You are on page 1of 1150

Router Command Reference

Guide

Router 5000 Family


Version 2.1

http://www.3com.com/

Part No. 10014596-AA


Published November 2004
3Com Corporation Copyright © 2004, 3Com Corporation. All rights reserved. No part of this documentation may be
350 Campus Drive reproduced in any form or by any means or used to make any derivative work (such as translation,
Marlborough, MA transformation, or adaptation) without written permission from 3Com Corporation.
01752-3064
3Com Corporation reserves the right to revise this documentation and to make changes in content from
time to time without obligation on the part of 3Com Corporation to provide notification of such revision or
change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT or!LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein
are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense.
Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995)
or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are
provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited
rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is
applicable. You agree not to remove or deface any portion of any legend provided on any licensed program
or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may
not be registered in other countries.
3Com and the 3Com logo are registered trademarks of 3Com Corporation.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and
Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered
trademarks of Novell, Inc.
All other company and product names may be trademarks of the respective companies with which they are
associated.
CONTENTS

ABOUT THIS GUIDE


Conventions 7
Related Documentation 10

1 CONFIGURATION COMMANDS
Basic Configuration Commands 11

2 SYSTEM MAINTENANCE & MANAGEMENT COMMANDS


Debugging 27
HWPing Commands 35
HWPing Server Commands 51
Information Processing Commands 53
System Operating Management Commands 70
Lock-Down Commands 77
File Management Commands 78
FTP Server Configuration Commands 88
FTP client module commands 91
TFTP Configuration Commands 102
Configuration Files Management Commands 103
User Interface Configuration Commands 108
debugging ntp-service 124
SNMP Configuration Commands 137
Terminal Service Commands 155
SSH Configuration Commands 157

3 INTERFACE MANAGEMENT COMMANDS


Interface Management Commands 171
Fundamental Ethernet Interface Configuration Commands 176
Fundamental WAN Interface Configuration Commands 180
Fundamental CE1/PRI Interface Configuration Commands 187
Fundamental CT1/PRI Interface Configuration Commands 194
E1-F Interface Configuration Commands 200
T1-F Interface Configuration Commands 205
Fundamental CE3 Interface Configuration Commands 209
Fundamental CT3 Interface Configuration Commands 218
ATM E3/T3 Interface Configuration Commands 227
ATM OC-3c/STM-1 Interface Configuration Commands 230
ADSL Interface Configuration Commands 233
Fundamental Logical Interface Configuration Commands 239
Logic-Channel Interface 241
Configuration Command of Virtual Template and Virtual Access Interface 242
MP-group Interface Configuration Command 244
Virtual Ethernet Interface Configuration Command 246
Configuration Command of Loopback Interface and Null Interface 248

4 LINK LAYER PROTOCOL


PPP and MP Configuration Commands 251
PPPoE Server Configuration Commands 265
PPPoE Client Configuration Commands 268
VLAN Configuration Commands 272
ISDN Configuration Commands 276
SLIP Configuration Commands 304
HDLC Configuration Commands 305
Frame Relay Configuration Commands 307
ATM Configuration Commands 340
LAPB and X.25 Configuration Commands 366

5 NETWORK PROTOCOL
IP Address Configuration Commands 413
ARP Configuration Commands 417
Static Domain Name Resolution 421
DNS Client Configuration Commands 422
DHCP Public Configuration Commands 426
DHCP Server Configuration Commands 428
DHCP Client Configuration Commands 456
DHCP Relay Configuration Commands 458
IP Performance Configuration Commands 463
IP Unicast Policy Routing Configuration Commands 490
IP Multicast Policy Routing Configuration Commands 498
IPX Configuration Commands 503
DLSw Configuration Commands 531

6 ROUTING PROTOCOL
Display Commands of the Routing Table 559
Static Route Configuration Commands 569
RIP Configuration Commands 571
OSPF Configuration Commands 587
BGP Configuration Commands 626
MBGP Configuration Commands 665
IP Routing Policy Configuration Commands 668
Route Capacity Configuration Commands 682
7 MULTICAST COMMON CONFIGURATION COMMANDS
Multicast Common Configuration Commands 687
IGMP Configuration Commands 697
PIM Configuration Commands 708
MSDP Configuration Commands 725
MBGP Multicast Extension Configuration Commands 740
Multicast Static Route Configuration Commands 753

8 MPLS BASIC CONFIGURATION COMMANDS


Basic Configuration Commands 757
LDP Configuration Commands 767
BGP/MPLS VPN Configuration Commands 778
MPLS L2VPN CCC Configuration Commands 800
SVC MPLS L2VPN Configuration Commands 804
Martini MPLS L2VPN Configuration Commands 805
Kompella MPLS L2VPN Configuration Commands 806

9 SECURITY
AAA Configuration Commands 813
Ethernet Type-Code Values 832
ASPF Configuration Commands 844
Firewall Configuration Commands 853
IPSec Configuration Commands 858
IKE Configuration Commands 933
PKI Configuration Commands 962
HWTACACS Configuration Commands 980

10 L2TP CONFIGURATION COMMANDS


GRE Configuration Commands 1010
Dynamic VPN 1017

11 TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS


Traffic Policing (TP) Configuration Commands 1029
Traffic Shaping Configuration Commands 1032
Physical Interface Rate-limit Configuration Commands 1034
FIFO Queue Configuration Commands 1035
PQ Configuration Commands 1036
CQ Configuration Commands 1041
WFQ Configuration Commands 1047
CBQ Configuration Commands 1048
RTP Priority Queue Configuration Commands 1074
Weighted Random Early Detection Configuration Commands 1077
IP Header Compression Configuration Commands 1080
MPLS QoS Configuration Commands 1105
12 BACKUP CENTER CONFIGURATION COMMANDS
Backup Center Configuration Commands 1109
VRRP Configuration Commands 1116

13 DCC CONFIGURATION COMMANDS


DCC Configuration Commands 1123
Modem Configuration Commands 1142
Conventions 7

ABOUT THIS GUIDE

This guide describes the 3Com® Router 5000 Family of routers and how to install
hardware, configure and boot software, and maintain software and hardware.
This guide also provides troubleshooting and support information for your router.

This guide is intended for the system or network administrator who is responsible
for installing, configuring, using, and managing the routers. It assumes a working
knowledge of wide area network (WAN) operations and familiarity with
communication protocols that are used to interconnect WANs.

Always download the Release Notes for your product from the 3Com World Wide
Web site for the latest updates to product documentation:
http://www.3com.com

Conventions and Table 2: list conventions that are used throughout this guide.

Table 1: Notice Icons

Icon Notice Type Description

Information Information
note that
describes
important
features or
instructions.
Caution Information
that alerts
you to
potential
loss of data
or potential
damage to
an applica-
tion, sys-
tem, or
device.
8 CHAPTER : ABOUT THIS GUIDE

Table 1: Notice Icons

Icon Notice Type Description

Warning Information
that alerts
you to
potential
personal
injury.

Table 2: Text Conventions

Convention Description

Screen dis- This type-


plays face repre-
sents
information
as it appears
on the
screen.
Keyboard If you must
key names press two or
more keys
simulta-
neously, the
key names
are linked
with a plus
sign (+), for
example:
Press The words
Ctrl+Alt+D “enter” and
el type”
Conventions 9

Table 2: Text Conventions

Convention Description

When you Words in


see the italics
word
“enter” in
this guide,
you must
type some-
thing, and
then press
Return or
Enter. Do
not press
Return or
Enter when
an instruc-
tion simply
says “type.”
Italics are Emphasize
used to: a point.
Denote a Identify
new term at menu
the place names,
where it is menu com-
defined in mands, and
the text. software
button
names.
Examples:
From Click
the Help OK.
menu, select
Contents.
10 CHAPTER : ABOUT THIS GUIDE

Table 2: Text Conventions

Convention Description

Words in Boldface
bold type is used
to highlight
command
names in
text. For
example,
“Use the
display
user-inter-
face com-
mand to...

Related The following manuals offer additional information necessary for managing your
Documentation Router 5000:

■ 3Com Router 5000 Family Installation Guide — Provides detailed descriptions


of the Router 5000 Family products.
■ 3Com Router Configuration Guide— Describes how to configure your Router
5000 using the supported protocols and CLI commands.
■ Release Notes — Contains the latest information about your product. If
information in this guide differs from information in the release notes, use the
information in the Release Notes.

These documents are available in Adobe Acrobat Reader Portable Document


Format (PDF) on the CD-ROM that accompanies your router or on the 3Com
World Wide Web site:

http://www.3com.com/
CONFIGURATION COMMANDS
1
This chapter describes how to use the following commands:

Basic Configuration Commands

■ Clock Summer Times


■ clock datetime
■ clock timezone
■ command-privilege
■ display clipboard
■ display clock
■ display history-command
■ display version
■ header3Com
■ hotkey
■ language-mode
■ lock
■ quit
■ Reboot
■ return
■ super
■ super password
■ sysname
■ system-view

Basic Configuration
Commands

Clock Summer Times Syntax


Clock summer-time zone_name {absolute / recurring} HH:MM:SS YYYY/MM/DD
HH:MM:SS YYYY/MM/DD HH:MM:SS

Undo clock summer-time zone.

View

User view
12 CHAPTER 1: CONFIGURATION COMMANDS

Parameter
zone_name: Name of the summer time, which is a character string of 1 to 32
characters.

absolute: Only sets the summer time of some year.

recurring: Sets the summer time of every year starting from some year.

HH:MM:SS: Time (hour/minute/second).

YYYY/MM/DD: Date (year/month/day).

Description

Using the clock summer-time command, you can set the name, and the starting
and ending time of the summer time. Using the undo clock summer-time
command, you can remove the configuration of the summer time.

After the configuration takes effect, it can be verified by using the display clock
command. Beside the time of the log or debug information will be the local time
on which the adjustment of the time zone and summer time has been made.

For related command, see clock timezone.

Example

Add one hour to the clock for the summer time z2 that starts at 06:00:00 on
2002/06/08 and ends at 06:00:00 on 2002/09/01.

<3Com> clock summer-time z2 absolute 06:00:00 2002/06/08 06:00:00 2002/09/01


01:00:00

# Add one hour to the clock each year starting from 2002 for the summer time z2
that starts at 06:00:00 on 08/06 and ends at 06:00:00 on 01/09.

<3Com> clock summer-time z2 recurring 06:00:00 2002/06/08 06:00:00 2002/09/01


01:00:00

clock datetime Syntax


clock datetime HH:MM:SS YYYY/MM/DD

View

User view

Parameter
HH:MM:SS: Time (hour/minute/second).
YYYY/MM/DD: Date (year/month/day) in the range of 1993 to 2035.

Description
Using the clock datetime command, you can set the date and time.
Basic Configuration Commands 13

After the configuration takes effect, it can be verified by executing the display
clock command. The time applied to the log and debug information has been
adjusted.

Example
Set the current system time to 10:20:55 2003/04/05.
<3Com> clock datetime 10:20:55 2003/04/05

clock timezone Syntax


clock timezone zone_name { add | minus } HH:MM:SS
undo clock timezone

View
User view

Parameter
zone_name: Timezone name, which is a string of 1 to 32 characters.
add: Adds the time on the basis of Universal Time Coordinated (UTC) timezone.
minus: Reduces the time on the basis of UTC timezone.
HH:MM:SS: Time (hour/minute/second).

Description
Using the clock timezone command, you can set the information for the local
timezone. Using the undo clock timezone command, you can restore the local
timezone to the default UTC timezone.

After the configuration takes effect, you can view it by executing the display
clock command. The time applied to the log and debug information has been
adjusted according to the involved timezone and summer time.

For related command, see clock summer-time.

Example
Set the local timezone name to Z5 and set Z5 to be five hours faster than UTC
time.
<3Com> clock timezone z5 add 05:00:00

command-privilege Syntax
command-privilege level level view view command-key
undo command-privilege view view command-key

View

System view

Parameter
level level: Command priority ranging from 0 to 3.
view view: View. The command line provides the following views:
14 CHAPTER 1: CONFIGURATION COMMANDS

■ shell: View of current user level.


■ system: System view
■ Routing protocol view: Include ospf (OSPF view), rip (RIP view), bgp (BGP
view), isis (IS-IS view), etc.
■ Interface view: Include ethernet (FE), gigabitethernet (GE), serial (serial
interface), ce1 (cE1 interface), ce3 (E3 interface), ct1 (cT1 interface), atm
(ATM interface), pos (POS interface), virtual-template (virtual interface
template), virtual-ethernet (virtual Ethernet interface), loopback (Loopback
interface), null (Null interface), tunnel (Tunnel interface).
■ user-interface: User view
■ l2tp-group: System view of L2TP group.
■ route-policy: Route map view

Refer to "Command Line Views" section in the Operation Manual for more
details.

commandkey: Command to be set.

Description
Using the command-privilege command, you can set the command level in the
specified view. Using the undo command-privilege view command, you can
remove current settings.

Command priority falls into 4 levels, access, monitor, configure and manage, that
are identified with 0 to 3. The administrator can grant certain rights to a user on
their demand so that the user can operate in the related view. When the user logs
in, the system can set the command operation rights, either, according to the
rights corresponding to the user name, or based on the rights of the
user-interface. If the two sets of rights conflict, the minimum rights will be
adopted.

By default, the command level of the ping, tracert and telnet commands is
access (level 0), the command level of the display and debugging commands is
monitor (level 1), that of configuration commands is system (level 2), and the
commands for user key setting, FTP, XMODEM, TFTP and file system operation fit
into commands of manage-level (level 3).

Example
Set the priority of the “interface” command to 0.
[3Com] command-privilege level 0 view system interface

display clipboard Syntax


display clipboard

View

Any view
Basic Configuration Commands 15

Parameter

None

Description

Using the display clipboard command, you can display the contents of clipboard.

Example
Display the contents of clipboard.
<3Com> display clipboard
-----------------clipboard -----------------
ip route 10.1.0.0 255.0.0.0 eth 0

display clock Syntax


display clock

View

Any view

Parameter

None

Description
Using the display clock command, you can display the clock status and the
configuration information.

Example

Display the current time.

<3Com> display clock

display cpu-usage Syntax

display cpu-usage [ configuration | number [ offset ] [ verbose ] [


from-device ] ]

View
Any view

Parameter
configuration: Displays the configuration about CPU usage statistics, such as
whether CPU usage statistics is enabled, statistic period, and CPU usage alarm
thresholds.
number: Number of CPU usage statistics queries.
offset: Offset of the starting entry to be displayed to the last statistic entry.
16 CHAPTER 1: CONFIGURATION COMMANDS

verbose: Displays the detailed information.


from-device: Displays information stored on an external storage device such as a
Flash or hard disk. (Not available yet.)

Description
Using the display cpu-usage command, you can view statistics about CPU usage.
The commands display cpu-usage and dispaly cpu-usage 1 0 verbose function the
same to display detailed information on the last CPU usage measurement.

Example
Display detailed information on CPU usage statistics.
[Router] display cpu-usage
===== Current CPU usage info =====
CPU Usage Stat. Cycle: 1 (Second)
CPU Usage : 1%
CPU Usage Stat. Time : 2004-09-15 15:51:48
CPU Usage Stat. Tick : 0x27(CPU Tick High) 0x88cf18e4(CPU Tick Low)
Actual Stat. Cycle : 0x0(CPU Tick High) 0x2264cc2(CPU Tick Low)

TaskName CPU Runtime(CPU Tick High/CPU Tick Low)


VIDL 99% 0/ 222de39
TICK 0% 0/ 88d8
co0 0% 0/ 6e5
SRM 0% 0/ 1da
ROUT 0% 0/ 1d6c
SOCK 0% 0/ 3c65
VTYD 0% 0/ 1074
IPSP 0% 0/ 28b
TAC 0% 0/ 15ac
SC 0% 0/ 10de
RDS 0% 0/ e71
ACM 0% 0/ 180a
LSSO 0% 0/ 3a2
TRAP 0% 0/ 2d0
NTPT 0% 0/ 1082a
PIMT 0% 0/ 2f8
LSPM 0% 0/ 90c
L2V 0% 0/ 1066
IPS 0% 0/ 7575
SIP 0% 0/ 6b87
DHCP 0% 0/ 33d
HOT 0% 0/ fca
DHCC 0% 0/ 414

display Syntax
history-command display history-command

View

Any view

Parameter

None
Basic Configuration Commands 17

Description
Using the display history-command command, you can browse the history
commands.

The terminal will automatically save the history commands typed by the user, that
is, completely record the user's input (via keyboard) separated by "Enter".

For the related command, see history-command size.

Example

Display history commands.

<3Com> display history-command


show interface
show interface e 1/0/0
c
in e 1/0/0

display version Syntax


Display version

View

Any view

Parameter

None

Description
Using the display version command, you can browse system version information.

Through viewing system version information, you will learn about the software
version in use, rack type, and the information related to the main processing board
and interface cards.

Example
Display system version information of a 3Com R1760 router.
<3Com> display version
3Com Versatile Routing Platform Software
VRP(tm) software, Version 3.30
Copyright (c) 2000-2002 3Com Corporation.
3Com Serial Router R1760
System has kept running 0weeks, 0days, 0hours, 15minutes
CPU type Powerpc8241 166Mhz
64M bytes SDRAM
8M bytes Flash Memory
Pcb Version:001
Logic Version:001
BootROM Version:0.0
Slot0: WAN (pcb)001 (software)000 (logic)001
18 CHAPTER 1: CONFIGURATION COMMANDS

header3Com Syntax
header [ shell | incoming | login ] text

undo header [ shell | incoming | login ]

View

System view

Parameter

login: Greeting information when login.

shell: Greeting information of the creation of a user session.

incoming: Greeting information when login to the user view.

text: Content of greeting information.

Description
Using the header command, you can set the greeting information that will be
displayed. Using the undo header command, you can remove the preset greeting
information.

When a user is logging on to a router via a terminal line, the router prompts
related information by setting the title attribute. After activating the terminal
connection, the router sends the login title to the terminal. If the user logs on to
the router successfully, the shell greeting information will be displayed.

Text takes the first English character as the start and end characters. After the end
character is input, the system will quit the interactive process automatically.

If you do not want to start the interactive process, make sure that the first and last
characters of the text are the same English character and press <Enter> directly.

Example
Configure a session creation title.
[3Com] header shell %
Enter TEXT message. End with the character '%'.
SHELL : Hello! Welcome use 3Com R1760.%
# Test the configuration.
[3Com] quit
<3Com> quit
Press RETURN to get started
SHELL : Hello! Welcome use 3Com R1760.
<3Com>

hotkey Syntax
hotkey [ CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U ] command_text

undo hotkey [ CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U ]


Basic Configuration Commands 19

View

System view

Parameter

CTRL_G: Specify a command for the hotkey <CTRL+G>.

CTRL_L: Specify a command for the hotkey <CTRL+L>.

CTRL_O: Specify a command for the hotkey <CTRL+O>.

CTRL_T: Specify a command for the hotkey <CTRL+T>.

CTRL_U: Specify a command for the hotkey <CTRL+U>.

command_text: The command line correlated with the hotkey.

Description
Using the hotkey command, you can correlate a command line with a hotkey.
Using the undo hotkey command, you can recover the default value of the
system.

By default, CTRL_G, CTRL_L and CTRL_O correspond to the following commands


respectively:

display current-configuration (display current configuration);


display ip routing-table (display routing table information);
undo debugging all (disable the overall debugging function, that is, disable the output of all
debugging information).

You can change the definitions on your demand. The default values for the other
hotkeys are null.

Example
Correlate the display tcp status command with the hotkey CTRL_T.
[3Com] hotkey ctrl_t display tcp status
[3Com] display hotkey
----------------- HOTKEY -----------------
=Defined hotkeys=
Hotkeys Command
CTRL_G display current-configuration
CTRL_L display ip routing-table
CTRL_O undo debug all
CTRL_T display tcp status
=Undefined hotkeys=
Hotkeys Command
CTRL_U NULL
=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the current line.
CTRL_B Move the cursor one character left.
CTRL_C Stop current command function.
CTRL_D Erase current character.
CTRL_E Move the cursor to the end of the current line.
CTRL_F Move the cursor one character right.
20 CHAPTER 1: CONFIGURATION COMMANDS

CTRL_H Erase the character left of the cursor.


CTRL_K Kill outgoing connection.
CTRL_N Display the next command from the history buffer.
CTRL_P Display the previous command from the history buffer.
CTRL_R Redisplay the current line.
CTRL_V Paste text from the clipboard.
CTRL_W Delete the word left of the cursor.
CTRL_X Delete all characters up to the cursor.
CTRL_Y Delete all characters after the cursor.
CTRL_Z Return to the user view.
CTRL_] Kill incoming connection or redirect connection.
ESC_B Move the cursor one word back.
ESC_D Delete remainder of word.
ESC_F Move the cursor forward one word.
ESC_N Move the cursor down a line.
ESC_P Move the cursor up a line.
ESC_< Specify the beginning of clipboard.
ESC_> Specify the end of clipboard.

language-mode Syntax
language-mode { chinese | english }

View

User view

Parameter

None

Description
Using the language-mode command, you can switch between different
language modes of command line interface.

