h3c s5500v2 - ei-Cmw710-r6628p40 版本说明书（软件特性变更说明）

H3C S5500V2_EI-CMW710-R6628P30 版本
说明书
软件特性变更说明
Copyright © 2023 新华三技术有限公司版权所有，保留一切权利。

非经本公司书面许可，任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部，并不得以任何形式传播。
除新华三技术有限公司的商标外，本手册中出现的其它公司的商标、产品标识及商品名称，由各自权利人拥有。
本文档中的信息可能变动，恕不另行通知。
目录
R6628P40 版本··········································································································································· 1
1 新增特性－开启三层聚合子接口的报文统计功能 ···················································································· 1
1.1 三层聚合子接口的报文统计功能配置 ··································································································· 1
1.2 三层聚合子接口的报文统计功能配置命令 ···························································································· 1
1.1.2 traffic-statistic enable ················································································································· 1
2 新增特性－对象组功能 ···························································································································· 2
2.1 配置对象组功能 ···································································································································· 2
2.1.1 配置 IPv4 地址对象组 ················································································································ 2
2.1.2 配置 IPv6 地址对象组 ················································································································ 3
2.1.3 配置端口对象组 ························································································································· 3
2.1.4 配置服务对象组 ························································································································· 3
2.1.5 对象的显示和维护 ······················································································································ 4
2.2 配置对象组命令 ···································································································································· 4
2.2.1 description ································································································································· 4
2.2.2 display object-group ·················································································································· 4
2.2.3 network (IPv4 address object group view) ················································································ 6
2.2.4 network (IPv6 address object group view) ················································································ 7
2.2.5 object-group······························································································································· 9
2.2.6 port (port object group view) ···································································································· 10
2.2.7 service(service object group view) ·························································································· 11
3 变更特性－在接口上应用 QoS 策略 ······································································································ 13

3.1 特性变更说明 ······································································································································ 13
3.2 命令变更说明 ······································································································································ 13
4 变更特性－配置 M-LAG 组网中 M-LAG 接口上用户认证的负载分担模式 ············································· 14

4.1 特性变更说明 ······································································································································ 14
4.2 命令变更说明 ······································································································································ 14
4.2.1 修改-port-security m-lag load-sharing-mode ··········································································· 14
i
R6628P30 版本··········································································································································· 0
1 新增特性－二层技术-以太网交换相关新增特性 ······················································································· 1
2 新增特性－三层技术-IP 业务相关新增特性 ····························································································· 2
3 新增特性－三层技术-IP 路由相关新增特性 ····························································································· 4
4 新增特性－IP 组播相关新增特性 ············································································································· 5
5 新增特性－MPLS 相关新增特性 ·············································································································· 6
6 新增特性－ACL 和 QoS 相关新增特性 ···································································································· 6
7 新增特性－安全相关新增特性 ················································································································· 7
8 新增特性－可靠性相关新增特性 ············································································································ 12
9 新增特性－网络管理和监控相关新增特性 ····························································································· 13
10 新增特性－Telemetry 相关新增特性 ···································································································· 14
11 变更特性－DRNI 与 M-LAG 兼容········································································································· 15
11.1 特性变更说明 ···································································································································· 15
11.2 命令变更说明 ···································································································································· 16
12 变更特性－配置接口收到携带 Management Address TLV 的 LLDP 报文后生成 ARP 表项或 ND 表项

··································································································································································16
12.1 特性变更说明 ···································································································································· 16
12.2 命令变更说明 ···································································································································· 16
12.2.1 修改-lldp management-address ···························································································· 16
13 变更特性－配置 LLDP 报文的源 MAC 地址为指定的 MAC 地址 ························································· 17

13.1 特性变更说明 ···································································································································· 17
13.2 命令变更说明 ···································································································································· 17
13.2.1 修改-lldp source-mac vlan ····································································································· 17
14 变更特性－配置接口上允许发布的 TLV 类型 ······················································································ 17

14.1 特性变更说明 ···································································································································· 17
14.2 命令变更说明 ···································································································································· 17
14.2.1 修改-lldp tlv-enable ················································································································ 17
15 变更特性－配置 HTTP/HTTPS 服务与 ACL 关联 ················································································ 24

15.1 特性变更说明 ···································································································································· 24
15.2 命令变更说明 ···································································································································· 24
16 变更特性－设置本地保存备份配置文件的最大数 ················································································ 24
16.1 特性变更说明 ···································································································································· 24
16.2 命令变更说明 ···································································································································· 25
ii
17 变更特性－显示 RIB 或静态路由下一跳的详细信息 ············································································ 25
17.1 特性变更说明 ···································································································································· 25
17.2 命令变更说明 ···································································································································· 25
17.2.1 修改-display rib nib ················································································································ 25
17.2.2 修改-display route-direct nib ·································································································· 25
17.2.3 修改-display ipv6 rib nib ········································································································ 26
17.2.4 修改-display ipv6 route-direct nib ·························································································· 26
17.2.5 修改-display route-static nib ·································································································· 27
17.2.6 修改-display ipv6 route-static nib··························································································· 27
18 变更特性－配置 OSPF/OSPFv3 验证新增验证模式············································································ 27

18.1 特性变更说明 ···································································································································· 27
18.2 命令变更说明 ···································································································································· 27
18.2.1 修改-authentication-mode ····································································································· 27
18.2.2 修改-ospf authentication-mode······························································································ 28
18.2.3 修改-vlink-peer······················································································································· 29
18.2.4 修改-authentication-mode ····································································································· 29
18.2.5 修改-ospfv3 authentication-mode ·························································································· 30
18.2.6 修改-vlink-peer······················································································································· 30
18.2.7 修改-sham-link (OSPF area view) ························································································· 31
18.2.8 修改-sham-link (OSPFv3 area view) ····················································································· 31
19 变更特性－新增 BGP 监控服务器的显示信息 ····················································································· 32

19.1 特性变更说明 ···································································································································· 32
19.2 命令变更说明 ···································································································································· 32
19.2.1 修改-display bgp bmp server ································································································· 32
20 变更特性-配置 802.1X 周期性重认证定时器························································································ 33

20.1 特性变更说明 ···································································································································· 33
20.2 命令变更说明 ···································································································································· 33
20.2.1 修改-dot1x timer reauth-period (interface view) ···································································· 33
20.2.2 修改-dot1x timer ···················································································································· 33
21 变更特性-配置 MAC 地址认证的周期性重认证定时器 ········································································· 34

21.1 特性变更说明 ···································································································································· 34
21.2 命令变更说明 ···································································································································· 34
21.2.1 修改-mac-authentication timer (interface view) ····································································· 34
21.2.2 修改-mac-authentication timer (system view) ······································································· 34
iii
22 变更特性－显示本地非对称密钥对中的公钥信息 ················································································ 35
22.1 特性变更说明 ···································································································································· 35
22.2 命令变更说明 ···································································································································· 35
22.2.1 修改-display public-key local public ······················································································· 35
23 变更特性－IPsec 隧道 ID 号取值范围变更 ·························································································· 35

23.1 特性变更说明 ···································································································································· 35
23.2 命令变更说明 ···································································································································· 35
23.2.1 修改-display ipsec statistics ··································································································· 35
23.2.2 修改-display ipsec tunnel ······································································································· 36
23.2.3 修改-reset ipsec statistics ······································································································ 36
24 变更特性—创建 SNMPv3 用户支持配置 sha224、sha256、sha384、sha512 认证算法 ·················· 36

24.1 特性变更说明 ···································································································································· 36
24.2 命令变更说明 ···································································································································· 37
24.2.1 修改-snmp-agent usm-user v3 ······························································································ 37
24.2.2 修改-snmp-agent calculate-password ··················································································· 39
25 变更特性—配置发送端邮件服务器的域名字符串长度范围变更 ·························································· 40
25.1 特性变更说明 ···································································································································· 40
25.2 命令变更说明 ···································································································································· 40
25.2.1 修改-rtm email domain ·········································································································· 40
26 变更特性—单个日志文件使用率的告警门限取值范围变更·································································· 41
26.1 特性变更说明 ···································································································································· 41
26.2 命令变更说明 ···································································································································· 41
26.2.1 修改-info-center logfile alarm-threshold ················································································ 41
27 变更特性－显示指定用户态进程的堆内存统计信息新增字段 ······························································ 41
27.1 特性变更说明 ···································································································································· 41
27.2 命令说明 ··········································································································································· 41
27.2.1 修改-display process memory heap ······················································································ 41
28 变更特性－配置流镜像到接口 ············································································································· 42
28.1 特性变更说明 ···································································································································· 42
28.2 命令变更说明 ···································································································································· 42
28.2.1 修改-mirror-to interface ·········································································································· 42
29 变更特性－显示 gRPC 的相关信息······································································································ 42

29.1 特性变更说明 ···································································································································· 42
29.2 命令变更说明 ···································································································································· 43
iv
30 删除特性 ·············································································································································· 43
v
R6628P40 版本
本版本特性变更情况如下：
• 新增特性－开启三层聚合子接口的报文统计功能
• 新增特性－对象组功能
• 变更特性－在接口上应用 QoS 策略
• 变更特性－配置 M-LAG 组网中 M-LAG 接口上用户认证的负载分担模式
1 新增特性－开启三层聚合子接口的报文统计功能
1.1 三层聚合子接口的报文统计功能配置
1. 配置限制和指导
开启三层聚合子接口报文统计功能后会占用系统硬件资源，在大量三层聚合子接口下开启本功能或
者通过 flow-interval 命令配置的时间间隔较小时会导致系统繁忙，CPU 占用率升高。
2. 配置步骤
(1) 进入系统视图。
system-view
(2) 进入三层聚合子接口视图。
interface route-aggregation interface-number.subnumber
(3) 开启三层聚合子接口的报文统计功能。
traffic-statistic enable
缺省情况下，三层聚合子接口的报文统计功能处于关闭状态。
(4) （可选）查看三层聚合子接口的统计信息。
display interface
通过 display interface 命令的 Input 和 Output 字段查看三层聚合子接口的统计信息。
1.2 三层聚合子接口的报文统计功能配置命令
1.1.2 traffic-statistic enable
traffic-statistic enable 命令用来开启三层聚合子接口的报文统计功能。

undo traffic-statistic enable 命令用来关闭三层聚合子接口的报文统计功能。
【命令】
traffic-statistic enable
undo traffic-statistic enable
1
【缺省情况】
三层聚合子接口的报文统计功能处于关闭状态。
【视图】
三层聚合子接口视图
【缺省用户角色】
network-admin
【使用指导】
开启三层聚合子接口报文统计功能后会占用系统硬件资源，在大量三层聚合子接口下开启本功能或
者通过 flow-interval 命令配置的时间间隔较小时会导致系统繁忙，CPU 占用率升高。
配置本命令后，可以通过 display interface 命令的 Input 和 Output 字段查看三层聚合子接口
的统计信息。
【举例】
# 开启三层聚合子接口 1.1 的报文统计功能。
<Sysname> system-view
[Sysname] interface route-aggregation 1.1
[Sysname-Route-Aggregation1.1] traffic-statistic enable
【相关命令】
• display interface
• flow-interval
2 新增特性－对象组功能
2.1 配置对象组功能
2.1.1 配置 IPv4 地址对象组
system-view
(2) 创建 IPv4 地址对象组，并进入对象组视图。
object-group ip address object-group-name
缺省情况下，存在系统默认的 IPv4 地址对象组，名称为 any。
(3) （可选）配置对象组的描述信息。
description text
缺省情况下，没有任何描述信息。
(4) 创建 IPv4 地址对象。
[ object-id ] network { host { address ip-address | name host-name } |
subnet ip-address { mask-length | mask } }
2
2.1.2 配置 IPv6 地址对象组
system-view
(6) 创建 IPv6 地址对象组，并进入对象组视图。
object-group ipv6 address object-group-name
缺省情况下，存在系统默认的 IPv6 地址对象组，名称为 any。
description text
(8) 创建 IPv6 地址对象。
[ object-id ] network { host { address ipv6-address | name host-name } |
subnet ipv6-address prefix-length }
2.1.3 配置端口对象组
system-view
(10) 创建端口对象组，并进入对象组视图。
object-group port object-group-name
缺省情况下，存在系统默认的端口对象组，名称为 any。
description text
(12) 创建端口对象。
[ object-id ] port { { eq | lt | gt } port | range port1 port2 }
2.1.4 配置服务对象组
system-view
(14) 创建服务对象组，并进入对象组视图。
object-group service object-group-name
缺省情况下，存在系统默认的服务对象组。
description text
(16) 创建服务对象。
3
[ object-id ] service { protocol [ { source { { eq | lt | gt } port | range
port1 port2 } | destination { { eq | lt | gt | } port | range port1 port2 } }
* | icmp-type icmp-code | icmpv6-type icmpv6-code ] }
2.1.5 对象的显示和维护
在完成上述配置后，在任意视图下执行 display 命令可以显示配置后的对象组及对象信息，通过
查看显示信息验证配置的效果。
表1-1 对象组显示和维护
操作命令
display object-group [ { { ip | ipv6 } address | service

