject Public Key Info:
Public Key Algorithm:
RSA Public Key:
rsaEncryption
(512 bit)
65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS: hyf.-3com.com
Signature Algorithm:
md5WithRSAEncryption
A3A5A447 4D08387D
Syntax
display pki crl [ domain domain-name ]
View
Any view
Parameter
domain-name: represents the domain of the certificate about to be verified. It is
980
CHAPTER 9: SECURITY
Description
Using the display pki crl command, you can display and browse through the
locally saved CRL.
For related commands, see pki retrieval crl, and pki domain.
Example
# Display a CRL
[RouterCA] display pki crl domain 1
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm:
sha1WithRSAEncryption
Issuer:
C=CN
O=h3c
OU=soft
CN=A Test Root
Last Update:
Jan
Next Update:
Jan
CRL extensions:
X509v3 CRL Number:
HWTACACS
Configuration
Commands
data-flow-format
Syntax
data-flow-format data [ byte | giga-byte | kilo-byte | mega-byte ]
data-flow-format packet [ giga-packet | kilo-packet | mega-packet |
one-packet ]
undo data-flow-format [ data | packet ]
View
HWHWTACACS view
Parameter
data: Sets data unit.
981
Description
Using the data-flow-format command, you can configure the unit of data flow
that is sent to the HWHWTACACS server. Using the undo data-flow-format
command, you can restore the default setting.
By default, the data unit is byte and the data packet unit is one-packet.
For the related command, see display HWHWTACACS.
Example
# Set the unit of data flow destined for the HWHWTACACS server "3com" to be
kilo-byte and the data packet unit be kilo-packet.
[3com- HWHWTACACS-3com] data-flow-format data kilo-byte packet
kilo-packet
debugging
HWHWTACACS
Syntax
debugging HWHWTACACS { all | error | event | message | receive-packet
| send-packet }
undo debugging HWHWTACACS { all | error | event | message |
receive-packet | send-packet }
View
User view
Parameter
all: Specifies all HWHWTACACS debugging.
error: Specifies error debugging.
event: Specifies event debugging.
message: Specifies message debugging.
receive-packet: Specifies incoming packet debugging.
982
CHAPTER 9: SECURITY
Description
Using the debugging HWHWTACACS command, you can enable
HWHWTACACS debugging. Using the undo debugging HWHWTACACS
command, you can disable HWHWTACACS debugging.
By default, HWHWTACACS debugging is disabled.
Example
# Enable the event debugging of HWHWTACACS.
<3com> debugging HWHWTACACS event
display HWHWTACACS
Syntax
display HWHWTACACS [ HWHWTACACS-scheme-name]
ViewHWHWTACACS
Any view
Parameter
HWHWTACACS-scheme-name: Scheme name of the HWHWTACACS server, a string
display
stop-accounting-buffer
Syntax
display stop-accounting-buffer HWHWTACACS-scheme
HWHWTACACS-scheme-name
View
Any view
Parameter
HWHWTACACS-scheme HWHWTACACS-scheme-name: Displays information on buffered
stop-accounting requests related to the HWHWTACACS scheme specified by
HWHWTACACS-scheme-name, a character string not exceeding 32 characters
and excluding "/", ":", "*", "?", "<" and ">".
983
Description
Using the display stop-accounting-buffer command, you can view information
on the stop-accounting requests buffered in the router.
For the related commands, see reset stop-accounting-buffer,
stop-accounting-buffer enable, and retry stop-accounting.
Example
# Display information on the buffered stop-accounting requests related to the
HWHWTACACS scheme "3com".
<3com> display stop-accounting-buffer HWHWTACACS-scheme 3com
HWHWTACACS scheme
Syntax
HWHWTACACS scheme HWHWTACACS-scheme-name
undo HWHWTACACS scheme HWHWTACACS-scheme-name
View
System view
Parameter
HWHWTACACS-scheme-name: Specifies an HWHWTACACS server scheme, with a
character string of 1 to 32 characters.
Description
Using the HWHWTACACS scheme command, you can enter HWHWTACACS
Server view. If the specified HWHWTACACS server scheme does not exist, you can
create a new HWHWTACACS scheme. Using the undo HWHWTACACS scheme
command, you can delete an HWHWTACACS scheme.
Example
# Create an HWHWTACACS scheme named "test1" and enter the relevant
HWHWTACACS Server view.
[3com] HWHWTACACS scheme test1
[3com-HWHWTACACS-test1]
key
Syntax
key { accounting | authentication | authorization } string
undo key { accounting | authentication | authorization } string
View
HWHWTACACS view
Parameter
accounting: Shared key of the accounting server.
authentication: Shared key of the authentication server.
authorization: Shared key of the authorization server.
984
CHAPTER 9: SECURITY
string: The shared key, a string up to 16 characters excluding the characters "/",
":", "*", "?", "<", and ">".
Description
Using the key command, you can configure a shared key for HWHWTACACS
authentication, authorization or accounting. Using the undo key command, you
can delete the configuration.
By default, no key is set.
The HWHWTACACS client (the router system) and HWHWTACACS server use
MD5 algorithm to encrypt the exchanged packets. The two ends verify packets
using a shared key. Only when the same key is used can both ends accept the
packets from each other and give responses. So it is necessary to ensure that the
same key is set on the router and the HWHWTACACS server. If the
authentication/authorization and accounting are performed on two server devices
with different shared keys, you must set one shared key for each.
For the related command, see display HWHWTACACS.
Example
# Use "hello" as the shared key for HWHWTACACS accounting.
[3com] HWHWTACACS scheme test1
[3com-HWHWTACACS-test1] key accounting hello
nas-ip
Syntax
nas-ip ip-address
undo nas-ip
View
HWHWTACACS view
Parameter
ip-address: IP address in dotted decimal format.
Description
Using the nas-ip command, you can have all the HWHWTACACS packets sent by
the NAS (the router) carry the same source address. Using the undo nas-ip
command, you can delete the setting.
Specifying a source address for the HWHWTACACS packets to be transmitted can
avoid the situation where the packets sent back by the HWHWTACACS server
cannot be received as the result of a physical interface failure. The address of a
loopback interface is usually used as the source address.
By default, the source IP address of a HWHWTACACS packet sent by the NAS is
the IP address of the output port.
For the related command, see display HWHWTACACS.
985
Example
# Set the source IP address carried in the HWHWTACACS packets that are sent by
the NAS to 10.1.1.1.
[3com] HWHWTACACS scheme test1
[3com-HWHWTACACS-test1] nas-ip 10.1.1.1
primary accounting
Syntax
primary accounting ip-address [ port ]
undo primary accounting
View
HWHWTACACS view
Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.
port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.
Description
Using the primary accounting command, you can configure a primary
HWHWTACACS accounting server. Using the undo primary accounting
command, you can delete the configured primary HWHWTACACS accounting
server.
By default, IP address of HWHWTACACS accounting server is all zeros.
You are not allowed to assign the same IP address to both primary and secondary
accounting servers.
You can configure only one primary accounting server in a HWHWTACACS
scheme. If you repeatedly use this command, the latest configuration replaces the
previous one.
You can remove an accounting server only when it is not being used by any active
TCP connections, and the removal impacts only packets forwarded afterwards.
Example
# Configure a primary accounting server.
[3com] HWHWTACACS scheme test1
[3com-HWHWTACACS-test1] primary accouting 10.163.155.12 49
primary authentication
Syntax
primary authentication ip-address [ port ]
undo primary authentication
986
CHAPTER 9: SECURITY
View
HWHWTACACS view
Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.
port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.
Description
Using the primary authentication command, you can configure a primary
HWHWTACACS authentication server. Using the undo primary authentication
command, you can delete the configured authentication server.
By default, IP address of HWHWTACACS authentication server is all zeros.
You are not allowed to assign the same IP address to both primary and secondary
authentication servers.
You can configure only one primary authentication server in a HWHWTACACS
scheme. If you repeatedly use this command, the latest configuration replaces the
previous one.
You can remove an authentication server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.
For the related command, see display HWHWTACACS.
Example
# Configure a primary authentication server.
[3com] HWHWTACACS scheme test1
[3com-HWHWTACACS-test1] primary authentication 10.163.155.13 49
primary authorization
Syntax
primary authorization ip-address [ port ]
undo primary authorization
View
HWHWTACACS view
Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.
port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.
987
Description
Using the primary authorization command, you can configure a primary
HWHWTACACS authorization server. Using the undo primary authorization
command, you can delete the configured primary authorization server.
By default, IP address of HWHWTACACS authorization server is all zeros.
You are not allowed to assign the same IP address to both primary and secondary
authorization servers.
You can configure only one primary authorization server in a HWHWTACACS
scheme. If you repeatedly use this command, the latest configuration replaces the
previous one.
You can remove an authorization server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.
For the related command, see display HWHWTACACS.
Example
# Configure a primary authorization server.
[3com] HWHWTACACS scheme test1
[3com-HWHWTACACS-test1] primary authorization 10.163.155.13 49
reset HWHWTACACS
statistics
Syntax
reset HWHWTACACS statistics{accounting | authentication |
authorization | all }
View
User view
Parameter
accounting: Clears all the HWHWTACACS accounting statistics.
authentication: Clears all the HWHWTACACS authentication statistics.
authorization: Clears all the HWHWTACACS authorization statistics.
all: Clears all statistics.
Description
Using the reset HWHWTACACS statistics command, you can clear
HWHWTACACS protocol statistics.
For the related command, see display HWHWTACACS.
Example
# Clear all HWHWTACACS protocol statistics.
<3com>reset HWHWTACACS statistics
988
CHAPTER 9: SECURITY
reset
stop-accounting-buffer
Syntax
reset stop-accounting-buffer HWHWTACACS-scheme
HWHWTACACS-scheme-name
View
User view
Parameter
HWHWTACACS-scheme HWHWTACACS-scheme-name: Configures to delete the
stop-accounting requests from the buffer according to the specified
HWHWTACACS scheme name. The HWHWTACACS-scheme-name specifies the
HWHWTACACS scheme name with a character string not exceeding 32
characters, excluding "/", ":", "*", "?", "<" and ">".
Description
Using the reset stop-accounting-buffer command, you can clear the
stop-accounting requests that have no response and are buffered on the router.
For the related commands, see stop-accounting-buffer enable, retry
stop-accounting, display stop-accounting-buffer.
Example
# Delete the buffered stop-accounting requests that are related to the
HWHWTACACS scheme "3com".
<3com> reset stop-accounting-buffer HWHWTACACS-scheme 3com
retry stop-accounting
Syntax
retry stop-accounting retry-times
undo retry stop-accounting
View
HWHWTACACS view
Parameter
retry-times: The maximum number of real-time accounting request attempts. It
989
Example
# Enable stop-accounting packet retransmission and allow up to 50 packets to be
transmitted for each request.
[3com] retry stop-accounting 50
secondary accounting
Syntax
secondary accounting ip-address [ port ]
undo secondary accounting
View
HWHWTACACS view
Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.
port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.
Description
Using the secondary accounting command, you can configure a secondary
HWHWTACACS accounting server. Using the undo secondary accounting
command, you can delete the configured secondary HWHWTACACS accounting
server.
By default, IP address of HWHWTACACS accounting server is all zeros.
You are not allowed to assign the same IP address to both primary and secondary
accounting servers.
You can configure only one secondary accounting server in a HWHWTACACS
scheme. If you repeatedly use this command, the latest configuration replaces the
previous one.
You can remove an accounting server only when it is not being used by any active
TCP connections, and the removal impacts only packets forwarded afterwards.
Example
# Configure a secondary accounting server.
[3com] HWHWTACACS scheme test1
[3com-HWHWTACACS-test1] secondary accounting 10.163.155.12 49
secondary
authentication
Syntax
secondary authentication ip-address [ port ]
undo secondary authentication
View
HWTACACS view
990
CHAPTER 9: SECURITY
Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.
port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.
Description
Using the secondary authentication command, you can configure a secondary
HWTACACS authentication server. Using the undo secondary authentication
command, you can delete the configured secondary authentication server.
By default, IP address of HWTACACS authentication server is all zeros.
You are not allowed to assign the same IP address to both primary and secondary
authentication servers.
You can configure only one primary authentication server in a HWTACACS
scheme. If you repeatedly use this command, the latest configuration replaces the
previous one.
You can remove an authentication server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.
For the related command, see display HWTACACS.
Example
# Configure a secondary authentication server.
[3com] HWTACACS scheme test1
[3com-HWTACACS-test1] secondary authentication 10.163.155.13 49
secondary authorization
Syntax
secondary authorization ip-address [ port ]
undo secondary authorization
View
HWTACACS view
Parameter
ip-address: IP address of the server, a legal unicast address in dotted decimal
format.
port: Port number of the server, ranging from 1 to 65535. By default, it is 49.
Description
Using the secondary authorization command, you can configure a secondary
HWTACACS authorization server. Using the undo secondary authorization
command, you can delete the configured secondary authorization server.
By default, IP address of HWTACACS authorization server is all zeros.
991
You are not allowed to assign the same IP address to both primary and secondary
authorization servers.
You can configure only one primary authorization server in a HWTACACS scheme.
If you repeatedly use this command, the latest configuration replaces the previous
one.
You can remove an authorization server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.
For the related command, see display HWTACACS.
Example
# Configure the secondary authorization server.
[3com] HWTACACS scheme test1
[3com-HWTACACS-test1] secondary authorization 10.163.155.13 49
HWTACACS nas-ip
Syntax
HWTACACS nas-ip ip-address
undo HWTACACS nas-ip
View
System view
Parameter
ip-address: Specifies a source IP address, which must be the address of this
device. It cannot be the address of all zeros, or a host/network address of class A,
B, or C, or an address starting with 127.
Description
Using the HWTACACS nas-ip command, you can specify the source address of
the HWTACACS packet sent from NAS. Using the undo HWTACACS nas-ip
command, you can restore the default setting..
By specifying the source address of the HWTACACS packet, you can avoid
unreachable packets as returned from the server upon interface failure. The source
address is normally recommended to be a loopback interface address..
By default, the source address is not specified, that is, the address of the interface
sending the packet serves as the source address.
This command specifies only one source address; therefore, the newly configured
source address may overwrite the original one.
Example
# Configure the router to send HWTACACS packets from 129.10.10.1.
[3com] HWTACACS nas-ip 129.10.10.1
992
CHAPTER 9: SECURITY
timer quiet
Syntax
timer quiet minutes
undo timer quiet
View
HWTACACS view
Parameter
minutes: Ranges from 1 to 255 minutes. By default, the primary server must wait
five minutes before it resumes the active state.
Description
Using the timer quiet command, you can set the duration that a primary server
must wait before it can resume the active state. Using the undo timer quiet
command, you can restore the default (five minutes).
For the related command, see display hwtacac.
Example
# Set the quiet timer for the primary server to ten minutes.
[3com3com] HWTACACS scheme test1
[3com-HWTACACS-test1] timer quiet
timer
realtime-accounting
10
Syntax
timer realtime-accounting minutes
undo timer realtime-accounting
View
HWTACACS view
Parameter
minutes: Real-time accounting interval, which is a multiple of 3 in the range 3 to
60 minutes and defaults to 12.
Description
Using the timer realtime-accounting command, you can configure a real-time
accounting interval. Using the undo timer realtime-accounting command, you
can restore the default interval.
Real-time accounting interval is necessary for real-time accounting. After an
interval value is set, the NAS transmits the accounting information of online users
to the HWTACACS accounting server at intervals of this value.
The setting of real-time accounting interval depends somewhat on the
performance of the NAS and the HWTACACS server: a shorter interval requires
higher device performance. You are therefore recommended to adopt a longer
interval when there are a large number of users (more than 1000, inclusive). The
following table recommends the ratio of minutes to the number of users.
993
1-99
100-499
500-999
12
>=1000
>=15
For the related commands, see retry realtime-accounting and radius scheme.
Example
# Set the real-time accounting interval in the HWTACACS scheme "3com" to 51
minutes.
[3com-HWTACACS-3com] timer realtime-accounting 51
timer response-timeout
Syntax
timer response-timeout seconds
undo timer response-timeout
View
HWTACACS view
Parameter
seconds: Ranges from 1 to 300 seconds and defaults to five seconds.
Description
Using the timer response-timeout command, you can set the response timeout
timer of the HWTACACS server. Using the undo timer response-timeout
command, you can restore the default (five seconds).
As the HWTACACS is based on TCP, either the server response timeout and or the
TCP timeout may cause disconnection to the HWTACACS server.
For the related command, see display HWTACACS.
Example
# Set the response timeout time of the HWTACACS server to 30 seconds.
[3com] HWTACACS scheme test1
[3com-HWTACACS-test1] timer response-timeout 30
user-name-format
Syntax
user-name-format { with-domain | without-domain }
View
HWTACACS view
994
CHAPTER 9: SECURITY
Parameter
with-domain: Specifies to send the username with domain name to the
HWTACACS server..
without-domain: Specifies to send the username without domain name to the
HWTACACS server.
Description
Using the user-name-format command, you can configure the username format
sent to the HWTACACS server.
By default, HWTACACS scheme acknowledges that the username sent to it
includes ISP domain name..
The supplicants are generally named in "userid@isp-name" format. The part
following "@" is the ISP domain name. The router will put the users into certain
ISP domains according to the domain names. However, some earlier HWTACACS
servers reject the username including ISP domain name. In this case, the username
will be sent to the HWTACACS server after its domain name is removed.
Accordingly, the router provides this command to decide whether the username to
be sent to HWTACACS server carries ISP domain name or not.
If a HWTACACS scheme is configured to reject usernames including ISP domain
names, the HWTACACS scheme shall not be simultaneously used in more than
one ISP domains. Otherwise, the HWTACACS server will regard two users in
different ISP domains as the same user by mistake, if they have the same
username (excluding their respective domain names.)
For the related commands, see HWTACACS scheme.
Example
# Specify to send the username without domain name to the HWTACACS scheme
"3com".
[3com-HWTACACS-3com ] user-name-format without-domain
10
allow l2tp
Syntax
allow l2tp virtual-template virtual-template-number remote remote-name[ domain
domain-name ]
undo allow
View
L2TP group view
Parameter
virtual-template-number: Specifies the virtual-template used when creating new
virtual access interface, an integer ranging from 0 to 1023.
remote-name: Specifies the name of the peer end of the tunnel that initiates the
connection request, case sensitive, a character string with length ranging from 1
to 30.
domain-name: Specifies the name of the enterprise with length ranging from 1 to
30.
Description
Using the allow l2tp command, you can specify the name of the peer end of the
tunnel on receiving call, and the Virtual-Template it uses. Using the undo allow
command, you can remove the name of the peer end of the tunnel.
By default, receiving call is disabled.
This command is used on LNS side.
For the multi-instance application of L2TP, the domain-name parameter must be
configured.
When using L2TP group number1 (the default L2TP group number), the name of
the peer end of the tunnel remote-name can be unspecified. The format of the
command in group 1 configuration mode is as follows:
allow l2tp virtual-template virtual-template-number [ remote
remote-name ] [ domain domain-name ]
If the peer end name is still specified in L2TP group 1 configuration, L2TP group 1
is not served as the default L2TP group. For example, regarding Windows 2000
beta 2 version, the local name connected with VPN is NONE, so the peer end
name that the router receives is NONE. In order to receive the tunnel connection
request sent by this kind of nameless peer end, or for test application, a default
L2TP group can be configured.
996
The allow l2tp command is used on LNS side. If the peer end name of the tunnel
is configured, the name of the peer end of the tunnel should keep accordance
with the name of the local end configured on LAC side.
For the related command, see l2tp-group.
Example
# Receive L2TP tunnel connection request sent by LAC, the peer end of AS8010,
and creates virtual-access interface on virtual-template 1.
[3Com-l2tp2] allow l2tp virtual-template 1 remote AS8010
# Make L2TP group 1 as the default L2TP group, receiving L2TP tunnel connection
request sent by any peer end, and creates virtual-access interface according to
virtual-template 1.
[3Com] l2tp-group 1
[3Com-l2tp1] allow l2tp virtual-template 1
debugging l2tp
Syntax
debugging l2tp { all | control | dump | error | event | hidden | payload | time-stamp }
undo debugging l2tp { all | control | error | event | hidden | payload | time-stamp }
View
System view
Parameter
all: Enables all L2TP debugging.
control: Enables control packet debugging.
dump: Enables PPP packet debugging.
error: Enables error debugging.
event: Enables event debugging.
hidden: Enables hidden AVP debugging.
payload: Enables L2TP payload debugging.
time-stamp: Enables time-stamp debugging.
Description
Using the debugging l2tp command, you can enable L2TP debugging. Using the
undo debugging l2tp command, you can disable L2TP debugging.
Example
# Enable all L2TP debugging.
<3Com> debugging l2tp all
997
Syntax
display l2tp session
View
Any view
Parameter
None
Description
Using the display l2tp session command, you can display the current L2TP
session.
The output information of the command assists the user in confirming the L2TP
session information currently established.
For the related command, see display l2tp tunnel.
Example
# Displays the current L2TP session.
<3Com> display l2tp session
LocalSIDRemoteSIDLocalTID
1
Table 1 Domain description in displayed information of the display L2tp session command
Domain
Description
Total session
Number of sessions
LocalSID
RemoteSID
LocalTID
Syntax
display l2tp tunnel
View
Any view
Parameter
None
Description
Using the display l2tp tunnel command, you can display the information of the
current L2TP tunnel.
The output information of the command assists the user in confirming the L2TP
tunnel information currently established.
For the related command, see display l2tp session.
998
Example
# Display the information of the current L2TP tunnel.
<3Com> display l2tp tunnel
LocalTID RemoteTID RemoteAddress Port Sessions RemoteName
2
22849
11.1.1.1
1701
lns
Total tunnel = 1
Table 2 Domain description in displayed information of the display L2tp tunnel command
interface
virtual-template
Domain
Description
Total tunnels
Number of tunnels
LocalTID
RemoteTID
Remote Name
RemoteAddress
Port
Sessions
Syntax
interface virtual-template virtual-template-number
undo interface virtual-template virtual-template-number
View
System view
Parameter
virtual-template-number: Identifies serial number of the virtual template, an
integer ranging from 0 to 1023.
Description
Using the interface virtual-template command, you can create a virtual
template. Using the undo interface virtual-template command, you can delete
a virtual template.
By default, no virtual template is created.
The virtual template is mainly used to configure parameters of the virtual
interfaces dynamically created by the router in operation, such as, the MP bundled
logical interface and the L2TP logical interface, etc.
For the related command, see allow l2tp.
Example
# Create virtual template 1 and enter its view.
[3Com] interface virtual-template 1
999
l2tp domain
prefix-separator
Syntax
l2tp domain prefix-separator separator
undo l2tp domain prefix-separator separator
View
System view
Parameter
prefix-separator: Indicates that the specified delimiter is a prefix, such as
3Com.com#vpdnuser.
separator: Identifies domain name delimiter, Valid domain name delimiters
include:%, @, # and /.
Description
Using the l2tp domain prefix-separator command, you can specify the delimiter
served as prefix. Using the undo l2tp domain prefix-separator command, you
can delete the configured prefix delimiter.
By default, domain name delimiter served as prefix does not exist.
The l2tp domain prefix-separator command is used to specify one or more
domain name delimiters served as prefix. Based on the first successful delimiter,
domain name can be separated from username by domain name delimiter. In this
case, the domain name specified by the start l2tp command can be used on
VPDN to search for such a domain name. If there is such a domain name, it
indicates that the user is a VPN user, and needs to establish a VPN tunnel
connection with the LNS of the user. A character served as a prefix delimiter
cannot be used as suffix delimiter any more, and vise versa. This means that one
character cannot be served as prefix and suffix simultaneously.
In L2TP multi-example application, the l2tp domain command must be
configured on LNS side to separate the domain name of the enterprise from the
username, so as to search with the domain name specified by the allow l2tp
command on VPDN and check whether there is corresponding enterprise domain
name before performing the related route forwarding.
For the related command, see l2tp domain suffix-separator, start l2tp.
Example
# Specify the domain name as prefix and delimit the prefix and the username with
#.
[3Com] l2tp domain prefix-separator #
l2tp domain
suffix-separator
Syntax
l2tp domain suffix-separator separator
1000
View
System view
Parameter
suffix-separator: Suffix delimiter, such as vpdnuser@3Com.com.
separator: Domain name delimiter, valid domain name delimiters include: %,
@,#, and /.
Description
Using the l2tp domain suffix-separator command, you can specify delimiter
used as suffix. Using the undo l2tp domain suffix-separator command, you can
delete the configured suffix delimiter.
By default, domain name delimiter does not exist.