By default, the language mode is English.

The command line interface of the system also supports Chinese mode for
domestic users in China.

Example
Switch from English mode to Chinese mode.
<3Com> language-mode Chinese
Change language mode, confirm? [Y/N]y
% Switch to Chinese mode.

lock Syntax
lock

View

User view
Basic Configuration Commands 21

Parameter

None

Description
Using the lock command, you can lock the active user interface to prevent an
unauthorized user from operating the interface.

A user interface includes CON port, AUX port and VTY, etc.

After inputting the lock command, the user is prompted to enter the screensaver's
password and confirm the password. If the two passwords are the same, the
interface will be successfully locked. To enter the system once again, you must
press <Enter> first, and enter the preset password following the prompt.

Example
Log in from the CON port and lock the active user interface.
<3Com> lock
Password:
Again:

quit Syntax
quit

View

Any view

Parameter

None

Description
Using the quit command, you can quit from the active view to a lower-level view
(if the active view is user view, you will exit the system).

Views fall into three levels; in ascending order:

■ User view (with user level as 0)


■ System view (with user level as 3)
■ and Configuration view (routing protocol view, interface view, VPDN group
view, etc).

For the related command, see return.

Example
Switch from Ethernet1/0/0 interface view to system view, and then to user view.
[3Com-Ethernet1/0/0] quit
[3Com] quit
<3Com>
22 CHAPTER 1: CONFIGURATION COMMANDS

Reboot Syntax
reboot

View

User view

Parameter

None

Description
Using the reboot command, you can reboot the device.

This command produces the same effect as the power being turned on and then
off, but provides the user with a convenient method of rebooting the device from
a remote site.

The operation of this command will render the network unusable for a short
period of time, so it should be used with caution. Before rebooting the Router,
remember to save the configuration file if necessary,

Example
Reboot the device.
<3Com> reboot
System will reboot! Continue?[Y/N]

return Syntax
return

View

Any view, except user view

Parameter

None

Description
Using the return command, you can return to user view from any other view. The
combination key <Ctrl+Z> performs the same function as the return command.

For the related command, see quit.

Example
Return to user view from system view.
[3Com] return
<3Com>

super Syntax
super [ level ]
Basic Configuration Commands 23

View

User view

Parameter

Level: User level ranging from 0 to 3.

Description
Using the super command, you can switch from current user level to a specified
level.

User level refers to the class of a login user. There are 4 user levels corresponding
to 4 command levels. After a user of certain level logs in, it can only use the
commands of the same or lower level.

There are 4 command levels access, monitor, configure and manage, as follows:

■ Access: Includes the network diagnosis tool commands (ping, tracert);


commands for accessing an external device from local device (including
Telnet client, SSH client, RLOGIN), etc. Commands of this level cannot
perform configuration file saving operation.
■ Monitor: Commands used for system maintenance, service fault diagnosis
and so on, including the display and debugging commands. Commands
of this level cannot perform configuration file saving operation.
■ Configure: Service configuration commands, including routing commands
and commands of various network layers. Commands of this level provide
direct network services for users.
■ Manage: Commands related to basic system running and system support
modules. These commands provide support for various services. Commands
of this level include file system, FTP, TFTP, Xmodem download and
configuration file switchover commands, power control commands,
standby board control commands, user management commands, level
setting commands, system internal parameter setting commands (not being
provided in protocols or RFC documentation), etc.

To prevent unauthorized users from intruding on the system, you must pass the
authentication when you are trying to switch from current user to a higher-level
user. This means that you must enter the password of the higher-level user (if the
super password [ level user-level ] { simple | cipher } line command is
configured). For the sake of security, your entered password is not directly
displayed on the screen. If you enter the correct password, you will be able to
switch to the higher-level user, or you will stay at current level. Authentication
allows three trys to switch to a higher-level user.

For the related command, see super password.

Example
<3Com> super 3
Password:
User privilege changes to 3 level, just equal or less this level's
commands can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
24 CHAPTER 1: CONFIGURATION COMMANDS

super password Syntax


super password [ level user-level ] { simple | cipher } password

undo super password [ level user-level ]

View

System view

Parameter

user-level: User level ranging from 0 to 3.

simple: Configure simple text password.

cipher: Configure cipher text password.

password: Content of password. A simple text password is a consecutive


character string with the length no more than 16, such as 1234567. A cipher text
password has 24 characters in length, and is in the format of
"_(TT8F]Y\5SQ=^Q`MAF4<1!!".

Description
Using the super password command, you can set the password needed to
switch from a lower-level user to a higher-level user. Using the undo super
password command, you can remove the current setting.

By default, simple text password is adopted.

Example
Execute the following command in system view:
[3Com] super password level 3 simple zbr

sysname Syntax
sysname sysname

View

System view

Parameter

sysname: Name of the router. It is a character string containing 1 to 30 characters.

Description
Using the sysname command, you can set the name of a router.

By default, a router is named "3Com".

Modification to a router's name will affect the prompt of the command line
interface. For example, if the router's name is "3Com", the prompt of user view
will be "<3Com>".
Basic Configuration Commands 25

Example
Set the name of the router to R1760.
[3Com] sysname R1760
[R1760]

system-view Syntax
system-view

View

User view

Parameter

None

Description
Using the system-view command, you can enter system view from current user
view.

For the related command, see quit, return.

Example
<3Com> system-view
Enter system view , return user view with Ctrl+Z.
[3Com]

vrbd Syntax
vrbd

View
Any view

Parameter
None

Description
Using the vrbd command, you can view software version details, including product
software version and the matched platform software version.

Example
Display the internal version information.
[Router] vrbd

Routing Platform Software

Version AR46XX 8040V300R003B01D009 (COMWAREV300R002B11D001), RELEASE


SOFTWARE
26 CHAPTER 1: CONFIGURATION COMMANDS
SYSTEM MAINTENANCE &
2 MANAGEMENT COMMANDS

Network Test Tool Commands

Debugging Syntax
debugging { all | module-name [ debug-option1 ] [ debug-option2 ] …}

undo debugging { all | module-name [ debug-option1 ] [ debug-option2 ] … }

View

User view

Parameter

all: Enables or disables all the debugging switches.

module-name: Module name.

debug-option: Debugging option.

Description

Using the debug command, you can enable system debugging. Using the undo
debug command, you can disable system debugging.

By default, the system disables all the debugging switches.

The router system provides a variety of debugging functions mainly for the
support technicians and senior maintenance engineers to perform network fault
diagnosis.

Enabling debugging will generate a large amount of debugging information that


can result in a decrease in system efficiency. This is especially the case when the
command debugging all is executed to enable all the debugging switches. An
extreme aftermath after doing so can be system paralysis. For these reasons, you
are recommended not to use the command debugging all. On the contrary,
using undo debugging all will bring you great convenience because you can
disable all the debugging switches at once rather than disabling them one by one.

For related command, see display debugging.

Example

Enable IP packet debugging.


28 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

display debugging Syntax


display debugging [ interface interface-type interface-number] [ module-name ]

View

Any view

Parameter

module-name: Module name.

interface-type: Interface type.

interface-number: Interface number.

Description

Using the display debugging command, you can display the enabled debugging
switches.

By default, no parameters have been defined and all the enabled debugging
switches are displayed.

For related command, see debugging.

Example

Display all the enabled debugging switches.

<3Com> display debugging


IP packet debugging switch is on.

display Syntax
diagnostic-information
display diagnostic-information

View

Any view

Parameter

None

Description

Using the display diagnostic-information command, you can display the


operating information of all the active modules of the system and collect all the
information at one time to isolate the problem when failure occurs to the system.

In case failures occurs to the system, lots of information needs to be collected for
the convenience of isolating the problems. However, it is rather difficult for you to
collect all the information at one time because there are many display commands
involved. In this case, you can use the display diagnostic-information command
to collect the operating information of all the active modules in the system.
Debugging 29

Example

Display the technical support information.

<3Com> display diagnostic-information


------------------ display version ------------------
3Com3Com Versatile Routing Platform Software
VRP 3600E Software Version VRPV3R001M06B03D003, DEBUG SOFTWARE
Copyright (c) 2000-2003 by VRP Team Beijing Institute 3Com Tech, Inc
Compiled Mar 24 2003 20:28:31 by zhaomin
------------------ display running-config ------------------
#
sysname 3Com
#
------------------ display history commands ------------------
display diagnostic-information
------------------ display tasks ------------------
ID Name Priority Status CPU Time
1 WEIL 10 Ready 10/20
2 SYST 180 Ready 0/7
3 XMON 140 Event Sem 0/0
4 VMON 140 Event Sem 41/41
5 INFO 100 Event Sem 1/6
6 co0 100 Ready 0/3178
7 LDP 100 Event Sem 1/299
8 LAGT 100 Queue Sem 0/1
9 Clon 100 Event Sem 0/0
10 ROUT 100 Event Sem 0/172
11 FIB 100 Event Sem 0/178
12 SOCK 100 Event Sem 0/47961
13 VTYD 100 Event Sem 0/25
14 IPSP 100 Event Sem 0/537
15 IKE 100 Event Sem 1/20
16 RSA 100 Event Sem 1/94
17 RDUS 100 Delay 1/1574
18 L2TP 100 Event Sem 0/14
19 TNLM 100 Event Sem 0/0
20 AGNT 100 Event Sem 0/4904
21 TRAP 100 Queue Sem 0/0
22 MDMT 100 Queue Sem 0/3
23 NTPT 100 Delay 0/7
24 PIMT 100 Delay 0/7
25 CFM 100 Queue Sem 363/1355
26 LSPM 100 Delay 0/414
27 L2V 100 Delay 0/6
28 VRRP 100 Event Sem 0/0
------------------ display memory ------------------
Slice Memory Usage:
Block Size 32 Free 960 Used 60134 Total 61094
Block Size 64 Free 275 Used 29356 Total 29631
Block Size 128 Free 9 Used 5882 Total 5891
Block Size 256 Free 8 Used 1664 Total 1672
Block Size 512 Free 1 Used 120 Total 121
Block Size 1024 Free 58 Used 157 Total 215
Block Size 2048 Free 5 Used 1547 Total 1552
Block Size 4096 Free 1 Used 67 Total 68
-----------------------------Summary--------------------------------
Used(Byte) 8646848 Free 1317 Used 98927 Total 100244
30 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Total Slice Memory(Include Control Data and Free Slice): 10742144


bytes
Raw Slice Memory Usage:
Total Size: 10501832 bytes Num: 77
Total Raw Slice Memory(Include Control Data and Free Slice):
12606400 bytes
System Total Memory(bytes): 33541536
------------------ display interfaces ------------------
Atm1/0/0 is down , line protocol is down
Description : 3Com, 3Com Series, Atm1/0/0 Interface
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
AAL enabled: AAL5, Maximum VCs: 32
Current VCs: 0 (0 on main interface)
5 minutes input rate 0.00 bytes/sec, 0.00 packets/sec
5 minutes output rate 0.00 bytes/sec, 0.00 packets/sec
0 packets input, 0 bytes
0 packets output, 0 bytes
0 input errors, 0 CRCs, 0 giants, 0 pads, 0 aborts,0 overflows
0 output errors, 0 underflows, 0 overflows
NULL0 is up , line protocol is up (spoofing)
Description : 3Com, 3Com Series, NULL0 Interface
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
Serial0/0/0 is down , line protocol is down
Description : 3Com, 3Com Series, Serial0/0/0 Interface
The Maximum Transmit Unit is 1500, The keepalive is 10(sec)
Internet protocol processing : disabled
Encapsulation is PPP
LCP initial
FIFO queuing: (Outbound queue:Size/Length/Discards)
FIFO: 0/75/0
Physical layer is synchronous,Baudrate is 64000 bps, Interface is no
cable
5 minutes input rate 0.00 bytes/sec, 0.00 packets/sec
5 minutes output rate 0.00 bytes/sec, 0.00 packets/sec
0 packets input, 0 bytes, 0 no buffers
0 packets output, 0 bytes, 0 no buffers
0 input errors, 0 CRC, 0 frame errors
0 overrunners, 0 aborted sequences, 0 input no buffers
DCD=DOWN DTR=DOWN DSR=DOWN RTS=DOWN CTS=DOWN

ping Syntax
ping [ -a X.X.X.X | -c count | -d | -h ttl_value | -i { interface-type interface-number } | ip | -n
| - p pattern | -q | -r | -s packetsize | -t timeout | -v | vpn-instance vpn-instance-name ] *
host

View

Any view

Parameter

-a X.X.X.X: Sets the source IP address where ICMP ECHO-REQUEST packets can be
sent.
Debugging 31

-c count: Times that ICMP ECHO-REQUEST packets are sent. It is ranging from 1 to
4294967295.

-d: Sets socket to DEBUG mode.

-h ttl_value: Sets the value of TTL_value, which is ranging from 1 to 255.

-i: Sets the interface for sending ICMP ECHO-REQUEST packets.

interface-type: Interface type

interface-number: Interface number

-n: Directly uses the host parameter as IP address without domain name
resolution.

-p pattern: The filling byte of ICMP ECHO-REQUEST packet in hexadecimal format,


with the value ranging from 0 to FFFFFFFF. For example, if the parameter is set to
-p ff, the entire packet will be filled with ff.

-q: Displays statistic figures rather than details.

-r: Records routes.

-s packetsize: The length of ECHO-REQUEST packet (excluding IP and ICMP


headers), which is in the range of 20 to 8100 bytes.

-t timeout: Timeout in milliseconds waiting for ECHO-RESPONSE upon completion


of sending ECHO-REQUEST, in the range from 0 to 65535.

-v: Displays the received ICMP packets other than ECHO-RESPONSE packets.

vpn-instance vpn-instance-name: Sets the vpn-instance name of MPLS VPN to


specify the VPN attribute configured in this ping command, that is, name of the
associated vpn-instance created at the local.

host: Domain name or IP address of destination host.

ip: IP protocol is used.

Description

Using the ping command, you can check the IP network connection and whether
the host is reachable.

If the above parameters have not been specified, the following default settings will
be used:

■ the ECHO-REQUEST packet is sent for 5 times at most.


■ the Socket is non-DEBUG mode.
■ the Host is first regarded as an IP address. If it is not an IP address, domain
name resolution will be performed.
■ the filling begins at 0x01 and increases gradually until 0x09 and then
repeats.
32 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

■ All the information including statistics is displayed.


■ the Router is not recorded.
■ the length of ECHO-REQUEST packet is 56 bytes.
■ the timeout time waiting for an ECHO-RESPONSE packet is 2000ms.
■ the ICMP packets other than ECHO-RESPONSE packets are not displayed.
■ the parameter vpn-instance is not defined.

Following is the process of executing the ping command:

■ A host sends an ICMP ECHO-REQUEST to a destination. If the connection to


the destination network is working normally, the destination host will be
able to receive the ICMP ECHO-REQUEST packet and send an ICMP
ECHO-REPLY packet back to the source host.
■ The ping command can be used to test the network for connection failure
or network line quality problem. The output information includes:
■ The state of the reply that a destination has made to each ECHO-REQUEST.
It will be “Request time out." if no reply has been received upon the
expiration of the timeout time. Otherwise, the state information will include
the bytes of the reply packet, packet sequence number, TTL, reply time etc.
■ The last statistic information includes the count of packets sent, the count
of reply packets received, the percentage of the packets that have no reply,
and the minimum, maximum, and average reply time settings.
■ If the network transmission is slow, you can appropriately prolong the
timeout time waiting for reply.

For related command, see tracert.

Example

Check the reachability of the host at 202.38.160.244.

<3Com> ping 202.38.160.244


ping 202.38.160.244 : 56 data bytes , press CTRL-C to break
Reply from 202.38.160.244 : bytes=56 sequence=1 ttl=255 time = 1ms
Reply from 202.38.160.244 : bytes=56 sequence=2 ttl=255 time = 2ms
Reply from 202.38.160.244 : bytes=56 sequence=3 ttl=255 time = 1ms
Reply from 202.38.160.244 : bytes=56 sequence=4 ttl=255 time = 3ms
Reply from 202.38.160.244 : bytes=56 sequence=5 ttl=255 time = 2ms
--202.38.160.244 ping statistics--
5 packets transmitted
5 packets received
0% packet loss
round-trip min/avg/max = 1/2/3 ms

reboot Syntax

reboot

View

User view
Debugging 33

Parameter

None

Description

Using the reboot command, you can reboot the device.

This command produces the same effect as the power being turned off and then
on, but provides the user with a convenient method of rebooting the device from
a remote site.

The operation of this command will render the network unusable for a short
period of time. So it should be used with caution. Before rebooting the Router,
remember to save the configuration file if necessary,.

Example

Reboot the device.

<3Com> reboot
System will reboot! Continue?[Y/N]

tracert Syntax
tracert [ -a X.X.X.X | -f first_TTL | -m max_TTL | -p port | -q nqueries | vpn-instance
vpn-instance-name | -w timeout ] * host

View

Any view

Parameter

-a: Specifies source IP address of the tracert packets, which is in the format of
X.X.X.X and must be the address of a local interface.

-f: Tests the correctness of the –f switch with first_TTL specifying an initial TTL in
the range of 0 to the maximum TTL.

-m: Tests the correctness of the –m switch with max_TTL specifying a maximum
TTL which can be any TTL larger than the initial TTL.

-p: Tests the correctness of the –p switch with port being an integer specifying the
port of the destination host. There is no need to change this option in normal
circumstances.

-q: Tests the correctness of the –q switch with nqueries specifying the number of
the query packets sent each time. It can be any integer larger than 0.

vpn-instance vpn-instance-name: Sets the vpn-instance name of MPLS VPN to


specify the VPN attribute configured in this tracert command, that is, name of the
associated vpn-instance created at the local.

-w timeout: Tests the correctness of the –w switch with timeout specifying the
timeout time of IP packets. It is in seconds and can be any integer larger than 0.
34 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

host: IP address of the destination host.

Description

Using the tracert command, you can test the gateways that a packet sent by the
host will pass by in order to reach the destination for the purpose of testing the
reachability of a network connection and locating the position where faults occur
on the network.

Given no parameters have been specified, by default,

The parameters –a and vpn-instance are omitted;

first_TTL is 1;

max_TTL is 30;

port is 33434;

nqueries is 3;

timeout is 5s.

The tracert command is executed following this procedure: The system first sends
a packet with TTL as 1 and the first hop returns an ICMP error message indicating
that the packet cannot be transmitted due to TTL timeout. and then the system
transmits the packet again with TTL being set to 2 and the second hop returns TTL
timeout message similarly. This process continues until the packet reaches its
destination. The purpose of such a process is to record the source addresses where
these ICMP TTL timeout messages are sent so as to outline the path along which
the IP packet can reach the destination.

When a network fault is detected by using the ping command, tracert can be
used to locate the failure on the network.

The output information of the command tracert includes IP addresses of all the
GWs along the path to the destination. If some GW times out, “***” will be
output.

Example
<3Com> tracert 18.26.0.115
tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
HWPing Commands 35

14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms

HWPing Commands

HWPing Client count


Commands
Syntax
count times
undo count

View
HWPing test group view

Parameter
times: Number of transmitted test packets, which is in the range 1 to 15 and
defaults to 1.

Description
Using the count command, you can configure the number of packets sent for
each test. Using the undo count command, you can restore the default setting.
A test timer is started when the system sends the first test packet. In the event that
the argument times is set greater than 1, the system will continue to send the
second one upon the receipt of the acknowledgement to the first one. If receiving
no acknowledgement upon the expiration of the timer, the system will send the
second test packet and the rest of the packets all the same as required.
For the related command, see frequency.

Example
Send ten packets for each test.
[Router-administrator-icmp] count 10

datafill Syntax
datafill string
undo datafill

View
HWPing test group view

Parameter
string: Data used for stuffing test datagrams. This argument can be a string of less
than 1024 characters in length. By default, datagrams are stuffed with characters
between 0 and 255 cyclically.
36 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Description
Using the datafill command, you can configure the data used for stuffing test
datagrams. Using the undo datafill command, you can restore the default setting.
You can stuff HWPing test datagrams with any character strings. If the size of a
test datagram is smaller than that of the configured stuffing string, only a portion
of the string will be used for stuffing. If the size of the test datagrams is larger, the
string will be used cyclically for stuffing. Suppose a stuffing string, “abcd” is
configured. If the test datagram size is 3, only “abc” will be used for stuffing; if it
is 6, the string “abcdab" will be used.