显示对象组的相关信息 | port } [ default ] [ name object-group-name ] | name
object-group-name ]
2.2 配置对象组命令
2.2.1 description
description 命令用来配置对象组的描述信息。
undo description 命令用来恢复缺省情况。
【命令】
description text
undo description
【缺省情况】
对象组未配置任何描述信息。
【视图】
对象组视图
network-admin
【参数】
text：表示对象组的描述信息，为 1～127 个字符的字符串，区分大小写。
【举例】
# 配置对象组的描述信息为“This is an IPv4 object-group”
。
[Sysname] object-group ip address ipgroup
[Sysname-obj-grp-ip-ipgroup] description This is an IPv4 object-group
2.2.2 display object-group

display object-group 命令用来显示对象组的内容。
4
【命令】
display object-group [ { { ip | ipv6 } address | service | port } [ default ]
[ name object-group-name ] | name object-group-name ]
【视图】
任意视图
network-admin
network-operator
【参数】
ip address：指定对象组类型为 IPv4 地址对象组。
ipv6 address：指定对象组类型为 IPv6 地址对象组。
port：指定对象组类型为端口对象组。
service：指定对象组类型为服务对象组。
default：指定默认对象组。
name：指定对象组名称。
object-group-name：对象组的名称，为 1～31 个字符的字符串，不区分大小写。
【举例】
# 显示所有对象组。
<Sysname> display object-group
IP address object group obj1: 0 object(in use)
IP address object group obj2: 7 objects(out of use)

0 network host address 1.1.1.1
10 network host name host
20 network subnet 1.1.1.1 255.255.255.0
IPv6 address object-group obj3: 0 object(in use)
IPv6 address object-group obj4: 5 objects(out of use)

0 network host address 1::1:1
20 network subnet 1::1:0 112
Service object-group obj5: 0 object(in use)
Service object-group obj6: 6 objects(out of use)

0 service 200
10 service tcp source lt 50 destination range 30 40
20 service udp source range 30 40 destination gt 30
30 service icmp 20 20
40 service icmpv6 20 20
5
Port object-group obj7: 0 object(in use)
Port object-group obj8: 3 objects(out of use)

0 port lt 20
10 port range 20 30
# 显示名称为 obj2 的对象组。
<Sysname> display object-group name obj2
IP address object-group obj2: 6 objects(out of use)
20 network subnet 1.1.1.1 255.255.255.0
# 显示所有 IPv4 地址对象组。
<Sysname> display object-group ip address
IP address object-group obj1: 0 object(in use)
IP address object-group obj2: 6 objects(out of use)

20 network subnet 1.1.1.1 255.255.255.0
# 显示名称为 obj4 的 IPv6 地址对象组。
<Sysname> display object-group ipv6 address name obj4
IPv6 address object-group obj4: 5 objects(out of use)
0 network host address 1::1:1
20 network subnet 1::1:0 112
表1-2 display object-group 命令显示信息描述表
字段描述
in use 表明此对象组被引用，包括被ACL引用或被对象组嵌套引用
out of use 表明此对象组没有被引用
2.2.3 network (IPv4 address object group view)

network 命令用来创建一个 IPv4 地址对象。
undo network 命令用来删除指定的 IPv4 地址对象。
【命令】
[ object-id ] network { host { address ip-address | name host-name } | subnet
ip-address { mask-length | mask } }
undo network { host { address ip-address | name host-name } | subnet
ip-address { mask-length | mask } }
undo object-id
【缺省情况】
不存在 IPv4 地址对象。
6
【视图】
IPv4 地址对象组视图
network-admin
【参数】
object-id：指定对象 ID，取值范围为 0～4294967294。若未指定本参数，系统将按照步长 10
从 0 开始，自动分配一个大于现有最大 ID 的最小 ID。譬如现有对象的最大 ID 为 22，那么自动分
配的新 ID 将是 30。
host：指定主机 IPv4 地址或主机名称。
address ip-address：指定主机 IPv4 地址。
name host-name：指定主机名称。host-name 表示主机名称，为 1～60 字符，不区分大小写。
subnet ip-address { mask-length | mask }：指定子网 IPv4 地址。mask-length 表示子
网掩码长度，即掩码中连续“1”的个数，取值范围为 0～32。mask 表示接口 IP 地址相应的子网
掩码，为点分十进制格式。
【使用指导】
创建对象时指定 ID，如果指定 ID 的对象不存在，则创建一条新的对象；如果指定 ID 的对象已存在，
则对原对象进行修改。
新创建或修改的对象不能与已有对象的内容完全相同，否则该命令执行失败，并提示出错。
在配置 subnet 参数时，如果指定 mask-length 为 32 或者 mask 为 255.255.255.255，则该配
置被视为主机地址对象配置。
【举例】
# 配置地址为 192.168.0.1 的 IPv4 主机地址对象。
[Sysname-obj-grp-ip-ipgroup] network host address 192.168.0.1
# 配置名称为 pc3 的 IPv4 主机地址对象。
[Sysname-obj-grp-ip-ipgroup] network host name pc3
# 配置地址为 192.167.0.0，掩码长度为 24 的 IPv4 子网地址对象。
[Sysname-obj-grp-ip-ipgroup] network subnet 192.167.0.0 24
# 配置地址为 192.166.0.0，掩码为 255.255.0.0 的 IPv4 子网地址对象。
[Sysname-obj-grp-ip-ipgroup] network subnet 192.166.0.0 255.255.0.0
2.2.4 network (IPv6 address object group view)

network 命令用来创建一个 IPv6 地址对象。
7
undo network 命令用来删除指定的 IPv6 地址对象。
【命令】
[ object-id ] network { host { address ipv6-address | name host-name } | subnet
ipv6-address prefix-length }
undo network { host { address ipv6-address | name host-name } | subnet
ipv6-address prefix-length }
undo object-id
【缺省情况】
不存在 IPv6 地址对象。
【视图】
IPv6 地址对象组视图
network-admin
【参数】
host：指定主机 IPv6 地址或主机名称。
address ipv6-address：指定主机 IPv6 地址。
name host-name：指定主机名称。host-name 表示主机名称，为 1～60 字符，不区分大小写。
subnet ipv6-address prefix-length：指定子网 IPv6 地址。prefix-length：指定 IPv6
地址的前缀长度，取值范围为 1～128。
【使用指导】
则对原对象进行修改。
在配置 subnet 参数时，如果指定掩码长度为 128，则该配置被视为主机地址对象配置。
【举例】
# 配置地址为 1::1 的 IPv6 主机地址对象。
[Sysname] object-group ipv6 address ipv6group
[Sysname-obj-grp-ipv6-ipv6group] network host address 1::1
# 配置名称为 pc3 的 IPv6 主机地址对象。
[Sysname-obj-grp-ipv6-ipv6group] network host name pc3
# 配置地址为 1:1:1::1，前缀长度为 24 的 IPv6 子网地址对象。
8
[Sysname-obj-grp-ipv6-ip v6group] network subnet 1:1:1::1 24
2.2.5 object-group
object-group 命令用来创建一个对象组，并进入对象组视图。如果指定的对象组已经存在且类
型一致，则直接进入对象组视图。
undo object-group 命令用来删除指定的对象组。
【命令】
object-group { { ip | ipv6 } address | port | service } object-group-name
undo object-group { { ip | ipv6 } address | port | service } object-group-name
【缺省情况】
每类对象组都有一个名称为 any 的默认对象组。
【视图】
系统视图
network-admin
【参数】
ip address：指定对象组类型为 IP 地址对象组。
ipv6 address：指定对象组类型为 IPv6 地址对象组。
port：指定对象组类型为端口对象组。
service：指定对象组类型为服务对象组。
object-group-name：对象组的名称，为 1～31 个字符的字符串，不区分大小写。
【使用指导】
在配置 object-group 命令时，需要注意的是：
• 如果指定名称的对象组不存在，则创建对象组并进入其视图。
• 如果指定名称的对象组存在但类型不一致，命令执行失败，并提示出错。
在配置 undo object-group 命令时，需要注意的是：
• 如果指定名称的对象组不存在，系统不提示。
• 如果指定名称的对象组存在但类型不一致，则命令执行失败，并提示出错。
• 要删除的对象组被 ACL、对象策略或者其他对象组引用，命令执行失败，并提示出错。
• 系统默认对象组不能被删除。
【举例】
# 配置名称为 ipgroup 的 IP 地址对象组。
# 配置名称为 ipv6group 的 IPv6 地址对象组。
9
# 配置名称为 portgroup 的端口对象组。
[Sysname] object-group port portgroup
# 配置名称为 servicegroup 的服务对象组。
[Sysname] object-group service servicegroup
2.2.6 port (port object group view)

port 命令用来创建一个端口对象。
undo port 命令用来删除指定的端口对象。
【命令】
[ object-id ] port { { eq | lt | gt } port | range port1 port2 }
undo port { { eq | lt | gt } port | range port1 port2 }
undo object-id
【缺省情况】
不存在端口对象。
【视图】
端口对象组视图
network-admin
【参数】
eq：等于指定的端口号。
lt：小于指定的端口号。
gt：大于指定的端口号。
port：指定端口号，取值范围为 0～65535。
range port1 port2：指定端口在两个端口号范围内。port1 表示起始端口号，取值范围为 0～
65535。port2 表示结束端口号，取值范围为 0～65535。
【使用指导】
在配置 lt 参数时，需要注意的是：
• 不能指定 port 为 0。
• 如果指定 port 为 1，则该配置被视为 eq 0。
• 如果指定 port 为 2～65535，则实际生效的端口号为[ 0, port-1 ]。
在配置 gt 参数时，需要注意的是：
• 如果指定 port 为 65534，该配置被视为 eq 65535。
10
• 如果指定 port 为 0～65533，则实际生效的端口号为[ port+1, 65535 ]。
在配置 range 参数时，需要注意的是：
• 如果指定的 port1 和 port2 相同，则该配置被视为等于指定的端口号。
• 如果指定 port1 为 0，则该配置被视为 lt 配置，譬如配置 range 0 999，被视为 lt 1000。
• 如果指定 port2 为 65535，则该配置被视为 gt 配置，譬如配置 range 50001 65535，被视
为 gt 50000。
• 如果指定的 port1 比 port2 大，会自动调整范围为[ port2, port1 ]。
【举例】
# 配置端口号等于 100 的端口对象。
[Sysname-obj-grp-port-portgroup] port eq 100
# 配置端口号小于 20 的端口对象。
[Sysname-obj-grp-port-portgroup] port lt 20
# 配置端口号大于 60000 的端口对象。
[Sysname-obj-grp-port-portgroup] port gt 60000
# 配置端口号范围为 1000 到 2000 的端口对象。
[Sysname-obj-grp-port-portgroup] port range 1000 2000
2.2.7 service(service object group view)