The l2tp domain suffix-separator command is used to specify one or more
suffix delimiters, based on the first successful delimiter. Domain name can be
separated from username by domain name delimiter. In this case, the domain
name specified by the start l2tp command can be used on VPDN to search for
such a domain name. If there is such a domain name, it indicates that the user is a
VPN user, and needs to establish VPN tunnel connection with the LNS of the user.
A character served as a prefix delimiter can not be used as suffix delimiter any
more, and vise versa. This means that one character cannot be served as prefix and
suffix simultaneously.
In L2TP multi-example application, the l2tp domain command must be
configured on LNS side to separate the domain name of the enterprise from the
username, so as to search with the domain name specified by the allow l2tp
command on VPDN and check whether there is a corresponding enterprise
domain name before performing the related route forwarding.
For the related command, see l2tp domain prefix-separator, start l2tp.
Example
# Specify the domain name as a suffix, separated from the username by @.
[3Com] l2tp domain suffix-separator @
l2tp enable
Syntax
l2tp enable
undo l2tp enable
View
System view
1001
Parameter
None
Description
Using the l2tp enable command, you can enable the L2TP function. Using the
undo l2tp enable command, you can disable the L2TP function.
By default, the L2TP function is disabled.
These commands are used to enable or disable the L2TP function. Only when this
function is enabled can the L2TP service be implemented.
For the related command, see l2tp-group.
Example
# Enable the L2TP function on the router.
[3Com] l2tp enable
l2tp match-order
Syntax
l2tp match-order { dnis-domain | dnis | domain-dnis | domain }
undo l2tp match-order
View
System view
Parameter
dnis-domain: Searches L2TP group according to the called number before
according to the domain name.
dnis: Searches L2TP group only according to the called number.
domain-dnis: Searches L2TP group according to the domain name before
according to the called number.
domain: Searches L2TP group only according to the domain name.
Description
Using the l2tp match-order command, you can set the search order of the called
number and domain name. Using the undo l2tp match-order command, you
can reset the search order to default. By default, searching L2TP group according
to the called number before according to the domain name, that is, the
dnis-domain is adopted.
In the multi-instance application, the domain search is the only option at the LNS
side.
In practical search, it is required to search according to full username before
searching in turn according to the configured order.
1002
Delimiters fall into two types, prefix delimiter and suffix delimiter, and can be the
four special characters of @, #, % and /. A user with prefix delimiter is
as 3Com.com#vpdnuser, the one with a suffix delimiter is as
vpdnuser@3Com.com. The username and domain name will be separated on
searching according to the prefix/suffix delimiter and search only according to the
defined rule, so as to accelerate search speed greatly.
In the multi-instance application of L2TP, many enterprises share a single LNS, and
enterprises are distinguished with each other by their domain names. When the
LNS receives a packet sent by LAC, the domain name will be chosen from the
username in the packet, and the registered enterprise domain names in LNS are
checked to find one matching the received domain name. Obviously, the l2tp
match-order domain command must be used to set the search policy to
accelerate search speed.
Example
# Search only according to domain name.
[3Com] l2tp match-order domain
l2tpmoreexam enable
Syntax
l2tpmoreexam enable
undo l2tpmoreexam enable
View
System view
Parameter
None
Description
This command serves the LNS side of L2TP.
Using the l2tpmoreexam enable command, you can enable the multi-instance
function of L2TP. Using the undo l2tpmoreexam enable command, you can
disable the function.
By default, L2TP multi-instance function is disabled.
Only after the multi-instance function is enabled, can the service be deployed.
The related command is l2tp enable.
Example
# Enable the multi-instance function at the LNS side.
[3Com] l2tpmoreexam enable
l2tp-group
Syntax
l2tp-group group-number
undo l2tp-group group-number
1003
View
System view
Parameter
group-number: Number of L2TP group, an integer ranging from 1 to 1000.
Description
Using the l2tp-group command, you can create L2TP group. Using the undo
l2tp-group command, you can delete L2TP group.
By default, L2TP group is not created.
The l2tp-group command is used to create a L2TP group (L2TP group 1 can be
the default L2TP group). After a L2TP group is deleted by the undo l2tp-group
command, all configured information of the group will be deleted subsequently.
For the related command, see allow l2tp, start l2tp.
Example
# Create L2TP group 2 and enter L2TP group 2 view.
[3Com] l2tp-group 2
[3Com-l2tp2]
mandatory-chap
Syntax
mandatory-chap
undo mandatory-chap
View
L2TP group view
Parameter
None
Description
Using the mandatory-chap command, you can force LNS to perform CHAP
authentication again with the client. Using the undo mandatory-chap
command, you can disable CHAP re-authentication.
By default, CHAP re-authentication is not performed.
After the agent authentication is performed to the client on LAC, LNS will perform
authentication to the client again, so as to increase security. If the
mandatory-chap command is used, the authentication will be performed twice
to VPN client whose tunnel connection is initialized by access server: one is
performed on access server, and another is performed on LNS side. Some PPP
clients may not support the second authentication. In this case, CHAP
authentication of the local end will fail.
For the related command, see mandatory-lcp.
1004
Example
# Force to perform CHAP authentication.
[3Com-l2tp1] mandatory-chap
1005
mandatory-lcp
Syntax
mandatory-lcp
undo mandatory-lcp
View
L2TP group view
Parameter
None
Description
Using the mandatory-lcp command, you can renegotiate the Link Control
Protocol between LNS and the client. Using the undo mandatory-lcp command,
you can disable LCP renegotiation.
By default, the LCP is not renegotiated.
Concerning NAS-Initialized VPN client, PPP negotiation will be first performed with
NAS (Network Access Server) at the beginning of a PPP session. If the negotiation
is passed, the tunnel connection will be initiated by the access server and transmit
the information collected on negotiation with the client to LNS. LNS will judge
whether the user is legal or not according to received agent authentication
information. The mandatory-lcp command can be used to force LNS and the
client to LCP renegotiate. In this case, NAS agent authentication information is
ignored. If some PPP clients do not support LCP renegotiation, LCP renegotiation
will fail.
For the related command, see mandatory-chap.
Example
# Enable LCP renegotiation.
[3Com-l2tp1] mandatory-lcp
Syntax
reset l2tp tunnel { remote-name | tunnel-id }
View
user view
Parameter
remote-name: Name of the peer end of the tunnel, a character string with the
length ranging from 1 to 30.
tunnel-id: Local ID number of the tunnel.
Description
Using the reset l2tp tunnel command, you can clear the specified tunnel
connection, and clear all session connections in the tunnel.
1006
start l2tp
Syntax
start l2tp { ip ip-addr [ ip ip-addr ] [ ip ip-addr ] ... } { domain domain-name | dnis
dialed-number | fullusername user-name }
undo start
View
L2TP group view
Parameter
ip ip-addr: IP address of the peer end of the tunnel (LNS), five of which can be set
at most, forming backup LNS to each other.
domain-name: Domain name triggering connection request, a character string
with the length ranging from 1 to 30, case sensitive.
dialed-number: Dialed number dialed by the user triggering connection request, a
number character string with the length ranging from 1 to 64.
user-name: Full username triggering connection request, a character string with
the length ranging from 1 to 32, case sensitive.
Description
Using the start l2tp command, you can specify the trigger condition at which the
local end to send requests as L2TP LAC side. Using the undo start l2tp command,
you can delete the specified trigger condition.
This command is used on LAC side to specify the IP address of LNS and support
several trigger connection requests, for instance:
1007
If it is found to be a VPN user, the local end (LAC) will send L2TP tunnel connection
request to a certain LNS according to the configured LNS priority or order. After
receiving response from LNS, the LNS will serve as the peer end of the tunnel.
Otherwise, LAC will send tunnel connection request to the next LNS.
Conflicts may exist between these VPN user judgment ways. For example, LNS
address specified according to full username is 1.1.1.1, while that according to
domain name is 1.1.1.2. In this case, the order for search users is necessary to be
specified. The search sequence is, first checking by full username whether L2TP
group specified according to the username exists. If nothing is found, search
according to the sequence of domain names and number dialed, which is set by
the l2tp match-order command.
For the related command, see l2tp domain prefix-separator,l2tp domain
suffix-separator,l2tp match-order.
Example
# Judge VPN users according to domain name 3Com.com, with the
corresponding IP address of the L2TP access server of the headquarters being
202.38.168.1.
[3Com-l2tp1]start 12tp ip 202.38.168.1 domain 3Com.com
tunnel authentication
Syntax
tunnel authentication
undo tunnel authentication
View
L2TP group view
Parameter
None
Description
Using the l2tp tunnel authentication command, you can enable L2TP tunnel
authentication function. Using the undo l2tp tunnel authentication command,
you can disable L2TP tunnel authentication function.
By default, L2TP tunnel authentication is performed.
L2TP tunnel authentication is permitted by default. Generally speaking,
authentication needs to be performed on both ends of the tunnel for securitys
sake. In case of network consistency test or receiving connection sent by nameless
peer end, tunnel authentication is not required.
Example
# Set not to authenticate the peer end of the tunnel.
[3Com-l2tp1] undo tunnel authentication
1008
tunnel avp-hidden
Syntax
tunnel avp-hidden
undo tunnel avp-hidden
View
L2TP group view
Parameter
None
Description
Using the tunnel avp-hidden command, you can configure AVP (Attribute Value
Pair) data to be transmitted in hidden format. Using the undo tunnel
avp-hidden command, you can restore the default transmission way of AVP data.
By default, the tunnel transmits AVP data in plaintext.
Some parameters of L2TP protocol are transmitted by AVP data. If the user
demands data of high security, this command can be used to configure AVP data
to be transmitted in hidden.
Example
# Set AVP data to be transmitted in hidden.
[3Com-l2tp1] tunnel avp-hidden
tunnel flow-control
Syntax
tunnel flow-control
undo tunnel flow-control
View
L2TP group view
Parameter
None
Description
Using the tunnel flow-control command, you can enable L2TP tunnel
flow-control function. Using the undo tunnel flow-control command, you can
disable the flow-control function.
By default, the L2TP tunnel flow-control function is not performed.
Example
# Enable the flow-control function.
[3Com-l2tp1] tunnel flow-control
1009
tunnel name
Syntax
tunnel name name
undo tunnel name
View
L2TP group view
Parameter
name: Local name of the tunnel, a character string with the length ranging from 1
to 30.
Description
Using the tunnel name command, you can specify the local name of the tunnel.
Using the undo tunnel name command, you can restore the local name to the
default value.
By default, the local name is the router name.
On creating a L2TP group, the local name will be initiated into the router name.
For the related command, see sysname.
Example
# Set the local name of the tunnel as itsme.
[3Com-l2tp1] tunnel name itsme
tunnel password
Syntax
tunnel password { simple | cipher } password
undo tunnel password
View
L2TP group view
Parameter
simple: Password in plaintext.
cipher: Password in ciphertext.
password: Password used on tunnel authentication, a character string with the
length ranging from 1 to 16.
Description
Using the tunnel password command, you can specify the password of tunnel
authentication. Using the undo l2tp tunnel password command, you can
remove the password of tunnel authentication.
By default, The password of tunnel authentication is null.
Example
# Set the password of tunnel authentication as yougotit, displaying in cipher text.
1010
Syntax
tunnel timer hello hello-interval
undo tunnel timer hello
View
L2TP group view
Parameter
hello-interval: Forwarding time interval of Hello packet when LAC or LNS has no
packet to receive, an integer in second, ranging from 60 to 1000.
Description
Using the tunnel timer hello command, you can set the forwarding time interval
of Hello packet. Using the undo tunnel timer hello command, you can restore
the forwarding time interval of Hello packet in the tunnel to the default value.
By default, Hello packet is forwarded in every 60 seconds.
Different Hello packet time intervals can be configured on LNS and LAC side. The
undo tunnel timer hello command is used to restore the time interval to the
default value.
Example
# Set forwarding time interval of Hello packet to 99 seconds.
[3Com-l2tp1] tunnel timer hello 99
GRE Configuration
Commands
debugging tunnel
Syntax
debugging tunnel
undo debugging tunnel
View
User view
Parameter
None
Description
Using the debugging tunnel command, you can enable tunnel debugging. Using
the undo debugging tunnel command, you can disable tunnel debugging.
Example
None
destination
1011
Syntax
destination ip-addr
undo destination
view
Tunnel interface view
Parameter
ip-addr: IP address of the physical interface used by the peer end of the tunnel.
Description
Using the destination command, you can specify the filled destination IP address
of added IP header by tunnel interface on encapsulation. Using the undo
destination command, you can delete the set destination address.
By default, the destination address of the tunnel is not specified in the system.
The specified tunnel destination address is the IP address of the real physical
interface receiving GRE packet, which should be the same as the specified source
address in the tunnel interface of the peer end, and the route to the physical
interface of the peer end should be ensured reachable.
The source address and destination address, if they are exactly the same, cannot
be configured on two or more tunnel interfaces using the same encapsulation
protocol.
For the related command, see interface tunnel, source.
Example
# Create tunnel connection between the interface serial 0/0/0 of the router
3Com1 (with IP address of 193.101.1.1) and the interface serial 1/0/0 of the router
3Com2 (with IP address of 192.100.1.1).
[3Com1-Tunnel0/0/0] source 193.101.1.1
[3Com1-Tunnel0/0/0] destination 192.100.1.1
[3Com2-Tunnel1/0/0] source 192.100.1.1
[3Com2-Tunnel1/0/0] destination 193.101.1.1
Syntax
display interface tunnel [number ]
view
Any view
Parameter
number: Tunnel interface ID.
1012
Description
Using the display interface tunnel command, you can display the working
status of the tunnel interface.
The display interface tunnel command is used to specify such information
about the tunnel interface as the source address, destination address (the real
physical interface address receiving/sending GRE packet), encapsulation mode,
identification keyword and end-to-end check, etc.
For the related command, see source, destination, gre key, gre checksum,
tunnel-protocol.
Example
# Display the current tunnel interface.
<3Com> display interface tunnel 2/0/4
0 input error
0 output error
Table 3 Domain description in displayed information by the display interface tunnel 2/0/4
command
Domain
Description
Tunnel2/0/4 is up
line protocol is up
Description
3Com Series
Tunnel2/0/4 Interface
1013
Table 3 Domain description in displayed information by the display interface tunnel 2/0/4
command
gre checksum
Domain
Description
Maximum Transmit
Unit
The size of MTU in the tunnel, being 1500 bytes in this example
Encapsulation
Loopback
Tunnel source
Ethernet2/0/0
destination
Tunnel
protocol/transport
key
Checksumming of
packets
packets/sec
packets input
bytes
input error
output error
Syntax
gre checksum
undo gre checksum
view
Tunnel interface view
Parameter
None
Description
Using the gre checksum command, you can set the two ends of the tunnel to
perform end-to-end check so as to authenticate the correctness of the packet and
discard the packet that does not pass the verification. Using the undo gre
checksum command, you can cancel the check.
By default, end-to-end check of the two ends of the tunnel is disabled.
The two ends of the tunnel can be enabled or disabled checksum according to real
application need. If the local end is enabled checksum, with the peer end disabled
checksum, the local end will not perform checksum on the received packet, but
perform checksum on the transmitted packet. On the contrary, the local end will
perform checksum to the packet sent from the peer end, but will not perform
checksum on the transmitted packet.
1014
gre key
Syntax
gre key key-number
undo gre key
view
Tunnel interface view
Parameter
key-number: Identification keyword of the two ends of the tunnel, an integer
ranging from 0 to 4294967295.
Description
Using the gre key command, you can set identification keyword of the tunnel
interface, and by this feeble security mechanism avoid incorrectly identifying or
receiving packets from unexpected places. Using the undo gre key command,
you can delete this configuration.
By default, the identification keyword of the tunnel in use is not set in the system.
If key-number is set on both the two ends of the tunnel, the same key-number is
required to be specified on the two ends, or key-number is not set on either of the
two ends.
For the related command, see interface tunnel.
Example
# Create a tunnel between the router 3Com1 and the router 3Com2 and sets the
identification keyword of the tunnel.
[3Com1-Tunnel3/1/0] gre key 123
[3Com2-Tunnel2/1/0] gre key 123
interface tunnel
Syntax
interface tunnel number
undo interface tunnel number
view
System view
1015
Parameter
Number: For centralized router, the number is one dimensional, ranging from 0 to
1023.
When creating a tunnel interface on a distributed router, the slot parameter
should keep in line with the slot number of the source end interface set by the
source command. In other words, the slot number specified by slot is the same as
the slot number of actual physical interface sending GRE packet.
Description
Using the interface tunnel command, you can create a tunnel interface and
enters tunnel interface configuration view. Using the undo interface tunnel
command, you can delete the specified tunnel interface.
By default, there is no tunnel interface in the system.
The interface tunnel command is used to enter interface configuration view of
the specified tunnel. If the tunnel interface is not created, it will be created before
entering interface configuration view.
The interface number of the tunnel is only of local significance. Different or same
interface numbers can be used on the two ends of the tunnel.
For the related command, see source, destination, gre key, gre checksum,
tunnel-protocol.
Example
# Create the tunnel interface with slot number/card number/interface number as
3/0/1.
[3Com] interface tunnel 3/0/1
source
Syntax
source { ip-addr | interface-type interface-num }
undo source
view
Tunnel interface view
Parameter
ip-addr: Specifies the IP address of the real interface sending GRE packet in the
address form of A.B.C.D.
interface-type interface-num: Specifies the real interface sending packets in the
form of router interface name. These interfaces include: Ethernet, Serial, ATM,
Tunnel and Loopback, etc.
Description
Using the tunnel source command, you can specify the filled source IP address of
added IP header by tunnel interface on encapsulation. Using the undo tunnel
source command, you can delete the set source address.
1016
By default, the source address of the tunnel is not specified in the system.
The specified source address of the tunnel is the real interface address sending
GRE packet, which should keep accordance with the specified destination address
in the peer end of the tunnel.
The source address and destination address, if they are exactly the same, cannot
be configured on two or more tunnel interfaces using the same encapsulation
protocol.
For the related command, see interface tunnel, destination.
Example
# Configure the interface tunnel0/0/5 on the router 3Com1, on which the real
outlet of the encapsulated packet is the interface serial 0/0/0 (with the IP address
of the interface being 192.100.1.1.
[3Com1-Tunnel0/0/5] source 192.100.1.1
tunnel-protocol gre
Syntax
tunnel-protocol gre
undo tunnel-protocol
view
Tunnel interface view
Parameter
gre: Encapsulation protocol of the tunnel.
Description
Using the tunnel mode command, you can set encapsulation mode of the tunnel
interface to be GRE.
By default, the encapsulation protocol of the tunnel interface is GRE. Under the
GRE mode, users can execute and view the GRE related commands, whereas other
relevant commands are available under other modes.
For the related command, see interface tunnel.
Example
# Create a tunnel between the router 3Com1 and the router 3Com2, with
encapsulation protocol being GRE and transmission protocol being IP.
[3Com1-Tunnel3/1/0] tunnel-protocol gre
[3Com2-Tunnel2/1/0] tunnel-protocol gre
Dynamic VPN
1017
Dynamic VPN
debugging dvpn
Command
debugging dvpn { all | error | event | hexadecimal | packet }
undo debugging dvpn { all | error | event | hexadecimal | packet }
View
User view
Parameter
all: Opens all debugging information.
error: Opens DVPN error debugging information.
event: Opens DVPN event debugging information, including register and other
errors.
hexadecimal: Displays debugging information in hexadecimal.
packet: Opens DVPN packet debugging information.
Description
Using the debugging dvpn command, you can enable DVPN debugging.
Example
# Enable DVPN event debugging.
[3Com] debugging dvpn event
Command
display dvpn map [ vpn-id vpn-id ] [ private-ip private-ip ]
View
Any view
Parameter
vpn-id: Specifies vpn-id.
private-IP: Specifies private IP address, that is, the IP address of a Tunnel interface.
Description
Using the display dvpn map command, you can view all of the Map information
for current the node.
Example
# Display current map information.
[3Com] display dvpn map
Public IP
UDP port
Private IP
1018
202.113.11.3
8001
10.1.1.1
211.122.12.2
8003
10.1.1.3
Status: Active
dvpn authenticate
enable
Command
dvpn authenticate enable
undo dvpn authenticate enable
View
Tunnel interface view
Parameter
None
Description
Using the dvpn authenticate enable command, you can enable authentication
at a tunnel interface. Using the undo dvpn authenticate enable command, you
can disable authentication at a tunnel interface.
Example
# Enable Tunnel interface authentication.
[3Com-Tunnel0] dvpn authenticate enable
dvpn class
Command
dvpn class dvpn-class-name
undo dvpn class dvpn-class-name
View
System view
Parameter
dvpn-class-name: Name for a dvpn-class view, in a string of 1~30 bytes.
Description
Using the dvpn class command, you can create a dvpn-class view and enter it. In
this view, you can configure destination server address and UDP port ID. Using the
undo dvpn class command, you can delete a dvpn-class view.
Dynamic VPN
1019
Example
# Create dvpn-class view abc.
[3Com] dvpn class abc
dvpn client
Command
dvpn client private-ip private-ip key key-value
undo dvpn client private-ip private-ip key key-value
View
Tunnel interface view
Parameter
Private-ip: Private IP address at client, that is, IP address of a Tunnel interface
key-value: Private key of a client
Description
Using the dvpn client private-ip command, you can configure client
authentication information at server. Using the undo dvpn client private-ip
command, you can delete client authentication information.
private-ip and key-value are used for client authentication at server. If no private
key is configured for both the server and client, then authentication is not required
in registration and establishing session links.
Example
# Configure private key of the client with the IP address 10.0.0.2 as 123.
[3Com] dvpn client private-ip 10.0.0.2 key 123
dvpn interface-type
Command
dvpn interface-type { client | server }
View
Tunnel interface view
Parameter
client: Interface is client.
server: Interface is server.
Description
Using the dvpn interface-type command, you can specify type for a tunnel
interface.
By default, a tunnel interface is set as client.
Example
# Set a Tunnel interface as server.
[3Com-Tunnel0] dvpn interface-type server
1020
dvpn key
Command
dvpn key key-value
undo dvpn key key-value
View
Tunnel interface view
Parameter
key-value: Encrypted value, in range of 0~4294967295.
Description
Using the dvpn key command, you can configure private key for a client (while
public key for server is generated randomly). Using the undo dvpn key
command, you can delete a private key configured.
Keys are used in establishing session links between DVPN clients. When the
authentication of a client succeeds, server encrypts its public key with a private key
with the client, then puts the encrypted value into a node register success packet
and transmits it back to the client. When the client decrypts the received value
with its private key to get the public key, then it can use the public key to set up
session links with other clients.
Example
# Set private key for a Tunnel interface as 123.
[3Com-Tunnel0] dvpn key 123
dvpn map
Command
dvpn map private-ip ip-address public-ip ip-address [ udp-port port-number]
undo dvpn map private-ip ip-address public-ip ip-address [ udp-port port-number]
View
Tunnel interface view
Parameter
ip-address: Specifies IP address for the peer, public IP address and private IP
address (IP address for the tunnel interface) separately.
port-number: Specifies UDP port ID for the peer. The parameter is unavailable for
GRE encapsulation.
Description
Using the dvpn map private-ip command, you can create a static map, i.e. a
static tunnel. Using the undo dvpn map command, you can delete an existing
map.
If you have already known the private IP, public IP and UDP port ID of other clients,
you can use this command to create a static map. Note that the IP addresses and
UDP port ID configured here should be consistent with the peer, otherwise, no
correct static tunnel can be created.
Dynamic VPN
1021
Example
# Configure a static map at the tunnel interface with the public IP address
211.122.12.2, UDP port ID 8008 and private IP address 10.1.1.3.
[3Com-tunnel0] dvpn map private-ip 10.1.1.3 public-ip 211.122.12.2 8008
dvpn register-type
Command
dvpn register-type { forward | stable | undistributed | want | }
undo dvpn register-type { forward | stable | undistributed | want | }
View
Tunnel interface view
Parameter
forward: Instructs server to forward all data packets at the client and not to send
next hop redirect notify packets to the client.
stable: Means the client has a fixed public IP address.
undistributed: Instructs server not to send information about this client to other
clients.
want: Instructs server to send information about other clients to this client.
Description
Using the dvpn register-type command, you can configure the type of
supplementary information for client registration at server. With the
supplementary information type, server can judge if a client is configured with a
fixed IP address and run further processing accordingly. Using the undo dvpn
register-type command, you can restore supplementary information type to the
default.
By default, the supplementary information is configured as follows: no fixed public
IP address; server does not distribute information about other clients to this client,
while it does propagate information about this client to other clients; server does
not forward data packets at the client.
Example
# Set client registration type as that server propagate information about this client
to other clients.