Example
Configure a datagram stuffing string “abcd”.
[Router-administrator-icmp] datafill abcd

datasize Syntax
datasize size
undo datasize

View
HWPing test group view

Parameter
size: Test datagram size, which is in the range 20 to 65535 and defaults to 100.

Description
Using the datasize command, you can configure size of the datagrams for the test
purpose. Using the undo datasize command, you can restore the default datagram
size.

Example
Set the size of test datagrams to 50.
[Router-administrator-icmp] datasize 50

description Syntax
description string
undo description

View
HWPing test group view

Parameter
string: Brief description of a test operation. By default, no description information
is configured.

Description
Using the description command, you can make a brief description on a test
operation. Using the undo description command, you can delete the configured
description.
HWPing Commands 37

Example
Describe a test group as “icmp-test”.
[Router-administrator-icmp] description icmp-test

destination-ip Syntax
destination-ip ip-address
undo destination-ip

View
HWPing test group view

Parameter
ip-address: Destination IP address in a test.

Description
Using the destination-ip command, you can configure the destination IP address
for a test. Using the undo destination-ip command, you can remove the configure
destination IP address.
By default, no destination IP address is configured for any test.
For the related command, see destination-port.

Example
Set the destination IP address for a test to 169.254.10.3.
[Router-administrator-icmp] destination-ip 169.254.10.3

destination-port Syntax
destination-port port-number
undo destination-port

View
HWPing test group view

Parameter
port-number: Destination port number in a test, which is in the range 1 to 65535
and defaults to 0.

Description
Using the destination-port command, you can configure the destination port for a
test. Using the undo destination-port command, you can remove the destination
port configuration.
By default, no destination port is configured for any test.

This command is configured only for DHCP, DLSw, FTP, HTTP, Jitter, TCP-private, or
UDP-private test.

For the related command, see destination-ip.


38 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Example
Set the destination port to 9000 for a test.
[Router-administrator-icmp] destination-port 9000

display hwping Syntax


display hwping { result | history | jitter } [ administrator-name operation-tag ]

View
Any view

Parameter
result: Displays the latest test result.
history: Displays the test history information.
jitter: Displays the jitter test information.
administrator-name: Name of the administrator creating a test.
operation-tag: Test operations tag.

Description
Using the display hwping command, you can display test result(s).
If you have specified a test group by specifying the arguments administrator-name
and test-operation-tag, the system will display only the test result of the group; if
not, it will display the test results of all the test groups.
For the related command, see test-enable.

Example
Display the test result of the test group whose administrator name is
“administrator” and operation tag is “jitter”.
[Router] display hwping result administrator jitter
HWPing entry(admin administrator, tag jitter) test result:
Destion ip address: 169.254.10.3
Send operation times: 50
Receive respondse times: 50
Min Round Rip Time: 2
Max Round Rip Time: 10
Average Round Rip Time: 3
Square-Sum of Round Rip Time: 651
Last complete test time: 2003-10-19 17:18:39.1

Extend result:
Disconnect operation number: 0
Operation timeout number: 0
System busy operation number: 0
Dorp operation number: 0
Operation sequence errors: 0
Operation statics errors: 0

Jitter result:
RTT Number : 50
Min Positive SD : 1
Max Positive SD : 2
HWPing Commands 39

Positive SD Number : 9
Positive SD Sum : 12
Positive SD Square Sum : 18
Min Negative SD : 1
Max Negative SD : 2
Negative SD Number: 10
Negative SD Sum: 13
Negative SD Square Sum : 19
Min Positive DS : 7
Max Positive DS: 7
Positive DS Number :1
Positive DS Sum : 7
Positive DS Square Sum :49
Min Negative DS :7
Max Negative DS : 7
Negative DS Number:1
Negative DS Sum: 7
Negative DS Square Sum : 4

filename Syntax
filename file-name
undo filename

View
HWPing test group view

Parameter
file-name: Name of the file to be gotten from or put onto an FTP server.

Description
Using the filename command, you can configure name of the file to be gotten
from or put onto an FTP server. Using the undo filename command, you can
remove the configuration of the file name.
By default, no file name is configured.

This command applies only to FTP test.

For the related commands, see username, password, and ftp-operation.

Example
Specify the file to be gotten from or put onto an FTP server by specifying its name
“config.txt".
[Router-administrator-ftp] filename config.txt

frequency Syntax
frequency interval
undo frequency

View
HWPing test group view
40 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Parameter
interval: Automatic test interval, which is in the range 0 to 65535 seconds and
defaults to 0, i.e., no automatic test.

Description
Using the frequency command, you can configure an automatic test interval.
Using the undo frequency command, you can disable automatic test.
The system automatically performs a test at intervals specified by this command,
given the argument interval is greater than 0.
For the related command, see count.

Example
Set the automatic test interval to ten seconds.
[Router-administrator-icmp] frequency 10

ftp-operation Syntax
ftp-operation { get | put }

View
HWPing test group view

Parameter
get: Gets a file from an FTP server.
put: Sends a file to an FTP server.

Description
Using the ftp-operation command, you can configure the FTP operation done by
the system.
FTP operations include get and put, with the former being performed to obtain
files from an FTP server and the latter to send files to the FTP server.
By default, the operation of get is done.

This command applies only to FTP test.


For the related commands, see username and password.

Example
Perform FTP getting operation.
[Router-administrator-ftp] ftp-operation get

history-records Syntax
history-records number
undo history-records

View
HWPing test group view
HWPing Commands 41

Parameter
number: Number of test results allowed to be retained, which is in the range 0 to
50 and defaults to 50.

Description
Using the history-records command, you can configure the number of test results
that the system can retain. Using the undo history-records command, you can
restore the default number of retained test results.

Example
Set the number of retained history records concerning the test group whose
administrator name is “administrator" and operation tag is “icmp” to 10.
[Router-administrator-icmp] history-records 10

http-operation Syntax
http-operation { get | post }

View
HWPing test group view

Parameter
get: Obtains data from an HTTP server.
post: Sends data to an HTTP server.

Description
Using the http-operation command, you can configure an HTTP operation type.
HTTP operations are divided into two types: get and post. Operations of the
former type is performed to obtain data from an HTTP server and operations of
the latter type to send data to the HTTP server.
By default, the operation of get is done.

This command applies only to HTTP test.


For the related command, see http-string.

Example
Perform get operations in HTTP tests.
[Router-administrator-http] http-operation get

http-string Syntax
http-string url-string
undo http-string

View
HWPing test group view
42 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Parameter
url-string: Uniform Resource Locator string used in HTTP. It is used by the WWW
service program to identify the location of information on the Internet. By default,
no URL is configured.
Description
Using the http-string command, you can configure an URL for an HTTP test. Using
the undo http-string command, you can delete the configured URL information.

This command applies only to HTTP test.


For the related command, see http-operation.

Example
Configure the URL “/index.htm http/1.1”.
[Router-administrator-http] http-string /index.htm http/1.1

hwping Syntax
hwping administrator-name operation-tag
undo hwping administrator-name operation-tag

View
System view

Parameter
administrator-name: Specifies name of the administrator creating an HWPing test
group.
operation-tag: Test operation tag.

Description
Using the hwping command, you can create an HWPing test group.
Executing this command will allow the system to access HWPing test group view.

Example
Create an HWPing test group, given the administrator name is “administrator”
and the test operation tag is “icmp”.
[Router] hwping administrator icmp

hwping-agent enable Syntax


hwping-agent enable
undo hwping-agent enable

View
System view

Parameter
None
HWPing Commands 43

Description
Using the hwping-agent enable command, you can enable the HWPing client
function. Using the undo hwping-agent enable command, you can disable the
HWPing client function.
Before you perform the test operations of any type, you must enable the HWPing
client function.
For the related command, see hwping-server enable.

Example
Enable HWPing Client.
[Router] hwping-agent enable

hwping-agent Syntax
max-requests hwping-agent max-requests max-number
undo hwping-agent max-requests

View
System view

Parameter
max-number: The allowed maximum number of concurrent tests, which is in the
range 0 to 4294967295 and defaults to 10.

Description
Using the hwping-agent max-requests command, you can set the allowed
maximum number of concurrent tests. Using the undo hwping-agent
max-requests command, you can restore the default maximum number of
concurrent tests.

Example
Set the maximum number of concurrent tests to 20.
[Router] hwping-agent max-requests 20

jitter-interval Syntax
jitter-interval interval
undo jitter-interval

View
HWPing test group view

Parameter
interval: Packet sending interval in a jitter test, which is in the range 10 to 1000
milliseconds and defaults to 20 milliseconds.
44 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Description
Using the jitter-interval command, you can set a packet sending interval for a jitter
test. Using the undo jitter-interval command, you can restore the default test
packet sending interval.

This command applies only to jitter test.


For the related command, see jitter-packetnum.

Example
Send packets at intervals of 30 milliseconds in a jitter test.
[Router-administrator-icmp] jitter-interval 30

jitter-packetnum Syntax
jitter-packetnum number
undo jitter-packetnum

View
HWPing test group view

Parameter
number: Number of packets to be sent in a jitter test, which is in the range of 10
to 100 and defaults to 20.

Description
Using the jitter-packetnum command, you can configure the number of packets to
be sent for a jitter test. Using the undo jitter-packetnum command, you can
restore the number of packets to be sent for a jitter test to its default value.

This command applies only to jitter test.


For the related command, see jitter-interval.

Example
Send 30 packets for a test.
[Router-administrator-icmp] jitter-packetnum 30

password Syntax
password password
undo password

View
HWPing test group view

Parameter
password: Password required for accessing an FTP server.
HWPing Commands 45

Description
Using the password command, you can configure the password required for the
login to an FTP server. Using the undo password command, you can remove the
configured password.
By default, no password is configured for the login to an FTP server.

This command applies only to FTP test.


For the related commands, see username and ftp-operation.

Example
Set the login password for accessing an FTP server to “hwping”.
[Router-administrator-ftp] password hwping

probe-failtimes Syntax
probe-failtimes times
undo probe-failtimes

View
HWPing test group view

Parameter
times: Number of consecutive probe failures. It is in the range 1 to 65535 and
defaults to 1.
Description
Using the probe-failtimes command, you can configure the number of consecutive
probe failures allowed in a HWPing test before a trap is sent to the NMS. Using the
undo probe-failtimes command, you can restore the default.

A test may include multiple probes.

Example
Send a trap to the NMS after three consecutive probe failures for a HWPing test.
[Router] probe-failtimes 3

send-trap Syntax
send-trap { all | probefailure | testcomplete | testfailure }
undo send-trap { all | probefailure | testcomplete | testfailure }

View
HWPing test group view

Parameter
probefailure: Sends traps upon test packet transmission failures.
testcomplete: Sends traps upon the completion of test.
testfailure: Sends traps upon test failures.
all: Sends traps for all the events described above.
46 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Description
Using the send-trap command, you can configure the type of events that may
trigger trap sending. Using the undo send-trap command, you can remove the
configuration of the event type.
By default, no traps are sent.

Example
Send traps upon the completion of tests.
[Router-administrator-icmp] send-trap testcomplete

sendpacket passroute Syntax


sendpacket passroute
undo sendpacket passroute

View
HWPing test group view

Parameter
None

Description
Using the sendpacket passroute command, you can enable routing table bypass.
Using the undo sendpacket passroute command, you can disable routing table
bypass.
By default, routing table bypass is disabled.
With routing table bypass, a remote host can bypass the normal routing tables and
send ICMP packets directly to a host on an attached network. If the host is not on
a directly-attached network, an error is returned. You can use this function when
pinging a local host on an interface that has no route defined.

Example
Bypass routing table when sending ICMP packets.
[Router] sendpacket passroute

source-interface Syntax
source-interface interface-type interface-number
undo source-interface

View
HWPing test group view

Parameter
interface-type: Interface type.
interface-number: Interface number.
HWPing Commands 47

Description
Using the source-interface command, you can configure a source interface for test
packet transmission. Using the undo source-interface command, you can remove
the source interface configuration.
By default, no source interface is configured for test packet transmission.

Example
Specify Ethernet 1 as the source interface for test packet transmission.
[Router-administrator-dhcp] source-interface ethernet 1

source-ip Syntax
source-ip ip-address
undo source-ip

View
HWPing test group view

Parameter
ip-address: Source IP address used in a test.

Description
Using the source-ip command, you can configure a source IP address for this test.
Using the undo source-ip command, you can remove the source address
configuration.
By default, IP address of the interface where test packets are to be sent is used as
the source IP address.

Example
Set the source IP address for this test to 169.254.10.2.
[Router-administrator-icmp] source-ip 169.254.10.2

source-port Syntax
source-port port-number
undo source-port

View
HWPing test group view

Parameter
port-number: Source port number used in a test. By default, it is 0.

Description
Using the source-port command, you can configure a source port number for this
test. Using the undo source-port command, you can remove the configuration of
source port number.
48 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Example
Set the source port number to 8000 for this test.
[Router-administrator-icmp] source-port 8000

test-type Syntax
test-type type

View
HWPing test group view

Parameter
test-type: Test type, which can be one of the following keywords:
dhcp: DHCP test.
dlsw: DLSw test.
ftp: FTP connection test.
http: HTTP connection test.
icmp-echo: ICMP test.
jitter: Jitter test, performed for analyzing the delay variations in
UDP packet transmission.
snmpquery: SNMP test.
tcp-private: Tests the TCP connection of a specified port (an unknown
port).
tcp-public: Tests the TCP connection of port 7.
udp-private: Tests the UDP connection of a specified port (an unknown
port).
udp-public: Tests the UDP connection of port 7.
By default, test type is set to icmp-echo.

Description
Using the test-type command, you can configure a test type.
HWPing tests include DHCP, DLSw, FTP, HTTP, ICMP, Jitter, SNMP, TCP, and UDP
tests.

Example
Set test type to ICMP test.
[Router-administrator-icmp] test-type icmp-echo

test-enable Syntax
test-enable

View
HWPing test group view

Parameter
None

Description
Using the test-enable command, you can enable an HWPing test.
HWPing Commands 49

After you execute the test-enable command, the system does not display the test
result. You may view the test result information by executing the display hwping
command.
For the related command, see display hwping.

Example
Execute the HWPing test defined by the test group “wgw-testicmp”.
[Router-hwping-wgw-testicmp] test-enable

test-failtimes Syntax
test-failtimes times
undo test-failtimes

View
HWPing test group view

Parameter
times: Number of consecutive test failures. It is in the range 1 to 65535 and
defaults to 1.

Description
Using the test-failtimes command, you can configure the number of consecutive
test failures allowed before a trap is sent to the NMS. Using the undo test-failtimes
command, you can restore the default.

A test may include multiple probes.

Example
Send a trap to the NMS after three consecutive test failures.
[Router] test-failtimes 3

timeout Syntax
timeout time
undo timeout

View
HWPing test group view

Parameter
time: Timeout time, which is in the range 1 to 60 and defaults to 3 seconds.

Description
Using the timeout command, you can configure a timeout time for a test. Using
the undo timeout command, you can restore the default timeout time.

Example
Set the timeout time to ten seconds.
[Router-administrator-icmp] timeout 10
50 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

tos Syntax
tos value
undo tos

View
HWPing test group view

Parameter
value: ToS field in the header of HWPing test packets, which is in the range 0 to
255. By default, ToS field is not set.

Description
Using the tos command, you can assign a value to the ToS field in the header of
HWPing test packets. Using the undo tos command, you can remove the ToS value
configuration.
In a ping command, service type is set by using the argument “-o”.

Example
Set the ToS field in the header of HWPing packets to one.
[Router-administrator-ftp] tos 1

ttl Syntax
ttl number
undo ttl

View
HWPing test group view

Parameter
number: Time to Live (TTL) value or lifetime of HWPing ICMP test packets, which is
in the range 1 to 255 and defaults to 255.

Description
Using the ttl command, you can configure TTL of ICMP test packets. Using the
undo ttl command, you can restore the default TTL of ICMP test packets.
TTL is actually a hop count limit on how far a test packet can travel on a network.
In a ping command, it is defined by the argument “-i”.

This command applies only to ICMP test.

Example
Set the TTL of HWPing ICMP test packets to 16.
[Router-administrator-icmp] ttl 16

username Syntax
username name
undo username
HWPing Server Commands 51

View
HWPing test group view

Parameter
name: Name of the user allowed to access an FTP server.

Description
Using the username command, you can configure name used for logging into an
FTP server. Using the undo username command, you can remove the username
configuration.
By default, no username is configured for accessing an FTP server.

This command applies only to FTP test.


For the related commands, see password and ftp-operation.

Example
Use "administrator" as the username for the login to an FTP server.
[Router-administrator-ftp] username administrator

vpninstance Syntax
vpninstance name
undo vpninstance

View
HWPing test group view

Parameter
name: VPN instance name, a string of 1 to 19 characters.

Description
Using the vpninstance command, you can configure VPN instance information for
ICMP. Using the undo vpninstance command, you can remove the VPN instance
information of ICMP.
By default, no VPN instance information is configured for ICMP.

Example
Set the VPN instance name of ICMP to vpn1.
[Router] vpninstance vpn1

HWPing Server
Commands

hwping-server enable Syntax


hwping-server enable
undo hwping-server enable
52 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

View
System view

Parameter
None

Description
Using the hwping-server enable command, you can enable HWPing Server. Using
the undo hwping-server enable command, you can disable HWPing Server.
By default, HWPing Server is disabled.
By far, jitter test and UDP/TCP tests of a specified port are only available for
Huawei’s devices. Before performing one of the tests, you must enable HWPing
Server on the device to be tested.
You must enable the function of HWPing Server on a device in order to provide
HWPing server services.
For the related commands, see hwping-agent enable, hwping-server tcpconnet,
and hwping-server udpconnet.

Example
Enable HWPing Server.
[Router] hwping-server enable

hwping-server Syntax
tcpconnect hwping-server tcpconnect ip-address port-number
undo hwping-server tcpconnect ip-address port-number

View
System view

Parameter
ip-address: IP address where HWPing Server provides the TCP listening service.
port-number: Port where HWPing Server provides the TCP listening service.

Description
Using the hwping-server tcpconnect command, you can create a TCP listening
service. Using the undo hwping-server tcpconnect command, you can delete the
established TCP listening service.
If you want to use Huawei’s router as the server in an HWPing test on the TCP
connection of a specified port, you must create the TCP listening service on the
server.
For the related command, see hwping-server enable.

Example
Create a TCP listening service, setting IP address to 169.254.10.2 and port number
to 9000.
[Router] hwping-server tcpconnect 169.254.10.2 9000
Information Processing Commands 53

hwping-server udpecho Syntax


hwping-server udpecho ip-address port-number
undo hwping-server udpecho ip-address port-number

View
System view

Parameter
ip-address: IP address where HWPing server implements the UDP listening service.
port-number: Port where HWPing Server provides the UDP listening service.

Description
Using the hwping-server udpecho command, you can create a UDP listening
service. Using the undo hwping-server udpecho command, you can delete the
established UDP listening service.
If you want to use Huawei’s router as the server in an HWPing test on the UDP
connection of a specified port, you must create the UDP listening service on the
server.
For the related command, see hwping-server enable.

Example
Create a UDP listening service, setting IP address to 169.254.10.2 and port
number to 9000.
[Router] hwping-server udpecho 169.254.10.2 9000

Information
Processing Commands

display channel Syntax


display channel [ channel-number | channel-name ]

View

Any view.

Parameter

channel-number: Channel number, ranging 0 to 9. That is, the system has 10


channels.

channel-name: Channel name.


Table 1 Channel names and their associated channel numbers

Information
channel
Channel name number
channel6 6
channel7 7
54 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Table 1 Channel names and their associated channel numbers

Information
channel
Channel name number
channel8 8
channel9 9
console 0
logbuffer 4
loghost 2
monitor 1
snmpagent 5
trapbuffer 3

Description

Using the display channel command, you can display the contents of an
information channel.

This command displays the setting states of all channels when executed without
any parameter.

Example

Display the contents of information channel 0.

<3Com> display channel 0


channel number:0, channel name:console
MODU_ID NAME ENABLE LOG LEVEL ENABLE TRAP LEVEL ENABLE DEBUG LEVEL
ffff0000 all Y warning Y debugging Y debugging

display info-center Syntax


display info-center

View

Any view

Parameter

None

Description

Using the display info-center command, you can display all the information
recorded in the info-center.

For related commands, see info-center enable, info-center loghost,


info-center logbuffer, info-center trapbuffer, info-center console channel,
and info-center monitor channel.

Example

Display the information recorded in the info-center.