service 命令用来创建一个服务对象。
undo service 命令用来删除指定的服务对象。
【命令】
[ object-id ] service { protocol [ { source { { eq | lt | gt } port | range port1
port2 } | destination { { eq | lt | gt } port | range port1 port2 } } * | icmp-type
icmp-code | icmpv6-type icmpv6-code ] }
undo service { protocol [ { source { { eq | lt | gt } port | range port1 port2 }
| destination { { eq | lt | gt } port | range port1 port2 } } * | icmp-type
icmp-code | icmpv6-type icmpv6-code ] }
undo object-id
【缺省情况】
不存在服务对象。
【视图】
服务对象组视图
11
network-admin
【参数】
protocol：协议类型，可输入的形式如下：
• 数字：取值范围为 0～255；
• 名称（括号内为对应的数字）：可选取 tcp（6）
、udp（17）
、icmp（1）或 icmpv6（58）。
source：指定源端口。只在 protocol 为 tcp 或 udp 时有效。
destination：指定目的端口。只在 protocol 为 tcp 或 udp 时有效。
eq：等于指定的端口号。
lt：小于指定的端口号。
gt：大于指定的端口号。
port：指定端口号，取值范围为 0～65535。
range port1 port2：在指定的两个端口号范围内。port1 表示端口号 1，取值范围为 0～65535。
port2 表示端口号 2，取值范围为 0～65535。
icmp-type：ICMP 消息类型，取值范围为 0～255，只在 protocol 为 icmp 时有效。
icmp-code：ICMP 消息码，取值范围为 0～255。
icmpv6-type：ICMPv6 消息类型，取值范围为 0～255，只在 protocol 为 icmpv6 时有效。
icmpv6-code：ICMPv6 消息码，取值范围为 0～255。
【使用指导】
则对旧对象进行修改。
在配置 lt 参数时，需要注意的是：
• 如果指定 port 为 1，则该配置被视为 eq 0。
• 如果指定 port 为 2～65535，则实际生效的端口号为[ 0, port-1 ]。
在配置 gt 参数时，需要注意的是：
• 如果指定 port 为 65534，该配置被视为 eq 65535。
• 如果指定 port 为 0～65533，则实际生效的端口号为[ port+1, 65535 ]。
在配置 range 参数时，需要注意的是：
• 如果指定的 port1 和 port2 相同，则该配置被视为等于指定的端口号。
• 如果指定 port1 为 0，则该配置被视为 lt 配置，譬如配置 range 0 999，被视为 lt 1000。
• 如果指定 port2 为 65535，则该配置被视为 gt 配置，譬如配置 range 50001 65535，被视
为 gt 50000。
12
• 如果指定的 port1 比 port2 大，会自动调整范围为[ port2, port1 ]。
【举例】
# 配置协议号等于 100 的服务对象。
[Sysname-obj-grp-service-servicegroup] service 100
# 配置指定源端口和目的端口的 tcp 协议报文的服务对象。
[Sysname-obj-grp-service-servicegroup] service tcp source eq 100 destination range 10 100
# 配置 icmp 协议的服务对象。
[Sysname-obj-grp-service-servicegroup] service icmp 100 150
3 变更特性－在接口上应用 QoS 策略
3.1 特性变更说明
从本版本开始，三层聚合接口和三层聚合子接口支持应用 QoS 策略。
3.2 命令变更说明
【命令】
qos apply [ remarking | tcp-erspan ] policy policy-name { inbound | outbound }
undo qos apply [ remarking | tcp-erspan ] policy policy-name { inbound |
outbound }
【视图】
接口视图
【修改说明】
修改前：二层以太网接口和三层以太网接口上支持应用 QoS 策略。
修改后：二层以太网接口、三层以太网接口、三层以太网子接口、三层聚合接口和三层聚合子接口
上支持应用 QoS 策略。
【使用指导】
流分类匹配外层 VLAN Tag VLAN ID 时，三层以太网接口和三层以太网子接口上不支持应用 QoS
策略。
13
4 变更特性－配置 M-LAG 组网中 M-LAG 接口上用户认证的
负载分担模式
从本版本开始，缺省情况下，配置 M-LAG 组网中 M-LAG 接口上用户认证的负载分担模式由分布处
理本地上送用户变更为集中处理模式。
4.2.1 修改-port-security m-lag load-sharing-mode
【命令】
port-security m-lag load-sharing-mode { centralized | distributed
{ even-mac | local | odd-mac } }
undo port-security m-lag load-sharing-mode
【视图】
系统视图
【修改说明】
修改前：缺省情况下，M-LAG 接口上用户认证的负载分担模式为分布处理本地上送用户。
修改后：缺省情况下，M-LAG 接口上用户认证的负载分担模式为集中处理模式。
14
R6628P30 版本
本版本特性变更情况如下：
• 新增特性－二层技术-以太网交换相关新增特性
• 新增特性－三层技术-IP 业务相关新增特性
• 新增特性－三层技术-IP 路由相关新增特性
• 新增特性－IP 组播相关新增特性
• 新增特性－MPLS 相关新增特性
• 新增特性－ACL 和 QoS 相关新增特性
• 新增特性－安全相关新增特性
• 新增特性－可靠性相关新增特性
• 新增特性－网络管理和监控相关新增特性
• 新增特性－Telemetry 相关新增特性
• 变更特性－DRNI 与 M-LAG 兼容
• 变更特性－配置接口收到携带 Management Address TLV 的 LLDP 报文后生成 ARP 表项或
ND 表项
• 变更特性－配置 LLDP 报文的源 MAC 地址为指定的 MAC 地址
• 变更特性－配置接口上允许发布的 TLV 类型
• 变更特性－配置 HTTP/HTTPS 服务与 ACL 关联
• 变更特性－设置本地保存备份配置文件的最大数
• 变更特性－显示 RIB 或静态路由下一跳的详细信息
• 变更特性－配置 OSPF/OSPFv3 验证新增验证模式
• 变更特性－新增 BGP 监控服务器的显示信息
• 变更特性-配置 802.1X 周期性重认证定时器
• 变更特性-配置 MAC 地址认证的周期性重认证定时器
• 变更特性－显示本地非对称密钥对中的公钥信息
• 变更特性－IPsec 隧道 ID 号取值范围变更
• 变更特性—创建 SNMPv3 用户支持配置 sha224、sha256、sha384、sha512 认证算法
• 变更特性—配置发送端邮件服务器的域名字符串长度范围变更
• 变更特性—单个日志文件使用率的告警门限取值范围变更
• 变更特性－显示指定用户态进程的堆内存统计信息新增字段
• 变更特性－配置流镜像到接口
• 变更特性－显示 gRPC 的相关信息
• 删除特性
0
1 新增特性－二层技术-以太网交换相关新增特性
• 表 1 所列新增特性的详细介绍请参考“H3C S5560X-EI&S5500V2-EI&MS4520V2&ES5500
系列以太网交换机配置指导-R6628Pxx”中的“二层技术-以太网交换配置指导” ；
• 相关命令的详细介绍请参考“H3C S5560X-EI&S5500V2-EI&MS4520V2&ES5500 系列以太
网交换机命令参考-R6628Pxx”中的“二层技术-以太网交换命令参考” 。
表1 二层技术-以太网交换相关新增特性
新增特性新增命令/参数配置指导&命令参考相关章节
环回测试 loopback-test 以太网接口
• ifmonitor sdh-error
• ifmonitor sdh-b1-error
配置 SDH、SDH-B1、SDH-B2 • ifmonitor sdh-b2-error
以太网接口
错误报文告警参数 • port ifmonitor sdh-error
• port ifmonitor sdh-b1-error
• port ifmonitor sdh-b2-error
显示接口物理状态变化的统计 display link-state-change

以太网接口
信息 statistics interface
清除接口的物理状态变化统计 reset link-state-change statistics

以太网接口
信息 interface
port link-flap protect enable命令新

增如下参数：
开启接口链路震荡保护功能以太网接口
• second-interval
• second-threshold
snmp-agent trap enable ifmonitor命
令新增如下参数：
开启接口监控模块的告警功能 • sdh-b1-error 以太网接口

• sdh-b2-error
• sdh-error
如下命令新增 shutdown 参数：

配置发送 PAUSE 帧告警参数 • ifmonitor tx-pause 以太网接口
• port ifmonitor tx-pause
shutdown all-physical-interfaces命
关闭除管理以太网接口外的所
令新增include 以太网接口
有物理接口
irf-physical-interface参数
link-aggregation lacp isolate命令新

开启二三层聚合流量隔离功能以太网链路聚合
增bagg、ragg参数
自环保护功能 stp loopback-protection 生成树
配置设备发送的协议报文的
control-packet dot1p VLAN
802.1p优先级
配置接口发送的LLDP报文中 lldp tlv-config basic-tlv port-id LLDP
1
Port ID TLV的类型
配置接口上允许发布的私有
lldp tlv-enable private-tlv LLDP
TLV类型
配置接口上允许发布的私有
lldp tlv-enable private-tlv LLDP
TLV 类型
l2protocol tunnel dot1q 命令新增 all、

开启指定协议的L2PT功能 L2PT
cdp、dtp 参数
配置指定协议Tunnel报文的组
l2protocol type tunnel-dmac L2PT
播目的MAC地址
2 新增特性－三层技术-IP 业务相关新增特性
系列以太网交换机配置指导-R6628Pxx”中的“三层技术-IP 业务配置指导” ；
网交换机命令参考-R6628Pxx”中的“三层技术-IP 业务配置命令参考” 。
表2 三层技术-IP 业务相关新增特性
开启ARP表项下发硬件日志功 arp hardware log enable

ARP
能 [ count-limit count-limit-value ]
snmp-agent trap enable arp

开启ARP模块的告警功能 [ rate-limit | user-ip-conflict ] * ARP
与转发表匹配的ARP请求报文
arp fib-miss drop ARP
的丢弃功能
配置当地址池的可分配地址资
源耗尽或资源恢复时，系统生 exhaustion log enable DHCP
成日志信息
dhcp relay information

配置Option 82子选项
link-selection DHCP
sub-option 5中填充的地址 link-selection-address
ip icmp broadcast-echo-reply
开启响应ICMP广播报文功能 enable IP性能优化
dhcp relay source-address

{ ip-address | interface
指定DHCP中继向DHCP服务 interface-type interface-number } DHCP
器转发报文的源地址命令新增 [ default-giaddr ]参数
显示M-LAG组网中DHCP display dhcp snooping

Snooping记录的同步表项统计 m-lag-statistics命令新增 DHCP
信息 [ old-version ]参数
配置负载分担算法计算结果的 ip load-sharing mode per-flow命令新

增[ seed seed-number ]、[ dest-ip | IP转发基础配置
偏移量
dest-port | ingress-port | ip-pro |
2
src-ip | src-port ]、tunnel { all |
inner | outer }参数
• ping arp ip host [ interface

interface-type interface-number
[ vlan vlan-id ] ] [ timeout
timeout ] [ count count ]
ARP-Ping • ping arp mac mac-address { ip ARP

ipv4-address [ vpn-instance
vpn-instance-name ] | interface
interface-type
interface-number } [ timeout
timeout ] [ count count ]
• snmp-agent trap enable dhcp

配置IP地址池的地址资源耗尽/ server address-exhaust DHCP
恢复的告警功能
• exhaustion trap enable
• snmp-agent trap enable dhcp

配置IP地址池的使用率高于等 server ip-in-use
于阈值或恢复到低于阈值的告 DHCP
警功能 • ip-in-use threshold
threshold-value
display ipv6 interface命令新增参数

显示接口的IPv6信息 IPv6基础
[ description ]
display ipv6 neighbors statistics

{ [ by-slot ] all | interface
显示ND表项的统计信息 { interface-name | interface-type IPv6基础
interface-number } | slot
slot-number }
开启ND表项下发硬件日志功 ipv6 nd hardware log enable

IPv6基础
能 [ count-limit count-limit-value ]
与转发表匹配的ND请求报文
ipv6 nd fib-miss drop IPv6基础
的丢弃功能
ping nd ipv6 host [ interface

针对IPv6地址的ND-Ping功能 IPv6基础
[ vlan vlan-id ] ] [ timeout timeout ]
[ count count ]
ping nd mac mac-address { ipv6

针对MAC地址的ND-Ping功能 vpn-instance-name ] | interface IPv6基础
interface-type interface-number }
[ timeout timeout ] [ count count ]
• vendor-specific vendor-id
• suboption suboption-code
配置DHCPv6厂商自定义选项 { address ipv6-address&<1-4> | DHCPv6
ascii ascii-string | hex
hex-string }
• snmp-agent trap enable ipv6

配置IPv6地址池资源耗尽告警 dhcp server address-exhaust
pd-exhaust DHCPv6
功能
• exhaustion trap enable
3

配置IPv6地址池地址使用率告 dhcp server ip-in-use
DHCPv6
警功能 • ip-in-use threshold
threshold-value