[3Com-tunnel0] dvpn register-type undistributed
dvpn retry
Command
dvpn retry retry-times
undo dvpn retry
View
Tunnel interface view
1022
Parameter
retry-times: The maximum trial times for redirect notification, session setup
request and session keepalive request, in range of o1~10. By default, it is 3.
Description
Using the dvpn retry command, you can configure maximum trial times for
redirect notification, session setup request and session keepalive request at client.
Using the undo dvpn retry command, you can restore maximum trial times to
the default value.
Example
# Set the maximum trial times to 5.
[3Com-Tunnel0] dvpn retry 5
dvpn server
Command
dvpn server dvpn-class-name
undo dvpn server dvpn-class-name
View
Tunnel interface view
Parameter
dvpn-class-name: Dvpn-class name for the Tunnel interface. Dvpn-class is a data
structure which includes such information as public and private IP addresses and
UDP port ID and it is created with the dvpn class command.
Description
Using the dvpn server command, you can specify dvpn-class name for a Tunnel
interface at client. Using the undo dvpn server command, you can delete a
dvpn-class name.
If the dvpn-class view specified does not exist, this command will also create a
dvpn-class configuration module.
By default, no dvpn-class is created.
Example
# Set server name for a Tunnel interface as abc.
[3Com-Tunnel0] dvpn server abc
Command
dvpn timer aging time-interval
undo dvpn timer aging
View
Tunnel interface view
Dynamic VPN
1023
Parameter
time-interval: Time interval for map age_timer, in range of 10~3600 seconds. By
default, it is 60 seconds.
Description
Using the dvpn timer aging command, you can define time interval for map
age_timer. Using the undo dvpn timer aging command, you can restore the
time interval of map age_timer to the default value.
Example
# Set the time interval of map age_timer for a Tunnel interface to 120 seconds.
[3Com-Tunnel0] dvpn timer aging 120
Command
dvpn timer idle time-interval
undo dvpn timer idle
View
Tunnel interface view
Parameter
time-interval: Time interval for idle_timer, in range of 60~86400 seconds. By
default, it is 600 seconds.
Description
Using the dvpn timer idle command, you can define time interval for idle_timer
which works in disconnecting session links in case of timeout. Using the undo
dvpn timer idle command, you can restore the time interval of idle_timer to the
default value.
Example
# Set the time interval of idle_timer for session links to 300 seconds.
[3Com-Tunnel0] dvpn timer idle 300
Command
dvpn timer keepalive time-interval
undo dvpn timer keepalive
View
Tunnel interface view
Parameter
time-interval: Time interval for map keepalive_timer, in range of 1~3600 seconds.
By default, it is 10 seconds.
1024
Description
Using the dvpn timer keepalive command, you can define time interval for map
keepalive_timer. Using the undo dvpn timer keepalive command, you can
restore the time interval of map keepalive_timer.
Keepalive_Timer keeps normal session between clients. When a session link is set
up successfully, a keepalive packet is sent to the peer and the keepalive_timer also
is enabled. Once the timer times out, the client sends a keepalive packet to the
peer and waits for response from the peer.
Example
# Set the time interval of map keepalive_timer to 30 seconds.
[3Com-Tunnel0] dvpn timer keepalive 30
Command
dvpn timer redirect time-interval
undo dvpn timer redirect
View
Tunnel interface view
Parameter
time-interval: Time interval for next hop redirect notify_timer, in range of 1~180
seconds. By default, it is 10 seconds.
Description
Using the dvpn timer redirect command, you can define time interval for next
hop redirect notify_timer. Each time timeout occurs the node sends next hop
redirect notification to the source client until it receives the acknowledgement
packet. Using the undo dvpn timer redirect command, you can set the time
interval of next hop redirect notify_timer to the default value.
When server or a client finds the destination of a packet received is not itself, but
another node in the VPN, it needs to forward this packet and send a next hop
redirect notify packet to the source node of the packet. If no response is received
from the source node within the preset time limit, it counts this as a trial action.
Example
# Set the time interval of next hop redirect notify_timer for a Tunnel interface to
30 seconds.
[3Com-Tunnel0] dvpn timer redirect 30
Command
dvpn timer register time-interval
undo dvpn timer register
View
Tunnel interface view
Dynamic VPN
1025
Parameter
time-interval: Time interval for node register request_timer, in range of 1~600
seconds. By default, it is 30 seconds.
Description
Using the dvpn timer register command, you can define time interval for node
register request_timer. Each time timeout occurs, a client should log into server
again. Using the undo dvpn timer register command, you can restore the time
interval of node register request_timer to the default value.
Example
# Set the time interval of node register request_timer for a Tunnel interface to 60
seconds.
[3Com-Tunnel0] dvpn timer register 60
Command
dvpn timer setup time-interval
undo dvpn timer setup
View
Tunnel interface view
Parameter
time-interval: Time interval for session setup request_timer, in range of 1~180
seconds. By default, it is 10 seconds.
Description
Using the dvpn timer setup command, you can define time interval for session
setup request_timer. Each time timeout occurs, a client sends session setup
request packets. Using the undo dvpn timer setup command, you can restore
the time interval of session setup request_timer to the default value.
When a client sends a session setup request, it also enables session setup
request_timer. If it receives no responses from the peer within the present time
limit, it counts this as one trial action and another session setup request.
Example
# Set the time interval of session setup request_timer for a Tunnel interface to 30
seconds.
[3Com-Tunnel0] dvpn timer setup 30
dvpn udp-port
Command
dvpn udp-port udp-port
undo dvpn udp-port
View
Tunnel interface view
1026
Parameter
udp-port: UDP port ID in DVPN, in range of 8000~8010. By default, it is 8000.
Description
Using the dvpn udp-port command, you can configure UDP port ID for a Tunnel
interface. The command is available at a Tunnel interface where UDP
encapsulation type is configured. Using the undo dvpn udp-port command, you
can restore the default port ID.
Example
# Configure UDP port ID for a Tunnel interface.
[3Com-Tunnel0 ] dvpn udp-port 8001
dvpn vpn-id
Command
dvpn vpn-id vpn-id
undo dvpn vpn-id
View
Tunnel interface view
Parameter
vpn-id: VPN ID for a tunnel interface, in range of 1~4294967295.
Description
Using the dvpn vpn-id command, you can specify VPN for a Tunnel interface.
Using the undo dvpn vpn-id command, you can delete VPN configuration for a
Tunnel interface.
Example
# Set the VPN for a Tunnel interface as 100.
[3Com-Tunnel0] dvpn vpn-id 100
private-ip
Command
private-ip ip-address
undo private-ip ip-address
View
dvpn-class view
Parameter
ip-address: Specifies private IP address for a specific server, that is, the IP address of
a Tunnel interface.
Description
Using the private-ip command, you can configure private IP address for a specific
server. Using the undo private-ip command, you can delete the private IP address
of a specific server.
Dynamic VPN
1027
public-ip
Command
public-ip ip-address
undo public-ip ip-address
View
dvpn-class view
Parameter
ip-address: Specifies public IP address for a specific server.
Description
Using the public-ip command, you can configure public IP address for a specific
server. Using the undo public-ip command, you can delete the public IP address
of a specific server.
By default, no public IP address is configured.
Example
# Configure the public IP address of a server as 61.18.3.66.
[3Com-dvpn-class-abc] public-ip 61.18.3.66
Command
reset dvpn map vpn-id
View
User view
Parameter
vpn-id: Specifies vpn-id.
Description
Using the reset dvpn map command, you can clear sessions for a specific VPN.
Example
# Clear session links of VPN 100.
<3Com> reset dvpn map 100
tunnel-protocol dvpn
Command
tunnel-protocol [ gre | udp ] dvpn
1028
View
Tunnel interface view
Parameter
gre dvpn: Creates tunnels in GRE DVPN encapsulation mode.
udp dvpn: Creates tunnels in UDP DVPN encapsulation mode.
Description
Using the tunnel-protocol dvpn command, you can configure encapsulation
mode for a Tunnel interface. DVPN attribute means the Tunnel interface is in DVPN
mode, then the interface turns into Multipoint attribute and NBMA type.
By default, GRE encapsulation mode is available at a Tunnel interface, that is,
point-to-point tunnels are set up in GRE mode.
Example
# Set UDP DVPN encapsulation mode for a Tunnel interface.
[3Com-Tunnel0] tunnel-protocol udp dvpn
udp-port
Command
udp-port port-number
undo udp-port
View
dvpn-class view
Parameter
port-number: UDP port ID for a specific server, only available for UDP
encapsulation mode. By default, it is 8000.
Description
Using the udp-port command, you can configure UDP port ID for server which is
specified with the dvpn-class command. Using the undo udp-port command, you
can restore the UDP port ID to the default value.
Example
# Configure UDP port ID for a server as 8010.
[3Com-Dvpn-class-abc] udp-port 8010
11
Syntax
display qos car interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos car interface command, you can view parameter
configuration and operating statistics of TP at each or all interfaces.
If no interface is specified, TP configuration and operating statistics of all interfaces
will be displayed.
Example
# Display the TP parameter configuration information and running statistic
information on each interface.
[3Com] display qos car interface
Interface: Ethernet6/0/0
Direction: Inbound
Rule(s): If-match CARL 1
CIR 8000(Bps), CBS 15000(Bit), EBS 0(Bit)
Conform Action: remark ip-precedence 3 and pass
Exceed Action: remark ip-precedence 4 and continue
Conformed:
0/0 (Packets/Bytes)
1030
0/0(Packets/Bytes)
0/0(Packets/Bytes)
Syntax
display qos carl [ carl-index ]
View
Any view
Parameter
carl-index: Committed Access Rate List (CARL) number in the range of 1 to 199.
Description
Using the display qos carl command, you can view a certain rule or all the rules
of CARL.
If carl-index is not specified, all rules of CARL will be displayed.
Example
# Display the first rule of CAR list.
[3Com] display qos carl 1
[3Com] display qos carl 1
Current CARL Configuration:
List Params
------------------------------------------------------
qos car
Precedence 1 2
Syntax
qos car { inbound | outbound } { any | acl acl-index | carl carl-index } cir
committed-information-rate cbs committed-burst-size ebs excess-burst-size red action
green action
undo qos car { inbound | outbound } { any | acl acl-index | carl carl-index } cir
committed-information-rate cbs committed-burst-size ebs excess-burst-size
View
Interface view
1031
Parameter
inbound: Limit rate for the packets received by the interface.
outbound: Limit rate for the packets sent by the interface.
any: Limit rates for the packets that match any rules.
acl acl-index: Specified to limit the rate of packets matching the ACL, with
acl-index being the ACL number in the range of 1 to 199.
carl carl-index: Specified to limit the rate of packets matching the CARL, with
carl-index being the CARL number in the range of 1 to 199.
cir committed-information-rate: Committed Information Rate(CIR) in the range of
8000 to 155000000 bits.
cbs committed-burst-size: Committed Burst Size (CBS) in the range of 15000 to
155000000 bits.
ebs excess-committed-burst-size: Excessive Burst Size (EBS) in the range of 0 to
155000000 bits.
red: Action taken on the packets when the traffic rate conforms to CAR..
green: Action taken on the packets when the traffic rate does not conform to
CAR.
action: Action taken on a packet, which can be:
Description
Using the qos car command, you can implement TP strategy on an interface.
Using the undo qos car command, you can remove a certain TP policy at the
interface.
This command is only used to process IP packets.
The repeated use of this command will lead to setting several TP policies at an
interface. The executing order of the policies is the same as the configuration
order.
Example
# Configure traffic policing for output packets that conform to traffic at the
interface Ethernet6/0/0. The normal traffic is 38400 bps. The burst size, twice of
the normal traffic, can pass at the first time; then it is normally transmitted when
1032
the rate is less than or equal to 38400 bps. When it is larger than 38400 bps, it
should be transmitted after the packet precedence is changed to 0.
[3Com-Ethernet6/0/0] qos car outbound any carl 1 cir 38400 cbs 76800 ebs 0 red pass
green remark-prec-pass 0
qos carl
Syntax
qos carl carl-index { precedence precedence-value | mac mac-address }
undo qos carl carl-index
View
System view
Parameter
carl: Specifies TPL(Committed Access Rate List) configuration information.
carl-index: TP list number in the range 1 to 199.
precedence-value: Precedence in the range 0 to 7.
mac-address: Hexadecimal MAC address.
Description
Using the qos carl command, you can establish or modify an access list for Traffic
Policing (TP) policies (abbreviated to TP list). Using the undo qos carl command,
you can delete TP list.
You can establish an access list based on IP precedence or MAC address.
For a different carl-index, the repeat execution of this command will create
multiple CARLs, and for the same carl-index, such undertaking will modify the
parameters of the CARL.
You are allowed to define multiple precedence values but no more than eight. If
the same precedence is specified several times, the system by default regards that
only one precedence value has been specified. The precedence values are related
to one another in the way of OR.
Example
# Configure rule 1 of TP list with packet precedence 1 and 7.
[3Com] qos carl 1 precedence 1 7
Traffic Shaping
Configuration
Commands
display qos gts interface
Syntax
display qos gts interface [ interface-type interface-number ]
View
Any view
1033
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos gts interface command, you can view TS configuration
and accounting information of certain interface or all interfaces.
If no interface is specified, the TS configuration and operating statistics of all
interfaces will be displayed.
Example
# Display TS configuration and accounting information of all interfaces.
[3Com] display qos gts interface
Interface: Ethernet6/0/0
Rule(s): If-match ACL 1
CIR 8000(Bps), CBS 15000(Bit), EBS 0(Bit)
Queue Length: 1000 (Packet)
Queue Size: 700 (Packet)
Pass: 0/0 (Packets/Bytes)
Discard
: 0/0 (Packets/Bytes)
qos gts
Syntax
qos gts { any | acl acl-index } cir committed-information-rate [ cbs committed-burst-size
[ ebs excess-burst-size [ queue-length queue-length ] ] ]
undo qos gts { any | acl acl-index }
View
Interface view
Parameter
any: Performs TP on all the IP packets.
acl acl-index: Specified to limit the rate of packets matching the ACL, with
acl-index being the ACL number in the range of 1 to 199.
cir committed-information-rate: CIR in the range of 8000 to 155000000 bits.
cbs committed-burst-size: Committed burst size in the range of 15000 to
155000000bits. By default, committed-burst-size is 1/2 of
committed-information-rate.
ebs excess-burst-size: Excess burst size in the range of 0 to 155000000bits. By
default, excess-burst-size is 0, That is, only one token bucket is used to police.
1034
Physical Interface
Rate-limit
Configuration
Commands
display qos lr interface
Syntax
display qos lr interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos lr interface command, you can view LR configuration and
statistics of an interface.
If no interface is specified, the LR configuration and operating statistics of all
interfaces will be displayed.
Example
# Display LR configuration and statistics information in serial 0/0/0.
1035
: 0/0 (Packets/Bytes)
Active Shaping : NO
qos lr
Syntax
qos lr cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size
]]
undo qos lr
View
Interface view
Parameter
cir committed-information-rate: CIR in the range of 8000 to 155000000 bits.
cbs committed-burst-size: Committed burst size in the range of 15000 to
155000000bits.By default, committed-burst-size is half of
committed-information-rate,
ebs excess-burst-size: Excess burst size in the range of 0 to 155000000bits.By
default, excess-burst-size is 0. There is only one token bucket is used to police.
Description
Using the qos lr command, you can limit the bandwidth of a physical interface.
Using the undo qos lr command, you can remove the limit.
Example
# Limit packet-forwarding rate of the physical interface Ethernet6/0/0.
[3Com-Ethernet6/0/0] qos lr cir 38400 cbs 76800 ebs 0
Congestion
Management
Configuration
Commands
FIFO Queue
Configuration
Commands
qos fifo queue-length
Syntax
qos fifo queue-length queue-length
1036
View
Interface view
Parameter
queue-length: Length limit of a queue in the range of 1 to 1024.
Description
Using the qos fifo queue-length command, you can set the length limit of FIFO
queue. Using the undo qos fifo queue-length command, you can restore the
default value of the queue length.
By default, queue-length is 75.
For the related command, see display interface.
Example
# Set the length of FIFO queue to 100.
[3Com-Ethernet3/0/0] qos fifo queue-length 100
PQ Configuration
Commands
display qos pq interface
Syntax
display qos pq interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos pq interface command, you can view the configuration
and statistics of priority queues at interfaces.
If interfaces are not specified when this command is used, the configuration and
statistics of the priority queues at all interfaces will be displayed.
For the related command, see qos pq.
Example
# Display the configuration and statistics of PQ at interface Ethernet 6/0/0.
[3Com] display qos pq interface ethernet 6/0/0
Interface: Ethernet6/0/0
Priority queueing: PQL 1 (Outbound queue:Size/Length/Discards)
PQ Configuration Commands
Top: 0/20/0
Middle: 0/40/0
Normal: 0/60/0
1037
Bottom: 0/80/0
Syntax
display qos pql
View
Any view
Parameter
None
Description
Using the display qos pql command, you can view contents of priority lists.
Default items are not displayed.
For the related commands, see qos pq and qos pq pql.
Example
# Display priority lists.
[3Com] display qos pql
Current PQL Configuration:
List Queue Params
------------------------------------------------------
qos pq
Top
Normal Length 60
Bottom Length 40
Syntax
qos pq pql pql-index
undo qos pq
View
Interface view
Parameter
pql-index: Pql index of the priority list, ranging 1 to 16.
Description
Using the qos pq command, you can apply a group of priority list to an interface.
Using the undo qos pq command, you can restore the congestion management
policy at the interface to FIFO.
By default, the congestion management policy at the interfaces is FIFO.
1038
All the physical interfaces can use the priority queue except ATM interface and
interfaces with X.25 as the link layer.
An interface can only use one group of priority lists.
This command can configure multiple classification rules for each group in the
priority list. During traffic classification, the system matches packets along the rule
list. If matching a certain rule, a packet will be classified into the priority queue
specified by this rule; or it will be put into the default priority queue.
For the related commands, see qos pql, display qos pq interface, display qos
pql, and display interface.
Example
# Apply the priority list 12 to the Ethernet 0/2/0.
[3Com-Ethernet0/2/0] qos pq pql 12
Syntax
qos pql pql-index default-queue { top | middle | normal | bottom }
undo qos pql pql-index default
View
System view
Parameter
pql-index: Pql index of the priority list, ranging 1 to 16.
top, middle, normal and bottom: Corresponding to the four levels of priority
queue, with the priority reducing in turn. The queue defaults to normal.
Description
Using the qos pql default-queue command, you can designate the packets
without corresponding rules to a default queue. Using the undo qos pql
default-queue command, you can cancel the configuration and restore the
default value.
During traffic classification, if a packet does not match any rule, it will be put into
the default priority queue.
For the same pql-index, repeated use of this command will set new default queue.
For the related command, see display qos pql.
Example
# Set the default queue of the packets without corresponding rules in group 12 of
the priority list to be the bottom queue.
[3Com] qos pql 12 default-queue bottom
qos pql
inbound-interface
Syntax
qos pql pql-index inbound-interface interface-type interface-number queue { top |
middle | normal | bottom }
PQ Configuration Commands
1039
View
System view
Parameter
pql-index: Group number of the priority list, ranging 1 to 16.
Interface-type: Interface type.
Interface-number: Interface number.
top, middle, normal and bottom: Corresponding to the four levels of priority
queue, with the priority reducing in turn. By default, it is set to normal.
Description
Using the qos pql inbound-interface command, you can establish classification
rules based on interfaces. Using the undo qos pql inbound-interface command,
you can delete the corresponding classification rule.
This command can match packets according to which interface the packet comes
from. For the same pql-index, this command can be repeatedly used, establishing
classification rules for packets that come from different interfaces.
For the related commands, see qos pql default-queue, qos pql protocol, qos
pql queue, and qos pq.
Example
# Display how to make packets from an interface Serial 0/0/0 be put into a middle
queue.
[3Com] qos pql 12 inbound-interface Serial 0/0/0 middle
Syntax
qos pql pql-index protocol protocol-name queue-key key-value queue { top | middle |
normal | bottom }
undo qos pql pql-index protocol protocol-name queue-key key-value
View
System view
Parameter
pql-index: Pql index of the priority list, ranging 1 to 16.
top, middle, normal, bottom: Corresponding PQ queues, whose priority levels
are in descending order.
protocol-name: Protocol type, which can only be IP by far.
When the protocol-name is IP, the values of queue-key and key-value are displayed
in the following table:
Table 1 Descriptions of values of queue-key and key-value
queue-key
key-value
Description
fragments
Null
1040
key-value
Description
acl
ACL group
number, 1 to
999
less-than
Length, 0 to
65535
greater-than
Length, 0 to
65535
tcp
Port number, 0
to 65535
udp
Port number, 0
to 65535
All IP packets
When queue-key is tcp or udp, key-value can be port name or the associated port
number. You can enter ? to get the port numbers associated with port names..
Description
Using the qos pql protocol command, you can establish classification rules based
on the protocol type. Using the undo qos pql protocol command, you can delete
the corresponding classification rule.
The system matches a packet to a rule according to the set order. When the
packet matches a certain rule, the search process is completed.
For the same pql-index, this command can be repeatedly used, establishing
multiple classification rules for IP packets.
For the related command, see display qos pql.
Example
# Specify a rule to make IP packets be put into the top queue.
[3Com] qos pql 1 protocol ip acl 100 queue top
Syntax
qos pql pql-index queue { top | middle | normal | bottom } queue-length queue-length
undo qos pql pql-index queue { top | middle | normal | bottom } queue-length
View
System view
Parameter
pql-index: Pql index of the priority list, ranging 1 to 16.
queue-length: Four length values of priority queues ranging 1 to 1024. By default,
the length values of the queues are displayed as follows:
CQ Configuration Commands
1041
Description
Using the qos pql queue command, you can specify the maximum number of
packets that can wait in each of the priority queues, or the length of a PQ. Using
the undo qos pql queue command, you can restore to the default value of each
PQ length.
If a queue is full, any newly incoming packet will be dropped.
For the related commands, see qos pql default-queue, qos pql
inbound-interface, qos pql protocol, and qos pq.
Example
# Specify the maximum number of packets waiting in the top priority queue 10 to
10.
[3Com] qos pql 10 queue top queue-length 10
CQ Configuration
Commands
display qos cq interface
Syntax
display qos cq interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos cq interface command, you can view configuration and
statistics of customized queues at interfaces.
If no interface is specified CQ configuration and statistics of all interfaces will be
displayed.
For the related command, see qos cq.
Example
# Display configuration and statistics of customized queues at interface Ethernet
6/0/0/.
[3Com] display qos cq interface 6/0/0
Interface: Ethernet6/0/0
1042
0: 0/ 20/0
1: 0/ 20/0
2: 0/ 20/0
3: 0/ 20/0
4: 0/ 20/0
5: 0/ 20/0
6: 0/ 20/0
7: 0/ 20/0
8: 0/ 20/0
9: 0/ 20/0
10: 0/ 20/0
11: 0/ 20/0
12: 0/ 20/0
13: 0/ 20/0
14: 0/ 20/0
15: 0/ 20/0
16: 0/ 20/0
Syntax
display qos cql
View
Any view
Parameter
None
Description
Using the display qos cql command, you can view contents of custom lists.
Default values will not be displayed.
For the related commands, see qos cq cql and qos cq.
Example
# Display information about a custom list.
[3Com] display qos cql
Current CQL Configuration:
List Queue Params
qos cq
Protocol ip fragments
Length 100
Inbound-interface Ethernet0
Syntax
qos cq cql cql-index
undo qos cq
View
Interface view
Parameter
cql-index: Cql index number of a custom list, ranging 1 to 16.
CQ Configuration Commands
1043
Description
Using the qos cq cql command, you can apply the customized queue to an
interface. Using the undo qos cq command, you can restore the congestion
management policy at the interface to FIFO.
By default, the congestion management policy at the interfaces is FIFO.
All the physical interfaces can use customized queues, except ATM interface and
interfaces with X.25 as the link layer.
One interface can only use one group of customized queues.
This command can configure multiple classification rules for each group in the
custom list. During traffic classification, the system matches packets along the rule
link. If matching a certain rule, a packet will be classified into the corresponding
priority queue specified by this rule. If not matching any rule, it will go to the
default priority queue.
For the related commands, see qos cql default-queue, qos cql
inbound-interface, qos cql protocol, qos cql queue serving, and qos cql
queue queue-length.
Example
# Apply the custom group 5 on the Ethernet 6/0/0.
[3Com-Ethernet6/0/0] qos cq cql 5
Syntax
qos cql cql-index default-queue queue-number
undo qos cql cql-index default-queue
View
System view
Parameter
cql-index: Cql index of the custom list, ranging 1 to 16.
queue-number: Queue number, ranging 0 to 16. By default, customized queue
number is 1.