Information Processing Commands 55

<3Com> display info-center


Information Center: enabled
Log host:
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 5, channel name : snmpagent
Log buffer:
enabled,max buffer size 1024, current buffer size 256,
current messages 89, channel number : 4, channel name : logbuffer
dropped messages 0, overwrote messages 0
Trap buffer:
enabled,max buffer size 1024, current buffer size 256,
current messages 0, channel number:3, channel name:trapbuffer
dropped messages 0, overwrote messages 0
Information timestamp setting:
log - date, trap - date, debug - boot
Sent messages = 89, Received messages = 89

display logbuffer Syntax


display logbuffer [ size size-value | summary ] [ level level-number ] [ | [ begin | include |
exclude ] string ]

View

Any view

Parameter

size: Displays the number of information entries in the logbuffer.

size-value: The number of displayed information entries.

summary: A summary of the logbuffer.

level: Displays only the count of information entries at a specified level.

level-number: The specified level in the ranging 1 to 8.

|: Uses regular expression to filter the information for display.

begin: Displays the information beginning with the specified characters (string).

include: Displays the information including the specified characters (string).

exclude: Displays the information excluding the specified characters (string).

string: Characters of the regular expression.

Description

Using the display logbuffer command, you can display the information recorded
in the logbuffer.
56 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

By default, executing display logbuffer without any parameter displays all the
information in the logbuffer.

If the number of information entries in the current logging buffer is smaller than
the specified size-value, logging information of the actual entries will be displayed.

For related commands, see info-center enable, info-center logbuffer, and


display info-center.

Example

Display the information in the logging buffer.

<3Com> display logbuffer


Logging Buffer Confiuration and contents:enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 4 , channel name : logbuf
dropped messages : 0
overwritten messages : 0
current messages : 96
%8/28/2101 5:34:48-IC-7-SYS_RESTART:
System restarted --
3Com Versatile Routing Platform Software
Copyright (c) 2000-2002 by VRP Team Beijing Institute 3Com Tech, Inc
%9/9/2002 15:50:36-SHELL-5-CMD:task:CFM ip:** user:** command:interface Ethernet
%11/6/2002 22:18:52-SHELL-5-CMD:task:CFM ip:** user:** command:interface Aux0
%3/15/2003 15:50:36-SHELL-5-CMD:task:CFM ip:** user:** command:controller E1 3/0
%4/1/2003 21:29:47-PHY-2-PHY: Console0: change status to up

display trapbuffer Syntax


display trapbuffer [ size sizeval ]

View

Any view

Parameter

size: Specifies the number of information entries in the logbuffer.

sizeval: The number of displayed information entries.

Description

Using the display trapbuffer command, you can display the information
recorded in the trapbuffer.

By default, executing the command without any parameter displays all the
information in the trapbuffer.

If the number of information entries in the current trapbuffer is smaller than the
specified sizeval, the actual number of traps will be displayed.
Information Processing Commands 57

For related commands, see info-center enable, info-center trapbuffer, and


display info-center.

Example

Display trapbuffer information.

<3Com> display trapbuffer


Trapping Buffer Confiuration and contents:
enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 3 , channel name : trapbuf
dropped messages : 0
overwrote messages : 0
current messages : 0
# Display 23 entries of information in the trapbuffer.
<3Com> display trapbuffer size 23
Trapping Buffer Confiuration and contents:
enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 3 , channel name : trapbuf
dropped messages : 0
overwrote messages : 0
current messages : 0

info-center channel Syntax


info-center channel channel-number name channel-name

undo info-center channel channel-number

View

System view

Parameter

channel-number: The channel number, with the value ranging from 0 to 9. That is,
the system has 10 channels.

channel-name is a channel name, with maximum length of 30 characters,


excluding ”-“, ”/” and ”\”..

Description

Using the rename channel command, you can rename the information channel
numbered channel-number as channel-name.

When naming the information channels, please note that no duplicated channel
name is allowed.

Example

Name Channel 0 as "execconsole".


58 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

[3Com] info-center channel 0 name execconsole

info-center console Syntax


channel
info-center console channel { channel-number | channel-name }

undo info-center console channel

View

System view

Parameter

channel-number: Channel number, ranging 0 to 9, that is, the system has 10


channels.

channel-name: Channel name.

Description

Using the info-center console channel command, you can enable outputting
information to the console and set the information output channel. Using the
undo info-center console channel command, you can disable the current
settings.

By default, no logging information is output to the console.

This command will not become valid unless the syslog function has been enabled.

For related commands, see info-center enable and display info-center.

Example

Enable outputting information to the console and set the output channel.

[3Com] info-center console channel console

info-center enable Syntax


info-center enable

undo info-center enable

View

System view

Parameter

None

Description

Using the info-center enable command, you can enable the info-center. Using
the undo info-center enable command, you can disable the info-center.
Information Processing Commands 59

By default, the info-center has been enabled.

Only when the info-center has been enabled will the system output information
go to the loghost and the console.

For related commands, see info-center loghost, info-center logbuffer,


info-center trapbuffer, info-center console channel, info-center monitor
channel, display info-center.

Example

Enable the info-center.

[3Com] info-center enable


% information center is enabled

info-center logbuffer Syntax


info-center logbuffer [ channel { channel-number | channel-name } | size buffersize ] *

undo info-center logbuffer [ channel | size ]

View

System view

Parameter

channel: Sets the channel for information output to the logbuffer.

channel-number: Channel number ranging 0 to 9. That is, the system has 10


channels.

channel-name: Channel name.

size: Sets logbuffer size.

buffersize: Size of the logbuffer (the accommodated message entries).

Description

Using the info-center logbuffer command, you can enable the logbuffer and set
the channel number for logging information output as well as the size of the
logging buffer. Using the undo info-center logbuffer command, you can cancel
the current settings.

By default, the information outputted to the logbuffer is allowed, and the


logbuffer size is 256.

Only when the info-center has been enabled will this command become effective.

By setting channel number after enabling logbuffer, you can specify information’s
outbound direction.

For related commands, see info-center enable, display info-center, and


display info-center logbuffer.
60 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Example

Enable the router to send information to the logbuffer and set the logbuffer size
to 50.

[3Com] info-center logbuffer size 50

info-center loghost Syntax


info-center loghost X.X.X.X [ channel { channel-number | channel-name } | facility
local-number | language { chinese | english } ] *

undo info-center loghost X.X.X.X

View

System view

Parameter

X.X.X.X: IP address of the loghost.

channel: Information channel for the loghost.

channel-number: Channel number ranging 0 to 9. That is, the system has 10


channels.

channel-name: Channel name.

facility: Sets the recording tool of the loghost.

local-number: Recording tool of the loghost, which is ranging local0 to local7.

language: Sets the logging language.

chinese and english: Logging language which can be Chinese or English.

Description

Using the info-center loghost command, you can enable the router to output
information to the loghost. Using the undo info-center loghost command, you
can cancel the current configuration.

By default, no information is output to the loghost.

If not specified, the information channel for the loghost defaults to channel2 that
is named loghost, the loghost recording tool local-number to local7, and the
language to english.

Only when the information center has been enabled will this command become
effective.

By setting the IP address of loghost, you can specify the information outbound
direction. You can set up to 4 loghosts.

For related command, see info-center enable, and display info-center.


Information Processing Commands 61

Example

Enable the router to send information to the UNIX workstation at 202.38.160.1.

[3Com] info-center loghost 202.38.160.1

info-center loghost Syntax


source
info-center loghost source interface-type interface-number [ subinterface-type ]

undo info-center loghost source

View

System view

Parameter

interface-type: Interface types.

interface-number: Number of the interface.

subinterface-name: Subinterface types.

Description

The info-center loghost source command is used to specify the source address
for sending packets to the logging host while the undo info-center loghost
source command is used to cancel the current configuration. Undo info-center
loghost source is for the canceling of the current configuration.

When a logging message is sent out from a router, the default source address is
the IP address of the interface which has sent the logging message. If the user
wants to change the source address, he can use this command to achieve it. You
can judge which router has sent out the message by setting different source
addresses for different routers, accordingly you can also search among the
received messages.

Example

Set the IP address of Loopback0 as the source address of the logging message
packets.

[3Com] interface loopback 0


[3Com-LoopBack0] ip address 1.1.1.1 255.255.255.0
[3Com-LoopBack0] quit
[3Com] info-center loghost source loopback 0

info-center monitor Syntax


channel
info-center monitor channel { channel-number | channel-name }

undo info-center monitor channel

View

System view
62 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Parameter

channel-number: Channel number ranging 0 to 9. That is, the system has 10


channels.

channel-name: Channel name.

Description

Using the info-center monitor channel command, you can enable the router to
output information to the user terminal and set the output channel. Using the
undo info-center monitor channel command, you can cancel the current
configuration.

By default, no information is output to the user terminal.

Only when the info-center has been enabled will this command become effective.

For related commands, see info-center enable, and display info-center.

Example

Enable the router to output information to the user terminal and set the output
channel.

[3Com] info-center monitor channel monitor

info-center snmp Syntax


channel
info-center snmp channel { channel-number | channel-name }

undo info-center snmp channel

View

System view

Parameter

channel-number: Channel number ranging 0 to 9. That is, the system has 10


channels.

channel-name: Channel name.

Description

Using the info-center snmp channel command, you can set the information
channel for snmp. Using the undo info-center snmp channel command, you
can cancel the current configuration.

By default, channel 5 is used.

For the related command, see display snmp-agent statistics.

Example

Set snmp information channel to channel 6.


Information Processing Commands 63

[3Com] info-center snmp channel 6

info-center source Syntax


info-center source { module-name | default } { channel { channel-number |
channel-name} } [ log { state { on | off } | level severity }* | trap { state { on | off } | level
severity } * | debug { state { on | off } | level severity }* ]*

undo info-center source { module-name | default } { channel { channel-number |


channel-name }

View

System view

Parameter

module-name: Module name.

default: Sets the default information record.

channel-number: Information channel number to be set.

channel-name: Information channel name to be set.

log: Log information.

trap: Alarm information.

debug: Debugging information.

on: Enables outputting information.

off: Disables outputting information.

level: Sets information level to disable the output of the information at a level
higher than the specified severity.

severity: Information level. As shown in the following table, the info-center


divides information into eight levels by severity or emergency, with a lower level
indicating a more emergent event. emergencies indicates level 0 and debugging
indicates level 7.l
Table 2 Definition of information leve

Severity level Description


emergencies Extremely emergent errors
alerts Errors requiring immediate correction
critical Critical errors
errors Errors that is not critical but require your concern
warnings Warning indicating that there may be some errors
notifications Information needs your concern
informational Common prompt information
debugging Debugging information
64 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

*: Indicate multiple choices can be selected. At least one choice must be selected
and all the choices can be selected at most.

Description

Using the info-center source command, you can add records to an information
channel. Using the undo info-center source command, you can remove the
records from the information channel.

For a specified module, by default,

The state of logging information output is on and the allowed information level is
informational.

The state of trapping information output is on and the allowed information level is
informational.

The state of debugging information ouput is off.

So far, the system allocates one information channel for each output direction.
They are:

The Output directionInformation channel number and the Default information


channel name

Console 0 console

Monitor terminal1 monitor

Loghost 2 loghost

Trapbuffer 3 trapbuffer

Logbuffer 4 logbuffer

snmp 5snmpagent

In addition, each information channel has a default record for which the module
name and number are default and 0xffff0000. But for different channels, the
record may have different default settings for logging information, trapping
information, and debugging information. If a module has no explicit configuration
record in the channel, the default configuration record will be used.

Example

Enable the output of log information of the IP module in the snmp channel and
the allowed highest level of the output information is emergence.

[3Com] info-center source ip channel snmpagent log level emergence

# Remove the setting of the cmd module in the snmp channel.

[3Com] undo info-center source cmd channel snmp


Information Processing Commands 65

info-center timestamp Syntax


info-center timestamp { trap | debugging | log } { boot | date | none }

undo info-center timestamp { trap | debugging | log }

View

System view

Parameter

trap: Trap information

debugging: Debugging information.

log: log information.

boot: Post booting time that the system experiences. It is in the format of
xxxxxx.yyyyyy, with xxxxxx being the 32 high bits and yyyyyy the 32 low bits of the
passed milliseconds.

date: Current system date and time, in the form of “yyyy/mm/dd-hh:mm:ss” in


Chinese and “mm/dd/yyyy-hh:mm:ss” in English.

none: No time stamp.

Description

Using the info-center timestamp command, you can set the time stamp format
for the output debugging/trapping/logging information. Using the undo
info-center timestamp command, you can cancel the current configuration.

By default, the date time stamp is used in information of all types.

Example

Set the time stamp format for traps to boot.

[3Com] info-center timestamp trap boot

info-center trapbuffer Syntax


info-center trapbuffer [ channel { channel-number | channel-name } | size buffersize ] *

undo info-center trapbuffer [ channel | size ]

View

System view

Parameter

channel: Sets the channel for outputting information to the trapbuffer.

channel-number: Channel number ranging 0 to 9. That is, system has 10 channels.


66 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

channel-name: Channel name.

size: Sets trapbuffer size.

buffersize: Size of the trapbuffer (the information entries that can be


accommodated).

Description

Using the info-center trapbuffer command, you can enable the trapbuffer and
set the output channel number and trapbuffer size. Using the undo info-center
trapbuffer command, you can cancel the current configuration.

By default, information output to trapbuffer is allowed and the trapbuffer size is


256.

Only when the info-center has been enabled will this command become effective.

By setting a trapbuffer size, you can make the router output information to the
trapbuffer.

For related commands, see info-center enable, display info-center, and


display info-center trapbuffer.

Example

Enable the router to send information to the trapbuffer, given the trapbuffer size is
30.

[3Com] info-center trapbuffer size 30

reset logbuffer Syntax

reset logbuffer

View

User view

Parameter

None

Description

Using the reset logbuffer command, you can clear information in the logbuffer.

Example
<3Com> reset logbuffer

reset trapbuffer Syntax

reset trapbuffer
Information Processing Commands 67

View

System view

Parameter

None

Description

Using the reset trapbuffer command, you can clear information in the trapbuffer.

Example
<3Com> reset trapbuffer

service modem-callback Syntax


service modem-callback

undo service modem-callback

View

System view

Parameter

None

Description

Using the service modem-callback command, you can enable user callback.
Using the undo service modem-callback command, you can disable user
callback.

By default, the callback function is disabled.

Example

Enable the callback function.

[3Com] service modem-callback

terminal debugging Syntax


terminal debugging

undo terminal debugging

View

User view

Parameter

None
68 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Description

Using the terminal debugging command you can enable the terminal
debugging display function. Using the undo terminal debugging command you
can disable the function.

By default, terminal display is disabled.

For related command, see debugging.

Example

Enable terminals to display the debugging information.

<3Com> terminal debugging

terminal logging Syntax


terminal logging

undo terminal logging

View

User view

Parameter

None

Description

Using the terminal logging command, you can enable the log display function of
terminals. Using the undo terminal logging command, you can disable log
display function of terminals.

By default, the log display function of terminals is enabled.

Example

Disable the log display function of terminals.

<3Com> undo terminal logging

terminal monitor Syntax


terminal monitor

undo terminal monitor

View

User view

Parameter

None
Information Processing Commands 69

Description

Using the terminal monitor command, you can enable terminals to display the
debugging /logging/trapping information sent by the info-center. Using the undo
terminal monitor command, you can disable terminals to display the
debugging/logging/trapping information.

By default, the display function of console users is enabled but the display function
of terminal users is disabled.

The command only affects the current terminal that inputs it. The undo terminal
monitor command is equivalent to the execution of undo terminal debugging,
undo terminal logging, and undo terminal trapping commands, that is, all
the debugging/logging/trapping information will not be displayed at the current
terminal. In the event that terminal monitor has been enabled, the terminal
debugging/undo terminal debugging, terminal logging/undo terminal
logging, and terminal trapping/undo terminal trapping commands can be
used to enable/disable the debugging/logging/trapping information.

Example

Disable terminal monitor.

<3Com> undo terminal monitor

terminal trapping Syntax


terminal trapping

undo terminal trapping

View

User view

Parameter

None

Description

Using the terminal trapping command, you can enable the function of trap
information display at terminals. Using the undo terminal trapping command,
you can disable the function of trap information display at terminals.

By default, the system configuration is to enable the display function.

Example

Disable the trapping information display function.

<3Com> terminal trapping


70 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

System Operating
Management
Commands

boot bootldr Syntax


boot bootldr filename

View

System view

Parameter

filename: File name of the booting software package.

Description

Using the boot bootldr command, you can specify the system booting file.

Example

Specify the file ibox.bin stored in the flash as the default system booting file.

[3Com] boot bootldr flash:/ibox.bin

display alarm urgent Syntax


display alarm urgent [ time | slot | id ]

View

Any view

Parameter

time: Displays the alarms in a latest time range.

id: Displays the alarms of an ID.

slot: Displays the alarms involved a slot.

Description

Using the display alarm urgent command, you can display the stored alarms in a
specified way.

Executing the command defined without any parameter will display all the alarms.

Example

Display the stored alarms.

<3Com> display alarm urgent


Alarm ID Slot Date Time Para1 Para2
2 11 00/04/01 23:55:18 2 24
System Operating Management Commands 71

2 10 00/04/01 23:55:18 1 24
0 12 00/04/04 10:00:14 0 1

display bootvar Syntax

display bootvar

View

Any view

Parameter

None

Description

Using the display bootvar command, you can display file name of the boot
software package stored in the flash on RPU.

Example

Display the program configuration information of RPU.

<3Com> display bootvar


Boot file on flash is flash:/ibox.bin.

display environment Syntax

display environment

View

Any view

Parameter

None

Description

Using the display environment command, you can display the current values
and the threshold values of the hardware system environment.

Example

Display the system environment.

<3Com> display environment


GET 3 TEMPERATUREPOINT VALUE SUCCESSFULLY
environment information:
Temperature information:
local CurrentTemperature LowLimit HighLimit
(deg c ) (deg c) (deg c )
RPU 34 0 80
VENT 31 0 80
72 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

display device Syntax


display device slot-number

View

Any view

Parameter
slot-number: Slot number.

Description

Using the display device command, you can display the system hardware
configuration information, including the in-position states of MPU, NPU, interface
card, power module, and fan module, the operating state of interface card, power
module, and fan module, as well as the offline information of MPU and NPU.

Executing the command defined without parameters will display the essential
information of all the devices in position. Executing the command defined with
the parameter slot-number will display only the details on the defined slot,
including reset times and history records of the reset causes.

Example

Display the essential information of the router.

<3Com> display device


Slot # Type Online Status
0 RPU Present Normal
6 PWR Present Normal
7 FAN Present Normal

display schedule reboot Syntax

display schedule reboot

View

Any view

Parameter

None

Description

Using the display schedule reboot command, you can check the configuration
of related parameters of the router schedule reboot terminal service.

For the related command, see reboot, schedule reboot at, schedule reboot
delay, undo schedule reboot.
System Operating Management Commands 73

Example

Display the configuration of the schedule reboot terminal service parameters of


the current router.

<3Com> display schedule reboot


Reboot system at 16:00:00 2002/11/1 (in 2 hours and 5 minutes).

remove slot Syntax

remove slot slotnum

undo remove slot slotnum

View

User view

Parameter

slotnum: Slot number for the interface card

Description

Using the remove slot command, you can run pre-processing before removing an
interface card. You can also cancel a misoperation with the undo remove slot
command if you change your mind to remove the card after executing the
remove slot command. The undo remove slot command is unnecessary when
you remove a card, but insert it immediately.

For the related command, see reboot, schedule reboot at, schedule reboot
delay, undo schedule reboot.

Example

Remove the interface card at slot 3.

<3Com>remove slot 3

reset alarm urgent Syntax

reset alarm urgent

View

User view

Parameter

None

Description

Using the reset alarm urgent command, you can clear all the stored alarms.
74 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Example

Clear the all the stored alarms.

<3Com> reset alarm urgent

reset slot Syntax

reset slot slot-number

View

User view

Parameter

slot-number: The number of the slot to be reset.

Description

Using the reset slot command, you can reset the device in a specified slot.

Example

Reset the device in slot 3.

<3Com> reset slot 3

schedule reboot at Syntax


schedule reboot at hh:mm [ yyyy/mm/dd ]

View

User view

Parameter

hh:mm: Reboot time of the router, in the format of "hour: minute" The hh ranges
from 0 to 23, and the mm ranges from 0 to 59.

yyyy/mm/dd: Reboot date of the router, in the format of "year/month/day. The


yyyy ranges from 2000 to 2099, the mm ranges from 1 to 12, and the value of dd
is related to the specific month.

Description

Using the schedule reboot at command, you can enable the timing reboot
function of the router and set the specific reboot time and date.

By default, the timing reboot router function is disabled.