配置IPv6地址池前缀使用率告 dhcp server pd-in-use
DHCPv6
警功能 • pd-in-use threshold
threshold-value
配置当IPv6地址池可分配的资
源耗尽或资源恢复时，系统生 • exhaustion log enable DHCPv6
成日志信息
mDNS网关所有mDNS网关相关配置命令 mDNS网关
3 新增特性－三层技术-IP 路由相关新增特性
系列以太网交换机配置指导-R6628Pxx”中的“三层技术-IP 路由配置指导” ；
网交换机命令参考-R6628Pxx”中的“三层技术-IP 路由配置命令参考” 。
表3 三层技术-IP 路由相关新增特性
rip authentication-mode命令新增
RIP-2的keychain验证方式 RIP
keychain参数
IPv4策略路由配置的下一跳失 apply fail-action-drop next-hop命

策略路由
效时报文丢弃令
配置策略路由忽略目的地址为 ip ignore policy-based-route

策略路由
当前接口IPv4地址的报文 dest-local enable命令
IPv6策略路由配置的下一跳失 apply fail-action-drop next-hop命

IPv6策略路由
效时报文丢弃令
配置IPv6策略路由忽略目的地 ipv6 ignore policy-based-route

IPv6策略路由
址为当前接口IPv6地址的报文 dest-local enable命令
ospf track track-entry-number

配置OSPF与Track联动 adjust-cost { cost-offset | max } OSPF
ospfv3 track track-entry-number

配置OSPFv3与Track联动 OSPFv3
adjust-cost { cost-offset | max }
DCN 所有DCN相关配置命令 DCN
配置BGP根据EBGP路由的第
peer-as-check enable BGP
一个AS号过滤发布对象
配置将发送给邻居的BGP路由 • advertise lowest-priority

BGP
调整为最低优先级 on-startup duration
4
• advertise lowest-priority
on-peer-up duration
• reset bgp advertise
lowest-priority
配置BGP负载分担时调整负载 balance命令新增ecmp-nexthop-local、
BGP
分担路由的下一跳 ecmp-nexthop-unchanged参数
配置BGP路由禁止下发到IP路 routing-table bgp-rib-only命令新增

BGP
由表功能 all参数
配置BGP路由进行下一跳路由 nexthop recursive-lookup

BGP
迭代查找时采用最长匹配方式 longest-match
开启邻居地址不可达检测功能 peer tracking BGP
配置BGP GR/NSR完成后等待
bgp update-delay
其他协议完成GR/NSR的最长 wait-other-protocol BGP
时间
配置通过控制报文方式的BFD
primary-path-detect bfd命令新增ctrl
会话检测主路由的下一跳是否 BGP
参数
可达
• bmp server monitor

all-vpn-instance
• bmp server monitor
current-instance
• display bgp bmp server
monitor-peer
• pd-monitor-mode enable
• peer route-mode
配置BGP BMP • pu-monitor-mode enable BGP

• reset bgp bmp server
• route-mode adj-rib-in
• route-mode adj-rib-out 命令新增
pre-policy、post-policy 以及
both 参数
• server 命令新增 ipv6-address 参数
• server password
• server source-address
4 新增特性－IP 组播相关新增特性
系列以太网交换机配置指导-R6628Pxx”中的“IP 组播配置指导” ；
网交换机命令参考-R6628Pxx”中的“IP 组播命令参考” 。
5
表4 IP 组播相关新增特性
load-splitting命令新增
对组播流量进行负载分担新增
balance-ecmp、balance-ucmp、ecmp和组播路由与转发
四种新的负载分担类型
ecmp参数
配置组播报文软转发复制数量 multicast cpu-forwarding

组播路由与转发
的最大值 max-copy-count
配置IPv6组播报文软转发复制 ipv6 multicast cpu-forwarding

IPv6组播路由与转发
份数的最大值 max-copy-count
load-splitting命令新增
对IPv6组播流量进行负载分担
balance-ecmp、balance-ucmp、ecmp和 IPv6组播路由与转发
新增四种新的负载分担类型
ecmp参数
5 新增特性－MPLS 相关新增特性
系列以太网交换机配置指导-R6628Pxx”中的“MPLS 配置指导” ；
网交换机命令参考-R6628Pxx”中的“MPLS 命令参考” 。
表5 MPLS 相关新增特性
显示LDP会话中收到的错误
display mpls ldp error-packet LDP
TCP报文信息
显示LDP会话中断事件信息 display mpls ldp troubleshooting LDP
6 新增特性－ACL 和 QoS 相关新增特性

系列以太网交换机配置指导-R6628Pxx”中的“ACL 和 QoS 配置指导” ；
网交换机命令参考-R6628Pxx”中的“ACL 和 QoS 命令参考” 。
表6 ACL 和 QoS 相关新增特性
创建QoS策略 Qos 命令新增tcp-erspan参数 QoS
创建QoS策略 Qos 命令新增remarking参数 QoS
显示基于全局应用QoS策略的 display qos policy global命令

QoS
配置信息和运行情况新增 tcp-erspan 参数
6
显示基于全局应用QoS策略的 display qos policy global命令

QoS
配置信息和运行情况新增remarking参数
显示接口上QoS策略的配置信 display qos policy interface 命令

QoS
息和运行情况新增 remarking 参数
显示接口上QoS策略的配置信 display qos policy interface 命令
QoS
息和运行情况新增 tcp-erspan 参数
显示L2VPN AC承载的以太网 display qos policy l2vpn-ac 命令
服务实例上QoS策略的配置信 QoS
息和运行情况新增 remarking 参数
显示L2VPN AC承载的以太网 display qos policy l2vpn-ac 命令

服务实例上QoS策略的配置信 QoS
息和运行情况新增 tcp-erspan 参数
在控制平面、接口或以太网服 qos apply policy 命令

QoS
务实例上应用QoS策略新增 remarking 参数
在控制平面、接口或以太网服 qos apply policy 命令
QoS
务实例上应用QoS策略新增 tcp-erspan 参数
qos apply policy global 命令新增
全局应用QoS策略 QoS
remarking 参数
qos apply policy global 命令新增
全局应用QoS策略 QoS
tcp-erspan 参数
创建一个QoS策略，并进入
qos policy 命令新增 remarking 参数 QoS
QoS策略视图
创建一个QoS策略，并进入
qos policy 命令新增 tcp-erspan 参数 QoS
QoS策略视图
清除L2VPN AC承载的以太网
reset qos policy l2vpn-ac 命令新增
服务实例上QoS策略的统计信 QoS
息
remarking 参数
7 新增特性－安全相关新增特性
系列以太网交换机配置指导-R6628Pxx”中的“安全配置指导” ；
网交换机命令参考-R6628Pxx”中的“安全命令参考” 。
表7 安全相关新增特性
• accounting default 命令新增

配置ISP域的AAA认证方法 [ radius-scheme AAA
radius-scheme-name |
hwtacacs-scheme
7
hwtacacs-scheme-name ] *参数
• accounting lan-access 命令新增
radius-scheme
radius-scheme-name 参数
• accounting login 命令新增
[ radius-scheme
hwtacacs-scheme
• accounting portal 命令新增
radius-scheme
• authentication default 命令新增
[ radius-scheme
hwtacacs-scheme
hwtacacs-scheme-name ] * [ none ]
| local [ ldap-scheme
ldap-scheme-name ]参数
• authentication lan-access 命令新
增[ ldap-scheme ldap-scheme-name
| radius-scheme
radius-scheme-name ]参数
• authentication login 命令新增
[ radius-scheme
hwtacacs-scheme
hwtacacs-scheme-name ] * [ none ]
| local [ ldap-scheme
ldap-scheme-name ]参数
• authentication portal 命令新增
[ ldap-scheme ldap-scheme-name |
radius-scheme
radius-scheme-name ]参数
• authorization default 命令新增
[ radius-scheme
hwtacacs-scheme
• authorization lan-access 命令新增
radius-scheme
• authorization login 命令新增
[ radius-scheme
hwtacacs-scheme
• authorization portal 命令新增
radius-scheme
authorization-attribute命令新增
ISP域下的用户授权属性 AAA
vlan vlan-id参数
设置本地用户或用户组的授权 authorization-attribute命令新增url AAA
8
属性 url-string 参数
开启RADIUS认证请求优先处 radius authentication-request

AAA
理功能 first
display dot1x connection命令新增

显示当前802.1X在线用户的详 online-type { auth-fail-domain |
802.1X
细信息 critical-domain | preauth-domain |
success }参数
显示当前802.1X单播触发的静 display dot1x unicast-trigger

802.1X
默MAC信息 quiet-mac
开启RADIUS认证服务器不可
dot1x auth-server-unavailable
达时，802.1X在线用户逃生功 escape 802.1X
能
开启802.1X认证报文探测功能 dot1x packet-detect enable 802.1X
配置802.1X认证报文探测的最
dot1x packet-detect retry 802.1X
大次数
dot1x timer命令新增unicast-trigger
配置802.1X的定时器参数 quiet-period quiet-period-value参 802.1X
数
reset dot1x access-user命令新增

online-type { auth-fail-domain |
强制802.1X用户下线 critical-domain | preauth-domain | 802.1X
success }参数
清除802.1X单播触发的静默 reset dot1x unicast-trigger

quiet-mac 802.1X
MAC信息
display mac-authentication
connection命令新增online-type
显示MAC地址认证在线用户的 { auth-fail-domain |
MAC地址认证
详细信息 critical-domain | preauth-domain |
success | url-unavailable-domain }
参数
开启RADIUS认证服务器不可
mac-authentication
达时，MAC地址认证在线用户 auth-server-unavailable escape MAC地址认证
逃生功能
配置端口的MAC地址认证的 mac-authentication critical vlan命

MAC地址认证
Critical VLAN 令新增url-user-logoff参数
开启MAC地址认证报文探测功 mac-authentication packet-detect

MAC地址认证
能 enable
配置MAC地址认证报文探测的 mac-authentication packet-detect

MAC地址认证
最大次数 retry
配置需要探测状态的Web服务
mac-authentication redirect-url MAC地址认证
器的重定向URL
mac-authentication timer命令新增
配置MAC地址认证的定时器参
temporary-user-aging MAC地址认证
数
aging-time-value 参数
配置MAC地址认证用户的账号 mac-authentication MAC地址认证
9
格式 user-name-format命令新增separator
colon参数
reset mac-authentication
access-user命令新增online-type
{ auth-fail-domain |
强制MAC地址认证用户下线 critical-domain | preauth-domain | MAC地址认证
success | url-unavailable-domain }
参数
显示Portal用户的信息 display portal user命令新增brief参数 Portal
配置设备重定向给用户的 url-parameter命令新增format section

Portal Web服务器的URL中携 { 1 | 3 | 6 } { lowercase | uppercase } ] Portal
带的参数信息参数
配置Web认证服务器支持绿洲 server-type oauth命令新增支持在Web认

Web认证
平台标准证远程Web服务器视图下配置
强制Web认证用户下线 reset web-auth access-user Web认证
配置Web认证重定向给用户的
url-unescape-chars Web认证
URL中不转义的特殊字符
开启RADIUS认证服务器不可 web-auth auth-server-unavailable

Web认证
达时，Web在线用户逃生功能 escape
显示端口接入在线用户的表项
display port-security access-user 端口安全
信息
显示端口安全的统计计数信息 display port-security statistics 端口安全
配置计算ARP探测报文源IP地 port-security packet-detect

端口安全
址所需的地址和掩码 arp-source-ip factor
port-security port-mode命令新增
配置端口安全模式端口安全
mac-and-userlogin-secure-ext参数
配置端口安全用户的认证前域 port-security pre-auth domain 端口安全
 port-security static-user
password
user-name-format
user-name-format mac-address
update-ip enable
配置端口接入认证的静态用户  port-security static-user timer 端口安全
offline-detect
 port-security static-user timer
detect-period
max-user
 display port-security
static-user
 display port-security
static-user connection
10
 reset port-security static-user
配置端口非认证成功在线用户
port-security timer 端口安全
的定时器参数
配置Triple认证环境下，端口的
port-security triple-auth-order
认证顺序为MAC地址认证、 mac-dot1x-web 端口安全
802.1X认证和Web认证
配置端口安全用户重定向URL port-security url-unavailable

端口安全
不可达时的逃生域 domain
清除端口安全的统计计数信息 reset port-security statistics 端口安全
配置设备可存储的SSH用户登 • ssh exception-record max-number

SSH
录异常原因最大条数 • display ssh exception-record
配置设备的安全增强级别 security-enhanced level SSL
display arp source-suppression