Description
Using the qos cql default-queue command, you can assign a default queue for
those packets that do not match any rule in the custom list. Using the undo qos
cql default-queue command, you can restore to the default queue.
During traffic classification, if a packet does not match any rule, it will go to the
default queue.
For the related command, see qos cql inbound-interface, qos cql protocol, qos
cql queue serving, and qos cql queue queue-length.
Example
# Assign default queue 2 to custom list 5.
1044
qos cql
inbound-interface
Syntax
qos cql cql-index inbound-interface interface-type interface-number queue
queue-number
undo qos cql cql-index inbound-interface interface-type interface-number
View
System view
Parameter
cql-index: Group number of the custom list, ranging 1 to 16.
Interface-type: Interface type.
interface-number: Interface number.
queue-number: Queue number, ranging 0 to 16.
Description
Using the qos cql inbound-interface command, you can establish classification
rules based on interfaces. Using the undo qos cql inbound-interface command,
you can delete corresponding classification rules.
By default, no classification rules are configured.
This command matches a packet to a rule according to the interface that the
packet comes from. For the same group-number, this command can be repeatedly
used, establishing different classification rules for packets from different
interfaces.
For the related commands, see qos cql protocol, qos cql queue serving, and
qos cql queue queue-length.
Example
# Specify a rule to make a packet from tunnel 0/0/0 be put into queue 3.
[3Com] qos cql 5 inbound-interface tunnel 0 queue 3
Syntax
qos cql cql-index protocol protocol-name queue-key key-value queue queue-number
undo qos cql cql-index protocol protocol-name queue-key key-value queue
queue-number
View
System view
Parameter
cql-index: Group number of the custom list, ranging 1 to 16.
protocol-name: Protocol name, which can only be ip by far.
CQ Configuration Commands
1045
key-value
Description
fragments
Null
Acl
ACL group number, 1 Any IP packet that complies with ACL will
to 999
be classified.
Less-than
Length, 0 to 65535
Greater-than
tcp
Port number, 0 to
65535
udp
Port number, 0 to
65535
All IP Packets
When queue-key is tcp or udp, key-value can be port name or the associated port
number. You can enter ? to get the port numbers associated with port names.
Description
Using the qos cql protocol command, you can establish classification rules based
on the protocol type. Using the undo qos cql protocol command, you can delete
corresponding classification rules.
The system matches a packet to a rule according to the order that rules are
configured. When the packet matches a certain rule, the search process is
completed.
For the same cql-index, this command can be repeatedly used, establishing
multiple classification rules for IP packets.
For the related commands, see qos cql inbound-interface, qos cql protocol,
qos cql queue serving, and qos cql queue queue-length.
Example
# Specify a rule to make any IP packet that matches the access-list 100 be put into
queue 3.
[3Com] qos cql 5 protocol ip acl 100 queue 3
Syntax
qos cql cql-index queue queue-number queue-length queue-length
undo qos cql cql-index queue queue-number queue-length
View
System view
1046
Parameter
cql-index: Cql index of the custom list, ranging 1 to 16.
queue-number: Queue number, ranging 0 to 16.
queue-length: The maximum length of the queue, ranging 0 to 1024 packets.
Description
Using the qos cql queue command, you can specify a default queue for the
packets without corresponding rules. Using the undo qos cql queue command,
you can cancel the configuration and restore the default value.
By default, queue-length is 20 packets.
If a queue is full, any newly incoming packet will be dropped.
For the related commands, see qos cql inbound-interface, qos cql protocol,
and qos cql queue serving.
Example
# Specify the amount of packets in a queue 4 in custom list 5 to 40.
[3Com] qos cql 5 queue 4 queue-length 40
Syntax
qos cql cql-index queue queue-number serving byte-count
undo qos cql cql-index queue queue-number serving
View
System view
Parameter
cql-index: Cql-index of the custom list, ranging 1 to 16.
queue-number: Queue number, ranging 0 to 16.
byte-count: number of bytes in packets that the given queue sends during each
poll, ranging 0 to 16777215 bytes.
Description
Using the qos cql queue serving command, you can set the byte-count of the
packets sent from a given queue during each poll. Using the undo qos cql queue
serving command, you can restore the byte-count of sent packets to the default
value.
By default, byte-count is 1500.
For the related commands, see qos cql inbound-interface, qos cql protocol,
and qos cql queue queue-length.
Example
# Specify byte-count of queue 2 in the custom list 5 to 1400.
[3Com] qos cql 5 queue 2 serving 1400
1047
WFQ Configuration
Commands
display qos wfq
interface
Syntax
display qos wfq interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display qos wfq interface command, you can view customized queue
configuration and statistics of an interface.
If no interface is specified, the customized queue configuration and statistics of all
interfaces will be displayed.
For the related command, see qos wfq.
Example
# Display the custom queue configuration and statistics of Ethernet 6/0/0
interface.
[3Com] display qos wfq interface ethernet 6/0/0
Interface: Ethernet6/0/0
Weighted Fair queueing: (Outbound queue:Size/Length/Discards)
WFQ: 0/100/0
Hashed queues: 0/0/128 (Active/Max active/Total)
qos wfq
Syntax
qos wfq [ queue-length max-queue-length [ queue-number total-queue-number ] ]
undo qos wfq
View
Interface view
Parameter
max-queue-length: The maximum queue length in the range of 1 to 1024. It is the
maximum number of packets in each queue. Packets out of the range will be
discarded.
total-queue-number: Total queue number. Available numbers are 16, 32, 64, 128,
256, 512, 1024, 2048 and 4096.
By default, max-queue-length is 64; total-queue-number is 256.
1048
Description
Using the qos wfq command, you can apply weighed fair queue or modify WFQ
parameters at an interface. Using the undo qos wfq command, you can restore
the default congestion management mechanism FIFO.
Except ATM interface and interfaces with X.25 as the link layer, all physical
interfaces can use weighed fair queue.
When an interface does not apply WFQ policy, this command can be used to apply
WFQ policy at the interface as well as specifying WFQ parameters. If an interface
has applied WFQ policy, this command can be used to modify WFQ parameters.
For the related commands, see display interface and display qos wfq
interface.
Example
# Apply WFQ at the Ehernet6/0/0 interface, set the queue length to 100 and set
the total queue number to 512.
[3Com-Ethernet6/0/0] qos wfq queue-length100 queue-number 512
CBQ Configuration
Commands
car
Syntax
car cir committed-information-rate [ cbs committed-burst-size ebs excess-burst-size ] [
green action [ red action] ]
undo car
View
Traffic behavior view
Parameter
cir committed-information-rate: Committed information rate of traffic in the
range of 8000 to 155000000bit.
cbs committed-burst-size: Committed burst size, number of bits that can be sent
in each interval in the range of 15000 to 155000000 bits.
ebs excess-burst-size: Excessive burst size in the range of 0 to 155000000 bits.
green: Action conducted to packets when traffic of packets conforms to the
traffic convention. By default, the action of green is pass".
red: Action conducted to packets when traffic of packets does not conform to the
traffic convention. By default, the action of red is discard.
action: Action conducted on a packet. Divided into the following types:
1049
Description
Using the car command, you can configure traffic monitoring for a behavior.
Using the undo car command, you can delete the configuration of traffic
monitoring.
The policy can be used in the input or output direction of the interface.
Application of policy including of TP policy on an interface will cause the previous
qos car command to be ineffective.
If this command is frequently configured on classes of the same policy, the last
configuration will overwrite the previous ones.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Use traffic monitor for a behavior. The normal traffic of packets is 38400bps.
Burst traffic twice of the normal traffic can pass initially and later the traffic is
transmitted normally when the rate does not exceed 38400bps. When the rate
exceeds 38400bps, the precedence of the packet turns to 0 and the packet is
transmitted.
[3Com] traffic behavior database
[3Com-behavior-database] car cir 38400 cbs 76800 ebs 0 green pass red
remark-precedence-pass 0
classifier behavior
Syntax
classifier tcl-name behavior behavior-name
undo classifier tcl-name
View
Policy view
Parameter
tcl-name: Must be the name of the defined class, the system-defined or
user-defined class.
behaviorname: Must be the name of the defined behavior, the system-defined or
user-defined behavior.
Description
Using the classifier behavior command, you can specify the behavior for the
class in the policy. Using the undo classifier command, you can remove the
application of the class in the policy.
1050
Each class in the policy can only be associated with one behavior.
The undo command is not used for the default class.
For the related command, see qos policy.
Example
# Specify the behavior test for the class database in the policy 3Com.
[3Com] qos policy 3Com
[3Com-qospolicy-3Com] classifier database behavior test
Syntax
display qos cbq interface [ { interface-type interface-number } [ pvc { pvc-name [ vpi/vci
] | vpi/vci } ] ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
pvc: Used for ATM interface only, i.e., policy configuration of specified PVC on
specified ATM interface can be displayed.
pvc-name: PVC name.
vpi/vci: VPI/VCI value pair. For detailed description, refer to the Parameter
Description about pvc command.
Description
Using the display qos cbq interface command, you can view CBQ configuration
information and operating status, the specified PVC on specified ATM interface or
on all interfaces.
Example
[3Com] display qos cbq interface
Interface: Ethernet10/2/0
Class Based Queuing: (Outbound queue: Total Size/Discards)
CBQ: 0/0
Queue Size: 0/0/0 (EF/AF/BE)
BE Queues: 0/0/256 (Active/Max active/Total)
AF Queues: 1 (Allocated)
Bandwidth(Kbps): 74992/75000 (Available/Max reserve)
Syntax
display qos policy { system-defined | user-defined } [ policy-name [ classifier tcl-name ] ]
View
Any view
1051
Parameter
system-defined: Policy pre-defined by the system.
user-defined: Policy pre-defined by the user.
policy-name: Policy name. If it is not specified, the configuration information of all
the policies pre-defined by the system or by the user will be displayed.
tcl-name: Class name in the policy.
Description
Using the display qos policy command, you can display the configuration
information of the specified class or all the classes and associated behaviors in the
specified policy or all policies.
Example
[3Com] display qos policy user-defined
User Defined QoS Policy Information:
Policy: test
Classifier: default-class
Behavior: be
-noneClassifier: 3Com
Behavior: 3Com
Marking:
Remark IP Precedence 3
Committed Access Rate:
CIR 20000 (bps), CBS 15000 (bit), EBS 0 (bit)
Conform Action: pass
Exceed Action: discard
Expedited Forwarding:
Bandwidth 50 (Kbps) CBS 1500 (Bytes)
Classifier: database
Behavior: database
Assured Forwarding:
Bandwidth 30 (Kbps)
Discard Method: Tail
Queue Length : 64 (Packets)
General Traffic Shape:
CIR 30000 (bps), CBS 15000 (bit), EBS 0 (bit)
1052
Syntax
display qos policy interface [ { interface-type interface-number } [ inbound | outbound ]
[ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
pvc: Used for ATM interface only, i.e., policy configuration of specified PVC on
specified ATM interface can be displayed.
1053
1054
Marking:
Remark MPLS EXP 3
Remarked: 0 (Packets)
Assured Forwarding:
Bandwidth 30 (Kbps)
Matched : 0/0 (Packets/Bytes)
Enqueued : 0/0 (Packets/Bytes)
Discarded: 0/0 (Packets/Bytes)
Command
display traffic behavior { system-defined | user-defined } [ behavior-name ]
View
Any view
Parameter
system-defined: Behavior pre-defined by the system.
user-defined: Behavior pre-defined by the user.
behavior-name: Behavior name. If it is not specified, the information of the
behaviors pre-defined by the system or by the user will be displayed.
Description
Using the display traffic behavior command, you can display the information of
the traffic behavior configured on the router.
Example
[3Com] display traffic behavior user-defined
User Defined Behavior Information:
Behavior: test
Assured Forwarding:
Bandwidth 30 (Kbps)
Discard Method: Tail
Queue Length : 64 (Packets)
General Traffic Shape:
CIR 30000 (bps), CBS 15000 (bit), EBS 0 (bit)
Queue length 50 (Packets)
Marking:
Remark MPLS EXP 3
Behavior: 3Com
Marking:
Remark IP Precedence 3
Committed Access Rate:
CIR 20000 (bps), CBS 15000 (bit), EBS 0 (bit)
1055
Syntax
display traffic classifier { system-defined | user-defined } [ tcl-name ]
View
Any view
Parameter
system-defined: Class pre-defined by the system.
user-defined: Class pre-defined by the user.
tcl-name: Class name. If it is not specified, the information of all classes
pre-defined by the system or by the user.
Description
Using the display traffic classifier command, you can view information about
class of router configuration.
Example
[3Com] display traffic classifier user-defined
User Defined Classifier Information:
Classifier: 3Com
Operator: AND
Rule(s) : if-match ip-precedence 5
Classifier: database
Operator: AND
Rule(s) : if-match acl 131
if-match inbound-interface Ethernet10/2/0
gts
Syntax
gts cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size [
queue-length queue-length ] ] ]
undo gts
View
Traffic behavior view
Parameter
cir committed-information-rate: Average rate of traffic in the range of 8000 to
155000000 bps.
cbs committed-burst-size: Burst size in the range of 15000 to 155000000 bits.
ebs excess-burst-size: Excessive burst size in the range of 0 to 155000000 bits.
1056
if-match
Syntax
if-match [ not ] match-criteria
undo if-match [ not ] match-criteria
View
Class view
Parameter
match-criteria: Match rule of a class, which can be acl, any, class-map,
destination-mac, inbound-interface, ip-precedence, dscp, protocol,
source-mac, mpls-exp.
Description
Using the if-match command, you can define the rule of all packets not satisfying
the specified match rule. Using the undo if-match command, you can delete the
rule of all packets not satisfying the specified match rule.
For the related command, see traffic classifier.
1057
Example
# Define the class to match packets which protocol is not IP.
[3Com] traffic classifier class1
[3Com-classifier-class1] if-match not protocol ip
if-match {
destination-mac |
source-mac }
Syntax
if-match [not ] { destination-mac | source-mac } mac-address
undo if-match [not ] { destination-mac | source-mac } mac-address
View
Class view
Parameter
mac-address: MAC address.
Description
Using the if-match { destination-mac | source-mac } command, you can define
match rule of destination or source MAC address. Using the undo if-match {
destination-mac | source-mac } command, you can delete the match rule of
destination or source MAC address.
The match rules of the destination MAC address are only meaningful for the
policies of the output direction and the interface of Ethernet type.
The match rules of the source MAC address are only meaningful for the policies of
the input direction and the interface of Ethernet type.
For the related command, see traffic classifier.
Example
# Define that the match rule of class2 is to match the packets with the destination
MAC address 0050-ba27-bed3.
[3Com] traffic classifier class1
[3Com-classifier-class1] if-match destination-mac 0050-ba27-bed3
# Define the match rule of class2 as matching the packets with source MAC address
0050-ba27-bed2.
[3Com] traffic classifier class2
[3Com-classifier-class2] if-match source mac 0050-ba27-bed2
if-match acl
Syntax
if-match [ not ] acl access-list-number
undo if-match [ not ] acl access-list-number
View
Class view
1058
Parameter
access-list-number: ACL number.
Description
Using the if-match acl command, you can define ACL match rule. Using the
undo if-match acl command, you can delete ACL match rule.
For the related command, see traffic classifier.
Example
# Define a class to match ACL101.
[3Com] traffic classifier class1
[3Com-classifier-class1] if-match acl 101
if-match any
Syntax
if-match [ not ] any
undo if-match [ not ] any
View
Class view
Parameter
none
Description
Using the if-match any command, you can define the rule matching all packets.
Using the undo if-match any command, you can delete the rule matching all
packets.
For the related command, see traffic classifier.
Example
# Define the rule matching all packets.
[3Com] traffic classifier class1
[3Com-classifier-class1] if-match any
if-match classifier
Syntax
if-match [ not ] classifier tcl-name
undo if-match [ not ] classifier tcl-name
View
Class view
Parameter
tcl-name: Class name.
1059
Description
Using the if-match classifier command, you can define class-map match rule.
Using the undo if-match classifier command, you can delete the class-map
match rule.
This configuration method is the only one to match the traffic with both the
match-all and match-any features.
For example: classA need to match: rule1 & rule2 | rule3
traffic classifier classB operator and
if-match rule1
if-match rule2
traffic classifier classA operator or
if-match rule3
if-match classifier classB
For the related command, see traffic classifier.
Example
# Define match rule of class2 and class1 should be used. Therefore, class1 is
configured first. The match rule of class1 is ACL 101 and the IP precedence is 5.
[3Com] traffic classifier class1
[3Com-classifier-class1] if-match ip-precedence 5
# Define the packet whose class is class2, match rule is class1 and destination MAC address is
0050-BA27-BED3.
[3Com] traffic classifier class2
[3Com-classifier-class2] if-match classifier class1
[3Com-classifier-class2] if-match destination-address mac 0050-BA27-BED3
if-match dscp
Syntax
if-match [ not ] dscp { dscp-value }
undo if-match [ not ] dscp { dscp-value }
View
Class view
Parameter
dscp-value: DSCP value in the range of 0 to 63.
Description
Using the if-match dscp command, you can define IP DSCP match rule. Using the
undo if-match dscp command, you can delete IP DSCP match rule.
More than one such command can be configured under a class. They do not
overwrite one other. When each command is configured, the dscp-value will sort
the values automatically in the ascending order. Only when the specified DSCP
1060
values are identical with those in the rule (sequence may be different) can the
command be deleted.
More than one DSCP value can be configured and the maximum number is 8. If
multiple DSCPs of the same value are specified, the system regards them as one by
default. Relation between different DSCP values is or.
For the related command, see traffic classifier.
Example
# Define the match rule of class1 as matching the packets with the dscp value as
1, 6 or 9.
[3Com] traffic classifier class1
[3Com-classifier-class1] if-match dscp 1 6 9
if-match
inbound-interface
Syntax
if-match [ not ] inbound-interface { interface-type interface-number }
undo if-match [ not ] inbound-interface { interface-type interface-number }
View
Class view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the if-match inbound-interface command, you can define input interface
match rule of a class. Using the undo if-match inbound-interface command,
you can delete input interface match rule of a class.
If the interface is deleted, the match rule will not exist.
Supported interface type: ATM, Ethernet, Serial, Tunnel, VT etc.
For the related command, see traffic classifier.
Example
# Define that the class matches the packets entering from Ethernet6/0/0.
[3Com] traffic classifier class1
[3Com-classifier-class1] if-match inbound-interface Ethernet6/0/0
if-match ip-precedence
Syntax
if-match [ not ] ip-precedence { ip-precedence-value }
undo if-match [ not ] ip-precedence
View
Class view
1061
Parameter
ip-precedence-value: Precedence value in the range of 0 to 7. Multiple values can
be specified and the maximum number is 8. If multiple precedence of the same
value are specified, only one of them is taken. Relation between different DSCP
values is or.
Description
Using the if-match ip-precedence command, you can define IP precedence
match rule. Using the undo if-match ip-precedence command, you can delete IP
precedence match rule.
When any command is configured, the ip-precedence-value will be sorted
automatically in ascending order.
Multiple precedence values can be specified but the maximum number is 8. If the
multiple precedence values specified are the same, the system regards them as
one. Relation between different precedence values is or.
For the related command, see traffic classifier.
Example
# Define the match rule of class1 as matching the packets with the precedence
value as 1 or 6.
[3Com] traffic classifier class1
[3Com-classifier-class1] if-match ip-precedence 1 6
if-match protocol
Syntax
if-match [ not ] protocol protocol-name
undo if-match [ not ] protocol protocol-name
View
protocol-name Protocol name. IP is used.
Parameter
Class view
Description
Using the if-match protocol command, you can define protocol match rule.
Using the undo if-match protocol command, you can delete protocol match
rule.
For the related command, see traffic classifier.
Example
# Define the packet whose class match protocol is IP.
[3Com] traffic classifier class1
[3Com-classifier-class1] if-match protocol ip
1062
if-match rtp
Syntax
if-match [ not ] rtp start-port starting-port-number end-port end-port-number
undo if-match [ not ] rtp start-port starting-port-number end-port end-port-number
View
Class view
Parameter
starting-port-number: Starting RTP port number in the range of 2000 to 65535.
end-port-number: Ending RTP port numbers in the range of 2000 to 65535.
Description
Using the if-match rtp command, you can define port match rule of RTP. Using
the undo if-match rtp command, you can delete the port match rule of RTP.
This command can match RTP packets in the range of specified RTP port number,
i.e., to match packets of even UDP port numbers between
<starting-port-number> and < end-port-number >. If this command is frequently
used under a class, the last configuration will overwrite the previous ones.
For the related command, see traffic classifier.
Example
# Define the match rule of class1 as matching the packets whose RTP port number
is the even UDP port number between 16384 and 32767.
[3Com] traffic classifier class1
[3Com-classifier-class1] if-match rtp start-port 16384 end-port 32767
Syntax
qos apply policy policy-name [ inbound | outbound ]
undo qos apply policy [ inbound | outbound ]
View
Interface view
Parameter
inbound: Inbound direction.
outbound: Outbound direction.
policy-name: Policy name.
Description
Using the qos apply policy command, you can attach a service policy to the
output interface. Using the undo qos apply policy command, you can delete
associated policy on an interface.
When applying the policy, the interface will be unavailable if the sum of
bandwidth specified for the classes in the policy, to ensure forwarding and
expedited forwarding, exceeds the available bandwidth on the interface. When
the available bandwidth on the interface is modified, the policy will be deleted if
1063
the sum of bandwidth specified for the classes in the policy, to ensure forwarding
and expedited forwarding, exceeds the available bandwidth on the interface. The
configurations of queue af, queue ef and queue wfq and gts are not allowed in
the input direction policy and the behaviors associated with the class.
The application rule of the policy in the interface view is as follows.
Example
# Apply the policy 3Com in the output direction of interface Ethernet6/0/0.
[3Com-Ethernet6/0/0] qos apply policy 3Com outbound
qos policy
Syntax
qos policy policy-name
undo qos policy policy-name
View
System View
Parameter
policy-name: Policy name.
Description
Using the qos policy command, you can define a policy and enter policy view.
Using the undo qos policy command, you can delete a policy.
The policy cannot be deleted if it is applied on an interface. It is necessary to
remove application of the policy on the current interface before deleting it via the
undo qos policy command.
Policy-name should not be that of the policies defined by the system.
For the related commands, see classifier behavior and qos apply policy.
Example
# Define a policy named as 3Com.
[3Com] qos policy 3Com
[3Com-qospolicy-3Com]
1064
queue af
Syntax
queue af bandwidth { bandwidth | pct percentage }
undo queue af
View
traffic behavior view
Parameter
bandwidth: Bandwidth in Kbps in the range of 8 to 1000000.
pct percentage: Percentage of the available bandwidth configured in the range of
1 to 100.
Description
Using the queue af command, you can configure the class to perform the
assured-forwarding and the minimum bandwidth used. Using the undo queue af
command, you can cancel the configuration.
When associating the class with the traffic behavior queue af belonging in the
policy, the following must be satisfied:
The sum of the bandwidth specified for the classes in the same policy, to
ensure forwarding (queue af) and expedited forwarding (queue ef), must be
less than or equal to the available bandwidth of the interface where the
policy is applied.
The sum of percentages of the bandwidth specified for the classes in the
same policy, to ensure forwarding (queue af) and expedited forwarding
(queue ef), must be less than or equal to 100.
The bandwidth configuration for the classes in the same policy, to ensure
forwarding (queue af) and expedited forwarding (queue ef), must adopt the
value of the same type. For example, they all adopt the absolute value form
or the percentage form.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure traffic behavior named database and configure the minimum
bandwidth of the traffic behavior to 200Kbps.
[3Com] traffic behavior database
[3Com-behavior-database] queue af bandwidth 200
queue ef
Syntax
queue ef bandwidth { bandwidth [ cbs burst ] | pct percentage }
undo queue ef
View
Traffic behavior view
1065
Parameter
bandwidth: Bandwidth in Kbps in the range of 8 to 1000000.
percentage: Percentage of available bandwidth in the range of 1 to 100.
burst: Specifies the allowed burst size in byte in the range of 32 to 2000000, By
default, burst is bandwidth*25.
Description
Using the queue ef command, you can configure expedited-forwarding packets
to the absolute priority queue and configure the maximum bandwidth. Using the
undo queue ef command, you can cancel the configuration.
The command can not be used together with queue af, queue-length, and
wred in traffic behavior view.