If the schedule reboot at command sets specified date parameters, which


represents a data in the future, the router will be restarted in specified time, with
error not more than 1 minute.
System Operating Management Commands 75

If no specified date parameters are configured, two cases are involved; if the
configured time is after the current time, then the router will be restarted at the
time point of that day, or if the configured time is before the current time, the
router will be restarted at the time point of the next day.

It should be noted that the configured date should not exceed the current date
more than 30 days. In addition, after the command is configured, the system will
prompt you to input confirmation information. Only after the "Y" or the "y" is
entered can the configuration be valid. If there is related configuration before, it
will be covered directly.

Moreover, after the schedule reboot at command is configured and the system
time is adjusted by the clock command, the former configured schedule reboot at
parameter will go invalid.

For the related command, see reboot, schedule reboot delay, undo schedule
reboot, display schedule reboot.

Example

Set the router to be restarted at 22:00 that night (the current time is 15:50).

<3Com> schedule reboot at 22:00


Reboot scheduled for 22:00:00 UTC 2002/11/18 (in 6 hours and 10 minutes)
Proceed with reboot? [Y/N]:y

schedule reboot delay Syntax


schedule reboot delay { hhh:mm | mmm }

View

User view

Parameter

hhh:mm: Waiting time for rebooting a router, in the format of "hour: minute" The
hhh ranges from 0 to 720, and the mm ranges from 0 to 59.

mmm: Waiting delay for rebooting a router, in the format of "absolute minutes" .
Ranging from 0 to 43200,

Description

Using the schedule reboot delay command, you can enable the timing reboot
router function and set the waiting time.

By default, the timing reboot router function is disabled.

Two formats can be used to set the waiting delay of timing reboot router, the
format of "hour: minute" and the format of "absolute minutes". But the total
minutes should be no more than 30×24×60 minutes, or 30 days.

After this command is configured, the system will prompt you to input
confirmation information. Only after the "Y" or the "y" is entered can the
76 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

configuration be valid. If there is related configuration before, it will be covered


directly.

Moreover, after the schedule reboot at command is configured, and the system
time is adjusted by the clock command, the original schedule reboot at parameter
will become invalid.

For the related command, see reboot, schedule reboot at, undo schedule
reboot, display schedule reboot.

Example

Configure the router to be restarted after 88 minutes (the current time is 21:32).

<3Com> schedule reboot delay 88


Reboot scheduled for 23:00:00 UTC 2002/11/1 (in 1 hours and 28 minutes)
Proceed with reboot? [Y/N]:y

upgrade Syntax

upgrade [ bootrom | pico-code] filename

View

System view

Parameter

bootrom: Upgrades the BootROM on line .

pico-code: Upgrades the pico-code on line.

filename: The file name of the upgrade software package to be used.

Description

Using the upgrade command, you can upgrade the BootRom program,
pico-code or the logic.

Example

Upgrade the pico-code on line, given the file name of the upgrade software
package is filename.

[3Com] upgrade pico-code filename

undo schedule reboot Syntax

undo schedule reboot

View

User view
Lock-Down Commands 77

Parameter

None

Description

Using the undo schedule reboot command, you can cancel the parameter
configuration of the schedule reboot terminal service.

For the related command, see reboot, schedule reboot at, schedule reboot
delay, display schedule reboot.

Example

Cancel the timing reboot router function.

<3Com> undo schedule reboot

Lock-Down
Commands

display configure-user Syntax


display configure-user

View
Any view

Parameter
None

Description
Using the display configure-user command, you can view information about the
user who is currently authorized to configure the equipment.
Users can configure the same equipment through the Console port, the AUX port,
the VTY interface (in cases such as Telnet and SSH) and others. If configurations by
these various means are permitted to be conducted simultaneously, the
configuration of one user is liable to overwrite others' configuration. For this
reason, the VRP requires that only one user should have right to modify
configurations of the equipment at a time. In other words, once a user is
performing configurations on the equipment, other users, including those with
higher priorities, are not permitted to configure the equipment at that very
moment, but rather wait till the user currently conducting the configurations
quitting or timed out of the system.

Example

Display information about the user who is currently authorized to configure the
equipment.

<3Com> display configure-user


78 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

If the adopted authentication does not require a username, the actual display shall
be:

The information of current configuration user:

UI Delay Type Ipaddress Username


34 VTY 0 00:00:04 TEL 10.153.17.100

If the login authentication otherwise requires a username, the actual display shall
be:

The information of current configuration user:

UI Delay Type Ipaddress Username


34 VTY 0 00:00:05 TEL 10.153.17.100 test

File Management
Commands

File System Commands Syntax

cd directory

View

User view

Parameter

directory: Name of destination directory.

Description

Using the cd command, you can modify the current operating path of the router
to the specified directory.

By default, the flash memory is the operating path set when the router starts.

Example

Modify the current operating path of the router to test.

<3Com> cd test
<3Com> pwd
flash:/test

clear Syntax

clear filename

View

User view
File Management Commands 79

Parameter

filename: Name of file to be deleted.

Description

Using the clear command, you can delete all files from the recycle bin.

The wildcard “*” is available here. Using the delete command, you can only
move the target files into the recycle bin. If you want to remove them from the
recycle bin, you must use the clear command.

Example

Clear the recycle bin.

<3Com> clear flash:/p1h_logic.out


clear flash:/plh_logic.out?[Y/N]

copy Syntax
copy filename_source filename_dest

View

User view

Parameter

filename_source: Name of the source file.

filename_dest: Name of the destination file or directory.

Description

Using the copy command, you can copy a file.

If the name of the destination file is the same with an existing directory name, the
target file will be copied to the directory. If the name of the destination file is the
same with an existing file name, the user will be prompted whether the existing
file should be overwritten.

Example
<3Com>pwd
Slave#flash:
<3Com> dir
Directory of flash:/
-rwxrwxrwx 1 noone nogroup 4316742 Oct 10 2002 10:10:10 system
drwxrwxrwx 1 noone nogroup - Jan 01 2001 10:47:14 buckup
-rwxrwxrwx 1 noone nogroup 16 Jan 02 2001 08:53:52 private-data.t
-rwxrwxrwx 1 noone nogroup 625 Jan 02 2001 08:54:01 vrpcfg.txt
-rwxrwxrwx 1 noone nogroup 375 Jan 02 2001 08:53:13 config
-rwxrwxrwx 1 noone nogroup 524288 Jan 02 2001 11:47:39 bootromfull
7672832 bytes total (2295808 bytes free)

Copy the file from Flash to buckup..


80 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

<3Com> copy vrpcfg.txt buckup


Copy flash:/vrpcfg.txt to flash:/backup/vrpcfg.txt ?[Y/N]:y
% Copied file flash:/vrpcfg.txt to flash:/backup/vrpcfg.txt
<3Com> dir
Directory of flash:/backup/
-rwxrwxrwx 1 noone nogroup 625 Jan 02 2001 13:28:32 vrpcfg.txt
7672832 bytes total (2295808 bytes free)

delete Syntax

delete /unreserved filename

View

User view

Parameter

unreserved: Deletes the specified file unreservedly, and the deleted file can never
be restored.

filename: Name of the file to be deleted.

Description

Using the delete command, you can move the specified file, which can be
restored with the undelete command, to the recycle bin. If you want to delete it
from the recycle bin, you can use the reset recycle-bin filename command.

If you delete two files are in different directories but with the same filename, only
the last one will be stored in the recycle bin.

If the unreserved parameter is seleted using the delete command, the target file
cannot be restored.

The dir command does not display the information of deleted files. However, by
using the dir /all command, the information of all files under the directory,
including deleted files, will be displayed.

Example

Delete the file flash:/test/test.txt.

<3Com> delete flash:/test/test.txt


Delete flash:/test/test.txt?[Y/N]
<3Com>

dir Syntax
dir [ /all | /h ] [ filename ]

View

User view
File Management Commands 81

Parameter

/all: Displays all files (including the deleted files).

/h: Displays the information about the private files. This parameter is unavailable if
there is no storage device on the router.

filename: Name of the file or directory displayed.

Description

Using the dir command, you can display the information about the specified file
or directory in the router storage device.

By default, this command displays the file information under the current directory.

This command supports "*" wildcard.

The dir /all command can be used to display the information about all the files,
including the deleted files. The names of the deleted files are denoted with "[]",
for instance, [temp.cfg]. Such deleted files can be restored via the undelete
command. The reset recycle-bin command can be used to delete the file from
the recycle bin permanently.

The dir /h command can be used to display the information about the private file
under the current path. The attribute of the private file is represented by “---h”.

Example

Display the information about the file flash:/test/test.txt.

<3Com> dir flash:


Directory of flash:
-rwxrwxrwx 1 noone nogroup 4316742 Oct 10 2002 10:10:10
system
-rwxrwxrwx 1 noone nogroup 16 Jan 01 1970 00:00:57
private-data.t
xt
-rwxrwxrwx 1 noone nogroup 351 Jan 01 1970 00:01:03
vrpcfg.txt
7672832 bytes total (3351552 bytes free)

execute Syntax

execute filename

View

System view

Parameter

filename: Name of the batch file, ranging from 1 to 256, with a suffix of “.bat”.
82 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Description

Using the execute command, you can execute the specified batch file.

The batch command executes the command lines in the batch file one by one.
There should be no invisible character in the batch file. If invisible characters are
found, the batch command will quit the current execution without back off
operation. The batch command does not guarantee the execution of each
command, nor does it perform hot backup itself. The forms and contents of the
commands are not restricted in the batch file.

Example

Execute the batch file “test.bat” in the directory of “flash:/”.

[3Com] execute test.bat

file prompt Syntax


file prompt {alert | quiet }

View

System view

Parameter

alert: Enables interactive acknowledgement on the condition that data loss or


destruction may happen due to user operation (e.g., deleting a file.).

quiet: No prompt on the condition that data loss or destruction may happen due
to user operation (e.g., deleting a file.).

Description

Using the file prompt command, you can modify the prompt mode of file
operation of the router.

By default, the prompt mode is alert.

When the prompting mode of file operation is set to quiet, for the possible data
loss due to user operation (e.g., deleting a file), the system will have no prompt.

Example

Set the prompt mode of file operation to quiet.

[3Com] file prompt quiet


# Set the prompt mode of file operation to alert.
[3Com] file prompt alert

format Syntax

format device-name
File Management Commands 83

View

User view

Parameter

device-name: Device name.

Description

Using the format command, you can format the storage device.

Formatting will result in loss of all files on a specified storage device and these files
cannot be restored.

Example

Format flash.

<3Com> format flash:


All sectors will be erased, proceed? [Y/N]y
Format flash: completed

mkdir Syntax

mkdir directory

View

User view

Parameter

directory: Name of directory.

Description

Using the mkdir command, you can create a directory under the specified
directory in the specified storage device.

The name of the directory to be created cannot be the same with the names of
other directories or files under the specified directory.

Example

Create a directory dd.

<3Com> mkdir dd
Created dir flash:/dd.

more Syntax

more filename
84 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

View

User view

Parameter

filename: File name.

Description

Using the more command, you can display content of a specified file.

By default, the file system displays the file in the form of text, that is, the contents
of the file.

Example

Display the content of the file test.txt.

<3Com> more test.txt


AppWizard has created this test application for you.
This file contains a summary of what you will find in each of the files that make up your test
application.
Test.dsp
This file (the project file) contains information at the project level and is used to build a single
project or subproject. Other users can share the project (.dsp) file, but they should export the
makefiles locally.

move Syntax
move filename_source filename_dest

View

User view

Parameter

filename_source: Name of the source file.

filename_dest: Name of the destination file.

Description

Using the move command, you can move a file.

If the name of the target file has the same name as an existing directory, the target
file will be moved into the directory, with the same file name. If the name of the
destination file is the same with an existing file name, the user will be prompted
whether the existing file should be overwritten.

Example
<3Com> dir
Directory of *
0 -rw- 2145123 Jul 12 2001 12:28:08 ne80.bin
1 -rw- 595 Jul 12 2001 10:47:50 vrpcfg.txt
File Management Commands 85

2 drw- 0 Jul 12 2001 19:41:20 test


6477 KBytes total (2144 KBytes free)
<3Com> dir flash:/test/
Directory of flash:/test/
0 drw- - Jul 12 2001 20:23:37 subdir
1 -rw- 595 Jul 12 2001 20:13:19 vrpcfg.txt
2 -rw- 50 Jul 12 2001 20:08:32 sample.txt
6477 KBytes total (2144 KBytes free)
# Move the file flash:/test/sample.txt to flash:/sample.txt.
<3Com> move flash:/test/sample.txt flash:/sample.txt
Move flash:/test/sample.txt to flash:/sample.txt ?[Y/N]:y
% Moveded file flash:/test/sample.txt flash:/sample.txt
<3Com> dir
Directory of *
0 -rw- 2145123 Jul 12 2001 12:28:08 ne80.bin
1 -rw- 595 Jul 12 2001 10:47:50 vrpcfg.txt
2 drw- 0 Jul 12 2001 19:41:20 test
3 -rw- 50 Jul 12 2001 20:26:48 sample.txt
6477 KBytes total (2144 KBytes free)
<3Com> dir flash:/test/
Directory of flash:/test/
0 drw- - Jul 12 2001 20:23:37 subdir
1 -rw- 595 Jul 12 2001 20:13:19 vrpcfg.txt
6477 KBytes total (2144 KBytes free)

pwd Syntax

pwd

View

User view

Parameter

None

Description

Using the pwd command, you can display the current path.

If the current path has not been set, the operation will fail.

Example

Display the current path.

<3Com> pwd
flash:/test

rename Syntax

rename filename_source filename_dest

View

User view
86 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Parameter

filename_source: Name of the source file.

filename_dest: Name of the destination file.

Description

Using the rename command, you can rename a file.

If the name of the destination file is the same with the name of an existing
directory, the execution will fail. If the name of the destination file is the same with
an existing file, the operation will fail.

Example
<3Com> dir
Directory of *
0 -rw- 2145123 Jul 12 2001 12:28:08 ne.bin
1 -rw- 595 Jul 12 2001 10:47:50 vrpcfg.txt
2 drw- - Jul 12 2001 19:41:20 test
3 -rw- 50 Jul 12 2001 20:26:48 sample.txt
6477 KBytes total (2144 KBytes free)

Rename the file sample.txt to sample.bak.

<3Com> rename sample.txt sample.bak


Rename flash:/sample.txt to flash:/sample.bak ?[Y/N]:y
% Renamed file flash:/sample.txt flash:/sample.bak
<3Com> dir
Directory of *
0 -rw- 2145123 Jul 12 2001 12:28:08 ne.bin
1 -rw- 595 Jul 12 2001 10:47:50 vrpcfg.txt
2 drw- - Jul 12 2001 19:41:20 test
3 -rw- 50 Jul 12 2001 20:29:55 sample.bak
6477 KBytes total (2144 KBytes free)

reset recycle-bin Syntax


reset recycle-bin filename

View

User view

Parameter

filename: Name of the file to be deleted.

Description

Using the reset recycle-bin command, you can delete a file from the recycle bin
permanently.

This command supports "*" wildcard. The delete command only deletes a file to
the recycle bin directory. To delete a file permanently, use the reset recycle-bin
command.
File Management Commands 87

Example

Delete a file from the recycle bin.

<3Com> reset recycle-bin flash:/p1h_logic.out


reset flash:/plh_logic.out?[Y/N]

rmdir Syntax

rmdir directory

View

User view

Parameter

directory: Name of the directory.

Description

Using the rmdir command, you can delete a directory.

The directory to be deleted must be an empty one.

Example
<3Com>dir
Directory of *
0 drw- - Jul 12 2001 20:23:37 subdir
1 -rw- 595 Jul 12 2001 20:13:19 vrpcfg.txt
6477 KBytes total (2144 KBytes free)
# Display how to delete the directory subdir.
<3Com> rmdir subdir
Rmdir subdir?[Y/N]:y
% Removed directory subdir
<3Com> dir
Directory of *
0 -rw- 595 Jul 12 2001 20:13:19 vrpcfg.txt
6477 KBytes total (5944 KBytes free)

undelete Syntax

undelete filename

View

User view

Parameter

filename: Name of the file to be restored.

Description

Using the undelete command, you can restore a deleted file.


88 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

If the name of the file to be restored is the same as the name of an existing
directory, the execution will fail. If the name of this file is the same as that of an
existing file, the user will be prompted whether the existing file should be
overwritten.

Example
<3Com> dir /all
Directory of *
0 -rw- 595 Jul 12 2001 20:13:19 vrpcfg.txt
1 -rw- 50 Jul 12 2001 20:09:23 [sample.bak]
6477 KBytes total (2144 KBytes free)
# Restore the deleted file sample.bak.
<3Com> undelete sample.bak
Undelete flash:/test/sample.bak ?[Y/N]:y
% Undeleted file flash:/test/sample.bak
<3Com> dir /all
Directory of *
0 -rw- 50 Jul 12 2001 20:34:19 sample.bak
1 -rw- 595 Jul 12 2001 20:13:19 vrpcfg.txt
6477 KBytes total (2144 KBytes free)

FTP Server
Configuration
Commands

display ftp-server Syntax

display ftp-server

View

Any view

Parameter

None

Description

Using the display ftp-server command, you can display the parameters of the
current FTP server.

After the FTP parameters are configured, this command can be used to display the
configuration results.

Example

Display the FTP parameters configured.

<3Com> display ftp-server


Ftp server is running
Max user number5
User count2
Timeout(minute)30
FTP Server Configuration Commands 89

The information shown above indicates that the FTP server has started and can
support up to 5 log-on users simultaneously and now there are two log-on users
and the timeout of an FTP user is 30 minutes.

display ftp-user Syntax


display ftp-user

View

Any view

Parameter

None

Description

Using the display ftp-user command, you can display the parameters of the
current FTP user.

Example

Display the FTP user parameter configuration.

<3Com> display ftp-user


usernamehost porttopdiridle
3Com 10.110.3.51074c:/3Com2

The information shown above indicates that a connection between an FTP user
named 3Com and the FTP server has been established. the IP address of the
remote host is 10.110.3.5 and the remote port number is 1074. the authorization
directory is flash:/3Com and so far the user has not sent any service request to the
FTP server for 2 minutes.

ftp server enable Syntax


ftp server enable

undo ftp server

View

System view

Parameter

None

Description

Using the ftp server enable command, you can enable the FTP server and allow
the login of FTP users. Using the undo ftp server command, you can disable the
FTP server and the login of FTP users.

By default, the FTP server is off.


90 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Example

Disable the FTP server.

[3Com] undo ftp server

ftp timeout Syntax


ftp timeout minute

undo ftp timeout

View

System view

Parameter

minute: Connection timeout in minutes, in the range of 1 to 35791. By default,


the connection timeout is 30 minutes.

Description

Using the ftp timeout command, you can set the connection timeout. Using the
undo ftp timeout command, you can restore the default connection timeout.

Once the user logs on the FTP server, he establishes a connection with the FTP
server. If an abnormal disconnection occurs or the user abnormally disrupts the
connection, FTP server is not notified and thus the connection is still on. To avoid
such a problem, the connection timeout should be set. If no command interaction
is conducted during this period, FTP will regard the connection failed and disrupt
the connection.

Example

Set the connection timeout to 36 minutes.

[3Com] ftp timeout 36

ftp update Syntax


ftp update { fast | normal }

undo ftp update{ fast | normal }

View

System view

Parameter

fast: Fast upgrading mode.

normal: Normal upgrading mode.


FTP client module commands 91

Description

Using the ftp update command, you can set the upgrading mode. Using the
undo ftp update command, you can restore the default upgrading mode.

By default, the FTP update is in fast mode.

The FTP server updates the data of files in its flash memory in two modes, normal
and fast. When receiving files transfered by the user using the FTP command PUT.
Each of the two modes is demonstrated respectively as follows:

Fast mode: The FTP server writes the data to the flash memory after the
completion of the file transfer. This can safeguard that the files in the flash
memory of the Router will not be damaged even on abnormal occasions such as
power failure.

Normal mode: The FTP server writes the data to the flash memory during the file
transfer. This means that the occurence of some abnormal conditions such as
power failure might cause the damage of the files in the flash memory of the
Router. But the normal updating mode consumes fewer memmory.

Example

Set the FTP update mode to normal.

[Router] ftp update normal

FTP client module


commands

ascii Syntax
ascii

View

FTP client view

Parameter

None

Description

Using the ascii command, you can set the transmission data type to ASCII.

By default, the data type is set to ASCII.

Example

Set the transmission data type to ASCII.

[ftp] ascii
200 Type set to A.
92 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

binary Syntax

binary

View

FTP client view

Parameter

None

Description

Using the binary command, you can set file type to support binary files
transmission.

Example

Set file type to support binary files transmission.

[ftp] binary
200 Type set to B.

bye Syntax

bye

View

FTP client view

Parameter

None

Description

Using the bye command, you can disconnect with remote FTP server and exit to
user view.