显示ARP源抑制表项 cache [ slot slot-number ] ARP攻击防御
• arp scan keepalive send-rate pps

• arp scan keepalive aging-time
time
• arp scan keepalive enable
• display arp scan keepalive entry
配置ARP的Keepalive表项扫 [ interface interface-type
ARP攻击防御
描功能 interface-number ] [ count ]
• display arp scan keepalive
statistics [ slot slot-number ]
[ interface interface-type
interface-number ]
• reset arp scan keepalive
配置加密数据帧的SecTag里
macsec include-sci MACsec
携带SCI
配置MACsec维护模式 macsec maintenance-mode enable MACsec
• ipv6 nd scan keepalive

send-rate pps
配置ND的Keepalive表项扫描
• ipv6 nd scan keepalive ND攻击防御
功能
aging-time time
• ipv6 nd scan keepalive enable
• display ipv6 nd scan keepalive

entry [ interface
interface-type
interface-number ] [ count ]
ND的Keepalive表项扫描显示 • display ipv6 nd scan keepalive
ND攻击防御
和维护 statistics [ slot slot-number ]
[ interface interface-type
interface-number ]
• reset ipv6 nd scan keepalive
11
8 新增特性－可靠性相关新增特性
系列以太网交换机配置指导-R6628Pxx”中的“可靠性配置指导” ；
网交换机命令参考-R6628Pxx”中的“可靠性命令参考” 。
表8 可靠性相关新增特性
配置开启发送Dummy报文功 dummy enable [ max-number number ]

Smart Link
能 [ times times ]
配置IPv4 VRRP状态切换延迟 vrrp state-transition-delay

vrrp
时间 delay-value
配置IPv6 VRRP状态切换延迟 vrrp ipv6 state-transition-delay

vrrp
时间 delay-value
bfd forwarding match

配置本地的BFD会话远端标识 remote-discriminator
BFD
符 discr-value-list { discr-value1
[ to discr-value2 ] } &<1-10>
bfd multi-hop
配置接收多跳echo报文的最小
min-echo-receive-interval BFD
时间间隔 interval
bfd { peer-ip ipv4-address

mask-length | peer-ipv6
配置BFD报文的TTL值 ipv6-address prefix-length } ttl BFD
{ single-hop | multi-hop }
ttl-value
配置显示BFD报文TTL值的配
display bfd ttl BFD
置信息。
bfd static session-name [ peer-ip

vpn-instance-name ] source-ip
配置IPv4控制报文方式多跳检 ipv4-address [ discriminator { auto
BFD
测 | local local-value remote
remote-value } ] [ track-interface
interface-type
interface-number ] ]

ipv4-address interface
配置IPv4 echo报文方式单跳检
destination-ip ipv4-address BFD
测 [ source-ip ipv4-address ]
one-arm-echo [ discriminator { auto
| local local-value } ] ]

配置IPv4 echo报文方式多跳检 ipv4-address [ vpn-instance
vpn-instance-name ] destination-ip BFD
测
ipv4-address [ source-ip
ipv4-address ] one-arm-echo
12
[ discriminator { auto | local
local-value } ] ]
bfd static session-name [ peer-ipv6

ipv6-address interface
配置IPv6 echo报文方式单跳检
destination-ipv6 ipv6-address BFD
测 [ source-ipv6 ipv6-address ]
bfd static session-name [ peer-ipv6

vpn-instance-name ]
配置IPv6 echo报文方式多跳检
destination-ipv6 ipv6-address BFD
测 [ source-ipv6 ipv6-address ]
创建与M-LAG MAD关联的 track track-entry-number

mlag-mad-status Track
Track项，并进入Track视图
9 新增特性－网络管理和监控相关新增特性
系列以太网交换机配置指导-R6628Pxx”中的“网络管理和监控配置指导” ；
网交换机命令参考-R6628Pxx”中的“网络管理和监控命令参考” 。
表9 网络管理和监控相关新增特性
显示当前NETCONF服务的状
display netconf service NETCONF
态及全局统计信息
显示当前NETCONF会话信息 display netconf session NETCONF
清除当前NETCONF服务的全
reset netconf service statistics NETCONF
局统计信息
清除当前NETCONF会话的统
reset netconf session statistics NETCONF
计信息
查看报文从源端传到目的端所如下命令新增参数-e
经过的路径过程支持目的端口  tracert 系统维护与调试
号固定不变 • tracert ipv6
配置设备发往NMS的告警信息
snmp-agent trap format SNMP
的格式
设备发往NMS的告警信息中支
持携带SN（serial number，设 snmp-agent trap withsn SNMP
备的序列号）
显示用户态进程的空闲内存分 display process memory fragment 进程监控和维护
13
片的信息 free
显示用户态进程已使用的内存 display process memory fragment

进程监控和维护
分片信息 used
配置向日志主机方向发送日志
info-center loghost locate-info
时，在日志定位信息中携带设 with-sn 信息中心
备序列号
禁止对端设备对本设备进行控
ntp-service noquery enable NTP
制查询
配置PoE接口和Track项关联 poe track PoE
配置NetStream统计输出报文 ip netstream export version命令新增

NetStream
记录设备序列号信息 serial-number参数
配置IPv6 NetStream统计输出 ipv6 netstream export version命令新

IPv6 NetStream
报文记录设备序列号信息增serial-number参数
sflow collector命令新增dscp
配置sFlow报文的DSCP优先级 sFlow
dscp-value参数
10 新增特性－Telemetry 相关新增特性
系列以太网交换机配置指导-R6628Pxx”中的“Telemetry 配置指导” ；
网交换机命令参考-R6628Pxx”中的“Telemetry 命令参考”。
表10 Telemetry 相关新增特性
配置gRPC的CPU最大占用率 grpc cpu-usage max-percent gRPC
显示有最小采样周期的采样路
display telemetry sensor-path gRPC
径信息
往目标组中添加指定域名的
domain-name gRPC
IPv4采集器
往目标组中添加指定域名的
ipv6 domain-name gRPC
IPv6采集器
配置设备和IPv4采集器建立
ipv4-address命令新增tls参数 gRPC
gRPC连接时使用TLS加密
配置设备和IPv6采集器建立
ipv6-address命令新增tls参数 gRPC
gRPC连接时使用TLS加密
配置订阅报文的JSON格式业
json row-timestamp enable gRPC
务数据按行打时间戳
14
11 变更特性－DRNI 与 M-LAG 兼容
从本版本开始，对于 M-LAG 相关业务，设备支持 M-LAG 和 DRNI 两种风格命令行。DRNI 和 M-LAG
风格的命令行，在业务配置方式、命令作用和显示效果方面完全相同，仅在命令行关键字形式上存
在差别。关于 M-LAG 和 DRNI 命令行差异说明请参见表 1-3。
表1-3 M-LAG 与 DRNI 命令行差异说明
命令行风格特征关键字示例及使用说明
m-lag、mlag、示例：m-lag system-number system-number

M-LAG风格
peer-link 新风格，若无特殊要求，推荐使用。
示例：drni system-number system-number

旧风格，用于兼容旧版本的配置文件。
DRNI风格 drni、drmac、ipp 系统支持以完整形式输入此类命令行，不支持输入<?>查看对应

的在线帮助信息，也不支持通过Tab键对命令行补齐。
用户成功输入此类命令行后，系统将自动以对应的M-LAG风格的
命令行形式将其保存到配置文件中。
M-LAG 与 DRNI 相关概念对照，请参见表 1-4。

表1-4 M-LAG 与 DRNI 相关概念对照
DRNI概念 M-LAG概念(中文) M-LAG概念(英文)
DRNI M-LAG Multichassis link aggregation
DR系统 M-LAG系统 M-LAG system
DR接口 M-LAG接口 M-LAG interface
DRNI MAD M-LAG MAD M-LAG MAD
DRNI保留接口 M-LAG保留接口 Ports excluded from M-LAG MAD shutdown
DR组 M-LAG组 M-LAG group
DR设备 M-LAG设备 M-LAG member device
M-LAG virtual IP address

DRNI虚拟地址 M-LAG虚拟IP地址
资料首次全称后缩写：MLAG VIP
IPL peer-link链路 M-LAG peer link
IPP口 peer-link接口 M-LAG peer-link interface
15
请参见 “ H3C S5560X-EI&S5500V2-EI&MS4520V2&ES5500 系列以太网交换机配置指导
-R6628Pxx”中的“二层技术-以太网交换配置指导”分册中的“M-LAG 配置”模块的“M-LAG 与
DRNI 命令行差异汇总”部分。
12 变更特性－配置接口收到携带 Management Address