In the policy the default class default-class can not be associated with the traffic
behavior, queue ef, which belongs to:
The sum of the bandwidth specified for the classes in the same policy, to
ensure forwarding (queue af) and expedited forwarding (queue ef), must be
less than or equal to the available bandwidth of the interface where the
policy is applied.
The sum of percentages of the bandwidth specified for the classes in the
same policy, to ensure forwarding (queue af) and expedited forwarding
(queue ef), must be less than or equal to 100.
The bandwidth configuration for the classes in the same policy, to ensure
forwarding (queue af) and expedited forwarding (queue ef), must adopt the
value of the same type. For example, they all adopt the absolute value form
or the percentage form.
For the related command, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure packets to enter priority queue. The maximum bandwidth is 200Kbps
and burst is 5000 bytes by default.
[3Com] traffic behavior database
[3Com-behavior-database] queue ef bandwidth 200 cbs 5000
queue wfq
Syntax
queue wfq [ queue-number total-queue-number ]
undo queue wfq
View
traffic behavior view
Parameter
total-queue-number: Number of fair queue, which can be 16, 32, 64, 128, 256,
512, 1024, 2048 and 4096 and the default value is 64.
1066
Description
Using the queue wfq command, you can configure the default-class to use fair
queue. Using the undo queue wfq command, you can .delete configuration.
The traffic behavior configured with the command can only be associated with the
default class. It can also be used together with commands like queue-length or
wred.
For the related command, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure WFQ for default-class and the queue number is 16.
[3Com] traffic behavior test
[3Com-behavior-test] queue wfq 16
[3Com] qos policy 3Com
[3Com-qospolicy-3Com] classifier default-class behavior test
queue-length
Syntax
queue-length queue-length
undo queue-length queue-length
View
traffic behavior view
Parameter
queue-length: The maximum threshold value of the queue in the range of 1 to
512. The default drop mode is tail drop and the queue length is 64.
Description
Using the queue-length command, you can configure maximum queue length.
Using the undo queue-length command, you can delete configuration.
This command can be used only after the queue af or queue wfq command has
been configured.
The queue-length, which has been configured, will be deleted when the undo
queue af or undo queue wfq command is executed.
The queue-length, which has been configured, will be deleted when the random
drop mode is configured via the wred command, and vise versa.
By default, tail drop is configured.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure tail drop and set the maximum queue length to 16.
1067
remark dscp
Syntax
remark dscp dscp-value
undo remark dscp
View
Traffic behavior view
Parameter
dscp-value: Preset DSCP value in the range of 0 to 63, which can be any of the
following keys: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41,
af42, af43, cs1, cs2, cs3, cs4, cs5, or cs7.
Table 3 DSCP key words and values
Key word
DSCP
value(binary)
DSCP value(decimal)
ef
000000
af11
001010
10
af12
001100
12
af13
001110
14
af21
010010
18
af22
010100
20
af23
010110
22
af31
011010
26
af32
011100
28
af33
011110
30
af41
100010
34
af42
100100
36
af43
100110
38
cs1
001000
cs2
010000
16
cs3
011000
24
cs4
100000
32
cs5
101000
40
cs6
110000
48
cs7
111000
56
Description
Using the remark dscp command, you can configure or delete DSCP value for a
class to identify matched packets. Using the undo remark dscp command, you
can
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
1068
Example
# Configure DSCP value to 6 to identify packets.
[3Com] traffic behavior database
[3Com-behavior-database] remark dscp 6
remark fr-de
Command
remark fr-de fr-de-value
undo remark fr-de
View
Traffic behavior view
Parameter
fr-de-value: Value of the DE flag bit in the FR packet, ranging from 0 to 1.
Description
Using the remark fr-de command, you can configure the value of the DE flag bit
in the FR packet. Using the undo remark fr-de command, you can remove cancel
the value of the DE flag bit in the FR packet.
For the related command, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure the value of the DE flag bit in the FR packet as 1.
[3Com] traffic behavior database
[3Com-behavior-database] remark fr-de 1
remark ip-precedence
Syntax
remark ip-precedence ip-precedence-value
undo remark ip-precedence
View
Traffic behavior view
Parameter
ip-precedence-value: Preset precedence value in the range of 0 to 7.
Description
Using the remark ip-precedence command, you can configure precedence value
to identify matched packets. Using the undo set ip precedence command, you
can delete precedence value set for a class to identify matched packets.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
1069
Example
# Configure precedence value to 6 to identify packets.
[3Com] traffic behavior database
[3Com-behavior-database] remark ip-precedence 6
traffic behavior
Command
traffic behavior behaviorname
undo traffic behavior behaviorname
View
System view.
Parameter
behavior-name: Behavior name.
Description
Using the traffic behavior command you can define a traffic behavior and enter
the behavior view. Using the undo traffic behavior command, you can delete a
traffic behavior.
behavior-name shall not be that of the traffic behavior pre-defined by the system.
For the related command, see qos policy, qos apply policy, and classifier
behavior.
Example
# Define a traffic behavior named behavior1.
[3Com] traffic behavior behavior1
[3Com-behavior-behavior1]
traffic classifier
Syntax
traffic classifier tcl-name [ operator { and | or } ]
undo traffic classifier tcl-name [ operator { and | or } ]
View
System View
Parameter
operator and: Specifies the relation between the rules in the class as logic AND.
That is, the packet that matches all the rules belongs to this class.
operator or: Specifies the relation between the rules in the class as logic OR. That
is, the packet that matches any one of the rules belongs to this class.
tcl-name: Class name.
1070
Description
Using the traffic classifier command, you can define a class and enter the class
view. Using the undo traffic classifier command, you can delete a class.
By default, the relation is operator and.
tcl-name shall not be that of the classes pre-defined by the system.
For the related commands, see qos policy, qos apply policy, and classifier
behavior.
Example
# Define a class named as gold.
[3Com] traffic classifier class1
[3Com-classifier-class1]
wred
Syntax
wred [ dscp | ip-precedence ]
undo wred [ dscp | ip-precedence ]
View
Traffic behavior view
Parameter
dscp: Uses DSCP value for calculating drop probability for a packet.
ip-precedence: Uses IP precedence value for calculating drop probability for a
packet.
Description
Using the wred command, you can configure drop mode as WRED. Using the
undo wred command, you can delete the configuration.
By default, ip-precedence is configured.
This command can be used only after the queue af command has been
configured. Wred command and queue-length command can not be used
simultaneously. Other configurations under the random drop will be deleted when
this command is deleted. When a policy is applied on an interface, the previous
WRED configuration on interface level will become ineffective.
When configuration is performed in default-class view, ip-precedence is
configured, by default.
The behavior associated with default-class can only use wred ip-precedence.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
1071
Example
# Configure WRED for a traffic behavior named database and drop probability is
calculated by IP precedence.
[3Com] traffic behavior database
[3Com-behavior-database] wred
wred dscp
Syntax
wred dscp dscp-value low-limit low-limit high-limit high-limit [ discard-probability
discard-prob ]
undo wred dscp dscp-value
View
Traffic behavior view
Parameter
dscp-value: DSCP value in the range of 0 to 63, which can be any of the following
keys: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43,
cs1, cs2, cs3, cs4, cs5, or cs7.
Table 4 DSCP key words and values
Key word
DSCP
value(binary)
DSCP value(decimal)
ef
000000
af11
001010
10
af12
001100
12
af13
001110
14
af21
010010
18
af22
010100
20
af23
010110
22
af31
011010
26
af32
011100
28
af33
011110
30
af41
100010
34
af42
100100
36
af43
100110
38
cs1
001000
cs2
010000
16
cs3
011000
24
cs4
100000
32
cs5
101000
40
cs6
110000
48
cs7
111000
56
1072
Description
Using the wred dscp command, you can set DSCP lower-limit, upper-limit and
drop probability denominator of WRED. Using the undo wred dscp command,
you can delete the configuration.
This command can be used only after the wred dscp command has been used to
enable WRED drop mode based on DSCP.
The configuration of wred dscp will be deleted if the configuration of qos wred
is deleted.
The configuration of drop parameter will be deleted if the configuration of queue
af is deleted.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Set the queue lower-limit to 20, upper-limit to 40 and discard probability to 15
for the packet whose DSCP is 3.
[3Com] traffic behavior database
[3Com-behavior-database] wred dscp
[3Com-behavior-database] wred dscp 3 low-limit 20 high-limit 40
discard-probability 15
wred ip-precedence
Syntax
wred ip-precedence precedence low-limit low-limit high-limit high-limit [
discard-probability discard-prob ]
undo wred ip-precedence precedence
View
Traffic behavior view
Parameter
precedence: Precedence of IP packet in the range of 0 to 7.
low-limit low-limit: Lower threshold value in the range of 1 to 1024. It is 10 by
default.
high-limit high-limit: Upper threshold value in the range of 1 to 1024. It is 30 by
default.
discard-probability discard-prob: Denominator of drop probability in the range
of 1 to 255. It is 10 by default.
1073
Description
Using the wred ip-precedence command, you can set precedence lower-limit,
upper-limit and drop probability denominator of WRED.
If the wred ip-precedence command has been used to enable WRED drop mode
based on the precedence, the configuration of wred ip-precedence will be
deleted when wred is deleted.
The configuration of drop parameters will be deleted if queue af is deleted.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Set lower-limit to 20, upper-limit to 40 and discard probability to 40 for the
packet with the precedence 3.
[3Com] traffic behavior database
[3Com-behavior-database] wred
[3Com-behavior-database] wred ip-precedence 3 low-limit 20 high-limit 40
discard-probability 15
1074
wred
weighting-constant
Syntax
wred weighting-constant exponent
undo wred weighting-constant
View
Traffic behavior view
Parameter
exponent: Exponential in the range of 1 to 16. It is 6 by default.
Description
Using the wred weighting-constant command, you can set exponential for the
calculation of average queue length by WRED.
This command can be used only after the que af command has been configured
and the wred command has been used to enable WRED drop mode.
The configuration of wred weighting-constant will be deleted if
random-detect is deleted.
For the related commands, see qos policy, traffic behavior, and classifier
behavior.
Example
# Configure exponential for calculating average queue to 6.
[3Com] traffic behavior database
[3Com-behavior-database] queue af bandwidth 200
[3Com-behavior-database] wred ip-precedence
[3Com-behavior-database] wred weighting-constant 6
Syntax
display qos rtpq interface [ interface-type | interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
1075
Description
Using the display qos rtpq interface command, you can view the queue
information of the current IP RTP Priority, including the current RTP queue depth
and number of RTP dropping packets and display the RTP priority queue
configuration and statistics on an interface or on all interfaces.
Example
# Display the queue information of the current IP RTP Priority.
[3Com] display qos rtpq interface Ethernet 10/2/0
Interface: Ethernet10/2/0
RTP Queueing: (Output queue: Size/Max/Outputs/Discards)
RTPQ: 0/0/0/0
qos reserved-bandwidth
Syntax
qos reserved-bandwidth pct percent
undo qos reserved-bandwidth
View
Interface view
Parameter
percent: Percentage of the reserved bandwidth to the available bandwidth. It is in
the range of 1 to 100 and the default value is 80.
Description
Using the qos reserved-bandwidth command, you can set the maximum
reserved bandwidth percentage of the available bandwidth. Using the undo qos
reserved-bandwidth command, you can restore the default value.
Usually the bandwidth configured for the QoS queue is no more than 75 percent
of the total bandwidth for the consideration that part of the bandwidth should be
used for the controlling protocol packets, the layer 2 frame header and so on. You
are recommended to use this command with caution while modifying the
maximum preserved bandwidth.
For the related command, see qos rtpq.
Example
# Set the maximum reserved bandwidth allocated for RTP priority queue and WFQ
to be 80% of the available bandwidth.
[3Com-Serial1/0/0] qos reserved-bandwidth pct 80
qos rtpq
Syntax
qos rtpq start-port starting-rtp-port-number end-port end-rtp-port-number bandwidth
bandwidth
1076
View
Interface view
Parameter
first-rtp-port: Specifies the first UDP port number to initiate RTP messages.
last-rtp-port: Specifies the last UDP port number to initiate RTP messages.
bandwidth: Bandwidth for RTP priority queue, which is part of the maximum
reserved bandwidth in Kbps.
Description
Using the qos rtpq command, you can enable RTP queue feature on an interface
so as to reserve a real-time service for the RTP packets sent to some UDP
destination port range. Using the undo qos rtpq command, you can disable the
RTP queue feature of the interface.
By default, RTP queue feature is disabled.
This command is applied to the delay-sensitive applications, for example, real-time
voice transmission. Configured with the qos rtpq command, the system will serve
the voice services first among all other services.
The parameter "bandwidth" should be set greater than the service-required
bandwidth so as to prevent conflict caused by the burst traffic. However, the
bandwidth should be no greater than 75% of the total bandwidth. If you need to
configure the bandwidth to be greater than 75% of the total bandwidth, please
first change the max. reserved bandwidth via qos reserved-bandwidth
command.
In bandwidth allocation, the bandwidth for data load, IP header, UDP header and
RTP header is allocated, except that for the Layer2 frame header. Therefore, it is
obligatory to reserve 25% of the total bandwidth.
By default, the IP RTP Priority is disabled.
For the related command, see qos reserved-bandwidth.
Example
# Enable IP RTP Priority on Serial 1/0/0. The starting port number is 16384. The
starting port number is 16383.The RTP packets in the range of 16384~32767 of
the destination port use 64Kbps bandwidth. If network convergence happens, the
packets will enter IP RTP Priority queue.
[3Com-Serial1/0/0] qos rtpq start-port 16384 end-port 32767 bandwidth 64
1077
Weighted Random
Early Detection
Configuration
Commands
display qos wred
interface
Syntax
display qos wred interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: interface number.
Description
Using the display qos wred interface command, you can view WRED
configuration and statistics of an interface.
If no interface is specified, WRED configuration and statistics of all interfaces will
be displayed.
Example
# Display WRED configuration and statistics about the specified interface.
[3Com] display qos wred interface ethernet 6/0/0
Interface: Ethernet6/0/0
Current WRED configuration:
Exponent: 10 (1/1024)
Precedence
Random
discard
Tail
discard
Low
High
limit limit
Discard
probability
------------------------------------------------------------------------0
10
30
10
100
1000
10
30
10
10
30
10
10
30
10
10
30
10
10
30
10
10
30
10
1078
qos wred
Syntax
qos wred
undo qos wred
View
Interface view
Parameter
None
Description
Using the qos wred command, you can apply WRED (weighed random early
detection) at an interface. Using the undo qos wred command, you can restore
the default dropping method.
By default, the dropping method of a queue is tail drop.
WRED can only be used together with WFQ and cannot be used alone or together
with other queues. So before WRED is enabled at an interface, it is necessary to
ensure that the WFQ has been applied at the interface.
For the related commands, see qos wfq, qos wred, and display qos wred
interface.
Example
# Apply WRED at Ethernet0/0/0 interface. (Provided that WFQ has already been
applied at the interface).
[3Com-Ethernet0/0/0] qos wred
Syntax
qos wred ip-precedence ip-precedence low-limit low-limit high-limit high-limit
discard-probability discard-prob
undo qos wred ip-precedence ip-precedence
View
Interface view
Parameter
ip-precedence: Precedence of IP packets in the range 0 to 7;
low-limit low-limit: The minimum threshold in the range 1 to 1024; by default, it
is 10.
high-limit high-limit: The maximum threshold in the range 1 to 1024; by default,
it is 30.
discard-probability discard-prob: Drop probability denominator, ranging 1 to
255; by default, it is 10.
1079
Description
Using the qos wred ip-precedence command, you can configure the minimum
threshold, maximum threshold and drop probability denominator of each
precedence in WRED. Using the undo qos wred ip-precedence command, you
can restore the default value.
WRED parameters can be set only after the command qos wred has been used to
apply WRED at the interface. And it is the average amount of packets in queue
that the threshold limits.
For the related commands, see qos wred and display qos wred interface.
Example
# Display how to set minimum threshold of the packet of precedence 3 at an
interface to 20, maximum threshold to 40 and discard probability to 15.
[3Com-Ethernet0/0/0] qos wred ip-precedence 3 low-limit 20 high-limit 40
discard-probability 15
qos wred
weighting-constant
Syntax
qos wred weighting-constant exponent
undo qos wred weighting-constant
View
Interface view
Parameter
exponent: Exponential used to calculate the average amount of packets in queues,
ranging 1 to 16. By default, exponent is 9.
Description
Using the qos wred weighting-constant command, you can set exponential
used to calculate the average length of WRED queues. Using the undo qos wred
weighting-constant command, you can restore the default value.
The WRED parameters can be set only after the command random-detect is used
to apply WRED at the interface.
For the related commands, see qos wred, and display qos wred interface.
Example
# Set the exponential used to calculate the average amount of packets in queue to
6 at Ethernet6/0/0 interface, provided that WRED has already been applied on this
interface.
[3Com-Ethernet0/0/0] qos wred weighting-constant 6
1080
Link Efficiency
Mechanism
Configuration
commands
IP Header
Compression
Configuration
Commands
debugging ppp
compression iphc rtp
Syntax
debugging ppp compression iphc rtp
View
User view
Parameter
None
Description
Using the debugging ppp compression iphc rtp command, you can display the
single packet information of the RTP header compression.
Example
<3Com> debugging ppp compression iphc rtp
debugging ppp
compression iphc tcp
Syntax
debugging ppp compression iphc tcp
View
User view
Parameter
None
Description
Using the debugging ppp compression iphc tcp command, you can view the
single packet information of the TCP header compression.
Example
<3Com> debugging ppp compression iphc tcp
Syntax
display ppp compression iphc rtp [ interface-type interface-number ]
View
Any view
1081
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display ppp compression iphc rtp command, you can view the
statistic information of the RTP header compression.
Example
[3Com] display ppp compression iphc rtp
Syntax
display ppp compression iphc tcp [ interface-type interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display ppp compression iphc tcp command, you can view the
statistic information of the TCP header compression.
Example
[3Com] display ppp compression iphc tcp
Syntax
ppp compression iphc [ nonstandard ]
undo ppp compression iphc
View
Interface view
Parameter
nonstandard: Nonstandard encapsulation mode.
Description
Using the ppp compression iphc command, you can enable RTP header
compression on an interface. Using the undo ppp compression iphc command,
you can disable RTP header compression.
By default, RTP header compression on an interface is disabled.
1082
When the RTP header compression is enabled, the TCP header compression will
also be enabled. When the RTP header compression is disabled, the TCP header
compression will be disabled either.
The configuration will take effect only when the shutdown and undo shutdown
operations are performed on the interface. If the configuration is applied on MP,
the shutdown and undo shutdown operations should be performed on all the
MPs.
For the related command, see ppp compression iphc rtc-connection.
Example
None
ppp compression iphc
rtp-connection
Syntax
ppp compression iphc rtp-connection number
undo ppp compression iphc rtp-connection
View
Interface view
Parameter
number: The maximum connection number (from 3 to 256) of IP Header
Compression mode on the interface. By default, the number is 16.
Description
Using the ppp compression iphc rtp-connection command, you can designate
the connections number of IP Header Compression allowed on one interface.
Using the undo ppp compression iphc rtp-connection command, you can
cancel the configuration and restore the default value.
The configuration will take effect after commands shutdown and undo
shutdown have been executed on the interface. When configuring MP,
commands shutdown and undo shutdown must be executed on all MPs.
Example
None
ppp compression iphc
tcp-connections
Syntax
ppp compression iphc tcp-connection number
undo ppp compression iphc tcp-connection
View
Interface view
Parameter
number: The maximum connection number (from 3 to 256) of TCP compression
mode on the interface. By default, the number is 16.
1083
Description
Using the ppp compression iphc tcp-connection command, you can configure
the connection number of TCP compression mode. Using the undo ppp
compression iphc tcp-connection command, you can restore the default
connection number of TCP compression mode.
The configuration can become valid on an interface only after you perform the
shutdown and then the undo shutdown operations on the interface. If the
configuration is for MPs, you should perform the operations on all the MPs.
Example
None
reset ppp compression
iphc
Syntax
reset ppp compression iphc [ interface-type interface-number ]
View
User view
Parameter
Interface-type: Interface type.
Interface-number: Interface number.
Description
Using the reset ppp compression iphc command, you can delete the invalid
IP/UDP/RTP header compression or decompression context storage table and clear
statistic information of IP/UDP/RTP header compression.
If no parameter is specified, the storage table entries of IP header compression on
all interfaces will be cleared.
Example
None
Configuration
Commands of LFI
ppp mp lfi
Syntax
ppp mp lfi
undo ppp mp lfi
View
Virtual template interface view, MP-GROUP view
Parameter
None
1084
Description
Using the ppp mp lfi command, you can enable LFI on the interface. Using the
undo ppp mp lfi command, you can remove LFI on the interface.
By default, the time delay of the fragment is 10ms after LFI is enabled on the
Virtual Template interface.
For the related command, see ppp mp lfi delay-per-frag.
Example
[3Com-Virtual-Template1] ppp mp lfi
Syntax
ppp mp lfi delay-per-frag time
undo ppp mp lfi delay-per-frag
View
Virtual template interface view, MP-GROUP view
Parameter
time: The maximum time delay of LFI fragment in ms in the range of 1 to 1000.
Description
Using the ppp mp lfi delay-per-frag command, you can set the maximum time
delay for transmitting a LFI (link fragment and interleave) fragment. Using the
undo ppp mp lfi delay-per-frag command, you can restore the default
maximum time delay for transmitting an LFI fragment.
By default, the time delay of the fragment is 10ms after LFI is enabled on the
Virtual Template interface.
For the related command, see ppp mp lfi.
Example
# Set the maximum time delay of LFI fragment of Virtual-Template 1 to 20ms.
[3Com-Virtual-Template1] ppp mp lfi delay-per-frag 20
qos max-bandwidth
Syntax
qos max-bandwidth kilobits
undo qos max-bandwidth
View
Interface view
Parameter
Kilobits : Available bandwidth of the interface in Kbps in the range of 1 to
1000000. By default, for physical interface the value is its speed or its baud rate
and for virtual template interface the value is 64Kbps.
1085
Description
Using the qos max-bandwidth command, you can configure the physical
bandwidth binding the MP links. Using the undo qos max-bandwidth
command, you can remove the configuration of the bandwidth.
This command can configure the physical bandwidth binding the MP links. The
command indicates the available bandwidth of the active interface, providing the
information of the QoS module but not the actual bandwidth binding the MP
links.
For the related command, see ppp mp lfi delay-per-frag, ppp mp lfi.
Example
# Set the bandwidth of Virtual-Template 1 to 128kbps.
[3Com-Virtual-Template1] qos max-bandwidth 128
Syntax
apply policy outbound policyname
undo apply policy outbound
View
Frame Relay class view
Parameter
policyname: Name of the applied policy. It is a string with 1 to 31 characters.
Description
Using the apply policy outbound command, you can set the Frame Relay virtual
circuit queueing to CBQ (Class-Based Queueing). Using the undo apply policy
outbound command, you can restore the Frame Relay virtual circuit queueing to
FIFO.
By default, FIFO queueing is adopted.
Example
# Define a classifier named class 1.
[3Com] traffic classifier class1
[3Com-classifier-class1]
1086
# Apply a defined policy to the Frame Relay class named test 1 and set the
queueing of test 1 to CBQ.
[3Com] fr class test1
[3Com-fr-class-test1] apply policy policy1 outbound
cbs
Syntax
cbs [ inbound | outbound ] burst-size
undo cbs [ inbound | outbound ]
View
Frame relay class view
Parameter
inbound: Sets the inbound committed burst size of the packet, valid only when
FRTP (frame relay traffic policing) is enabled on the interface.
outbound: Sets the outbound committed burst size of the packet, valid only
when FRTS (frame relay traffic shaping) is enabled on the interface.
burst-size: Committed burst size, in bit, ranging from 300 to 16000000. By
default, it is 56000 bits.
Description
Using the cbs command, you can set the committed burst size of frame relay
virtual circuit. Using the undo cbs command, you can restore the default value.
If the packet direction is not specified upon configuration, the parameter will be
set in both inbound and outbound directions.
The committed burst size is the packet traffic that is committed to send on a frame
relay network within an interval of Tc. When there is no congestion on the
network, the frame relay network ensures this part of traffic could be sent
successfully.
For the related commands, see ebs, cir allow, and cir.
Example
# Set the committed burst size of the frame relay class named test1 as 64000 bits.
[3Com] fr class test1
[3Com-fr-class-test1] cbs 64000
cir
Syntax
cir rate-limit
undo cir
1087
View
Frame relay class view
Parameter
rate-limit: The minimum Committed Information Rate, in bit/s, ranging from 1000
to 45000000. By default, it is 56000 bit/s.