Example

Terminate the connection with remote FTP server and exit to user view.

[ftp] bye
<3Com>

cd Syntax

cd pathname

View

FTP client view


FTP client module commands 93

Parameter

pathname: Path name.

Description

Using the cd command, you can change the operating path on remote FTP server.

This command can be used to access another directory on FTP server.

Example

Change the operating path to d:/temp.

[ftp] cd d:/temp

cdup Syntax
cdup

View

FTP client view

Parameter

None

Description

Using the cdup command, you can change the operating path to the upper
directory.

This command is used to exit current directory and return to an upper directory.

Example

Change the operating path to an upper directory.

[ftp] cdup

close Syntax
close

View

FTP client view

Parameter

None

Description

Using the close command, you can terminate the connection with remote FTP
server, but remain in FTP client view.
94 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

This command will terminate both control connection and data connection with
the remote FTP server simultaneously.

Example

Terminate the connection with the remote FTP server and still keep in FTP client
view.

[ftp] close
[ftp]

debugging Syntax
debugging

undo debugging

View

FTP client view

Parameter

None

Description

Using the debugging command, you can enable the debugging. Using the undo
debugging command, you can disable the debugging.

By default, the debugging of FTP client commands is disabled.

Example

Enable the debugging.

[ftp] debugging

delete Syntax

delete remotefile

View

FTP client view

Parameter

remotefile: File name.

Description

Using the delete command, you can delete a specified file.

Example

Delete temp.c.
FTP client module commands 95

[ftp] delete temp.c

dir Syntax
dir [ filename ] [ localfile ]

View

FTP client view

Parameter

filename: File name queried.

localfile: Local file name saved.

Description

Using the dir command, you can query a specified file.

This command displays all the files under the directory or the file queried.

Example

Query temp.c and save the query result in temp1.

[ftp] dir temp.c temp1

disconnect Syntax
disconnect

View

FTP client view

Parameter

None

Description

Using the disconnect command, you can terminate the connection with the
remote FTP server and still keep in FTP client view.

This command will terminate both control connection and data connection with
the remote FTP server.

Example

Terminate the connection with the remote FTP server and still keep in FTP client
view.

[ftp] disconnect
[ftp]
96 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

ftp Syntax
ftp [host [ port ] ]

View

User view

Parameter

host: IP address or hostname of the remote FTP server.

port: Port number of the remote FTP server.

Description

Using the ftp command, you can establish control connection with the remote FTP
server and enter FTP client view.

Example

Connect to the remote FTP server with the IP address of 1.1.1.1.

<3Com> ftp 1.1.1.1

get Syntax
get remotefile [ localfile ]

View

FTP client view

Parameter

localfile: Local file name.

remotefile: File name on the remote FTP server.

Description

Using the get command, you can download remote files and save them locally.

By default, if the local file name is not specified, this command will consider that it
is the same with that of the file on the remote FTP server.

Example

Download temp1.c and save it as temp.c.

[ftp] get temp1.c temp.c

lcd Syntax

lcd
FTP client module commands 97

View

FTP client view

Parameter

None

Description

Using the lcd command, you can get the local operating path of FTP client.

Example

Display local operating path.

[ftp] lcd
% Local directory now flash:

ls Syntax
ls [ remotefile ] [ localfile ]

View

FTP client view

Parameter

remotefile: Remote file queried.

localfile: Local file name saved.

Description

Using the ls command, you can query a specified file.

By default, all the files will be displayed when there is no parameter.

Example

Query temp.c.

[ftp] ls temp.c

mkdir Syntax

mkdir pathname

View

FTP client view

Parameter

pathname: Directory name.


98 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Description

Using the mkdir command, you can establish a directory at the remote FTP server.

Example

Establish test directory at the remote FTP server.

[ftp] mkdir test

open Syntax
open ipaddr [ port ]

View

FTP client view

Parameter

ipaddr: IP address of the remote FTP server.

port: Port number of the remote FTP server.

Description

Using the open command, you can establish control connection with the remote
FTP server.

Example

Establish FTP connection with the FTP server of the host 10.110.3.1.

[ftp] open 10.110.3.1

passive Syntax
passive

undo passive

View

FTP client view

Parameter

None

Description

Using the passive command, you can set data transmission mode to passive
mode. Using the undo passive command, you can set data transmission mode to
active mode.

By default, the transmission mode is passive.


FTP client module commands 99

Example

Set data transmission mode to passive mode.

[ftp] passive

put Syntax
put localfile [ remotefile ]

View

FTP client view

Parameter

localfile: Local file name.

remotefile: File name on the remote FTP server.

Description

Using the put command, you can upload a local file to the remote FTP server.

If no file name on the remote server is specified, this command will consider that it
is the same with that of the local file.

Example

Upload local file temp.c to the remote FTP server and save it as temp1.c.

[ftp] put temp.c temp1.c

pwd Syntax

pwd

View

FTP client view

Parameter

None

Description

Using the pwd command, you can display the working directory on the remote
FTP server.

Example

Display the working directory on the remote FTP server.

[ftp] pwd
"d:/temp" is current directory.
100 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

quit Syntax
quit

View

FTP client view

Parameter

None

Description

Using the quit command, you can terminate the connection with the remote FTP
server and exit to user view.

Example

Terminate the connection with the remote FTP server and exit to user view.

[ftp] quit
<3Com>

remotehelp Syntax
remotehelp [ protocol-command ]

View

FTP client view

Parameter

protocol-command: FTP command.

Description

Using the remotehelp command, you can display the help of FTP command.

Example

Display the syntax of the command user.

[ftp] remotehelp user


214 Syntax: USER <sp> <username>

rmdir Syntax
rmdir pathname

View

FTP client view


FTP client module commands 101

Parameter

pathname: Directory name on the remote FTP server.

Description

Using the rmdir command, you can delete a specified directory on FTP server.

Example

Delete d:/temp1 directory on FTP server.

[ftp] rmdir d:/temp1

user Syntax
user username [ password ]

View

FTP client view

Parameter

username: Logon user name.

password: Logon password.

Description

Using the user command, you can register FTP user.

Example

Log on FTP server with the user name tom and the password bjhw.

[ftp] user tom bjhw

verbose Syntax
verbose

undo verbose

View

FTP client view

Parameter

None

Description

Using the verbose command, you can enable the verbose function to view
information from FTP server. Using the undo verbose command, you can disable
the verbose function.
102 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

By default, it is disabled.

Example

Enable the verbose function.

[ftp] verbose

TFTP Configuration
Commands

tftp Syntax
tftp ip_address { get | put } source-filename [ destination-filename ]

View

User view

Parameter

p_address: IP address of TFTP server.

source-filename: Source file name.

destination-filename: Destination file name.

get: Downloads files.

put: Uploads files.

Description

Using the tftp command, you can upload files to a TFTP server or downloads files
to the local.

For related command, see tftp-server acl.

Example

Download the file vrpcfg.txt in the root directory of the TFTP server at 1.1.254.2
to the local hardware and save it as vrpcfg.bak.

<3Com> tftp 1.1.254.2 get vrpcfg.txt flash:/vrpcfg.bak

Upload the file vrpcfg.txt stored in the root directory of the flash onto the default
directory on the TFTP server at 1.1.254.2 and save the file on the server as
vrpcfg.bak.

<3Com> tftp 1.1.254.2 put flash:/vrpcfg.txt vrpcfg.bak

tftp-server acl Syntax

tftp-server acl acl-number


Configuration Files Management Commands 103

View

System view

Parameter

acl-number: IP ACL number in the range of 1 to 99.

Description

Using the tftp-server acl command, you can set the number of ACL permitting
the access to a TFTP server.

For related command, see tftp.

Example

Set the number of ACL permitting the access to the TFTP Server to 1.

[3Com] tftp-server acl 1

Configuration Files
Management
Commands

display Syntax
current-configuration
display current-configuration [ controller | interface interface-type [ interface-number ]
| configuration [ rip | ospf | bgp | post-config | system | user-interface ] ] [ | [begin |
include | exclude ] string ]

View

Any view

Parameter

controller: Displays the configuration of controller.

interface: Displays the configuration of the interface.

interface-type: Interface type.

interface-number: Interface number

configuration: Displays the specified configurations.

rip: Displays the RIP configuration.

ospf: Displays the OSPF configuration.

bgp: Displays the BGP configuration.

post-system: Displays the greeting message configuration.

system: Displays the system configuration.


104 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

user-interface: Displays the user interface configuration.

|: Uses regular expression to filter the router configurations.

begin: Displays the configurations beginning with the specified characters (string).

include: Displays the configurations including the specified characters (string).

exclude: Displays the configurations excluding the specified characters (string).

string: Characters of the regular expression.

Description

Using the display current-configuration command, you can display the current
configurations of router.

The current configuration parameters that take the default values will not be
displayed.

After finishing a set of configurations, the user can execute the display
current-configuration command to view the currently effective parameters for
the purpose of verifying the correctness of the configurations. Some parameters
that the user has configured will not be displayed if their functions have not
become valid yet. For example, the user can configure PPP parameters on an
interface encapsulated with X.25 at the link layer, but he will not be able to see
the PPP configuration information on the interface after executing the display
current-configuration command.

For related commands, see save, reset saved-configuration, and display


saved-configuration.

Example

Display the currently effective configuration parameters of the router.

<3Com> display current-configuration


sysname R1760
super password level 3 simple 123456
tcp window 8
#
undo multicast igmp-all-enable
#
interface Aux0
link-protocol ppp
#
interface Ethernet0/0/0
#
interface Serial0/0/0
link-protocol ppp
#
interface NULL0
#
bgp 15535
undo synchronization
Configuration Files Management Commands 105

#
#
ospf 2 router-id 1.1.1.1
#
rip
#
user-interface con 0
set authentication password simple 123456
history-command max-size 30
user-interface aux 0
user-interface vty 0 4
#
return

display Syntax
saved-configuration
display saved-configuration

View

Any view

Parameter

None

Description

Using the display saved-configuration command, you can display the saved
router configurations, that is, the configurations that the router will apply the next
time it is booted.

For related commands, see save, reset saved-configuration, and display


current-configuration.

Example

Display the router configuration file in the storage device.

<3Com> display saved-configuration


#
sysname 3Com
#
tcp window 8
#
undo multicast igmp-all-enable
#
controller E1 3/0/0
#
interface Aux0
link-protocol ppp
#
interface Ethernet0/0/0
#
interface Serial0/0
link-protocol ppp
#
106 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

interface NULL0
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return

display this Syntax


display this

View

Any view

Parameter

None

Description

Using the display this command, you can display the current configurations
under this view.

Example

Display the current configuration of the view in question.

<3Com> display this


#
sysname 3Com
#
tcp window 8
#

reset Syntax
saved-configuration
reset saved-configuration

View

User view

Parameter

None

Description

Using the reset saved-configuration command, you can erase the saved router
configuration.

You are recommended to use this command only when necessary and under the
guidance of the support technician.
Configuration Files Management Commands 107

This command is likely to be used when:

A used router is applied to a new application environment and the existing


configuration file cannot meet the requirements of the new environment. In this
case, you need to erase the existing configuration file and reconfigure the router.

For related commands, see save, display current-configuration, display


saved-configuration.

Example

Erase the saved router configuration.

<3Com> reset saved-configuration


This will erase the configuration in the device.
The Router configurations will be erased to reconfigure!
Are you sure?[Y/N]y

save Syntax
save[file-name ]

View

User view

Parameter

file-name: Filename, whose extension must be cfg

Description

Using the save command, you can save the current configuration information into
the storage device.

After you finish a set of configurations and make their functions valid, you should
save the current configuration file into the storage device.

For related commands, see reset saved-configuration, display


current-configuration, and display saved-configuration.

Example

Save the current configuration information in the default storage device.

<3Com> save

upgrade Syntax
upgrade bootrom [ full ]

View

User view
108 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Parameter

bootrom: Upgrades the BootRom program.

full: Upgrades the entire BootRom.

Description

Using the upgrade command, you can upgrade the bootrom program.

3Com Routers support online BootROM upgrade. You can upgrade the BootROM
online by extracting the BootROM program from the upgrade software package
and writing it into the BootROM.

When executing this command, you should make sure that the upgrade software
package (named bootromfull) has existed in the root directory of the flash.

Example

Upgrade the BootROM program of R1760 Router, given that the upgrade
software package has been stored in the root directory of the flash and the file
name is “bootromfull”.

<3Com> upgrade bootrom full

User Interface
Configuration
Commands

acl Syntax
acl acl-number { inbound | outbound }

undo acl { inbound | outbound }

View

User interface view

Parameter

acl-number: Address access control list number.

inbound: Restricts incoming calls of a user interface.

outbound: Restricts outgoing calls of a user interface.

Description

Using the acl command, you can reference an ACL to restrict the rights of VTY
(Telnet or SSH) and other types of user interfaces in placing incoming and
outgoing calls. Using the undo acl command, you can remove the current
settings.

By default, there is no incoming or outgoing call barring.


User Interface Configuration Commands 109

acl-number can only be the basic ACL.

Example

Remove the restriction on Telnet outgoing calls.

[3Com-ui-vty0] undo acl outbound

authentication-mode Syntax
authentication-mode { local | password | scheme { list | default } }

authentication-mode none

View

User interface view

Parameter

local: Performs local database authentication.

password: Performs local password authentication.

scheme: Performs AAA authorization authentication.

default: Uses the default authentication parameter.

list: Uses the authentication list.

none: Performs no authentication.

Description

Using the authentication-mode command, you can set the mode that a user
interface uses to authenticate the login users. Using the authentication-mode
none command, you can set the authentication mode to none, that is, the login
users need not undergo authentication before they access the user interface.

By default, the authentication mode is set to password for the VTY user interface
and none for other user interfaces.

For related command, see set authentication password.

Example

Enable local password authentication.

[3Com-ui0] authentication-mode password

auto-execute command Syntax


auto-execute command command

undo auto-execute command


110 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

View

User interface view

Parameter

command: Command to be automatically executed.

Description

Using the auto-execute command command, you can set a command to be


automatically executed. Using the undo auto-execute command command, you
can disable the automatic execution of the command.

By default, command auto-execution is disabled.

You should be aware of the following constraints before using the auto-execute
command command:

■ CON does not support auto-execute command.


■ If there is only AUX but no CON on a router (AUX and CON shares the same
port), the AUX will not support auto-execute command as well.

These constraints do not apply to other types of user interfaces.

When a user logs on, some command configured using auto-execute command
on the terminal will automatically be executed. The user connection will be
disconnected automatically once the execution of the command is finished.

A common approach is to configure the Telnet command using the


auto-execute command command on the terminal so that the user may
automatically connect to the specified host.

You should use this command with caution because it will probably make you
unable to make the regular system configurations via this user interface.

CAUTION: Before configuring the auto-execute co mmand command and saving


the configuration (by executing the save command), you should make sure that
you can access the system to remove the configuration by other means.

Example

Execute the telnet 10.110.100.1 command automatically after the user logs on
from the AUX interface.

[3Com-ui-aux0] auto-execute command telnet 10.110.100.1

databits Syntax
databits { 5 | 6 | 7 | 8 }

undo databits

View

User interface view


User Interface Configuration Commands 111

Parameter

5: Five data bits.

6: Six data bits.

7: Seven data bits.

8: Eight data bits.

Description

Using the databits command, you can set user interface data bit. Using the undo
databits command, you can restore the default data bit setting.

By default, data bit is set to 8.

The configuration can take effect only when the serial interface works in the
asynchronous flow mode.

Example

Set data bit to 5.

[3Com-ui-aux0] databits 5

debugging vty Syntax


debugging vty { fsm | negotiate }

undo debugging vty { fsm | negotiate }

View

User view

Parameter

fsm: Debugging of the Telnet state machine.

negotiate: Debugging of the VTY negotiation.

Description

Using the debugging vty command, you can enable the debugging of the VTY.
Using the undo debugging vty command you can disable the debugging of the
VTY protocol.

Example

Enable the debugging of the VTY negotiation.

<3Com> debugging vty negotiate

display user-interface Syntax


display user-interface [ type-name ] [ number ]
112 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

View

Any view

Parameter

type-name: Name of user interface type.

number: Number of user interface.

Description

Using the display user-interface command, you can display the details of user
interface.

Example

Display information of user interface 0.

<3Com> display user-interface 0


Idx Type Tx/Rx Modem Privi Auth
* 0 CON 0 9600 3 N
* : Current user-interface is active.
I : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
A: Authenticate use AAA.
L: Authenticate use local database.
N: Current user-interface need not authentication.
P: Authenticate use current UI's password.

display users Syntax


display users [ all ]

View

Any view

Parameter

all: Displays the information of all the user interface users.

Description

Using the display users command, you can display the login information of the
users on each user interface.

Example

Execute display users on the console.

<3Com> display users


UI Delay IPaddressUsername
* 0 CON 000:00:00
User Interface Configuration Commands 113

* 1 VTY 000:00:0910.110.101.39dd

Where,

*: Terminal line in use.

UI: The first number and the second number are respectively the absolute number
and relative number of user interface.

Username: Display the name of the user using this user-interface, namely the
username that the user uses for accessing. As AAA authentication is unavailable
yet, this item is null so far.

Delay: In minutes, it is the interval since the last input made by the user.

IP address: Displays the starting connection location, namely, IP address of the


call-in host.

flow-control Syntax
flow-control { hardware | software | none }

undo flow-control

View

User interface view

Parameter

none: No flow control.

software: Software flow control.

hardware: Hardware flow control , only be effective to AUX port.

Description

Using the flow-control command, you can configure flow control mode. Using
the undo flow-control command, you can restore the default flow control mode.

By default, none mode is used, that is, there is no flow control.

The configuration can become effective only when the involved serial interface
works in the asynchronous flow mode.

When system is outputting, pressing <Ctrl+s> will stop the screen output, and
<Ctrl+q> will resume the screen output.

Example

Configure software flow control in user interface view.

[3Com-ui-console0] flow-control software


114 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

free user-interface Syntax

free user-interface [type-name] number

View

User view

Parameter

type-name: User interface type.

number: Absolute/Relative user interface number.

Description

Using the free user-interface number command, you can clear the user
interface with the number defined by the parameter number. Using the free
user-interface type-name number command, you can clear the user interface
with the number defined by number in the user interfaces of the type defined by
type-name.

Example

Clear user-interface 0.

<3Com> free user-interface 0

history-command Syntax
max-size
history-command max-size size-value

undo history-command max-size

View

User interface view

Parameter

size-value: History buffer size, which is in the range of 0 to 256 and defaults to 10,
that is, up to ten history commands can be stored.

Description

Using the history-command max-size command, you can set the history
command buffer size. Using the undo history-command max-size command,
you can restore the default history command buffer size.

Example

Set size of the history command buffer to 20.

[3Com-ui-console0] history-command max-size 20


User Interface Configuration Commands 115

idle-timeout Syntax
idle-timeout minutes [ seconds ]

undo idle-timeout

View

User interface view

Parameter

minutes: Number of minutes, in the range of 0 to 35791.

seconds: Number of seconds, in the range of 0 to 59.

Description

Using the idle-timeout command, you can set time interval for timed
disconnection. Using the undo idle-timeout command, you can restore the
default time value of timed disconnection.

The time interval for timed disconnection defaults to ten minutes.

Setting the time value to 0 will disable the timed disconnection, in which case a
connection will not be cut off upon the expiration of preset time interval..

Example
Set the time interval for timed disconnection to one minute and 30 seconds.
[3Com-ui-console0] idle-timeout 1 30

modem Syntax
modem [ call-in | both ]

undo modem [ call-in | both ]

View

User interface view

Parameter

call-in: Allows incoming calls.

both: Allows both incoming and outgoing calls.

Description

Using the modem command, you can set the incoming/outgoing call attributes
with Modem. Using the undo modem command, you can disable incoming and
outgoing calls.

By default, both incoming and outgoing calls are allowed.


116 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

When executed without any parameters, the modem command enables both
incoming and outgoing calls.

When executed without any parameters, the undo modem command disables
both incoming and outgoing calls.

This command is only available for the AUX interface and other asynchronous
interface, but not for Console port.

Example

Set Modem dialup at asynchronous serial ports.

[3Com-ui-tty] modem

modem auto-answer Syntax


modem auto-answer

undo modem auto-answer

View

User interface view

Parameter

None

Description

Using the modem auto-answer command, you can set the answering mode to
auto-answer. Using the undo modem auto-answer command, you can set the
answering mode to manual answer.

By default, the answering mode is manual answer.

This command is valid for the AUX interface and other asynchronous interfaces
but not for the console interface.

When taking the modem dial-up connection approach, the user should first set
the modem parameters on the involved user interface.

Example

Set the answering mode to auto-answer.