TLV 的 LLDP 报文后生成 ARP 表项或 ND 表项
从本版本开始，二层聚合接口视图支持配置接口收到携带 Management Address TLV 的 LLDP 报文
后生成 ARP 表项或 ND 表项。
12.2.1 修改-lldp management-address
【原命令】
二层以太网接口视图：
lldp management-address { arp-learning | nd-learning } vlan vlan-id
undo lldp management-address { arp-learning | nd-learning }
三层以太网接口视图：
lldp management-address { arp-learning | nd-learning } [ vlan vlan-id ]
【修改后的命令】
二层以太网接口视图/二层聚合接口视图：
lldp management-address { arp-learning | nd-learning } vlan vlan-id
三层以太网接口视图：
lldp management-address { arp-learning | nd-learning } [ vlan vlan-id ]
【修改说明】
修改前：二层以太网接口视图、三层以太网接口视图支持配置接口收到携带 Management Address
TLV 的 LLDP 报文后生成 ARP 表项或 ND 表项。
修改后：二层以太网接口视图、二层以太网聚合接口试图、三层以太网接口视图支持配置接口收到
携带 Management Address TLV 的 LLDP 报文后生成 ARP 表项或 ND 表项。
16
13 变更特性－配置 LLDP 报文的源 MAC 地址为指定的 MAC
地址
从本版本开始，二层聚合接口视图下支持配置 LLDP 报文的源 MAC 地址为指定的 MAC 地址。
13.2.1 修改-lldp source-mac vlan
【命令】
lldp source-mac vlan vlan-id
undo lldp source-mac vlan
【视图】
二层以太网接口视图
三层以太网接口视图
【修改说明】
修改前：二层以太网接口视图、三层以太网接口视图支持配置 LLDP 报文的源 MAC 地址为指定的
MAC 地址。
修改后：二层以太网接口视图、二层以太网聚合接口试图、三层以太网接口视图支持配置 LLDP 报
文的源 MAC 地址为指定的 MAC 地址。
14 变更特性－配置接口上允许发布的 TLV 类型
从本版本开始，二层聚合接口视图下支持 interface loopback 关键字。
14.2.1 修改-lldp tlv-enable
【原命令】
在二层以太网接口视图下：
• 配置最近桥代理 LLDP 接口上允许发布的 TLV 类型
lldp tlv-enable { basic-tlv { all | port-description | system-capability
| system-description | system-name | management-address-tlv [ ipv6 ]
[ ip-address | interface loopback interface-number ] } | dot1-tlv { all |
congestion-notification | port-vlan-id | link-aggregation | dcbx |
protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] | management-vid
17
[ mvlan-id ] } | dot3-tlv { all | link-aggregation | mac-physic |
max-frame-size | power } | med-tlv { all | capability | inventory |
network-policy [ vlan-id ] | power-over-ethernet | location-id
{ civic-address device-type country-code { ca-type ca-value }&<1-10> |
elin-address tel-number } } }
undo lldp tlv-enable { basic-tlv { all | port-description |
system-capability | system-description | system-name |
management-address-tlv [ ipv6 ] [ ip-address | interface loopback
interface-number ] } | dot1-tlv { all | congestion-notification |
port-vlan-id | link-aggregation | dcbx | protocol-vlan-id | vlan-name |
management-vid } | dot3-tlv { all | link-aggregation | mac-physic |
network-policy [ vlan-id ] | power-over-ethernet | location-id } }
• 配置最近非 TPMR 代理 LLDP 接口上允许发布的 TLV 类型
lldp agent nearest-nontpmr tlv-enable { basic-tlv { all |
port-description | system-capability | system-description | system-name
| management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all |
congestion-notification | port-vlan-id | link-aggregation } | dot3-tlv
{ all | link-aggregation } }
lldp tlv-enable dot1-tlv { protocol-vlan-id [ vlan-id ] | vlan-name
[ vlan-id ] | management-vid [ mvlan-id ] }
undo lldp agent nearest-nontpmr tlv-enable { basic-tlv { all |
undo lldp tlv-enable dot1-tlv { protocol-vlan-id | vlan-name |
management-vid }
• 配置最近客户桥代理 LLDP 接口上允许发布的 TLV 类型
lldp agent nearest-customer tlv-enable { basic-tlv { all |
port-description | system-capability | system-description |
system-name | management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv
{ all | congestion-notification | port-vlan-id | link-aggregation } |
dot3-tlv { all | link-aggregation } }
undo lldp agent nearest-customer tlv-enable { basic-tlv { all |
18
management-vid }
在三层以太网接口视图：
lldp tlv-enable { basic-tlv { all | port-description | system-capability |
system-description | system-name | management-address-tlv [ ipv6 ]
link-aggregation } | dot3-tlv { all | link-aggregation | mac-physic |
power-over-ethernet | location-id { civic-address device-type country-code
{ ca-type ca-value }&<1-10> | elin-address tel-number } } }
lldp agent { nearest-nontpmr | nearest-customer } tlv-enable { basic-tlv { all
| port-description | system-capability | system-description | system-name |
management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all |
link-aggregation } | dot3-tlv { all | link-aggregation } }
undo lldp tlv-enable { basic-tlv { all | port-description | system-capability
power-over-ethernet | location-id } }
undo lldp agent { nearest-nontpmr | nearest-customer } tlv-enable { basic-tlv
{ all | port-description | system-capability | system-description |
system-name | management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all
| link-aggregation } | dot3-tlv { all | link-aggregation } }
在管理以太网接口视图下：
[ ip-address ] } | dot1-tlv { all | link-aggregation } | dot3-tlv { all |
link-aggregation | mac-physic | max-frame-size | power } | med-tlv { all |
capability | inventory | power-over-ethernet | location-id { civic-address
device-type country-code { ca-type ca-value }&<1-10> | elin-address
tel-number } } }
capability | inventory | power-over-ethernet | location-id } }
19
在二层聚合接口视图下：
management-address-tlv [ ipv6 ] [ ip-address ] | port-description |
system-capability | system-description | system-name } | dot1-tlv { all |
port-vlan-id } }
port-vlan-id } }
lldp tlv-enable dot1-tlv { protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ]
| management-vid [ mvlan-id ] }
port-vlan-id } }
port-vlan-id } }
management-vid }
在三层聚合接口视图下：
lldp agent { nearest-customer | nearest-nontpmr } tlv-enable basic-tlv { all
| management-address-tlv [ ipv6 ] [ ip-address ] | port-description |
system-capability | system-description | system-name }
undo lldp agent { nearest-customer | nearest-nontpmr } tlv-enable basic-tlv
{ all | management-address-tlv [ ipv6 ] [ ip-address ] | port-description |
在 IRF 物理端口视图下：
lldp tlv-enable basic-tlv { port-description | system-capability |
system-description | system-name }
undo lldp tlv-enable basic-tlv { port-description | system-capability |
在二层以太网接口视图下：
• 配置最近桥代理 LLDP 接口上允许发布的 TLV 类型
20
lldp tlv-enable { basic-tlv { all | port-description | system-capability
congestion-notification | port-vlan-id | link-aggregation | dcbx |
protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] | management-vid
[ mvlan-id ] } | dot3-tlv { all | link-aggregation | mac-physic |
network-policy [ vlan-id ] | power-over-ethernet | location-id
{ civic-address device-type country-code { ca-type ca-value }&<1-10> |
elin-address tel-number } } }
undo lldp tlv-enable { basic-tlv { all | port-description |
system-capability | system-description | system-name |
interface-number ] } | dot1-tlv { all | congestion-notification |
port-vlan-id | link-aggregation | dcbx | protocol-vlan-id | vlan-name |
management-vid } | dot3-tlv { all | link-aggregation | mac-physic |
network-policy [ vlan-id ] | power-over-ethernet | location-id } }
• 配置最近非 TPMR 代理 LLDP 接口上允许发布的 TLV 类型
management-vid }
• 配置最近客户桥代理 LLDP 接口上允许发布的 TLV 类型
21
management-vid }
在三层以太网接口视图：
power-over-ethernet | location-id { civic-address device-type country-code
{ ca-type ca-value }&<1-10> | elin-address tel-number } } }
power-over-ethernet | location-id } }
在管理以太网接口视图下：
capability | inventory | power-over-ethernet | location-id { civic-address
device-type country-code { ca-type ca-value }&<1-10> | elin-address
tel-number } } }
22
capability | inventory | power-over-ethernet | location-id } }
在二层聚合接口视图下：
interface-number ] | port-description | system-capability |
system-description | system-name } | dot1-tlv { all | port-vlan-id } }
port-vlan-id } }
lldp tlv-enable dot1-tlv { protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ]
| management-vid [ mvlan-id ] }
port-vlan-id } }
interface-number ] | port-description | system-capability |
system-description | system-name } | dot1-tlv { all | port-vlan-id } }
management-vid }
在三层聚合接口视图下：
lldp agent { nearest-customer | nearest-nontpmr } tlv-enable basic-tlv { all
| management-address-tlv [ ipv6 ] [ ip-address ] | port-description |
undo lldp agent { nearest-customer | nearest-nontpmr } tlv-enable basic-tlv
{ all | management-address-tlv [ ipv6 ] [ ip-address ] | port-description |
在 IRF 物理端口视图下：
lldp tlv-enable basic-tlv { port-description | system-capability |
23
undo lldp tlv-enable basic-tlv { port-description | system-capability |
【视图】
三层以太网接口视图
管理以太网接口视图
二层聚合接口视图
三层聚合接口视图
IRF 物理端口视图
【修改说明】
修改前：二层聚合接口视图下不支持 interface loopback 关键字。
修改后：二层聚合接口视图下支持 interface loopback 关键字。
15 变更特性－配置 HTTP/HTTPS 服务与 ACL 关联

从本版本开始，配置 HTTP/HTTPS 服务与 ACL 关联中新增支持匹配高级 IPv4 ACL。
【命令】
• ip http acl { acl-number | name acl-name }
• ip https acl { acl-number | name acl-name }
【视图】
系统视图
【修改说明】
修改前
acl-number：ACL 的编号，取值范围为 2000～2999（基本 IPv4 ACL）。
修改后
acl-number：ACL 的编号，取值范围及其代表的 ACL 类型如下：
• 2000～2999：表示基本 IPv4 ACL。
• 3000～3999：表示高级 IPv4 ACL。
16 变更特性－设置本地保存备份配置文件的最大数
从本版本开始，本地可保存的备份配置文件数目上限取值范围从 1~10 变更为 1～1000。
24
【命令】
archive configuration max
【视图】
系统视图
【修改说明】
修改前
file-number：表示可保存的备份配置文件数目上限，取值范围为 1～10。
修改后
file-number：表示可保存的备份配置文件数目上限，取值范围为 1～1000。
17 变更特性－显示 RIB 或静态路由下一跳的详细信息

从本版本开始，RIB 或静态路由下一跳的详细显示信息新增 age、ExtFlag 和 Flags 字段。age 字段
用于显示下一跳信息最近一次更新的时间；ExtFlag 用于显示下一跳信息的扩展标志位；Flags 字段
用于显示当前下一跳的标志位。
17.2.1 修改-display rib nib
display rib nib 命令用来显示 RIB 的下一跳信息。
【命令】
display rib nib [ self-originated ] [ nib-id ] [ verbose ]
display rib nib protocol protocol [ verbose ]
【视图】
任意视图
【修改说明】
修改前：RIB 下一跳详细信息不支持显示下一跳信息最近一次更新的时间、下一跳信息的扩展标志
位和下一跳的标志位。
修改后：RIB 下一跳详细信息新增 age、ExtFlag 和 Flags 字段，支持显示下一跳信息最近一次更新
的时间、下一跳信息的扩展标志位和下一跳的标志位。
17.2.2 修改-display route-direct nib

display route-direct nib 命令用来显示直连路由下一跳信息。
25
【命令】
display route-direct nib [ nib-id ] [ verbose ]
【视图】
任意视图
【修改说明】
17.2.3 修改-display ipv6 rib nib

display ipv6 rib nib 命令用来显示 IPv6 RIB 的下一跳信息。
【命令】
display ipv6 rib nib [ self-originated ] [ nib-id ] [ verbose ]
display ipv6 rib nib protocol protocol [ verbose ]
【视图】
任意视图
【修改说明】
17.2.4 修改-display ipv6 route-direct nib

display ipv6 route-direct nib 命令用来显示 IPv6 直连路由下一跳信息。
【命令】
display ipv6 route-direct nib [ nib-id ] [ verbose ]
【视图】
任意视图
【修改说明】
26
17.2.5 修改-display route-static nib
display route-static nib 命令用来显示静态路由下一跳信息。
【命令】
display route-static nib [ nib-id ] [ verbose ]
【视图】
任意视图
【修改说明】
17.2.6 修改-display ipv6 route-static nib

display ipv6 route-static nib 命令用来显示 IPv6 静态路由下一跳信息。
【命令】
display ipv6 route-static nib [ nib-id ] [ verbose ]
【视图】
任意视图
【修改说明】
18 变更特性－配置 OSPF/OSPFv3 验证新增验证模式

从本版本开始，配置 OSPF 或 OSPFv3 验证时，新增 HMAC-SHA-256 和 HMAC-SM3，该字段表
示选择对应的 HMAC-SHA-256 和 HMAC-SM3 验证模式。
18.2.1 修改-authentication-mode
【原命令】
MD5/HMAC-MD5 验证模式：
authentication-mode { hmac-md5 | md5 } [ key-id { cipher | plain } string ]
27
undo authentication-mode [ { hmac-md5 | md5 } [ key-id ] ]
HMAC-MD5/HMAC-SHA-256/HMAC-SM3/MD5 验证模式：
authentication-mode { hmac-md5 | hmac-sha-256 | hmac-sm3 | md5 } [ key-id
{ cipher | plain } string ]
undo authentication-mode [ { hmac-md5 | hmac-sha-256 | hmac-sm3 | md5 }
[ key-id ] ]
【视图】
OSPF 区域视图
【修改说明】
修改前：不支持选择 HMAC-SHA-256 和 HMAC-SM3 验证模式。
MD5/HMAC-MD5 验证模式下，明文密钥为 1～16 个字符的字符串；密文密钥为 33～53 个字符的
字符串。
修改后：支持选择 HMAC-SHA-256 和 HMAC-SM3 验证模式。
HMAC-MD5/HMAC-SHA-256/HMAC-SM3/MD5 验证模式下，明文密钥为 1～255 个字符的字符串；
密文密钥为 33～373 个字符的字符串。
18.2.2 修改-ospf authentication-mode

【原命令】
MD5/HMAC-MD5 验证模式：
ospf authentication-mode { hmac-md5 | md5 } [ key-id { cipher | plain } string ]
undo ospf authentication-mode [ { hmac-md5 | md5 } [ key-id ] ]
HMAC-MD5/HMAC-SHA-256/HMAC-SM3/MD5 验证模式：
ospf authentication-mode { hmac-md5 | hmac-sha-256 | hmac-sm3 | md5 } [ key-id
{ cipher | plain } string ]
undo ospf authentication-mode [ { hmac-md5 | hmac-sha-256 | hmac-sm3 | md5 }
[ key-id ] ]
【视图】
接口视图
【修改说明】
MD5/HMAC-MD5 验证模式下，明文密钥为 1～16 个字符的字符串；密文密钥为 33～53 个字符的
字符串。
HMAC-MD5/HMAC-SHA-256/HMAC-SM3/MD5 验证模式下，明文密钥为 1～255 个字符的字符串；
密文密钥为 33～373 个字符的字符串。
28
18.2.3 修改-vlink-peer
【原命令】
vlink-peer router-id [ dead seconds | hello seconds | [ authentication-none |
{ hmac-md5 | md5 } [ key-id { cipher | plain } string ] | keychain keychain-name
| simple [ { cipher | plain } string ] ] | retransmit seconds | trans-delay
seconds ] *
undo vlink-peer router-id [ dead | hello | [ authentication-none | { hmac-md5
| md5 } [ key-id ] | keychain ] | retransmit | simple | trans-delay ] *
vlink-peer router-id [ dead seconds | hello seconds | [ authentication-none |
{ hmac-md5 | hmac-sha-256 | hmac-sm3 |md5 } [ key-id { cipher | plain } string ]
| keychain keychain-name | simple [ { cipher | plain } string ] ] | retransmit
seconds | trans-delay seconds ] *
undo vlink-peer router-id [ dead | hello | [ authentication-none | { hmac-md5
| hmac-sha-256 | hmac-sm3 | md5 } [ key-id ] | keychain ] | retransmit | simple
| trans-delay ] *
【视图】
OSPF 区域视图
【修改说明】
18.2.4 修改-authentication-mode
【原命令】
authentication-mode keychain keychain-name
undo authentication-mode
HMAC-SHA-256/HMAC-SM3 验证模式：
authentication-mode { hmac-sha-256 | hmac-sm3 } key-id { cipher | plain }
string
keychain 验证模式：
authentication-mode keychain keychain-name
【视图】
OSPFv3 区域视图
29
【修改说明】
18.2.5 修改-ospfv3 authentication-mode