Description
Using the cir command, you can set the Minimum Committed Information Rate of
frame relay virtual circuit. Using the undo cir command, you can restore the
default value.
The Minimum Committed Information Rate is the minimum sending rate that can
be provided by virtual circuit. It ensures that the user could still send data at this
rate upon network congestion.
Upon network congestion, DCE will send a packet with a BECN flag bit of 1 to
DTE. After DTE receives this packet, it will gradually reduce the sending rate of
virtual circuit from CIR to MinCIR. If DTE does not receive the packet with the
BECN flag bit of 1 any more within a certain period of time, it will restore the
sending rate of virtual circuit as CIR.
During configuration, the Minimum Committed Information Rate (MinCIR) cannot
exceed the Committed Information Rate (CIR).
For the related commands, see cbs, ebs, and cir allow.
Example
# Set the MinCIR of the frame relay class named test1 as 32000 bit/s.
[3Com] fr class test1
[3Com-fr-class-test1] cir 32000
cir allow
Syntax
cir allow [ inbound | outbound ] rate-limit
undo cir allow [ inbound | outbound ]
View
Frame relay class view
Parameter
inbound: Sets the inbound Committed Information Rate (CIR) of a packet, valid
only when FRTP is enabled on the interface.
outbound: Sets the outbound CIR of a packet, valid only when FRTS is enabled
on the interface.
rate-limit: Committed information rate, in bit/s, ranging from 1 to 45000000. By
default, it is 56000 bit/s.
1088
Description
Using the cir allow command, you can set the CIR of frame relay virtual circuit.
Using the undo cir allow command, you can restore the default value.
CIR is the sending rate that can be normally provided by a frame relay network.
When there is no congestion on the network, it ensures the user could send data
at this rate.
If packet direction is not specified upon configuration, the parameter will be set in
both inbound and outbound directions.
For the related commands, see cbs, ebs, and cir.
Example
# Set the CIR of the frame relay class that is named test1 as 64000bit/s.
[3Com] fr class test1
[3Com-fr-class-test1] cir allow 64000
congestion-threshold
Syntax
congestion-threshold { de | ecn } queue-percentage
undo congestion-threshold { de | ecn }
View
Frame relay class view
Parameter
de: Discards the frame relay packet whose DE flag bit is 1 upon congestion.
ecn: Processes the flag bits, BECN and FECN, of frame relay packet upon
congestion.
queue-percentage: Network congestion threshold, being the utility ratio of virtual
circuit queue, namely the percentage of the current queue length of virtual circuit
to the total queue length, ranging from 1 to 100. By default, it is 100.
Description
Using the congestion-threshold command, you can enable congestion
management function of frame relay virtual circuit. Using the undo
congestion-threshold command, you can disable this function.
When the percentage of current queue length to the total queue length of virtual
circuit exceeds the set congestion threshold, it will be regarded that congestion
occurs on the virtual circuit and congestion management will be performed on
packets on virtual circuit.
For the related command, see fr congestion-threshold.
1089
Example
# Set to begin to discard the frame relay packet whose DE flag bit is 1 concerning
the frame relay class named test1 when the current queue length of virtual circuit
exceeds 80% of the total length.
[3Com] fr class test1
[3Com-fr-class-test1] congestion-threshold de 80
cq
Syntax
cq cql list-number
undo cq
View
FR class view
Parameter
cql list-number: Number of custom queue, from 1 to 16 available.
Description
Using the cq command, you can set the queue type of the FR virtual circuit to be
custom queue, while using undo cq, you can restore the type to be FIFO.
By default, the queue type of the virtual circuit is FIFO.
The value will be refreshed if this command is repeatedly applied to one same FR
class.
The related commands are wfq, pq, and fr pvc-pq.
Example
# Apply the custom queue 10 to the FR class test1:
[3Com] fr class test1
[3Com-fr-class-test1] cq cql 10
display fr fragment-info
Syntax
display fr fragment-info [ interface interface-type interface-number ] [ dlci-number ]
View
Any view.
Parameter
interface-type: Interface type.
interface-number: Interface number, in 3-dimension form: slot number/card
number/interface number.
dlci-number: DLCI number, ranging from 16 to 1007. The detailed information will
be displayed when specifying the parameter.
1090
Description
Using the display fr fragment-info command, you can view the frame relay
fragment information.
For the related command, see fragment.
Example
# View frame relay fragment information of all the interfaces.
<3Com> display fr fragment-info
interface serial 0/1/1:10:
dlci
100
type
FRF12(ETE)
80
0/0/0
out bytes :0
Fragmented:
in pkts : 0
out pkts : 0
in bytes: 0
out bytes: 0
Assembled :
in pkts : 0
in bytes :0
Dropped :
in pkts : 0
in bytes: 0
out pkts :0
out bytes: 0
Out-of-sequence pkts: 0
Table 5 Output information description of the display fr fragment-info command
Item
Description
interface
Interface
dlci
DLCI number
type
Fragment type
size
Fragment size
in/out/drop
Pre-fragment:
Fragmented :
1091
display fr switch-table
Item
Description
Assembled :
Out-of-sequence
fragment :
Syntax
display fr switch-table { all | name switch-name }
View
Any view
Parameter
interface-type: Interface type.
all: All the VC information
switch-name: VC information of a certain name.
Description
Using the display mfr command, you can view configuration and status
information of the FR route to confirm the correctness of the configuration.
For the related command, see fr switch.
Example
# View configuration and state information of all frame relay bundles and frame
relay
# To display all the charactors of the FR route.
[3Com] display fr switch-table all
Switch-Name
test
Interface
MFR4/0/100
DLCI Interface
DLCI State
100 MFR4/0/101
101 UP
Item
Description
Switch-Name
Interface
The first denotes local interface and the second denotes remote
interface
DLCI
State
Linkage status
Syntax
display qos policy interface [ interface-type interface-number [ dlci dlci-number [
outbound ] | inbound | outbound ] ]
1092
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
dlci dlci-number: Information about the specified DLCI applying CBQ.
inbound: Information about inbound interface applying CBQ.
outbound: Information about outbound interface applying CBQ.
Description
Using the display qos policy interface command, you can view information
about CBQ application on the interface.
Example
# Display the information about CBQ application of the virtual circuit with DLCI of
10 on Serial1/0/0.
<3Com> display qos policy interface serial 1/0/0 dlci 100
MFR4/0/0, DLCI 25
Direction: Outbound
Policy: xujin
Class: default-class
Matched : 1/133 (Packets/Bytes)
Rule(s) : if-match any
Behavior:
Default Queue:
Flow Based Weighted Fair Queueing
Max number of hashed queues: 256
Matched : 0/0 (Packets/Bytes)
Enqueued : 0/0 (Packets/Bytes)
Discarded: 0/0 (Packets/Bytes)
Discard Method: Tail
Class: xujin
Matched : 0/0 (Packets/Bytes)
Operator: Logic AND
Rule(s): if-match acl 1
1093
Behavior:
Assured Forwarding:
Bandwidth 10 (Kbps)
Matched : 0/0 (Packets/Bytes)
Enqueued : 0/0 (Packets/Bytes)
Discarded: 0/0 (Packets/Bytes)
ebs
Syntax
ebs [ inbound | outbound ] excess-burst-size
undo ebs [ inbound | outbound ]
View
Frame relay class view
Parameter
inbound: Sets inbound excess burst size of the packet, valid only when FRTP is
enabled on the interface.
outbound: Sets outbound excess burst size of the packet, valid only when FRTS is
enabled on the interface.
excess-burst-size: Excess burst size, in bit, ranging from 0 to 16000000. By
default, it is 0 bit.
Description
Using the ebs command, you can set excess burst size of frame relay virtual circuit.
Using the undo ebs command, you can restore the default value.
Excess burst size (EBS) is the maximum of the part that packet traffic exceeds the
committed burst size (CBS) within an interval of Tc. When congestion occurs on
the network, this part of excess traffic will be first discarded.
When this command is used, the set EBS value will be valid in both inbound and
outbound directions if the parameters inbound and outbound are not specified.
For the related commands, see cbs, cir allow, and cir.
Example
# Set the excess burst size of the frame relay class named test1 as 32000 bits.
[3Com] fr class test1
[3Com-fr-class-test1] ebs 32000
fifo queue-length
Syntax
fifo queue-length queue-size
undo fifo queue-length
1094
View
Frame relay class view
Parameter
queue-size: FIFO queue length, namely, the maximum number of packets that can
be held by the queue, ranging from 1 to 1024. By default, it is 40.
Description
Using the fifo queue-length command, you can set the FIFO queue length of
frame relay virtual circuit. Using the undo fifo queue-length command, you can
restore the default value.
When the router serves as DCE for switching, the FIFO queue length of DLCI can
be set if FRTS has been applied to DLCI.
For the related command, see fr class.
Example
#Set the FIFO queue of the frame relay class named test1 to hold 80 packets at
most.
[3Com] fr class test1
[3Com-fr-class-test1] fifo queue-length 80
[3Com] fr del 1 protocol ip
fr class
Syntax
fr class class-name
undo fr class class-name
View
System view
Parameter
class-name: Class name, with 30 characters at most.
Description
Using the fr class command, you can create a frame relay class and enter frame
relay class view. Using the undo fr class command, you can delete a specified
frame relay class.
By default, no frame relay class is created.
Only after associating a frame relay class with an interface or virtual circuit and
enabling the frame relay QoS function on the corresponding interface, can the set
frame relay class parameter take effect.
When a frame relay class is deleted, the association between all interfaces or DLCIs
and the frame relay class will be released.
For the related command, see fr-class.
1095
Example
# Create a frame relay class named test1.
[3Com] fr class test1
[3Com-fr-class-test1]
fr congestion-threshold
Syntax
fr congestion-threshold { de | ecn } queue-percentage
undo fr congestion-threshold { de | ecn }
View
Frame relay interface view, MFR interface view
Parameter
de: Discards the frame relay packet whose DE flag bit is 1 when congestion
occurs.
ecn: Processes the BECN and FECN flag bits of frame relay packets when
congestion occurs.
queue-percentage: Network congestion threshold, being the occupation ratio of
the interface queue, equal to the percentage of current queue length to the total
queue length of the interface, ranging from 1 to 100. By default, it is 100.
Description
Using the fr congestion-threshold command, you can enable congestion
management function of a frame relay interface. Using the undo fr
congestion-threshold command, you can disable this function.
By default, the congestion management function of a frame relay interface is
disabled.
This command is similar to the congestion-threshold command. The difference
is that this command is applied to frame relay interfaces, while the
congestion-threshold command is applied to frame relay virtual circuit.
The command can only be used for frame relay DCE interfaces or NNI interfaces.
For the related command, see congestion-threshold.
Example
# Set to begin to process the flag bit of a frame relay packet when the interface
queue length exceeds 80% of the total length.
[3Com-Serial4/1/2] fr congestion-threshold de 80
fr de del
Syntax
fr de del list-number dlci dlci-number
undo fr de del list-number dlci dlci-number
1096
View
Frame relay interface view, MFR interface view
Parameter
list-number: DE rule list number, ranging from 1 to 10.
dlci-number: Frame relay virtual circuit number, ranging from 16 to 1007.
Description
Using the fr de del command, you can apply a DE rule list to the specified frame
relay virtual circuit. Using the undo fr de del command, you can delete a DE rule
list from virtual circuit.
By default, no DE rule list is applied to frame relay virtual circuit.
After a DE rule list is applied to frame relay virtual circuit, those packets that match
the rule list will have their DE flag set to 1.
For the related commands, see fr del inbound-interface and fr del protocol.
Example
# Apply DE rule list 3 to the DLCI 100 of the interface Serial 4/1/2.
[3Com-Serial4/1/2] fr de del 3 dlci 100
fr del inbound-interface
Syntax
fr del list-number inbound-interface interface-type interface-number
undo fr del list-number inbound-interface interface-type interface-number
View
System view
Parameter
list-number: Number of DE rule list, ranging from 1 to 10.
interface-type: Interface type.
interface-number: Interface number, in 3-dimension form (slot number/card
number/interface number).
Description
Using the fr del inbound-interface command, you can configure an
interface-based DE rule list. For the packet received from the specified interface, if
it is forwarded from the router as a frame relay packet, its DE flag bit will be set as
1 before being forwarded. Using the undo fr del inbound-interface command,
you can delete the specified DE rule from a DE rule list.
By default, no DE rule list is created.
1097
New rules can be added to a DE rule list by using this command repeatedly. At
most, 100 rules can be configured in a DE rule list. To delete a DE rule list, you
should first delete all DE rules in it.
For the related commands, see fr de del and fr del protocol.
Example
# Add a rule to DE rule list 1. For the packet received from the interface Serial
4/1/2, if it is needed to be forwarded by encapsulating frame relay protocol, flag
the DE flag bit of the packet as 1 before forwarding.
[3Com] fr del 1 inbound-interface serial 4/1/2
fr del protocol ip
Syntax
fr del list-number protocol ip [ fragments | acl acl-number | less-than bytes |
greater-than bytes | tcp ports | udp ports ]
undo fr del list-number protocol ip [ fragments | acl acl-number | less-than bytes |
greater-than bytes | tcp ports | udp ports ]
View
System view
Parameter
list-number: DE rule list number, ranging from 1 to 10.
protocol ip: IP.
fragments: All fragmented IP packets.
acl acl-number: IP packets meeting ACL matching requirement. acl-number
ranges from 1 to 199.
less-than bytes: IP packets whose length is less than bytes. bytes ranges from 0 to
65535.
greater-than bytes: IP packets whose length is greater than bytes. bytes ranges
from 0 to 65535.
tcp ports: IP packets whose source or destination TCP port number are ports.
udp ports: IP packets whose source or destination UDP port number are ports.
If optional parameters are not used, it represents all IP packets.
Description
Using the fr del protocol ip command, you can configure an IP-based DE rule list.
The DE flag bit of the frame relay packet encapsulated with an IP packet matching
the specified rule will be flagged as 1. Using the undo fr del protocol ip
command, you can delete the specified DE rule from a DE rule list.
By default, no DE rule list is created.
1098
New rules can be added to a DE rule list by using this command repeatedly. At
most, 100 rules can be configured in a DE rule list. The undo form of this
command can once delete one DE rule only. To delete a DE rule list, you must
delete all DE rules in it.
For the related commands, see fr de del and fr del inbound-interface.
Example
# Add a rule to DE rule list 1. For all frame relay packets encapsulated with IP
packets, flag their DE flag bits as 1.
[3Com] fr del 1 protocol ip
fr pvc-pq
Syntax
fr pvc-pq [ top-limit middle-limit normal-limit bottom-limit ]
undo fr pvc-pq
View
Frame relay interface view, MFR interface view
Parameter
top-limit: Length of top priority queue, ranging from 0 to 1024. By default, it is
20.
middle-limit: Length of middle priority queue, ranging from 0 to 1024. By default,
it is 40.
normal-limit: Length of normal priority queue, ranging from 0 to 1024. By default,
it is 60.
bottom-limit: Length of bottom priority queue, ranging from 0 to 1024. By
default, it is 80.
Description
Using the fr pvc-pq command, you can set the queue type of a frame relay
interface as PVC PQ (PVC Priority Queueing) and set queue length, i.e. the
maximum number of packets that can be held by a queue for each queue. Using
the undo fr pvc-pq command, you can restore the queue type of the interface
into FIFO.
By default, the queue type of a frame relay interface is FIFO.
After FRTS is enabled on an interface, the queue type of the interface can only be
FIFO or PVC PQ.
PVC PQ is a new queue mechanism of FRTS. Similar to PQ, it also has four queue
types: top, middle, normal and bottom, with queue priority decreasing in turn.
Configure the queue of PVC PQ that DLCI enters in frame relay class. When
congestion occurs on an interface, different DLCIs enter different PVC PQs. When
sending data, according to queue priority, data in higher priority queues will be
sent before lower priority queues.
1099
fr traffic-policing
Syntax
fr traffic-policing
undo fr traffic-policing
View
Frame relay interface view, MFR interface view
Parameter
None
Description
Using the fr traffic-policing command, you can enable FRTP function. Using the
undo fr traffic-policing command, you can disable FRTP function.
FRTP function is applied to the inbound interface of frame relay packets on a
router. Furthermore, it is only used at the DCE end of a frame relay network.
When configuring traffic policing for an inbound interface, you must first set the
DCE as a frame relay switching by using the fr switching command.
For the related command, see fr class.
Example
# Enable the traffic policing function on the interface Serial 2/0/0.
[3Com-Serial2/0/0] fr traffic-policing
fr traffic-shaping
Syntax
fr traffic-shaping
undo fr traffic-shaping
View
Frame relay interface view, MFR interface view
Parameter
None
Description
Using the fr traffic-shaping command, you can enable FRTS function. Using the
undo fr traffic-shaping command, you can disable FRTS function.
By default, FRTS function is disabled.
1100
The FRTS function is applied to the outbound interface of a router, generally used
at the DTE end of a frame relay network.
For the related commands, see fr class, fr-class, and fr dlci.
Example
# Enable FRTS on the serial interface Serial 2/0/0.
[3Com-Serial2/0/0] fr traffic-shaping
fragment
Syntax
fragment [ fragment-size ]
undo fragment [ fragment-size ]
View
Frame relay class view
Parameter
fragment-size: Size of a fragment, in byte, ranging from 16 to 1600. By default,
the fragment size is of 45 bytes.
Description
Using the fragment command, you can enable the fragmentation function on
frame relay virtual circuit. Using the undo fragment command, you can disable
this function.
By default, the fragmentation function on frame relay virtual circuit is disabled.
For the related command, see fr class.
Example
# Configure fragment size as 128 in the frame relay class named test1.
[3Com] fr class test1
[3Com-fr-class-test1] fragment 128
fr-class
Syntax
fr-class class-name
undo fr-class class-name
View
Frame relay interface view, DLCI view
Parameter
class-name: Name of a frame relay class, in the form of character string, with a
length ranging from 1 to 30.
1101
Description
Using the fr-class command, you can associate a frame relay class with the current
frame relay virtual circuit or frame relay interface. Using the undo fr-class
command, you can remove the association between a frame relay class and the
frame relay virtual circuit or frame relay interface.
By default, there is no association between a frame relay class and the frame relay
virtual circuit or frame relay interface.
If the specified frame relay class does not exist, the command will first create a
frame relay class before associating the frame relay class with the current virtual
circuit or interface. If the specified frame relay class does exist, the command will
associate the frame relay class with the current virtual circuit or interface without
creating a new frame relay class.
The undo form of this command only removes the association between a
specified frame relay class and a virtual circuit or an interface rather than deleting
the real frame relay class. To delete a frame relay class, use the undo fr class
command.
After a frame relay class is associated with an interface, all virtual circuits on the
interface will inherit the frame relay QoS parameter of this frame relay class.
For the related commands, see fr class and fr dlci.
Example
# Associate the frame relay class named test1 with the frame relay virtual circuit
whose DLCI is 200.
[3Com] interface serial 4/0/1
[3Com-Serial4/0/1] fr dlci 200
[3Com-fr-dlci-Serial4/0/1-200] fr-class test1
pq
Syntax
pq pql list-number
undo pq
View
Frame relay class view
Parameter
pql list-number: Group number of Priority Queueing, ranging from 1 to 16.
Description
Using the pq command, you can set the queue type of frame relay virtual circuit as
Priority Queueing. Using the undo pq command, you can restore the queue type
of virtual circuit to FIFO.
By default, the queue type of frame relay virtual circuit is FIFO.
For the related commands, see cq,and pvc-pq.
1102
Example
# Apply the group10 of Priority Queueing to the frame relay class named test1.
[3Com] fr class test1
[3Com-fr-class-test1] pq pql 10
pvc-pq
Syntax
pvc-pq { top | middle | normal | bottom }
undo pvc-pq
View
Frame relay class view
Parameter
top: Sets the top PVC PQ , namely, top priority queue, to accept the packets from
the VC.
middle: Sets the middle PVC PQ , namely, middle priority queue, to accept the
packets.
normal: Sets the normal PVC PQ , namely, normal priority queue, to accept the
packets.
bottom: Sets the normal PVC PQ , namely, normal priority queue, to accept the
packets.
Description
Using the pvc-pq command, you can set the type of the PVC PQ that packets sent
by frame relay virtual circuit enter. Using the undo pvc-pq command, you can
restore the default PVC PQ type.
By default, the packets sent by frame relay virtual circuit enter into the normal
PVC PQ.
PVC PQ falls into four groups, top, middle, normal and bottom. PVC PQ is relative
to DLCI. After the queue of an interface is set as PVC PQ, packets on each virtual
circuit can enter only one type of PVC PQ.
For the related command, see fr pvc-pq.
1103
Example
# Set packets sent by virtual circuit which is associated with the frame relay class
named test1 to enter top PVC PQ.
[3Com-fr-class-one] pvc-pq top
rtpq
Syntax
rtpq start-port min-dest-port end-port max-dest-port bandwidth bandwidth
undo rtpq
Parameter
min-dest-port: Lower limit of a destination UDP port, ranging from 2000 to
65535.
max-dest-port: Upper limit of a destination UDP port, ranging from 2000 to
65535.
bandwidth bandwidth: Bandwidth of a RTP queue, in kbit/s, ranging from 0 to
2000.
View
Frame relay class view
Description
Using the rtpq command, you can configure to apply Realtime Transport Protocol
Priority Queue (RTP Priority Queue). Using the undo rtpq command, you can
remove the application.
The application of a frame relay class configured with RTPQ to a PVC results in the
creation of a strict priority queue on the PVC. Packets in the port range specified
by RTPQ of the destination UDP port will enter RTPQ. When congestion occurs in
the virtual circuit the packets in the queue will be sent with preference without
exceeding the configured bandwidth. When congestion does not occur in the
virtual circuit, the RTP packets in the specified port range can occupy the available
bandwidth on the virtual circuit. Generally, the UDP port range used by VoIP can
be configured as from 16384 to 32767.
Example
# Configure RTP priority queue on the frame relay class named test1 with a
bandwidth of 20kbit/s.
[3Com] fr class test1
[3Com-fr-class-test1] rtpq start-port 16383 end-port 16384 bandwidth 20
traffic-shaping
adaptation
Syntax
traffic-shaping adaptation { becn percentage | interface-congestion number }
undo traffic-shaping adaptation { becn | interface-congestion }
View
FR class view
1104
Parameter
becn: Adjusts the packets with the BECN flag.
percentage: Adjustment percentage, ranging from 1 to 30 percent. The default
value is 25 percent.
interface-congestion: Traffic shaping according to the number of the packets in
the outbound queue.
number: Number of packet in the queue, ranging from 1 to 40.
Description
Using the traffic-shaping adaptation command, you can enable the adaptive
traffic shaping function of FR. Using the undo traffic-shaping adaptation
command, you can disable this function.
By default, the traffic-shaping adaptation function is disabled.
Related commands are fr traffic-shaping, cir allow, and cir.
Example
# Enable the FR traffic shaping function, by adjusting the packets with the BECN
flag.
[3Com] fr class test1
[3Com-fr-class-test1] traffic-shaping adaptation becn 20
wfq
Syntax
wfq [ congestive-discard-threshold [ dynamic-queues ] ]
undo wfq
View
FR class view
Parameter
congestive-discard-threshold: The maxium number of packets allowed in the
queue. Packets exceeding this limitation will be discarded. The permitted value
ranges from 1 to 1024, with a default of 64.
dynamic-queues: Total number of queues, the value can be one of 16, 32, 64,
128, 256, 512, 1024, 2048 and 4096, with the defaut of 256.
Description
Using the wfq command, you can set the queue type of the VC to be WFQ. Using
the undo wfq command, you can restore the queue type to FIFO.
For the related commands, see cq, pq, and fr pvc-pq.
Example
# Apply WFQ to the FR class test1.
1105
MPLS QoS
Configuration
Commands
if-match mpls-exp
Syntax
if-match [ not ] mpls-exp { mpls-experimental-value }
undo if-match [ not ] mpls-exp
View
Class view
Parameter
mpls-experimental-value: EXP value in the range of 0 to 7.
Description
Using the if-match mpls-exp command, you can configure the rule of exp
domain matching MPLS. Using the undo if-match mpls-exp command, you can
delete the rule of exp domain matching MPLS.
Multiple exp-values can be specified in the command. The maximum number is 8.
If multiple exp-values of the same value are specified, the system only takes one.
Relation between different values is or. If this command is frequently configured
under one class, the last configuration will overwrite the previous ones. After this
command is configured, the exp-value will be sorted automatically in ascending
order.
For the related command, see traffic classifier.