[3Com-ui-aux0] modem auto-answer

modem timer answer Syntax


modem timer answer seconds

undo modem timer answer


User Interface Configuration Commands 117

View

User interface view

Parameter

seconds: Timeout time in the range of 1 to 60 seconds.

Description

Using the modem timer answer command, you can set the timeout time waiting
for the carrier signal after the off-hook action for setting up an inbound
connection. Using the undo modem timer answer command, you can restore
the default waiting timeout time.

The waiting timeout time defaults to 30 seconds.

This command is valid for the AUX interface and other asynchronous interfaces
but not for the console interface.

Example

None

parity Syntax
parity { none | even | odd | mark | space }

undo parity

View

User interface view

Parameter

none: Implements no check.

even: Implements even parity check.

odd: Implements odd parity check.

mark: Implements mark check.

space: Implements space check.

Description

Using the parity command, you can set the check bit of a user interface. Using
the undo parity command, you can restore the check mode of user interface to
none.

By default, no check is performed.

The configuration can become effective only when the involved serial interface
works in the asynchronous flow mode.
118 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Example

Set the transmission check bit on AUX interface to odd parity.

[3Com-ui-aux0] parity odd

redirect Syntax
redirect

undo redirect

View

User interface view

Parameter

None

Description

Using the redirect command, you can set the redirection function, which is only
valid for the AUX and TTY user interfaces, on an asynchronous port. Using the
undo redirect command, you can disable the rediction function on the involved
port.

By default, the system does not support redirection.

This command is only valid for the AUX and the TTY user interfaces. For example,
executing the redirect command on a TTY user interface will enable the
redirection function of the user interface.

For related commands, see telnet and display tcp status.

Example

Enable the redirection function of user interface TTY7.

[3Com-ui-tty7] redirect

screen-length Syntax
screen-length screen-length

undo screen-length

View

User interface view

Parameter

screen-length: Number of rows displayed in a screen in the event of split screen


display, which is in the range of 0 to 512.
User Interface Configuration Commands 119

Description
Using the screen-length command, you can set the number of rows displayed in
one screen at the terminal. Using the undo screen-length command, you can
restore the number of rows in a terminal screen to 24.

By default, the number of rows in one screen is 24.

screen-length 0 indicates to disable the split screen function.

Example
Set the number of rows in one screen of the terminal to 30.
[3Com-ui-console0] screen-length 30

send Syntax
send [ number | all | type-name number ]

View
User view

Parameter
all: Sends messages to all user interfaces.

type-name: Name of user interface type.

number: Absolute/Relative user interface number.

Description

Using the send command, you can transfer messages between user interfaces.

Using the send all command, you can send messages to all user-interfaces.

Using the send number command, you can send messages to the user interface
defined by specifying its number.

Using the send type-name number command, you can send messages to the
user interface of type-name with specified number.

Example

Send messages to the console user-interface.

<3Com> send con 0


Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
Hello,good morning!
Send message? [Y/N]

set authentication Syntax


password
set authentication password { simple | cipher } password

undo set authentication password


120 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

View

User interface view

Parameter

simple: Plain text password.

cipher: Encrypted password.

password: If password form is set to simple, the parameter password must be in


plain text. If the password form is set to cipher, the password can be either in
encrypted text or in plain text depending on what has been input. A plain-text
password can be a string of no more than 16 consecutive characters, 1234567 for
example. An encrypted password, however, must be of 24 characters in length
and must be in ciphertext, _(TT8F]Y\5SQ=^Q`MAF4<1!! for example.

Description

Using the set authentication password command, you can set a local
authentication password. Using the undo set authentication password
command, you can remove the local authentication password.

Regardless of whether the password format is set to plain text or ciphertext, a user
must input plain text password during the authentication.

When configuring a password, you must specify its format to simple or cipher. If
the former has been specified, the password saved in the configuration file will be
in plain text. If the latter is specified, however, the password will be displayed in
ciphertext regardless of whether the password you enter is a simple password of 1
to 16 bytes or an encrypted password of 24 bytes.

By default, Telnet users are required to undergo login password authentication


(which can be set by using the authentication-mode password command). If
no password has been configured, the following information will be displayed:

■ password required, but none set

For related command, see authentication-mode.

Example

Set the local authentication password for the user interfaces vtys 0 to 4 to
"3Com".

[3Com-ui-vty0-4] authentication-mode password


[3Com-ui-vty0-4] set authentication password simple 3Com

shell Syntax
shell

undo shell
User Interface Configuration Commands 121

View

User interface view

Parameter

None

Description

Using the shell command, you can enable terminal services on a user interface.
Using the undo shell command, you can remove the current setting.

By default, the terminal services are enabled on all the user interfaces.

Some constraints are put on the undo shell command. First, CON does not
support this command. Second, if there is only AUX but no CON on a router (AUX
and CON shares the same port), the AUX will not support this command as well.
These constraints do not apply to other types of user interfaces.

Example

Disable terminal services on the virtual terminals (VTYs) 0 to 4.

[3Com] user-interface vty 0 4


[3Com-ui-vty0-4] undo shell

The following information will be displayed for a login Telnet terminal:

% connection refused by remote host!

speed Syntax
speed speed-value

undo speed

View

User interface view

Parameter

speed-value: Transmission rate in bps.

Description

Using the speed command, you can set the transmission rate of a user interface.
Using the undo speed command, you can restore the default transmission rate of
the user interface.

By default, the transmission rate is 9600bps.

Only when the serial interface works in asynchronous flow mode will the
configuration be effective.

The transmission rates supported by asynchronous serial interfaces include:


122 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

■ 300bps
■ 600bps
■ 1200bps
■ 4800bps
■ 9600bps
■ 19200bps
■ 38400bps
■ 57600bps
■ 115200bps

Example

Set the transmission rate of the user interface to 19200bps.

[3Com-ui-vty0] speed 19200

stopbits Syntax
stopbits { 1.5 | 1 | 2 }

undo stopbits

View

User interface view

Parameter

1.5: Sets the stop bit to 1.5.

1: Sets the stop bit to 1.

2: Sets the stop bit to 2.

Description

Using the stopbits command, you can set the stop bit of a user interface. Using
the undo stopbits command, you can restore the default stop bit of the user
interface.

By default, the stop bit is set to 1.

Only when the serial interface works in asynchronous flow mode will the
configuration be effective.

Example

Set the stop bit to 1.5.

[3Com-ui-vty0] stopbits 1.5


User Interface Configuration Commands 123

user privilege Syntax


user privilege level level

undo user privilege level

View

User interface view

Parameter

level: Command level in the range of 0 to 3.

Description

Using the user privilege command, you can configure the command accessing
level commensurate with the users accessing the system from the current user
interface. Using the undo user privilege command, you can disable the current
setting.

By default, the default command accessing levels of CON user interface and other
user interfaces have been set to 3 and 0.

If the command accessing level assigned to a user interface conflicts with the
precedence level assigned to the used username in the granted rights, the rights
commensurate with the username will be preferred. For example, the precedence
of the user 007 allows 007 to access level-3 commands and the privilege level
assigned to the user interface VTY 0 only allows the login users to access level-2
commands. If 007 accesses the system from VTY0 in this case, it will be able to
access the commands of level-3 and lower levels.

Example

Assign the users accessing the system from the user interface with the privilege
allowing them to access level-2 commands.

[3Com-ui-vty0] user privilege level 2

After the user accesses the router from vty 0 via Telnet, the terminal will display:

<3Com>

user-interface Syntax
user-interface [ type-keyword ] user-interface-number [ ending-user-interface-number ]

View

System view

Parameter

type-keyword: Type name of user-interface.

user-interface-number: The first user-interface to be configured.


124 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

ending- user-interface-number: The last user-interface to be configured.

Description

Using the user-interface command, you can enter the single-user interface view
or multi-user interface view.

Example

Enter the user-interface console 0 view to configure console 0.

[3Com] user-interface console 0


[3Com-ui-console0]

Enter the user-interface vty 0 view to configure vty 0.

[3Com] user-interface vty 0


[3Com-ui-vty0]

Enter the user-interface vty view to configure user-interfaces vtys 0 through 3.

[3Com] user-interface vty 0 3


[3Com-ui-vty0-3]

enter the user-interface view to configure user-interfaces 0 through 4, including


of console port type, of AUX interface type and of VTY interface type. The user
interface types will be configured depending on the configuration interface
available on the router.

The following example configures one console user interface and three VTY user
interfaces, which may be right for the case where the router does not provide the
AUX interface.

[3Com] user-interface 0 3
[3Com-ui0-3]

debugging Syntax
ntp-service
debugging ntp-service { access | adjustment | authentication | event | filter | packet |
parameter | refclock | selection | synchronization | validity | all }

undo debugging ntp-service { access | adjustment | authentication | event | filter |


packet | parameter | refclock | selection | synchronization | validity | all }

View

User view

Parameter

access: NTP access control debugging.

adjustment: NTP clock adjustment debugging.

all: All the NTP information debugging.


debugging ntp-service 125

authentication: NTP identification authentication debugging.

event: NTP event debugging.

filter: NTP filter information debugging.

packet: NTP packet debugging.

parameter: NTP clock parameter debugging.

refclock: NTP reference clock debugging.

selection: NTP clock selection information debugging.

synchronization: NTP clock synchronous information debugging.

validity: Validity debugging of NTP remote host.

Description

Using the debugging ntp-service command, you can enable debugging of all
types of NTP service information. Using the undo debugging ntp-service
command, you can disable NTP service debugging.

By default, all the information debugging is disabled.

Example

Enable the ntp access control debugging.

<3Com> debugging ntp-service access

display ntp-service Syntax


sessions
display ntp-service sessions [ verbose ]

View

Any view

Parameter

verbose: Displays the detailed information of sessions.

Description

Using the display ntp-service sessions command, you can display the status of
all the sessions maintained by the local device ntp.

By default, the status of all the sessions maintained by the local device NTP is
displayed.

The command without parameter verbose will display the brief information of all
the sessions maintained by the local device NTP.
126 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

The command with parameter verbose will display the detailed information of all
the sessions maintained by the local device NTP.

Example

Display the brief information of all the sessions maintained by the local device NTP

<3Com> display ntp-service sessions


sourcerefidstnowpollreachdelayoffsetdis
******************************************************************
[12345]1.0.1.11LOCAL(0)316437726.1199.539.7
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

display ntp-service Syntax


status
display ntp-service status

View

Any view

Parameter

None

Description

Using the display ntp-service status command, you can display the state
information of the NTP service.

Example
<3Com> display ntp-service status
clock status: unsynchronized
clock stratum: 16
reference clock ID: none
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)

Description of the display information is shown in the following table.


Table 3 Stating information of the NTP service

Display information Description


synchronized Indicate that the local system is synchronized to a remote
NTP server or a clock source
unsynchronized Indicate that the local system is not synchronized to any
remote NTP server
stratum The NTP stratum of the local system
debugging ntp-service 127

Table 3 Stating information of the NTP service

Display information Description


reference If the local system has been synchronized to a remote NTP
server or a clock source, it indicates the address of the
remote server or clock source ID
nominal freq Nominal frequency of the hardware clock of the local
system
actual freq Actual frequency of the hardware clock of the local system
precision Precision of the local system clock
reftime Reference timestamp
offset Offset of the NTP server relative to the local clock
root delay Overall delay from the local to the master reference clock
root disper Dispersion of the local master reference clock
peer disper Dispersion of the remote NTP server

display ntp-service Syntax


trace
display ntp-service trace [ X.X.X.X ]

View

Any view

Parameter

X.X.X.X: The IP address of the NTP server functioning as the reference clock
source.

Description

Using the display ntp-service trace command, you can display the summary
information of each NTP time server from the local device tracing to the reference
clock source.

This command is used to trace to the reference clock source from the local device
along the time synchronous NTP server chain and display the summary
information of each NTP server.

Example
<3Com> display ntp-service trace
server4: stratum 4, offset 0.0019529, synch distance 0.144135
server3: stratum 3, offset 0.0124263, synch distance 0.115784
server2: stratum 2, offset 0.0019298, synch distance 0.011993
server1: stratum 1, offset 0.0019298, synch distance 0.011993 refid 'GPS Reciever'

The above information displays the synchronous chain of server4. It indicates that
server 4 can be synchronized to server 3, server 3 to server 2 and server 2 to server
1. Server 1 is synchronized from the reference clock source GPS Receiver.

ntp-service access Syntax


ntp-service access { query | synchronization | server | peer } acl-number
128 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

undo ntp-service access { query | synchronization | server | peer }

View

System view

Parameter

query: Query authority is limited.

synchronization: Only the server is permitted to access.

server: Allows the server to perform access and query.

peer: Absolute access.

acl-number: IP address access list number in the range of 1 to 99.

Description

Using the ntp-service access command, you can set the access control authority
of the local device services. Using the undo ntp-service access command, you
can remove the access control authority that has been set.

By default, there is no access authority.

This command is used to set the access authority of the NTP service of the local
device. A security approach of minimum authority is provided in this manual. The
more secure approach is to perform ID authentication. When there is an access
request, this command can be used to make the matches in sequence from
minimum access authority to the maximum authority. All matches are based on
the first match. The match order is peer, server, synchronization, query.

Example

Enable the peer in No.76 access list to perform time request, query control and
time synchronization on the local device.

[3Com] ntp-service access peer 76

Enable the peer in No.28 access list to perform time request, query control on the
local device.

[3Com] ntp-service access server 28

ntp-service Syntax
authentication enable
ntp-service authentication enable

undo ntp-service authentication enable

View

System view
debugging ntp-service 129

Parameter

None

Description

Using the ntp-service authentication enable command, you can set NTP-service
ID authentication. Using the undo ntp-service authentication enable
command, you can remove NTP-service ID authentication.

By default, no ID authentication is set.

Example

Enable NTP ID authentication.

[3Com] ntp-service authentication enable

ntp-service Syntax
authentication-keyid
ntp-service authentication-keyid number authentication-mode md5 value

undo ntp-service authentication-keyid number

View

System view

Parameter

number: Key number in the range of 1 to 4294967295.

value: Key itself that is represented with 1 to 32 ASCII characters.

Description

Using the ntp-service authentication-keyid command, you can set NTP


authentication key. Using the undo ntp-service authentication-keyid
command, you can remove NTP authentication key.

By default, no authentication key is set.

This command is used to set NTP authentication key, which only supports MD5
authentication.

Example

Set MD5 ID authentication key. The key ID number is 10 and the key is BetterKey.

[3Com] ntp-service authentication-keyid 10 authentication-mode md5 BetterKey

ntp-service Syntax
broadcast-client
ntp-service broadcast-client

undo ntp-service broadcast-client


130 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

View

Interface view

Parameter

None

Description

Using the ntp-service broadcast-client command, you can configure the NTP
broadcast client mode. Using the undo ntp-service broadcast-client command,
you can remove the NTP broadcast client mode.

By default, no NTP broadcast client service is configured.

This command is used to specify the local interface on the local device to receive
the NTP broadcast packets. The local device is run in client mode. It first listens
discreetly to the broadcast packets from the server. When the first broadcast
packet is received, the local device enables a short client/server mode to exchange
messages with the remote server in order to estimate network delay. Then it enters
the client mode to listen discreetly to the broadcast packets and synchronize the
local clock according to the coming broadcast packets.

Example

Enable the interface Ethernet 1/0/1 to receive NTP broadcast message.

[3Com] interface ethernet 1/0/1


[3Com-Ethernet1/0/1] ntp-service broadcast-client

ntp-service Syntax
broadcast-server
ntp-service broadcast-server [ authentication-keyid keyid | version number ] *

undo ntp-service broadcast-server

View

Interface view

Parameter

authentication-keyid: Defines the ID authentication key.

keyid: Key ID number used to transmit message to broadcast clients, which is in


the range of 1 to 4294967295.

version: Defines the NTP version number.

number: NTP version number in the range of 1 to 3.


debugging ntp-service 131

Description

Using the ntp-service broadcast-server command, you can configure NTP


broadcast server mode. Using the undo ntp-service broadcast-server
command, you can remove the NTP broadcast server mode.

By default, no broadcast service is configured and the version number is 3.

This command is used to specify an interface on the local device to transmit NTP
broadcast packets. The local device is run in broadcast-server mode, which acts as
the broadcast server to transmit broadcast messages periodically to the broadcast
clients.

Example

Enable Ethernet 1/0/0 to transmit NTP broadcast packets. No.4 key is used for
encryption and NTP version number is set to 3.

[3Com] interface ethernet 1/0/0


[3Com-Ethernet1/0/0] ntp-service broadcast-server authentication-key 4 version 3

ntp-service Syntax
max-dynamic-sessions
ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions

View

System view

Parameter

number: Number of sessions allowed to be established locally. It is in the range of


0 to (232-1).

Description

Using the ntp-service max-dynamic-sessions command, you can set the


number of sessions allowed to be established locally. Using the undo ntp-service
max-dynamic-sessions command, you can restore the default number of the
sessions.

By default, 100 sessions are allowed to be established.

Example

Set the number of sessions the local allows to establish to 50.

[3Com] ntp-service max-dynamic-sessions 50

ntp-service Syntax
multicast-client
ntp-service multicast-client [ X.X.X.X ]

undo ntp-service multicast-client [ X.X.X.X ]


132 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

View

Interface view

Parameter

X.X.X.X: Multicast IP address, which is a Class D address.

Description

Using the ntp-service multicast-client command, you can configure the NTP
multicast client mode. Using the undo ntp-service multicast-client command,
you can remove the NTP multicast client mode.

By default, no multicast client service is configured and the X.X.X.X is 224.0.1.1.

This command is used to specify an interface on the local device to receive the NTP
multicast packets. The local device is run in client mode. It first listens discreetly to
the multicast packets from the server. When the first multicast packet is received,
the local device enables a short client/server mode to exchange messages with the
remote server in order to estimate network delay. Then it enters the client
(multicast-client) mode to listen discreetly to the multicast packets and synchronize
the local clock according to the coming multicast packets.

Example

Configure Ethernet 1/0/0 to receive NTP multicast packets. The multicast address
corresponding to the multicast packets is 244.0.1.1.

[3Com] interface ethernet 1/0/0


[3Com-Ethernet1/0/0] ntp-service multicast-client 224.0.1.1

ntp-service Syntax
multicast-server
ntp-service multicast-server [ X.X.X.X ] [ authentication-keyid keyid | ttl ttl-number |
version number ] *

undo ntp-service multicast-server [ X.X.X.X ]

View

Interface view

Parameter

X.X.X.X: Multicast IP address, which is a Class D address. The default address is


224.0.1.1.

authentication-keyid: Defines the ID authentication key.

keyid: ID number used when transmitting messages to the multicast clients in the
range of 1 to 4294967295.

ttl: Defines the life span of the multicast packet.

ttl-number: Life span of the multicast packet in the range of 1 to 255.


debugging ntp-service 133

version: Defines the NTP version number.

number: NTP version number in the range of 1 to 3.

Description

Using the ntp-service multicast-server command, you can configure the NTP
multicast server mode. Using the undo ntp-service multicast-server command,
you can remove the NTP multicast server mode.

By default, no multicast service is configured, the IP address is 224.0.1.1 and the


version number is 3.

This command is used to specify an interface on the local device to transmit NTP
multicast packets. The local device is run in server (multicast-server) mode, which
acts as the multicast server to transmit multicast messages periodically to the
multicast clients.

Example

Configure Ethernet 1/0/0 to transmit NTP multicast messages. The multicast


address is 244.0.1.1, encrypted by No.4 key. The NTP version number is set to 3.

[3Com] interface ethernet 1/0/0


[3Com-Ethernet1/0/0] ntp-service multicast-server 224.0.1.1 authentication-keyid 4
version 3

ntp-service Syntax
refclock-master
ntp-service refclock-master [ X.X.X.X ] [ layers-number ]

undo ntp-service refclock-master [ X.X.X.X ]

View

System view

Parameter

X.X.X.X: IP address of the reference clock 127.127.t.u.

layers-number: Specifies the stratum of the local clock, which is in the range of 1
to 15.

Description

Using the ntp-service refclock-master command, you can set the external
reference clock or the local clock to be the NTP master clock. Using the undo
ntp-service refclock-master command, you can remove the setting of the NTP
master clock.

By default, the X.X.X.X is not specified and the stratum is 1.

Setting the external reference clock or the local clock to be the NTP master clock
provides other devices with synchronous time. The X.X.X.X is the IP address
127.127.t.u of the reference clock. When no IP address is specified, the local clock
134 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

is the NTP master clock by default. This command can be used to specify the
stratum of the NTP master clock.

Example

Set the local device to be the NTP master clock to provide synchronous time for
other peers. The stratum is set to 3.