【原命令】
ospfv3 authentication-mode keychain keychain-name [ instance instance-id ]
undo ospfv3 authentication-mode [ instance instance-id ]
HMAC-SHA-256/HMAC-SM3 验证模式：
ospfv3 authentication-mode { hmac-sha-256 | hmac-sm3 } key-id { cipher |
plain } string [ instance instance-id ]
keychain 验证模式：
ospfv3 authentication-mode keychain keychain-name [ instance instance-id ]
【视图】
接口视图
【修改说明】
18.2.6 修改-vlink-peer
【原命令】
vlink-peer router-id [ dead seconds | hello seconds | instance instance-id |
ipsec-profile profile-name | keychain keychain-name | retransmit seconds |
trans-delay seconds ] *
undo vlink-peer router-id [ dead | hello | ipsec-profile | keychain |
retransmit | trans-delay ] *
vlink-peer router-id [ dead seconds | hello seconds | instance instance-id |
ipsec-profile profile-name | [ { hmac-sha-256 | hmac-sm3 } key-id { cipher
| plain } string | keychain keychain-name ] | retransmit seconds | trans-delay
seconds ] *
undo vlink-peer router-id [ dead | hello | ipsec-profile | [ { hmac-sha-256 |
hmac-sm3 } | keychain ] | retransmit | trans-delay ] *
30
【视图】
OSPFv3 区域视图
【修改说明】
18.2.7 修改-sham-link (OSPF area view)

【原命令】
sham-link source-ip-address destination-ip-address [ cost cost-value | dead
dead-interval | hello hello-interval | { authentication-none | { hmac-md5 |
md5 } [ key-id { cipher | plain } string ] | keychain keychain-name | retransmit
retrans-interval | simple [ { cipher | plain } string ] } | trans-delay delay |
ttl-security hops hop-count ] *
undo sham-link source-ip-address destination-ip-address [ cost | dead |
hello | { authentication-none | { hmac-md5 | md5 } [ key-id ] | keychain |
simple } | retransmit | trans-delay | ttl-security ] *
sham-link source-ip-address destination-ip-address [ cost cost-value | dead
dead-interval | hello hello-interval | { authentication-none | { hmac-md5 |
hmac-sha-256 | hmac-sm3 | md5 } [ key-id { cipher | plain } string ] | keychain
keychain-name | simple [ { cipher | plain } string ] } | retransmit
retrans-interval | trans-delay delay | ttl-security hops hop-count ] *
undo sham-link source-ip-address destination-ip-address [ cost | dead |
hello | { authentication-none | { hmac-md5 | hmac-sha-256 | hmac-sm3 | md5 }
[ key-id ] | keychain | simple } | retransmit | trans-delay | ttl-security ]
*
【视图】
OSPF 区域视图
【修改说明】
18.2.8 修改-sham-link (OSPFv3 area view)

【原命令】
sham-link source-ipv6-address destination-ipv6-address [ cost cost-value |
dead dead-interval | hello hello-interval | instance instance-id |
ipsec-profile profile-name | keychain keychain-name | retransmit
retrans-interval | trans-delay delay ] *
31
undo sham-link source-ipv6-address destination-ipv6-address [ cost | dead |
hello | ipsec-profile | keychain | retransmit | trans-delay ] *
sham-link source-ipv6-address destination-ipv6-address [ cost cost-value |
dead dead-interval | hello hello-interval | instance instance-id |
ipsec-profile profile-name | { { hmac-sha-256 | hmac-sm3 }key-id { cipher |
plain } string | keychain keychain-name } | retransmit retrans-interval |
trans-delay delay ] *
undo sham-link source-ipv6-address destination-ipv6-address [ cost | dead |
hello | ipsec-profile | { hmac-sha-256 | hmac-sm3 | keychain } | retransmit
| trans-delay ] *
【视图】
OSPFv3 区域视图
【修改说明】
19 变更特性－新增 BGP 监控服务器的显示信息

从本版本开始，display bgp bmp server 命令可以显示 BGP 向监控服务器发送统计信息的周
期、BGP 向监控服务器上报的路由类型、BMP 客户端向监控服务器发送消息时是否携带模式标记
等信息。
19.2.1 修改-display bgp bmp server
【命令】
# 显示 BGP 监控服务器 1 的信息。
<Sysname> display bgp bmp server 1
BMP server number: 1
Server VPN instance name: vpna
Server address: 100.1.1.1 Server port: 6895
Client address: 100.1.1.2 Client port: 21452
BMP server state: Connected Up for 00h41m53s
TCP source interface has been configured
Statistics report interval: 5s
Reported route mode: adj-rib-in pre-policy
Pu-monitor-mode: Enabled
Pd-monitor-mode: Enabled
32
Message statistics:
Total messages sent: 15
INITIATION: 1
TERMINATION: 0
STATS-REPORT: 0
PEER-UP: 4
PEER-DOWN: 3
ROUTE-MON: 7
BGP peers monitored by BMP server:

10.1.1.1
【修改说明】
新增 Statistics report interval 、 Reported route mode 、 Pu-monitor-mode: Enabled 和
Pd-monitor-mode: Enabled 字段的显示信息。
20 变更特性-配置 802.1X 周期性重认证定时器

从本版本开始，802.1X 周期性重认证定时器的值，取值范围为 60～86400，单位为秒。
20.2.1 修改-dot1x timer reauth-period (interface view)
【命令】
dot1x timer reauth-period reauth-period-value
undo dot1x timer reauth-period
【视图】
【修改说明】
修改前：802.1X 周期性重认证定时器的值，取值范围为 60～7200，单位为秒。
修改后：802.1X 周期性重认证定时器的值，取值范围为 60～86400，单位为秒。
20.2.2 修改-dot1x timer

【命令】
dot1x timer { ead-timeout ead-timeout-value | handshake-period
handshake-period-value | quiet-period quiet-period-value | reauth-period
reauth-period-value | server-timeout server-timeout-value | supp-timeout
supp-timeout-value | tx-period tx-period-value | unicast-trigger
33
quiet-period quiet-period-value | user-aging { auth-fail-vlan |
critical-microsegment | critical-vlan | guest-vlan } aging-time-value }
undo dot1x timer { ead-timeout | handshake-period | quiet-period |
reauth-period | server-timeout | supp-timeout | tx-period | unicast-trigger
quiet-period | user-aging { auth-fail-vlan | critical-microsegment |
critical-vlan | guest-vlan } }
【视图】
系统视图
【修改说明】
修改前：802.1X 周期性重认证定时器的值，取值范围为 60～7200，单位为秒。
修改后：802.1X 周期性重认证定时器的值，取值范围为 60～86400，单位为秒。
21 变更特性-配置 MAC 地址认证的周期性重认证定时器

从本版本开始，MAC 地址认证周期性重认证定时器的值，取值范围为 60～86400，单位为秒。
21.2.1 修改-mac-authentication timer (interface view)
【命令】
mac-authentication timer { auth-delay auth-delay-time | reauth-period
reauth-period-value }
undo mac-authentication timer { auth-delay | reauth-period }
【视图】
【修改说明】
修改前：MAC 地址认证周期性重认证定时器的值，取值范围为 60～7200，单位为秒。
修改后：MAC 地址认证周期性重认证定时器的值，取值范围为 60～86400，单位为秒。
21.2.2 修改-mac-authentication timer (system view)

【命令】
mac-authentication timer { offline-detect offline-detect-value | quiet
quiet-value | reauth-period reauth-period-value | server-timeout
server-timeout-value | temporary-user-aging aging-time-value | user-aging
{ critical-microsegment | critical-vlan | guest-vlan } aging-time-value }
34
undo mac-authentication timer { offline-detect | quiet | reauth-period |
server-timeout | temporary-user-aging | user-aging { critical-microsegment
| critical-vlan | guest-vlan } }
【视图】
系统视图
【修改说明】
修改前：MAC 地址认证周期性重认证定时器的值，取值范围为 60～7200，单位为秒。
修改后：MAC 地址认证周期性重认证定时器的值，取值范围为 60～86400，单位为秒。
22 变更特性－显示本地非对称密钥对中的公钥信息
从本版本开始，在执行命令显示本地非对称密钥对中的公钥信息时，新增 Key length 字段，表示密
钥长度，单位为比特。
22.2.1 修改-display public-key local public
【命令】
display public-key local { dsa | ecdsa | rsa } public [ name key-name ]
【视图】
任意视图
【修改说明】
修改前：显示信息中没有 Key length 字段。
修改后：显示信息中新增 Key length 字段，表示密钥长度，单位为比特。
23 变更特性－IPsec 隧道 ID 号取值范围变更
从本版本开始，IPsec 隧道 ID 号的取值范围变更。
23.2.1 修改-display ipsec statistics
【命令】
display ipsec statistics [ tunnel-id tunnel-id ]
35
【视图】
任意视图
【修改说明】
修改前：tunnel-id 为隧道的 ID 号，取值范围为 0～4294967295。
修改后：tunnel-id 为隧道的 ID 号，取值范围为 0～4294967294。
23.2.2 修改-display ipsec tunnel

【命令】
display ipsec tunnel { brief | count | tunnel-id tunnel-id }
【视图】
任意视图
【修改说明】
23.2.3 修改-reset ipsec statistics

【命令】
reset ipsec statistics [ tunnel-id tunnel-id ]
【视图】
任意视图
【修改说明】
24 变更特性—创建 SNMPv3 用户支持配置 sha224、sha256、

sha384、sha512 认证算法
从本版本开始，设备创建 SNMPv3 用户支持配置 sha224、sha256、sha384、sha512 认证算法；
如果指明认证或者加密密码采用密文配置方式，支持配置 3dessha224、3dessha256、3dessha384、
3dessha512、aes192sha224、aes192sha256、aes192sha384、aes192sha512、aes256sha224、
aes256sha256、aes256sha384、aes256sha512、sha224、sha256、sha384、sha512 认证和加
密算法为明文密码计算对应的密文密码，仅非 FIPS 下模式支持配置 3dessha224、3dessha256、
3dessha384、3dessha512 认证和加密算法。
36
24.2.1 修改-snmp-agent usm-user v3
【原命令】
（非 FIPS 模式）
• VACM 方式：
snmp-agent usm-user v3 user-name group-name [ remote { ipv4-address |
ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] [ { cipher |
simple } authentication-mode { md5 | sha } auth-password [ privacy-mode
{ 3des | aes128 | aes192 | aes256 | des56 } priv-password ] ] [ acl
{ ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number |
name ipv6-acl-name } ] *
undo snmp-agent usm-user v3 user-name { local | engineid engineid-string
| remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance
vpn-instance-name ] }
• RBAC 方式：
snmp-agent usm-user v3 user-name user-role role-name [ remote
{ ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ]
[ { cipher | simple } authentication-mode { md5 | sha } auth-password
[ privacy-mode { 3des | aes128 | aes192 | aes256 | des56 } priv-password ] ]
[ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6
{ ipv6-acl-number | name ipv6-acl-name } ] *
（FIPS 模式）
• VACM 方式：
ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] { cipher |
simple } authentication-mode sha auth-password [ privacy-mode { aes128 |
aes192 | aes256 } priv-password ] [ acl { ipv4-acl-number | name
ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *
• RBAC 方式：
[ { cipher | simple } authentication-mode sha auth-password
[ privacy-mode { aes128 | aes192 | aes256 } priv-password ] ] [ acl
37
{ ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number |
name ipv6-acl-name } ] *
• VACM 方式：
ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] [ { cipher |
simple } authentication-mode { md5 | sha | sha224 | sha256 | sha384 |
sha512 } auth-password [ privacy-mode { 3des | aes128 | aes192 | aes256 |
des56 } priv-password ] ] [ acl { ipv4-acl-number | name ipv4-acl-name }
| acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *
• RBAC 方式：
[ { cipher | simple } authentication-mode { md5 | sha | sha224 | sha256 |
sha384 | sha512 } auth-password [ privacy-mode { 3des | aes128 | aes192 |
aes256 | des56 } priv-password ] ] [ acl { ipv4-acl-number | name
ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *
（FIPS 模式）
• VACM 方式：
ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] { cipher |
simple } authentication-mode { sha | sha224 | sha256 | sha384 | sha512 }
auth-password [ privacy-mode { aes128 | aes192 | aes256 } priv-password ]
[ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6
• RBAC 方式：
38
[ { cipher | simple } authentication-mode { sha | sha224 | sha256 | sha384
| sha512 } auth-password [ privacy-mode { aes128 | aes192 | aes256 }
priv-password ] ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6
【视图】
系统视图
【修改说明】
修改前：不支持 sha224、sha256、sha384、sha512 认证算法。
修改后：支持 sha224、sha256、sha384、sha512 认证算法。
24.2.2 修改-snmp-agent calculate-password