Example
# Define the class to match the packet whose exp is 3 or 4.
[3Com-classifier-database] if-match mpls-exp 3 4
Syntax
qos cql cql-index protocol mpls-exp queue-number { mpls-experimental-number }
undo qos cql cql-index protocol mpls-exp queue-number { mpls-experimental-number }
View
System view
Parameter
cql-index: Group number of precedence list in the range of 1 to 16.
queue-number: Queue number in the range of 0 to 16.
mpls-experimental-number: EXP domain of MPLS packet in the range of 0 to 7.
1106
Description
Using the qos cql protocol mpls-exp command, you can configure classification
rule based on the MPLS protocol, Using the undo qos cql protocol mpls-exp
command, you can delete the corresponding classification rule.
The system matches packets in the sequence that rules are configured. When the
packet is found to match a rule, the entire searching process comes to an end.
For the same group-number, this command can be used repeatedly to establish
multiple types of classification rules for IP packets.
For the related command, see qos cq.
Example
# Configure classification rule based on the MPLS protocol and sets EXP value of
MPLS to 1.
[3Com] qos cql 10 protocol mpls-exp 1 experimental 1
Syntax
qos pql pql-index protocol mpls-exp { top | middle | normal | bottom } {
mpls-experimental-value }
undo qos pql pql-index protocol mpls-exp { top | middle | normal | bottom } {
mpls-experimental-value }
View
System view
Parameter
pql-index: Group number of priority list in the range of 1 to 16.
mpls-experimental-value: EXP domain of MPLS packet in the range of 0 to 7.
Description
Using the qos pql protocol mpls-exp command, you can establish the
classification rule based on MPLS protocol. Using the undo qos pql protocol
mpls-exp command, you can delete corresponding classification rules.
The system matches packets in the sequence that rules are configured. When the
packet is found to match a rule, the entire searching process comes to an end.
For the same group-number, this command can be used repeatedly to establish
several types of classification rules for IP packets.
For the related command, see qos pql protocol.
Example
# Establish the classification rule based on MPLS protocol and sets the EXP value of
MPLS to 5.
[3Com] qos pql 10 protocol mpls-exp top 5
remark mpls-exp
1107
Syntax
remark mpls-exp mpls-experimental-value
undo remark mpls-exp
View
Traffic behavior view
Parameter
mpls-experimental-value: Preset exp value of MPLS in the range of 0 to 7.
Description
Using the remark mpls-exp command, you can configure or delete MPLS EXP
value to identify matched packets, Using the undo remark mpls-exp command,
you can delete configuration.
For the related commands, see traffic classifier, qos policy, and classifier
behavior.
Example
# Configure a policy named as 3Com, configures traffic behavior named database
in policy and set value of MPLS EXP 0.
[3Com] qos policy 3Com
[3Com] traffic behavior database
[3Com-behavior-database] remark mpls-exp 0
1108
12
Backup Center
Configuration
Commands
debugging standby
event
Syntax
debugging standby event
undo debugging standby event
View
User view
Parameter
event: Enables the event information debugging.
Description
Using the debugging standby event command, you can enable the information
debugging of backup center. Using the undo debugging standby event
command, you can disable the information debugging of backup center.
Example
# Enable the event debugging of backup center.
[3Com] debugging standby event
Syntax
display standby flow
View
Any view
Description
Using the display standby flow command, you can display the traffic statistics of
the main interface participating in standby load balancing.
Example
# Set Serial1/0/0, Serial0/0/0 and Logic-channel0 to the standby interfaces of
Serial3/0/0.
# Configure standby load balancing on Serial3/0/0.
1110
# Display the traffic statistics of the main interface participating standby load
balancing.
[3Com-Serial3/0/0] display standby flow
Interfacename :Serial3/0/0
Flow-interval(s) : 100
LastInOctets : 868168
LastOutOctets : 1818667
InFlow(Octets) : 50070
OutFlow(Octets) : 100088
BandWidth(b/s) :9000
UsedBandWidth(b/s) : 8000
The contents of the display information are explained in the following table:
Table 1 Output information description of the display standby flow command
Field
Description
Flow-interval(s)
LastInOctets
LastOutOctets
InFlow(Octets)
OutFlow(Octets)
BandWidth(b/s)
UsedBandWidth(b/s)
Syntax
display standby state
View
Any view
1111
Description
Using the display standby state command, you can display the interface state
and standby state of the main interface and standby interfaces, and the priority,
standby state flag and standby load state of the standby interfaces.
The interface state of the main interface includes UP and DOWN.
The interface state of a standby interface includes UP, DOWN and STANDBY.
The standby state of the main interface includes MUP, MUPDELAY, MDOWN,
MDOWNDELAY and MDESERT.
The standby state of a standby interface includes UP, UPDELAY, DOWN,
DOWNDELAY, STANDBY and DESERT.
Standby state flag:
# Display the interface state and standby state of the main interface and standby
interfaces, and the priority, standby state flag and standby load state of the
standby interfaces.
[3Com-Serial3/0/0] display standby state
Interface Interfacestate Backupstate Backupflag Pri Loadstate
1112
Serial3/0/0
UP
Serial0/0/0
DOWN
Logic-channel0
Serial1/0/0
UP
MUP
MUD
TO-HYPNOTIZE
DOWN
BU
30
UPDELAY
BU
20
STANDBY
STANDBY
BU
10
Backup-flag meaning:
M---MAIN B---BACKUP
D---LOAD P---PULLED
standby bandwidth
V---MOVED
U---USED
G---LOGICCHANNEL
Syntax
standby bandwidth number
undo standby bandwidth
View
Interface view
Parameter
number: Interface bandwidth ranging from 0 to 4000000KB. By default, it is 0.
Description
When the main interface participates in standby load balancing, the backup center
will use the main interface's standby bandwidth configured by the user
preferentially. If not found, it gets the main interface bandwidth provided by the
system automatically. If it fails, it will ask the user to configure a standby
bandwidth for the main interface.
Before executing this command, the standby interface (specifying a physical
interface or a logic channel as the standby interface of the main interface)
command must have been executed.
Example
# Set Serial1/0/0 to the standby interface of Serial0/0/0.
# Configure the standby bandwidth of the main interface on Serial0/0/0.
[3Com] interface serial0/0/0
[3Com-Serial0/0/0] standby interface serial1/0/0 50
[3Com-Serial0/0/0] standby bandwidth 10000
[3Com-Serial0/0/0] standby threshold 80 50
standby interface
Syntax
standby interface type number [ priority ]
undo standby interface type number
1113
View
Interface view
Parameter
type: Interface type.
number: Interface number.
priority: Priority of a standby interface, ranging from 0 to 255, being 0 by default.
The greater the value is, the higher the priority is.
Description
Using the standby interface command, you can configure a certain physical
interface as a standby interface for the main interface. Using the undo standby
interface command, you can cancel a specified standby interface.
By default, no standby interface is specified.
A certain physical interface can be specified as a standby interface. One main
interface can have multiple standby interfaces which will be used according to
their priorities in case backup is needed, that is, the standby interface with higher
priority is preferred to being used first.
Example
# Specify Serial 1/0/0 whose priority value is 50 as the standby interfaces for Serial
0/0/0.
[3Com-Serial0/0/0] standby interface serial1/0/0 50
standby threshold
Syntax
standby threshold enable-threshold disable-threshold
undo standby threshold
View
Interface view
Parameter
enable-threshold: Upper limit percentage of enabling standby interfaces and logic
channels. This value ranges from 1 to 99.
disable-threshold: Lower limit percentage of disabling standby interfaces and logic
channels. This value ranges from 1 to 99.
Description
Using the standby threshold command, you can configure the standby load
balancing for an interface or a logic channel. Using the undo standby threshold
command, you can cancel the standby load balancing of an interface or a logic
channel.
By default, no standby load balancing is configured.
1114
This command should be configured on the main interface of the backup center.
When the traffic on all the active interfaces of the backup center reaches the set
upper limit, the available standby interface with the highest priority will be
enabled. When the total traffic on all the active interfaces of the backup center is
lower than the set lower limit, the standby interface with the lowest priority will be
disabled.
The enable-threshold must not be less than disable-threshold.
When undo standby threshold is being applied, if the existing standby
interfaces are enabled, the command will shut down all the standby interfaces,
and only the main interface works.
For the related command, see standby interface.
Example
# Configure standby load balancing on interface Serial 0/0/0.
[3Com-Serial0/0/0] standby threshold 80 50
Syntax
standby timer delay enable-delay disable-delay
undo standby timer delay
View
Interface view
Parameter
enable-delay: Delay for the standby interface to switch to the main interface. It
ranges from 0 to 65535 seconds.
enable-delay: Delay for the main interface to switch to a standby interface. It
ranges from 0 to 65535 seconds. By default, enable-delay and enable-delay are 0,
that is, immediate switchover.
Description
Using the standby timer delay command, you can set the delay for the
main/standby interface switchover. Using the undo standby timer delay
command, you can recover the default delay value.
It is recommended to set the switching delay to prevent frequent main/standby
interface switching due to the instability of the interface status.
Before executing this command, the standby interface (specifying a physical
interface or a logic channel as the standby interface of the main interface)
command must have been executed.
Example
# Specify Serial0/0/0 to use Serial1/0/0 as its standby interface and set the delay for
main/standby switchover to 10 seconds.
1115
standby timer
flow-check
Syntax
standby timer flow-check interval-time
undo standby timer flow-check
View
Interface view
Parameter
interval-time: Interval at which the traffic is checked. It ranges from 30 seconds to
600 seconds and is defaulted to 30 seconds.
Description
Using the standby timer flow-check command, you can configure the interval at
which the main interface's traffic is checked. Using the undo standby timer
flow-check command, you can recover the default interval for traffic checking.
When the main interface participates in standby load balancing, the backup center
automatically checks the traffic of the main interface at the interval configured
with this command.
Before executing this command, the standby interface (specifying a physical
interface or a logic channel as the standby interface of the main interface)
command must have been executed.
Example
# Set Serial1/0/0 to the standby interface of Serial0/0/0.
# Configure the standby bandwidth of the main interface on Serial0/0/0.
[3Com] interface serial 0/0/0
[3Com-Serial0/0/0] standby interface serial10/0/0 50
[3Com-Serial0/0/0] standby bandwidth 10000
[3Com-Serial0/0/0] standby threshold 80 50
[3Com-Serial0/0/0] standby timer flow-check 60
1116
VRRP Configuration
Commands
debugging vrrp
Syntax
debugging vrrp { packet | state }
undo debugging vrrp { packet | state }
View
User view
Parameter
packet: Enable the VRRP packet debugging.
state: Enable the VRRP state debugging.
Description
Using the debugging vrrp command, you can enable debugging for VRRP. Using
the undo debugging vrrp command, you can disable VRRP debugging.
By default, VRRP debugging is disabled.
Example
# Enable the VRRP packet debugging.
[3Com] debugging vrrp packet
display vrrp
Syntax
display vrrp [ interface interface-name [ virtual-router-ID ] ]
View
Any view
Parameter
interface-name: Interface name that must be an Ethernet Interface.
virtual-router-ID: Standby group number.
Description
Using the display vrrp command, you can view the status information of VRRP.
This command is used to view the status information and configuration
parameters of current VRRP. If the interface name and standby group number are
not specified, the status information of all the standby groups on the router will be
displayed. If the interface name is specified, the status information of all the
standby groups on the interface will be displayed. If both parameters are specified,
the status information of the standby group will be displayed.
Example
# Display all standby group information of the router.
<3Com> display vrrp
Ethernet0/2/0 | Virtual Router 1
state
: Master
Virtual IP
: 202.38.160.111
Priority
: 150
Preempt
Timer
Auth type
: Backup
Virtual IP
: 202.38.160.100
Priority
: 100
Preempt
Timer
Auth type
: Backup
Virtual IP
: 10.10.10.10
10.10.10.11
Priority
Preempt
Timer
Auth type
Track IF
: 150
: YES Delay Time : 0
: 1
: SIMPLE TEXT
: Ethernet0/2/0
: Master
Virtual IP
: 202.38.160.111
Priority
: 150
Preempt
1117
1118
Timer
: 1
Auth type
: NONE
: Backup
Virtual IP
: 202.38.160.100
Priority
: 100
Preempt
Timer
Auth type
: NONE
: Master
Virtual IP
: 202.38.160.111
Priority
: 150
Preempt
Timer
Auth type
vrrp
authentication-mode
Syntax
vrrp authentication-mode { md5 key | simple key }
undo vrrp authentication-mode
View
Interface view
Parameter
SIMPLE: Simple character authentication.
MD5: AH authentication using MD5 algorithm.
key: Authentication key. The length of the authentication key is 8 bytes or smaller.
Description
Using the vrrp authentication-mode command, you can configure
authentication type and authentication key of VRRP standby group. Using the
undo vrrp authentication-mode command, you can cancel the VRRP
authentication.
By default, no authentication is set.
1119
This command is used to set the authentication type and authentication key for all
the VRRP standby groups on an interface, as the protocol requires the standby
groups of an interface to use the same authentication type and authentication key.
In addition, the members of a standby group should have the same authentication
type and authentication key.
Authentication type and authentication key are insensitive to case.
Example
# Set the authentication types and authentication keys of all VRRP standby groups
on interface Ethernet 0/2/0.
[3Com-Ethernet0/2/0] vrrp authentication-mode simple 3Com
Syntax
vrrp vrid virtual-router-ID preempt-mode [ timer delay delay-value ]
undo vrrp vrid virtual-router-ID preempt-mode
View
Interface view
Parameter
virtual-router-ID: Virtual Router ID, namely, VRRP standby group number, ranging
from 1 to 255.
delay-value: Delay time in seconds with a value ranging from 0 to 255. By default,
a router is in preemption mode with the delay as 0.
Description
Using the vrrp vrid preempt-mode command, you can configure the
preemption mode and delay time of routers in a standby group. Using the undo
vrrp vrid preempt-mode command, you can cancel the preemption mode and
delay time of routers in a standby group.
If a router with a higher priority is needed to actively preempt as the MASTER, the
router should be set to preemption mode. If a longer time is needed for
preemption, the delay time can be set. When a router is set to non-preemption
mode, the delay value will be set to 0 automatically.
Example
# Set a standby group to preemption mode.
[3Com-Ethernet0/2/0] vrrp vrid 1 preempt-mode
1120
Syntax
vrrp vrid virtual-router-ID priority priority-value
undo vrrp vrid virtual-router-ID priority
View
Interface view
Parameter
virtual-router-ID: VRRP standby group number, ranging from 1 to 255.
priority-value: Priority value of the router in standby group, in the range from 1 to
254. By default, the priority is 100.
Description
Using the vrrp vrid priority command, you can configure the priority of a router
in the standby group. Using the undo vrrp vrid priority command, you can
restore the default value of priority.
Priority determines the position of a router in the standby group. A higher priority
means that the router has more possibility to become MASTER. Priority 0 is
reserved for some special usage by the system and 255 is reserved for IP address
owner.
Example
# Set the priority of a router in standby group 1 to 150.
[3Com-Ethernet0/2/0] vrrp vrid 1 priority 150
Syntax
vrrp vrid virtual-router-ID timer advertise adver-interval
undo vrrp vrid virtual-router-ID timer advertise
View
Interface view
Parameter
virtual-router-ID: VRRP standby group number, ranging from 1 to 255.
adver-interval: Interval that MASTER in standby group sends VRRP packet in
seconds with a value ranging from 1 to 255. By default, the seconds is 1 second.
Description
Using the vrrp vrid timer-advertise command, you can configure the timer of
the standby group. Using the undo vrrp vrid timer-advertise command, you
can restore the default value of the timer.
This command can be used to set the interval at which the MASTER sends VRRP
packets.
1121
Example
# Set the interval at which the MASTER in standby group 1 sends VRRP packet to 5
seconds.
[3Com-Ethernet0/2/0] vrrp vrid 1 timer advertise 5
Syntax
vrrp vrid virtual-router-ID track interface-name [ reduced value-reduced ]
undo vrrp vrid virtual-router-ID track [ interface-name ]
View
Interface view
Parameter
virtual-router-ID: VRRP standby group number, ranging from 1 to 255.
interface-name: Interface being monitored.
value-reduced: Value by which the priority is reduced. It ranges from 1 to 255 and
is defaulted to 10.
Description
Using the vrrp vrid track command, you can configure an interface to be
tracked. Using the undo vrrp vrid track command, you can cancel the tracking.
Interface monitoring function of VRRP better expands the backup function so that
the backup function can be provided not only when a router fails but also when
certain network interface is DOWN. After this command is configured, if the
monitored interface is DOWN, the priority of the router will reduce and the priority
of other member in the standby group will become the highest. As a result, the
router with the highest priority will become the new MASTER so as to achieve
backup function. Configuration of monitored interface for a router as IP address
owner is forbidden.
Example
# Set and monitor the interface Serial 0/0/0.
[3Com-Ethernet0/2/0] vrrp vrid 1 track serial0/0/0 reduced 50
Syntax
vrrp vrid virtual-router-ID virtual-ip virtual-address
undo vrrp vrid virtual-router-ID virtual-ip [ virtual-address ]
View
Interface view
1122
Parameter
virtual-router-ID: VRRP standby group number, ranging from 1 to 255.
virtual-address: Virtual IP address.
Description
Using the vrrp vrid virtual-ip command, you can add a virtual IP address. Using
the undo vrrp vrid virtual-ip command, you can cancel a virtual IP address.
By default, there is no standby group in the system.
This command is used to establish a standby group and can also be used to add
virtual IP address to an existing standby group. At most 16 virtual IP addresses can
be added to a standby group. The undo vrrp vrid virtual-ip command can be
used to delete an existing standby group or delete a certain virtual address in the
standby group. If the addresses of a standby group have all been deleted, the
system will automatically delete the standby group.
Example
# Create a standby group.
[3Com-Ethernet0/2/0] vrrp vrid 1 virtual-ip 10.10.10.10
13
DCC Configuration
Commands
debugging dialer
Syntax
debugging dialer { event | packet | all}
View
Any view
Parameter
event: Enables DCC event debugging.
packet: Enables DCC packet debugging.
Description
Using the debugging dialer command, you can enable DCC debugging.
Example
None
dialer bundle
Syntax
dialer bundle number
undo dialer bundle
View
Dialer interface view
Parameter
number: Number of dialer bundle, ranging from 1 to 255.
Description
Using the dialer bundle command, you can configure a dialer bundle used by a
dialer interface. Using the undo dialer bundle command, you can disassociate
the dialer bundle from the dialer interface.
By default, the Resource-Shared DCC is not enabled, and the dialer bundle is not
specified.
This command can be applied only on a dialer interface for configuring the dialer
bundle that the interface will use. Furthermore, a dialer interface can only use a
1124
dialer bundle. This command can be used to specify a dialer bundle used by a
dialer interface, no matter what link-protocol, PPP or Frame Relay, runs on the
interface.
For related commands, see dialer bundle-member.
Example
# Configure the interface Dialer1 to use dialer bundle3, in which the interface
Serial0 is included.
[3Com-Dialer1] dialer bundle 3
[3Com-Serial0/0/0] dialer bundle-member 3
dialer bundle-member
Syntax
dialer bundle-member number [ priority priority | max-link max-num | min-link
min-num]
undo dialer bundle-member number
View
Physical interface view
Parameter
number: Dialer bundle number ranging from 1 to 255.
priority: Priority of the physical interface in the dialer bundle, ranges from 1 to
255. The physical interface with higher priority will be used first. This is an optional
parameter. By default, priority is 1.
max-num: The maximum number of channels that can be used.
min-num: The minimum number of channels that can be used.
Description
Using the dialer bundle-member command, you can configure a physical
interface included in a dialer bundle in the Resource-Shared DCC application.
Using the undo dialer bundle-member command, you can remove the physical
interface from the dialer bundle.
By default, the physical interface is not assigned to any dialer bundle.
This command can only be applied to a physical interface, which can be assigned
to multiple dialer bundles.
To enable the B channel of ISDN interface (BRI or PRI) to configure its link layer
protocol dynamically in terms of the Dialer interface it belongs to, link layer
protocol that the interface uses should be specified as PPP.
For related command, see dialer bundle.
1125
Example
# Make Bri1/0/0 a member of dialer bundle1 and dialer bundle2, and assigns it a
priority of 50.
[3Com] interface bri 1/0/0
[3Com-Bri1/0/0] dialer bundle-member 1 priority 50
[3Com-Bri1/0/0] dialer bundle-member 2 priority 50
dialer callback-center
Syntax
dialer callback-center [ user ] [ dial-number ]
undo dialer callback-center
View
Physical or dialer interface view
Parameter
user: Calls back according to the parameter user hostname configured in the
dialer route command.
dial-number: Calls back according to the parameter telephone-number
configured in the local-user callback-number command.
Description
Using the dialer callback-center command, you can enable the callback server
function. Using the undo dialer callback-center command, you can disable the
callback server function of a router.
By default, PPP callback server is not configured.
This command must be configured at the server end when PPP is used to
implement callback.
The parameter user indicates that DCC will call back according to the parameter
configured in the dialer route command. The parameter dial-number indicates
that DCC will call back the remote end according to the callback-number
configured in the local-user command.
When both user and dial-number are applied concurrently, the router will first
attempt to place a return call according to the first parameter. If the callback
attempt fails, it will try the second parameter for callback.
For related commands, see ppp callback, ppp authentication-mode.
Example
# Configure a remote username and set the router to call the user back.
[3Com] local-user 3Comb password simple 3Comb
[3Com] interface serial0/0/0
[3Com-Serial0/0/0] dialer route ip 1.1.1.2 user 3Comb 8810052
[3Com-Serial0/0/0] dialer callback-center user
1126
dialer call-in
Syntax
dialer call-in remote-number [ callback ]
undo dialer call-in remote-number [ callback ]
View
Physical or dialer interface view
Parameter
remote-number: Used for matching the remote incoming call number. The
character * represents any character.
callback: When calling back the server end, the incoming number will match with
the dialer call-in command containing this keyword and originate a callback.
Description
Using the dialer call-in command, you can enable ISDN callback according to
ISDN caller ID. Using the undo dialer call-in command, you can cancel the
configuration.
By default, ISDN callback according to ISDN caller ID is not configured.
This command must be configured at the server end when ISDN caller ID is applied
for callback. In Resource-Shared DCC, because both PPP and frame relay protocols
are supported to be encapsulated on dialer interface, ISDN interface can
encapsulate link layer protocol dynamically according to corresponding dialer
interface.
The caller first searches the corresponding dialer interface by matching the caller
number with the dialer number command. The dialer call-in command is used
to preprocess the ISDN call-in number so as to determine whether the user with
this number can be permitted to access. If the PBX switch does not provide the
caller number, refuse the call directly.
For related command, see dialer callback-center.
Example
# Configure the router to call back the calling number 8810152.
[3Com-Bri0/0/0] dialer route ip 100.1.1.2 8810152
[3Com-Bri0/0/0] dialer call-in 8810152 callback
dialer circular-group
Syntax
dialer circular-group number
undo dialer circular-group
View
Physical interface view
1127
Parameter
number: Number of the dialer circular group, and a physical interface belongs to
this specified group, ranges from 0 to 1023. This number is defined through the
interface dialer command.
Description
Using the dialer circular-group command, you can add the physical interface to
a dialer circular group specified here. Using the undo dialer circular-group
command, you can cancel the configuration.
By default, the physical interface is not a member of any dialer circular group.
One physical interface can only be added to one dialer circular group, which may
contain multiple physical interfaces. When a call is originated on a dialer interface,
the highest priority physical interfaces in the circular group on the dialer interface
will place the call.
For related command, see interface dialer.
Example
# Assign Serial1/0/0 and Serial2/0/0 to dialer circular group1.
[3Com-Serial1/0/0] dialer circular-group 1
[3Com-Serial2/0/0] dialer circular-group 1
dialer enable-circular
Syntax
dialer enable-circular
undo dialer enable-circular
View
Physical or dialer interface view
Parameter
None
Description
Using the dialer enable-circular command, you can enable Circular DCC. Using
the undo dialer enable-circular command, you can disable Circular DCC.
By default, Circular DCC is enabled on the ISDN interfaces and disabled on other
interfaces.
The user must use this command to enable it before using Circular DCC.
For related command, see dialer circular-group.
1128
Example
# Enable Circular DCC on Serial 0/0/0.
[3Com-Serial0/0/0] dialer enable-circular
dialer isdn-leased
Syntax
dialer isdn-leased number
undo dialer isdn-leased number
View
Physical or dialer interface view
Parameter
number: Number of the ISDN B channel configured to be a leased line. If the
channel is on a BRI interface, the range is from 1 to 2. If it is on a CE1/PRI
interface, the range is from 0 to 30. If it is on an E1/PRI interface, range is from 0
to 30. If it is on a CT1/PRI interface, range is from 0 to 23.
Description
Using the dialer isdn-leased command, you can configure an ISDN B channel
(can be either the channel on a BRI or PRI interface) to be the leased line. Using the
undo dialer isdn-leased command, you can cancel the setting.
By default, no ISDN B channel is configured to be leased line.
The user can configure any ISDN B channel to be the leased line without affecting
the settings of other B channels.
Example
# Configure the first B channel on the interface Bri0/0/0 to be the leased line.
[3Com-Bri0/0/0] dialer isdn-leased 1
dialer listen-group
Syntax
dialer listen-group group-number
undo dialer listen-group group-number
View
Dialer interface view
Parameter
group-number: Dialer Listen group number, ranging from 1 to 255.
Description
Using the dialer listen-group command, you can enable the Dialer Listen
function on the AUX interface. Using the undo dialer listen-group command,
you can disable the Dialer Listen function on the AUX interface.
Example
# Enable Dialer Listen on Dialer0.
1129
dialer listen-rule
Syntax
dialer listen-rule group-number ip ip-address address-mask
undo dialer listen-rule group-number
View
Dialer interface view
Parameter
group-number: Dialer Listen group number, ranging from 1 to 255.
ip-address: Destination network address to be monitored.
address-mask: Subnet mask of the destination.
Description
Using the dialer listen-rule command, you can configure the destination
network address to be monitored. Using the undo dialer listen-rule command,
you can delete a listen rule, together with the network address.
Example
# Configure the destination network address to be monitored on Dialer0.
[3Com-Dialer0] dialer listen-rule 12 ip 202.38.160.1 255.255.255.0
dialer number
Syntax
dialer number dial-number
undo dialer number
View
Physical or dialer interface view
Parameter
dial-number: Dial number for calling a remote end.
Description
Using the dialer number command, you can configure a dial number for placing
a call to a single remote end. Using the undo dialer number command, you can
cancel the configured dial number.
By default, no dial number is set for calling the remote end.
This command is used when the dialer interface of Circular DCC serves as caller
end and the dialer originates calls to only one destination address or the default
address. This command is only valid after at least one of the following
requirements is satisfied:
1130
Or the next hop address that sends packets cannot be found in the
corresponding dialer route command.
When dialer interfaces of Resource-Shared DCC run link protocol of PPP, the
remote user names, which are obtained via PPP authentication and configured
with dialer user respectively, will decide which dialer interface will receive the
incoming call. In this case, dialer user must be configured, and dialer number
can be configured optionally.
When dialer interfaces run link protocol of Frame Relay, the calling numbers,
which are received from the incoming call and configured with dialer number
respectively, will decide which dialer interface will receive the incoming call. In this
case, dialer number must be configured, and dialer user can be configured
optionally.
1) If dialer-group command is not configured, DCC will not dial even if dialer
number command is configured.
2) When using Resource-Shared DCC, the same dialer number can be configured
on different dialer interfaces at the calling side; but it is not the case at the called
side; otherwise, the call will fail. When using Circular DCC, the same dialer number
can be configured on different dialer interfaces at the calling side, and it is the
same to the called side.
For related command, see dialer route.
Example
# Set the dialer number for dialer1 calling the remote end to 11111.
[3Com] interface dialer 1
[3Com-Dialer1] dialer number 11111
dialer priority
Syntax
dialer priority priority
undo dialer priority
View
Physical interface view
Parameter
priority: Indicates the priority level for a physical interface which belongs to a dialer
circular group, ranging from 1 to 127. By default, the priority is 1.
Description
Using the dialer priority command, you can configure a priority for a physical
interface in a dialer circular group in the Circular DCC configuration. Using the
undo dialer priority command, you can restore the default priority.
This command sets the order in which the available physical interfaces in a dialer
circular group are used. The physical interfaces with higher priority will be used
first.
1131
dialer queue-length
Syntax
dialer queue-length packets
undo dialer queue-length
View
Physical or dialer interface view
Parameter
packets: Indicates the packet numbers buffered on this interface, ranging from 1
to 100. By default, the value of max-threshold is 30.
Description
Using the dialer queue-length command, you can configure the number of
packets, which comply with the "permit" statement, that can be buffered before
a link is set up. Using the undo dialer queue-length command, you can restore
the default number of the packets that can be buffered.
In the link establishing process, the packets which comply with the "permit"
statement are held in the buffer queue to wait for transmission as soon as the link
is set up. The setting of packets decides the queue length.
Example
# Configure that 10 packets are buffered on Serial1/0/0.
[3Com-Serial1/0/0] dialer queue-length 10
dialer route
Syntax
dialer route protocol next-hop-address [ user hostname ] [ broadcast ] [ dial-number ] [
autodial ] [ logical-channel logic-channel-number ]
undo dialer route protocol next-hop-address [ user hostname ] [ broadcast ] [
dial-number ] [ autodial ] [ logical-channel logic-channel-number ]
View
Physical or dialer interface view
Parameter
protocol: Network protocol keyword, being ip or ipx.
next-hop-address: Remote network address.
user hostname: Remote user name, which is optionally specified for authentication
implemented when receiving calls.
1132
dialer threshold
Syntax
dialer threshold traffic-percentage [ in-out | in | out ]
undo dialer threshold
View
Dialer interface view
Parameter
traffic-percentage: Percentage of the actual traffic on the link over the bandwidth,
ranges from 1 to 99.
in-out: Calculates the larger one of the inbound traffic and the outbound traffic in
the actual traffic calculation.
in: Only the inbound traffic is calculated.
out: Only the outbound traffic is calculated.
1133
Description
Using the dialer threshold command, you can configure the traffic threshold of a
link on the DCC interface so that another link can be enabled to call the same
destination address when the ratio of traffic on all connected links on the DCC
interface to the available bandwidth exceeds the preset percentage. Using the
undo dialer threshold command, you can restore the default value.
By default, traffic control is not enabled.
If the ratio of the traffic on a link of a DCC interface to the bandwidth exceeds a
defined threshold, the second link will be enabled to implement MP binding with
the first one. When the ratio of traffic on the two links to the bandwidth exceeds
a defined threshold, the third link will be enabled, so on and so forth. On the
contrary, when the ratio of the traffic on N (N is an integer greater than or equal to
2) links to the bandwidth of N-1 links is less than a defined threshold, a link will be
disabled. In Circular DCC, this command is used on the interfaces corresponding
to the dialer circular-group (including ISDN BRI/PRI interfaces and dialer
interfaces). In Resource-Shared DCC, this dialer threshold command is applied to
dialer interface only. In addition, this command must be used together with the
ppp mp command.
For related command, see ppp mp.
Example
# Set the traffic threshold on Dialer1 to 80%.
[3Com-Dialer1] dialer threshold 80
Syntax
dialer timer autodial seconds
undo dialer timer autodial
View
Physical or dialer interface view
Parameter
seconds: Interval before the next call attempt, ranging from 1 to 604800 in units
of second. The default interval is 300 seconds.
Description
Using the dialer timer autodial command, you can configure the automatic
dialing interval of DCC. Using the undo dialer timer autodial command, you
can resume the default interval.
This command should be used together with the auto-dial keyword in the dialer
route command. DCC will automatically attempt to dial every seconds secconds
until the connection is established. The automatic dialing function is independent
of the trigger with data packets. The established connection will not be
automatically cut for timeout. That is, the configuration of the dialer timer idle
command does not affect it.
For related command, see dialer route.
1134
Example
# Set the DCC automatic calling interval on Serial0/0/0 to 60 seconds.
[3Com-Serial0/0/0] dialer timer autodial 60
Syntax
dialer timer compete seconds
undo dialer timer compete
View
Physical or dialer interface view
Parameter
Seconds: Idle interval when contention occurs, ranges from 0 to 65535 seconds.
By default, the idle interval is 20 seconds.
Description
Using the dialer timer compete command, you can configure an idle interval for
an interface after call contention occurs on the interface. Using the undo dialer
timer compete command, you can restore the default interval.
Contention occurs if no free channel is available when DCC tries to originate a
call. Normally, after a link is set up, timer idle timing will take effect. However, if a
call to a different destination address is to be originated on this interface under the
contention circumastance, DCC replaces the timer idle timing with the timer
compete timing.
Example
# Set timer idle and timer compete respectively to 50 seconds and 10 seconds on
Serial 0/0/0.
[3Com-Serial0/0/0] dialer timer idle 50
[3Com-Serial0/0/0] dialer timer compete 10
Syntax
dialer timer enable seconds
undo dialer timer enable
View
Physical or dialer interface view
Parameter
seconds: Interval for originating the next call, ranges from 5 to 65535 seconds. By
default, the interval is 20 seconds.
Description
Using the dialer timer enable command, you can configure an interval for the
next call attempt on an interface after the link is disconnected. Using the undo
dialer timer enable command, you can restore the default interval.
1135
Example
# Set the interval for DCC to make the next call attempt to 5 seconds.
[3Com-Serial0/0/0] dialer timer enable 5
Syntax
dialer timer idle seconds
undo dialer timer idle
View
Physical or dialer interface view
Parameter
seconds: Time that a link is allowed to be idle, ranges from 0 to 65535 seconds. By
default, seconds is 120 seconds.
Description
Using the dialer timer idle command, you can configure the interval that a link is
allowed to be idle (in other words, the interval, when there are no packets which
comply with the permit statements transmitted) after a call has been set up on
the interface. Using the undo dialer timer idle command, you can restore the
default duration.
After a link is set up, the timer idle timer will take effect. If no interesting packets
are transmitted on the link within the specified time, DCC will automatically
disconnect the link. If timer idle is set to 0, the link will never be disconnected,
regardless of whether there are no packets which comply with the permit
statements to be transmitted over the link or not.
Example
# Set the timer idle on the interface Serial 0/0/0 to 50 seconds.
[3Com-Serial0/0/0] dialer timer idle 50
dialer timer
listen-disable
Syntax
dialer timer listen-disable seconds
undo dialer timer listen-disable
View
Physical or dialer interface view
Parameter
seconds: Delay for disconnecting the backup interface, ranging from 0 to 65535 in
units of second. It defaults to 0 second (that is, cut the backup link without delay.)
Description
Using the dialer timer listen-disable command, you can set the delay for
disconnecting the backup interface. Using the undo dialer timer listen-disable
command, you can resume the default delay.
1136
Example
# Set the delay for disconnecting the backup interface on Serial0/0/0 to 5 seconds.
[3Com-Serial0/0/0] dialer timer listen-disable 5
Syntax
dialer timer wait-carrier seconds
undo dialer timer wait-carrier
View
Physical or dialer interface view
Parameter
seconds: Waiting time in seconds, ranges from 0 to 65535. By default, the time
waiting for a call connection is 60 seconds.
Description
Using the dialer timer wait-carrier command, you can configure the timeout
time of wait-carrier timer. Using the undo dialer timer wait-carrier command,
you can restore the default time of the timer.
Wait-carrier timer begins to time after the DCC call is initiated. If the call
connection fails to be set up within the timeout time of this timer, the call will be
terminated.
If the connection for a call is not established within the specified time, DCC will
terminate the call.
Example
# Set the maximum duration of the time that Serial 0/0/0 waits for call to establish
to be 100 seconds.
[3Com-Serial0/0/0] dialer timer wait-carrier 100
dialer user
Syntax
dialer user username
undo dialer user
View
Dialer interface view
Parameter
username: Remote user name for PPP authentication, which is a string of 1 to 31
characters.
Description
Using the dialer user command, you can configure remote user name for
authenticating the requests when calls are received. Using the undo dialer user
command, you can cancel the remote user name.
1137
dialer-group
Syntax
dialer-group group-number
undo dialer-group
View
Physical or dialer interface view
Parameter
group-number: sequence number of dialer access number, ranges from 1 to 255.
This group is set through the dialer-rule command.
Description
Using the dialer-group command, you can configure access control on the
packets transmitted on a DCC interface and place the interface in an access
control group. Using the undo dialer-group command, you can cancel the
interface from united with the access control group.
By default, this command is not configured.
This command is used for associating a physical interface with an access control
group. Through the dialer-rule command, the user can associate an access
control group with the acl command. A DCC interface can only be the member of
an access control group. If it is configured to be a member of another access
control group, this configuration will replace the previous one.
In the default configuration of the interface, dialer-group is not configured. The
user must configure this command. Otherwise, DCC will be unable to transmit
packets.
For related command, see dialer-rule.
Example
# Add Serial0/0/0 interface to access control group 1.
1138
dialer-rule
Syntax
dialer-rule dialer-group { protocol-name { permit | deny } | acl acl-number }
undo dialer-rule dialer-group
View
System view
Parameter
dialer-group: Indicates the number of access control group, which is related to the
parameter group-number in dialer-group command in the DCC interface view.
protocol-name: Network protocol, the value can be ip alike.
permit: Permits the packets of the specified protocol.
deny: Denies the packets of the specified protocol.
acl acl-number: Number of the access control list to which the access control
group corresponds.
Description
Using the dialer-rule command, you can configure the conditions of the data
packet that can trigger a DCC call. Using the undo dialer-rule command, you can
cancel the setting.
By default, no conditions of packet-triggering DCC calls are set for dial interfaces.
This command is used to set the DCC call packet-triggering control to which an
access control group corresponds. And a dial interface can be placed in an access
control group through the dialer-group command. Thereby, the DCC calls
packet-triggering on the DCC interface can be controlled.
If an access control group cannot find the corresponding dialer-rule, DCC will
regard the packets as packets which do not comply with the permit conditions
in ACL rule and just drop them. No DCC call will be originated.
For related command, see dialer-group.
Example
# Set a dialer-rule.
[3Com] acl number 101
[3Com-acl-adv-101] rule permit ip source 0.0.0.0 255.255.255.255 destination 0.0.0.0
255.255.255.255
[3Com-acl-adv-101] quit
[3Com] dialer-rule 1 acl 101
1139
Syntax
display dialer interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Using the display dialer interface command, you can view the information of
DCC interface.
By default, the information of all the DCC interfaces is displayed.
For related commands, see dialer timer idle, dialer timer compete, dialer
timer wait-for-carrier, dialer timer enable.
Example
# Display the information on the DCC interface Dialer 1.
[3Com] display dialer interface serial1/0/0
Dial Interface:Serial0/0
Dialer Route:
NextHop_address Dialer_Numbers
131.108.2.5
14155553434
Dialer Timers(Secs):
Auto-dial:300
Idle:50
interface dialer
Compete:10
Enable:5
Wait-for-Carrier:100
Syntax
interface dialer number
undo interface dialer number
View
Any view
Parameter
number: Interface number in the range of 0 to 1023.
1140
Description
Using the interface dialer command, you can create a dialer circular group for
the Circular DCC, or configure a dialer interface for the Resource-Shared DCC.
Using the undo interface dialer command, you can cancel the existing setting.
By default, no dialer interface is defined.
In Resource-Shared DCC, any dialer interface can use the services provided by
multiple physical interfaces, and individual physical interfaces can provide services
for multiple dialer interfaces at the same time. Therefore, authentication must be
configured on these physical interfaces, so as to use the user name of a dial-in
party to locate the corresponding dialer interface for the call. In this mode,
physical interfaces and dialer interfaces are dynamically bound. Furthermore, a
dialer interface can only call a destination address, which will be specified in the
dialer number command.
The physical interfaces in Circular DCC and Resource-Shared DCC do not use
individual network addresses. Instead, they use the addresses of the corresponding
dialer interfaces.
Example
# Define a dialer interface dialer 1.
[3Com] interface dialer 1
flow-interval
Syntax
flow-interval interval
undo flow-interval
View
System view
Parameter
interval: Flow-interval, in second, ranging from 1 to 1500. By default, it is 20
seconds.
Description
Using the flow-interval command, you can configure flow interval. Using the
undo flow-interval command, you can restore the default value of flow interval.
This command takes effect only on DCC flow trigger dial-up.
Example
# Configure the flow-interval to 3 seconds.
[3Com] flow-interval 3
ppp callback
Syntax
ppp callback { client | server }
undo ppp callback { client | server }
1141
View
Physical or dialer interface view
Parameter
client: As the client end, sends callback requests.
server: As the server end, accepts callback requests.
Description
Using the ppp callback command, you can enable an interface to send or accept
PPP callback requests. Using the undo ppp callback command, you can disable
the interface to send or accept PPP callback requests.
By default, sending or receiving callback request is disabled.
The callback function can be used to save the communication cost for the calling
party in the case that the calling party pays the charge for calls.
For related command, see ppp callback ntstring.
Example
# Enable accepting callback request on Serial0/0/0 interface.
[3Com-Serial0/0/0] ppp callback server
Syntax
ppp callback ntstring dial-number
undo ppp callback ntstring
View
Physical or dialer interface view
Parameter
dial-number: Dial number for a Windows NT server to call back the router.
Description
Using the ppp callback ntstring command, you can configure the dial number
required for a Windows NT server to call back the router. Using the undo ppp
callback ntstring command, you can cancel the configured callback dial number.
By default, no callback dial number is set for the Windows NT server.
When a router functions as the callback server to call a Windows NT server, this
command should be configured if the server needs the router to send the callback
number.
For related command, see ppp callback.
Example
# Set the dial number for a Windows NT server to call back the router to 2489.
[3Com-Dialer1] ppp callback NTString 2489
1142
Modem Configuration
Commands
debugging modem
Syntax
debugging modem
View
User views
Parameter
None
Description
Using the debugging modem command, you can enable Modem debugging.
According to the information output after executing this command, the user can
make sure whether the correct Modem script has been specified for a particular
event.
Example
None
modem
Syntax
Modern [both/call-in]
undo modern [both/call-in]
View
User-interface view
Parameter
both: Permits incoming and outgoing calls.
out: Permits only outgoing calls.
Description
Using the modem command, you can enable receiving incoming calls or sending
outgoing calls on the interface. Using the undo modem command, you can
disable receiving incoming calls or sending outgoing calls on the interface.
By default, both incoming and outgoing Modem calls are permitted on the
interfaces.
This command can be used to set the authority of Modem dial-in and dial-out on
an interface.
Example
# Enable receiving incoming Modem calls on interface u-tty1..
[3Com-ui-tty1] modem call-in
modem auto-answer
1143
Syntax
modem auto-answer
undo modem auto-answer
View
User interface view
Parameter
None
Description
Using the modem auto-answer command, you can configure the external
Modem connected to the asynchronous interface to operate in auto-answer
mode. Using the undo modem auto-answer command, you can restore the
external Modem connected to the asynchronous interface to operate in non-auto
answer mode.
By default, the system sets an external Modem to non-auto answer mode.
Execute this command according to the current answer state of the Modem
externally connected to the router. If the Modem is in auto-answer mode (AA LED
of the Modem lights), the modem auto-answer command must be executed in
the corresponding interface view. If it is in non-auto answer mode, execute the
undo modem auto-answer command.
Rather than changing the Modem state, the execution of this command only
shows the answer mode of Modem. The user should determine whether to
execute the modem auto-answer command according to the answer mode (AA
LED) of the current external Modem.
For related command, see modem.
Example
# Set the Modem externally connected to the asynchronous serial interface Serial0
to operate auto-answer mode.
[3Com-Serial0]modem auto-answer
Syntax
script trigger connect script-name
undo script trigger connect
View
User interface view
Parameter
script-name: Name of Modem script.
1144
Description
Using the script trigger connect command, you can configure the Modem script
that will be executed once an incoming call connection is established. Using the
undo script trigger connect command, you can cancel this feature.
By default, no Modem script is configured.
If this command is configured, the specified script will be executed anytime when
an incoming call connection is established.
For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger logout, script trigger dial, script trigger init.
Example
# Specify the script example to be executed anytime an incoming call
connection is established.
[3Com-ui-tty1] script trigger connect example
Syntax
script trigger dial script-name
undo script trigger dial
View
User interface view
Parameter
script-name: Name of Modem script.
Description
Using the script trigger dial command, you can configure the Modem script that
is used for DCC dialing. Using the undo script trigger dial command, you can
cancel the feature.
By default, the system does not specify the script.
If this command is configured, the specified script will be executed for DCC
dialing.
For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger logout, script trigger init.
Example
# Specify the script example to be used for DCC dialing.
[3Com-ui-tty1] script trigger dial example
Syntax
script trigger init script-name
undo script trigger init
1145
View
User interface view
Parameter
script-name: Name of Modem script.
Description
Using the script trigger init command, you can configure the Modem script that
will be executed when the system is powered on or rebooted. Using the undo
script trigger init command, you can cancel this feature.
By default, the system does not specify the script.
If this command is configured, the specified Modem script will be executed for
initializing the asynchronous device connected to the interface when the system is
powered on or rebooted.
For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger dial, script trigger logout.
Example
# Set the system to execute example when the system is powered on or
rebooted.
[3Com-ui-tty1] script trigger init example
Syntax
script trigger login script-name
undo script trigger login
View
User interface view
Parameter
script-name: Name of Modem script.
Description
Using the script trigger login command, you can configure the Modem script
that will be executed when an outgoing call connection is successfully established.
Using the undo script trigger login command, you can cancel this feature.
By default, no Modem script is configured.
If this command is configured, the specified script will start to be executed anytime
when an outgoing call connection is established. This script can be the registration
information on a remote system. For example, when a router is connected to a
remote UNIX server, we can log in to the remote UNIX server using this script
through sending login information and password to the UNIX server.
For related commands, see script-string, start-chat, script trigger connect,
script trigger logout, script trigger dial, script trigger init.
1146
Example
# Specify the script example to be executed anytime an outgoing call
connection is established.
[3Com-ui-tty1] script trigger login example
Syntax
script trigger logout script-name
undo script trigger logout
View
User-interface view
Parameter
script-name: Name of Modem script.
Description
Using the script trigger logout command, you can configure the Modem script
that is executed when a link is reset. Using the undo script trigger logout
command, you can cancel this feature.
By default, no Modem script is configured.
If this command is configured, the specified Modem script will be executed when
a link is reset. For example, reset the Modem when the call on the interface is
down.
For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger dial, script trigger init.
Example
# Specify the Modem script that will be executed when the link is reset.
[3Com] script-string drop-line "" +++ OK ATH OK "ATS0=1" OK
[3Com-ui-tty1] script trigger logout drop-line
script-string
Syntax
script-string script-name script-content
undo script-string script-name
View
System view
Parameter
script-name: Name of Modem script.
script-content: Script content.
1147
Description
Using the script-string command, you can configure a Modem script. Using the
undo script-string command, you can cancel the Modem script.
By default, the system does not have a Modem script.
3Com series routers provide the Modem script, which is mainly used for:
Normally, send-string and receive-string appear in pairs, and the script must
begin with a sending string. For example, send-string1 receive-string1
represents the execution flow: Send send-string1 to the Modem and expect
to receive receive-string1. If the string matching receive-string1 is received
before timeout, the execution of the subsequent script, which will be
otherwise terminated, will continue.
If the last string is a sending string, it indicates that the execution of the
script will be terminated after the string is sent without waiting for any
receiving string.
If the beginning of the script needs no sending string, but need to wait for
receiving string directly, the first string can be set as , the meaning of
which will be explained later.
Except for ending with \c, the sending string will be automatically added
with a return to its end whenever it is sent.
A receiving string is matched via the location-independent matching
method. That is, a match is considered successful as long as the received
contents contain the expected string.
Concerning the match of receiving string, there can be multiple expected
receiving strings. The match operation on a receiving string will be
considered successful if the receiving string is matched with any expected
receiving strings which are separated by hyphens (-).
The default timeout time waiting for a receiving string is 5 seconds.
TIMEOUT seconds can be inserted into the script to adjust the timeout time
1148
waiting for the receiving string, which is valid till a new TIMEOUT is set in
the same script. For its meanings, refer to the following table.
Table 1 Script keywords
Keyword
Description
ABORT receive-string
TIMEOUT seconds
Description
\c
It means that only the specified string can be sent and the
character "Enter" will not be sent. The character of "\c" must be
at the end of the sending strings. Otherwise, it is invalid at other
location.
\d
\n
\r
\s
\t
\\
\T
For related commands, see sendat, start-chat, script trigger login, script
trigger connect, script trigger logout, script trigger dial, script trigger init.
1149
Example
# Define a Modem script.
[3Com]script-string example "" AT OK ATS0=1 OK
start-script
Syntax
start-script script-namet-name
View
User view
Parameter
script-name: Name of Modem script.
number: Interface number of the script.
Description
Using the start-script command, you can configure executing the specified
Modem script on an interface.
This command provides the user with means of instantly executing the Modem
script. If another script is being executed on the corresponding interface, this
command will not be executed and an error will be reported.
For related command, see script-string.
Example
# Execute the specified Modem script example on the interface 1.
<3Com> start-script example 1
1150