【原命令】
snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha |
aes192md5 | aes192sha | aes256md5 | aes256sha | md5 | sha } { local-engineid |
specified-engineid engineid }
（FIPS 模式）
snmp-agent calculate-password plain-password mode { aes192sha | aes256sha |
sha } { local-engineid | specified-engineid engineid }
snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha |
3dessha224 | 3dessha256 | 3dessha384 | 3dessha512 | aes192md5 | aes192sha |
aes192sha224 | aes192sha256 | aes192sha384 | aes192sha512 | aes256md5 |
aes256sha | aes256sha224 | aes256sha256 | aes256sha384 | aes256sha512 | md5 |
sha | sha224 | sha256 | sha384 | sha512 } { local-engineid | specified-engineid
engineid }
（FIPS 模式）
snmp-agent calculate-password plain-password mode { aes192sha |
aes192sha224 | aes192sha256 | aes192sha384 | aes192sha512 | aes256sha |
aes256sha224 | aes256sha256 | aes256sha384 | aes256sha512 | sha | sha224 |
sha256 | sha384 | sha512 } { local-engineid | specified-engineid engineid }
【视图】
系统视图
39
【修改说明】
修改前：
• plain-password：表示明文密码，为 1～64 个字符的字符串，区分大小写。
• 非 FIPS 模式下不支持 3dessha224、3dessha256、3dessha384、3dessha512、
aes192sha224、aes192sha256、aes192sha384、aes192sha512、aes256sha224、
aes256sha256、aes256sha384、aes256sha512、sha224、sha256、sha384、sha512 认
证和加密算法。
• FIPS 模式下不支持 aes192sha224、aes192sha256、aes192sha384、aes192sha512、
aes256sha224、aes256sha256、aes256sha384、aes256sha512、sha224、sha256、
sha384、sha512 认证和加密算法。
修改后：
• plain-password：表示明文密码，为 1～128 个字符的字符串，区分大小写。
• 非 FIPS 模式下支持 3dessha224、3dessha256、3dessha384、3dessha512、
aes192sha224、aes192sha256、aes192sha384、aes192sha512、aes256sha224、
aes256sha256、aes256sha384、aes256sha512、sha224、sha256、sha384、sha512 认
证和加密算法。
• FIPS 模式下支持 aes192sha224、aes192sha256、aes192sha384、aes192sha512、
aes256sha224、aes256sha256、aes256sha384、aes256sha512、sha224、sha256、
sha384、sha512 认证和加密算法。
25 变更特性—配置发送端邮件服务器的域名字符串长度范围
变更
从本版本开始，配置发送端邮件服务器域名的字符串长度范围变更为 1～253。
25.2.1 修改-rtm email domain
【命令】
rtm email domain domain-name
【视图】
系统视图
【修改说明】
修改前：domain-name 表示发送端邮件服务器的域名，为 1～255 个字符的字符串。
修改后：domain-name 表示发送端邮件服务器的域名，为 1～253 个字符的字符串。
40
26 变更特性—单个日志文件使用率的告警门限取值范围变更
从本版本开始，配置单个日志文件使用率的告警门限取值范围变更为 0～100。
26.2.1 修改-info-center logfile alarm-threshold
【命令】
info-center logfile alarm-threshold usage
【视图】
系统视图
【修改说明】
修改前：配置单个日志文件使用率的告警门限取值范围为 1～100。
修改后：配置单个日志文件使用率的告警门限取值范围为 0～100。
27 变更特性－显示指定用户态进程的堆内存统计信息新增字
段
从本版本开始，显示指定用户态进程的堆内存统计信息新增字段 Free physical memory ratio（物理
内存的空闲率）。
27.2 命令说明
27.2.1 修改-display process memory heap
【命令】
display process memory heap job job-id [ verbose ] [ slot slot-number [ cpu
cpu-number ] ]
【视图】
任意视图
【修改说明】
修改前：用户态进程的堆内存统计信息不支持显示字段 Free physical memory ratio（物理内存的空
闲率）
。
修改后：用户态进程的堆内存统计信息支持显示字段 Free physical memory ratio（物理内存的空闲
率）。
41
28 变更特性－配置流镜像到接口
从本版本开始，配置流镜像到接口时，既支持使用命令形式一将报文镜像到指定出接口，也支持使
用命令行形式二将进入镜像源的报文复制一份给目的端口，目的端口再将报文发送给反射端口，反
射端口将镜像报文在指定的 VLAN 中广播。
28.2.1 修改-mirror-to interface
【原命令】
mirror-to interface interface-type interface-number
undo mirror-to interface interface-type interface-number
【修改后命令】
命令形式一
mirror-to interface interface-type interface-number
命令形式二
mirror-to interface interface-type interface-number reflector-port
interface-type interface-number strip-vlan vlan-id
【视图】
流行为视图
【修改说明】
修改前：配置流镜像到接口时，仅支持使用命令形式一将报文镜像到指定出接口。
修改后：配置流镜像到接口时，既支持使用命令形式一将报文镜像到指定出接口，也支持使用命令
行形式二将进入镜像源的报文复制一份给目的端口，目的端口再将报文发送给反射端口，反射端口
将镜像报文在指定的 VLAN 中广播。
29 变更特性－显示 gRPC 的相关信息

从本版本开始，在执行命令显示 gRPC 的相关信息时，设备从仅支持显示 gRPC Dial-in 模式的概要
信息，变更为支持显示 gRPC Dial-in 和 gRPC Dial-out 模式的概要和详细信息。
42
【原命令】
display grpc
display grpc [ verbose ]
【视图】
任意视图
【修改说明】
修改前：设备仅支持显示 gRPC Dial-in 模式的概要信息，并且不支持显示详细信息。
修改后：设备支持显示 gRPC Dial-in 和 gRPC Dial-out 模式的概要和详细信息。指定 verbose 参
数表示显示 gRPC 的详细信息，不指定该参数时，将显示 gRPC 的概要信息。
30 删除特性
表11 本版本删除特性
删除特性删除命令视图
配置接口入方向带宽利用率的
port ifmonitor input-usage 接口视图
告警参数
配置接口出方向带宽利用率的
port ifmonitor output-usage 接口视图
告警参数
43

h3c s5500v2 - ei-Cmw710-r6628p40 版本说明书（软件特性变更说明）

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

h3c s5500v2 - ei-Cmw710-r6628p40 版本说明书（软件特性变更说明）

Uploaded by

Copyright:

Available Formats

H3C S5500V2_EI-CMW710-R6628P30 版本

Copyright © 2023 新华三技术有限公司 版权所有，保留一切权利。

3 变更特性－在接口上应用 QoS 策略 ······································································································ 13

4 变更特性－配置 M-LAG 组网中 M-LAG 接口上用户认证的负载分担模式 ············································· 14

12 变更特性－配置接口收到携带 Management Address TLV 的 LLDP 报文后生成 ARP 表项或 ND 表项

13 变更特性－配置 LLDP 报文的源 MAC 地址为指定的 MAC 地址 ························································· 17

14 变更特性－配置接口上允许发布的 TLV 类型 ······················································································ 17

15 变更特性－配置 HTTP/HTTPS 服务与 ACL 关联 ················································································ 24

18 变更特性－配置 OSPF/OSPFv3 验证新增验证模式············································································ 27

19 变更特性－新增 BGP 监控服务器的显示信息 ····················································································· 32

20 变更特性-配置 802.1X 周期性重认证定时器························································································ 33

21 变更特性-配置 MAC 地址认证的周期性重认证定时器 ········································································· 34

23 变更特性－IPsec 隧道 ID 号取值范围变更 ·························································································· 35

24 变更特性—创建 SNMPv3 用户支持配置 sha224、sha256、sha384、sha512 认证算法 ·················· 36

29 变更特性－显示 gRPC 的相关信息······································································································ 42

traffic-statistic enable 命令用来开启三层聚合子接口的报文统计功能。

display object-group [ { { ip | ipv6 } address | service

2.2.2 display object-group

IP address object group obj2: 7 objects(out of use)

IPv6 address object-group obj3: 0 object(in use)

IPv6 address object-group obj4: 5 objects(out of use)

Service object-group obj5: 0 object(in use)

Service object-group obj6: 6 objects(out of use)

Port object-group obj8: 3 objects(out of use)

IP address object-group obj2: 6 objects(out of use)

表1-2 display object-group 命令显示信息描述表

out of use 表明此对象组没有被引用

2.2.3 network (IPv4 address object group view)

2.2.4 network (IPv6 address object group view)

2.2.6 port (port object group view)

2.2.7 service(service object group view)

新增特性 新增命令/参数 配置指导&命令参考相关章节

环回测试 loopback-test 以太网接口

显示接口物理状态变化的统计 display link-state-change

清除接口的物理状态变化统计 reset link-state-change statistics

port link-flap protect enable命令新

开启接口监控模块的告警功能 • sdh-b1-error 以太网接口

如下命令新增 shutdown 参数：

link-aggregation lacp isolate命令新

自环保护功能 stp loopback-protection 生成树

配置接口发送的LLDP报文中 lldp tlv-config basic-tlv port-id LLDP

l2protocol tunnel dot1q 命令新增 all、

新增特性 新增命令/参数 配置指导&命令参考相关章节

开启ARP表项下发硬件日志功 arp hardware log enable

snmp-agent trap enable arp

dhcp relay information

dhcp relay source-address

显示M-LAG组网中DHCP display dhcp snooping

配置负载分担算法计算结果的 ip load-sharing mode per-flow命令新

• ping arp ip host [ interface

ARP-Ping • ping arp mac mac-address { ip ARP

• snmp-agent trap enable dhcp

• snmp-agent trap enable dhcp

display ipv6 interface命令新增参数

display ipv6 neighbors statistics

开启ND表项下发硬件日志功 ipv6 nd hardware log enable

ping nd ipv6 host [ interface

ping nd mac mac-address { ipv6

• snmp-agent trap enable ipv6

• snmp-agent trap enable ipv6

• snmp-agent trap enable ipv6

mDNS网关 所有mDNS网关相关配置命令 mDNS网关

新增特性 新增命令/参数 配置指导&命令参考相关章节

Copyright © 2023 新华三技术有限公司版权所有，保留一切权利。

新增特性新增命令/参数配置指导&命令参考相关章节

新增特性新增命令/参数配置指导&命令参考相关章节

mDNS网关所有mDNS网关相关配置命令 mDNS网关

新增特性新增命令/参数配置指导&命令参考相关章节

新增特性新增命令/参数配置指导&命令参考相关章节

新增特性新增命令/参数配置指导&命令参考相关章节

新增特性新增命令/参数配置指导&命令参考相关章节

新增特性新增命令/参数配置指导&命令参考相关章节

新增特性新增命令/参数配置指导&命令参考相关章节

新增特性新增命令/参数配置指导&命令参考相关章节