[3Com] ntp-service refclock-master 3

ntp-service reliable Syntax


authentication-keyid
ntp-service reliable authentication-keyid number

undo ntp-service reliable authentication-keyid number

View

System view

Parameter

number: Key number in the range of 1 to 4294967295.

Description

Using the ntp-service reliable authentication-keyid command, you can specify


the key to be reliable. Using the undo ntp-service reliable
authentication-keyid command, you can remove the specified reliable key.

By default, no reliable authentication key is set.

If ID authentication is enabled, this command is used to specify that one or more


keys are reliable. That is, the client can only synchronize the server that provides
the reliable key. The client cannot synchronize the server that provides keys not
being reliable.

Example

Enable NTP ID authentication in MD5 encryption method. The key ID number is


37 and the key is BetterKey. The key is specified to be reliable.

[3Com] ntp-service authentication enable


[3Com] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey
[3Com] ntp-service reliable authentication-keyid 37

ntp-service Syntax
source-interface
ntp-service source-interface {interface-type interface-number }

undo ntp-service source-interface

View

System view
debugging ntp-service 135

Parameter

interface-type: Interface type, which determines an interface along with the


interface-number.

interface-number: Interface number, which determines an interface along with the


interface-type.

Description

Using the ntp-service source-interface command, you can specify the interface
for the local end to transmit NTP messages. Using the undo ntp-service
source-interface command, you can delete the interface for the local end to
transmit NTP messages.

The source IP address is determined by the output interface.

The source IP address is the specified one when specifying the local to transmit all
the NTP messages. The IP address is obtained from the specified interface. If the
user does not want the IP addresses on other interfaces to become the destination
address responding to the messages, this command can be used to specify one
interface to send all the NTP packets.

Example

Specify the source IP address of all the NTP output packets to use the IP address
on the interface Ethernet 1/0/0.

[3Com] ntp-service source-interface ethernet 1/0/0

ntp-service unicast-peer Syntax


ntp-service unicast-peer X.X.X.X [ version number | authentication-key keyid |
source-interface {interface-type interface-number } | priority ] *

undo ntp-service unicast-peer X.X.X.X

View

System view

Parameter

X.X.X.X: IP address of the remote server.

version: Defines the NTP version number.

number: NTP version number in the range of 1 to 3.

authentication-keyid: Defines ID authentication key.

keyid: Key ID number in the range of 1 to 4294967295, which is used when


transmitting messages to the remote server.

source-interface: Specifies the interface name.


136 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

interface-type: Interface type, which determines an interface along with the


interface-number.

interface-number: Interface number, which determines an interface along with the


interface-type. The source IP address for the NTP packets sent from the local end
to the peer is got from this interface.

priority: Specifies the server as the preferred one.

Description

Using the ntp-service unicast-peer command, you can configure the NTP peer
mode. Using the undo ntp-service unicast-peer command, you can remove the
NTP peer mode.

By default, the version number is 3, ID authentication is not supported and the


server is not the preferred one.

This command is used to set the remote server specified by the X.X.X.X as the peer
of the local device. The local device is run in symmetric active mode. The X.X.X.X is
a host address and cannot be the address of the broadcast, multicast, or reference
clock. In this configuration, the local device can be synchronized to the remote
server and the remote server can also be synchronized to the local server.

Example

Display the configuration that the peer 128.108.22.44 provides the synchronous
time for the local and the local peer can provide synchronous time for the peer.
The version number is 3. The IP address of the NTP packets is obtained from
Ethernet 1/0/0.

[3Com] ntp-service unicast-peer 128.108.22.44 version 3 source-interface ethernet 1/0/0

ntp-service Syntax
unicast-server
ntp-service unicast-server X.X.X.X [ version number | authentication-keyid keyid |
source-interface {interface-type interface-number } | priority ] *

undo ntp-service unicast-server X.X.X.X

View

System view

Parameter

X.X.X.X: IP address of the remote server.

version: Defines the NTP version number.

number: NTP version number in the range of 1 to 3.

authentication-keyid: Defines ID authentication key.

keyid: Key ID number in the range of 1 to 4294967295, which is used when


transmitting messages to the remote server.
SNMP Configuration Commands 137

source-interface: Specifies the interface name.

interface-type: Interface type, which determines an interface along with the


interface-number.

interface-number: Interface number, which determines an interface along with the


interface-type. The source IP address for the NTP packets sent from the local end
to the server is got from this interface.

priority: Specifies the server as the preferred one.

Description

Using the ntp-service unicast-server command, you can configure the NTP
server mode. Using the undo ntp-service unicast-server command, you can
remove the NTP server mode.

By default, the version number is 3, ID authentication is enabled and the server is


not the preferred one.

This command is used to set the remote server specified by the X.X.X.X as the
local time server. The X.X.X.X is a host address and cannot be the IP address of the
broadcast, multicast or reference clock. In this configuration, the local client device
can be synchronized to the remote server and the remote server cannot be
synchronized to the local client device.

Example

Configure the local device to be provided with the synchronous time by the server
128.108.22.44. The version number is 3.

[3Com] ntp-service unicast-server 128.108.22.44 version 3

SNMP Configuration
Commands

debugging snmp-agent Syntax


debugging snmp-agent { header | packet | process | trap }

undo debugging snmp-agent { header | packet | process | trap }

View

User view

Parameter

header: Enables the debugging of packet information header.

packet: Enables the packet debugging.

process: Enables the process debugging of SNMP packets.

trap: Enables the debugging of Trap packets.


138 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Description

Using the debugging snmp-agent command, you can enable the SNMP Agent
debugging and specify the debugging information of SNMP module. Using the
undo debugging snmp-agent command, you can remove the current settings.

By default, the SNMP Agent debugging is disabled.

Example

Enable the debugging of SNMP Agent packet information header.

<3Com> debugging snmp-agent header

display snmp-agent Syntax


display snmp-agent { local-engineid | remote-engineid }

View

Any view

Parameter

None

Description

Using the display snmp-agent command, you can display the SNMP engine ID of
local or remote device.

The SNMP engine is the only identification of the SNMP management, and it
uniquely identifies a SNMP entity in one management domain. The SNMP engine
is an important component of the SNMP entity, completing the functions of SNMP
messages such as message dispatching, message processing, security
authentication and access control.

Example

Display the engine ID of the local device.

<3Com> display snmp-agent local-engineid


SNMP local EngineID: 000007DB7F0000013859

in the above information:

SNMP local EngineID indicates the ID of the local SNMP engine.

display snmp-agent Syntax


community
display snmp-agent community [ read | write ]

View

Any view
SNMP Configuration Commands 139

Parameter

read: Displays the community name information with the read-only authority.

write: Displays the community name information with the authority of read and
write.

Description

Using the display snmp-agent community command, you can display the
currently configured community name of SNMPv1 or SNMPv2.

Example

Display the currently configured community name.

<3Com> display snmp-agent community


Community name:8040zlz
Group name:8040zlz
Storage-type: nonVolatile
Community name:8040core
Group name:8040core
Storage-type: nonVolatile

display snmp-agent Syntax


group
display snmp-agent group [ group-name ]

View

Any view

Parameter

group-name: Specifies the group name of the SNMP information to be displayed,


ranging 1 to 32 bytes.

Description

Using the display snmp-agent group command, you can display the group
information based on USM. Without parameters, the command displays the group
information corresponding to all the specified group names, including group
name, security mode, storage types on the router etc.

Example

Display the SNMP group name and security mode.

<3Com> display snmp-agent group


Group name: v3r2
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview :<no specified>
Storage-type: nonVolatile
140 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

The corresponding fields displayed above are described in the following table:
Table 4 Description of display snmp-agent group fields

Content Description
Groupname Name of SNMP group corresponding to the user
Readview Name of read-only MIB view corresponding to the group
Writeview Name of writable MIB view corresponding to the group
Notifyview Name of notifying MIB view corresponding to the group
Storage-type the type of storage type

display snmp-agent Syntax


mib-view
display snmp-agent mib-view [ exclude | include | viewname view-name ]

View

Any view

Parameter

exclude: Specifies to exclude the SNMP MIB view attributes displayed and set.

include: Specifies to include the SNMP MIB view attributes displayed and set.

viewname: Specifies the view name to be displayed.

Description

Using the display snmp-agent mib-view command, you can display the
currently configured MIB view.

Example

Display the currently configured MIB view.

<3Com> display snmp-agent mib-view


View name:ViewDefault
MIB Subtree:internet
Subtree mask:
Storage-type: nonVolatile
View Type:included
View status:active
View name:ViewDefault
MIB Subtree:snmpUsmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
SNMP Configuration Commands 141

MIB Subtree:snmpModules.18
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active

The following table describes the parameters displayed above.


Table 5 Description of display snmp-agent mib-view fields

Content Description
View name View name
MIB Subtree MIB subtree
Storage-type Storage type
ViewType: Included/excluded Indicate whether to enable or disable the access to a MIB
object
Active Indicate the state of lines in the list

CAUTION: When the SNMP Agent is disabled, "Snmp Agent disabled" will be
displayed for all the above display commands.

display snmp-agent Syntax


statistics
display snmp-agent statistics

View

Any view

Parameter

None

Description

Using the diplay snmp-agent statistics command, you can display the state and
statistics of SNMP.

Example

Check the statistics of SNMP communication.

<3Com> display snmp-agent statistics


0 Messages delivered to the SNMP entity
0 Messages which were for an unsupported version
0 Messages which used a SNMP community name not known
0 Messages which represented an illegal operation for the community supplied
0 ASN.1 or BER errors in the process of decoding
0 Messages passed from the SNMP entity
0 SNMP PDUs which had badValue error-status
0 SNMP PDUs which had genErr error-status
0 SNMP PDUs which had noSuchName error-status
0 SNMP PDUs which had tooBig error-status (Maximum packet size 500)
0 MIB objects retrieved successfully
0 MIB objects altered successfully
0 GetRequest-PDU accepted and processed
142 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

0 GetNextRequest-PDU accepted and processed


0 GetBulkRequest-PDU accepted and processed
0 GetResponse-PDU accepted and processed
0 SetRequest-PDU accepted and processed
0 Trap PDUs accepted and processed

The following table describes the fields displayed above:


Table 6 Description of diplay snmp-agent statistics fields

Content Description
Messages delivered to the SNMP entity Total number of input SNMP packets
Messages which were for an unsupported Number of packets with version errors
version
Messages which used an unknown Number of packets with community name
community name errors
Messages which represented an illegal Number of packets with authority errors
operation for the community supplied corresponding to community name
ASN.1 or BER errors in the process of Number of SNMP packets with encoding errors
decoding
MIB objects retrieved successfully Number of variables requested by NMS
MIB objects altered successfully Number of variables set by NMS
Get-request PDUs accepted and Number of get-request packets accepted and
processed processed (PDU: Protocol Data Unit)
Get-next PDUs accepted and processed Number of received packets that get next
requests
Set-request PDUs accepted and processed Number of received packets that set requests
Messages passed from the SNMP entity Total number of output SNMP packets
SNMP PDUs which had a tooBig error Number of SNMP packets with Too_big errors
(Maximum packet size 1500) Maximum SNMP packet size is 1500.
SNMP PDUs which had a noSuchName Number of packets with requests of
error non-existing MIB object
SNMP PDUs which had a badValue error Number of SNMP packets with Bad_values
errors
SNMP PDUs which had a general error Number of SNMP packets with General_errors
Response PDUs accepted and processed Number of response packets accepted and
processed
Trap PDUs accepted and processed Number of Trap packets accepted and
processed

display snmp-agent Syntax


sys-info
display snmp-agent sys-info [ contact | location | version ]*

View

Any view

Parameter

contact: Displays the contact information of the local device.

location: Displays the physical location information of the local device.


SNMP Configuration Commands 143

version: Displays the SNMP version running in the local agent.

Description

Using the display snmp-agent sys-info command, you can display the system
information of the local SNMP device.

Example

Display the system information.

<3Com> display snmp-agent sys-info

display snmp-agent Syntax


usm-user
display snmp-agent usm-user [ engineid engineid | username user-name | group
group-name ] *

View

Any view

Parameter

engineid: Displays the SNMPv3 user information of the specified engine ID.

engineid-string: Character string of the engine ID.

username: Displays the information of the specified SNMPv3 user.

user-name: User name, in the range of 1 to 32 bytes.

group: Displays the user information belonging to the related SNMP group.

group-name: Group name, in the range of 1 to 32 bytes.

Description

Using the display snmp-agent usm-user command, you can display the
information about SNMP users.

An SNMP user is the remote user who executes SNMP management operation.
The snmp-agent usm-user command is used to specify the SNMP user.

Example

Display the information about all the current users.

<3Com> display snmp-agent usm-user


User name: authuser
Engine ID: 8000007DB20000000C025808 active
144 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

The following table describes the corresponding fields displayed above.


Table 7 Description of display snmp-agent usm-user fields

Content Description
authuser Modify display information
User name Character string used to identify the SNMP user
Engine ID Character string used to identify the SNMP device
Active Indicate the state of SNMP USER

snmp-agent Syntax
snmp-agent

undo snmp-agent

View

System view

Parameter

None

Description

Using the snmp-agent command, you can enable the SNMP Agent and specify
the SNMP configuration information. Using the undo snmp-agent command,
you can disable SNMP Agent.

By default, the SNMP Agent is disabled.

The snmp-agent command can be used to enable SNMP Agent, and any
configuration command of snmp-agent can also enable SNMP Agent. However,
the undo form of the corresponding command does not have the functions. It will
be invalid configuring the undo form of the command when the SNMP Agent is
not enabled.

The undo snmp-agent command is used to disable the SNMP Agent on the
condition that SNMP Agent has been enabled.

Example

Disable the operating SNMP version.

[3Com] undo snmp-agent


SNMP Agent disabled

snmp-agent community Syntax


snmp-agent community { read | write } community-name [ [ mib-view view-name ] | [ acl
acl-number ] ]*

undo snmp-agent community community-name


SNMP Configuration Commands 145

View

System view

Parameter

read: Indicates that the community name has the read-only authority in the
specified view.

write: Indicates that the community name has the read and write authority in the
specified view.

community-name: Character string of community name.

mib-view: MIB view available for the specified community name

view-name: Name of MIB view.

acl: Sets the ACL corresponding to the community name.

acl-number: Number of the ACL, range 1 to 99.

Description

Using the snmp-agent community command, you can set the community access
name of SNMPV1 and SNMPV2C and MIB views and ACLs available for the
community name. Using the undo snmp-agent community command, you can
remove the setting.

For the related command, see snmp-agent group, snmp-agent usm-user.

Example

Set the community name to comaccess and allow read-only access with this
community name.

[3Com] snmp-agent community read comaccess

Set the community name to mgr and enable reading and writing access.

[3Com] snmp-agent community write mgr

Delete the community name comaccess.

[3Com] undo snmp-agent community comaccess

snmp-agent group Syntax


snmp-agent group { v1 | v2c } group-name { [ read read-view ] | [ write write-view ] | [
notify notify-view ] } [ acl acl-number ]

undo snmp-agent group { v1 | v2c } group-name

snmp-agent group v3 group-name [ authentication | privacy ] { [ read read-view ] | [


write write-view ] | [ notify notify-view ] } [ acl acl-number ]

undo snmp-agent group v3 group-name [ authentication | privacy ]


146 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

View

System view

Parameter

v1: V1 security mode the user uses.

v2c: V2C security mode the user uses.

v3: V3 security mode the user uses.

group-name: Group name, in the range of 1 to 32 bytes.

authentication: Performs authentication of the packet without encryption.

privacy: Performs authentication and encryption of the packet.

read: Enables the setting of read-only view.

read-view: Name of the read-only view, in the range of 1 to 32 bytes.

write: Enables the setting of reading and writing view.

write-view: Name of the reading and writing view, in the range of 1 to 32 bytes.

notify: Enables the setting of notify view.

notify-view: Name of the notify view , in the range of 1 to 32 bytes.

acl: Sets the list of access view.

acl-number: Standard access list, in the range of 1 to 99.

Description

Using the snmp-agent group command, you can configure a new SNMP group,
i.e., to map the SNMP user to the SNMP view. Using the undo snmp-agent
group command, you can delete a specified SNMP group.

By default, the snmp-agent group group-name v3 command adopts the


method of not authenticating and encrypting.

For the related command, see snmp-agent mib-view, snmp-agent usm-user.

Example

Create an SNMPv3 group known as Johngroup.

[3Com] snmp-agent group v3 Johngroup

snmp-agent Syntax
local-engineid
snmp-agent local-engineid engineid

undo snmp-agent local-engineid


SNMP Configuration Commands 147

View

System view

Parameter

engineid: Character string of engine ID. It must be a hexadecimal number with


the length of 5 to 32.

Description

Using the snmp-agent local-engineid command, you can configure an ID for


the local SNMP engine on the router. Using the undo snmp-agent
local-engineid command, you can remove the current settings.

By default, the engine ID is "enterprise number + equipment information" of the


company. Each device determines the equipment information. It can be either the
IP address, MAC address or the device defined hexadecimal number string.

For the related command, see snmp-agent usm-user.

Example

Configure the name of the local equipment as 12345.

[3Com] snmp-agent local-engineid 12345

snmp-agent mib-view Syntax


snmp-agent mib-view { included | excluded } view-name oid-tree

undo snmp-agent mib-view view-name

View

System view

Parameter

view-name: Name of the view.

oid-tree: OID MIB subtree for the Mib object subtree, which can be a character
string of the variable OID or a character string of variable name. For example, it
can be character strings such as 1.4.5.3.1 and system character strings or use "*"
as wildcard, for example, 1.4.5.*.*.1.

included: Indicates to include the MIB subtree.

excluded: Indicates to exclude the MIB subtree.

Description

Using the snmp-agent mib-view command, you can create or update the
information about a view. Using the undo snmp-agent mib-view command,
you can delete the view information.
148 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

By default, the view name is ViewDefault and the OID is 1.3.6.1.

Currently, this command supports not only the input of the character string of the
variable OID as a parameter but also the input of the node name as a parameter.

For the related command, see snmp-agent group.

Example

Create a view that includes all MIB-II objects.

[3Com] snmp-agent mib-view included mib2 1.3.6.1

snmp-agent packet Syntax


max-size
snmp-agent packet max-size byte-count

undo snmp-agent packet max-size

View

System view

Parameter

byte-count: The maximum length of the SNMP packets that Agent can
receive/send, in the range of 484 to 17940 bytes. The default value is 1500 bytes.

Description

Using the snmp-agent packet max-size command, you can set the maximum
length of the SNMP message packets that Agent can receive/forward. Using the
undo snmp-agent packet max-size command, you can remove the current
setting.

Example

Set the maximum length of the SNMP packet that Agent can receive/forward to
1042 bytes.

[3Com] snmp-agent packet max-size 1042

snmp-agent sys-info Syntax


snmp-agent sys-info { contact sysContact | location sysLocation | version { { v1 | v2c | v3
} * | all } }

undo snmp-agent sys-info { contact | location | version { { v1 | v2c | v3 } * | all } }

View

System view

Parameter

contact: Sets the system maintenance contact information.


SNMP Configuration Commands 149

sysContact: Character sting describing the system maintenance contact


information.

location: Sets the physical location of the device.

sysLocation: Device location information.

version: Sets the SNMP version number used by the system.

v1: SNMP V1.

v2c: SNMP V2C.

v3: SNMP V3.

*: Indicates selecting one to three items from the three options of v1, v2c and v3.

all: SNMP V1, SNMP V2C and SNMP V3.

Description

Using the snmp-agent sys-info command, you can set the system information,
including the system maintenance information, physical location information of
the device and the SNMP version number used. Using the undo snmp-agent
sys-info command, you can remove the current setting.

By default,

By default, the system contact information is "R&D Beijing,3Com Technologies


Co.,Ltd.", the system location character string is "Beijing China" and the version is
SNMPv3

For the related command, see display snmp-agent sys-info.

Example

Set the system maintenance information as call Operator at 010-82882488.

[3Com] snmp-agent sys-info contact call Operator at 010-82882488

snmp-agent target-host Syntax


snmp-agent target-host trap address udp-domain X.X.X.X [ udp-port port-number ]
params securityname security-string [ v1 | v2c | v3 { authentication | privacy } ]

undo snmp-agent target-host X.X.X.X securityname security-string

View

System view

Parameter

trap: Specifies the host as the trap host.


150 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

address: Specifies the address of the destination host where the SNMP message
transmits.

udp-domain: Specifies that the transmission domain of the destination host is


based on UDP.

X.X.X.X: IP address of the host.

udp-port: Specifies the port.

port-number: Specifies the port number that receives the trap packet.

params: Specifies the information of the logging host that generates SNMP
messages.

securityname: Specifies the community name of SNMPV1, V2C or the username of


SNMPV3.

security-string: Community name of SNMPV1, V2C or the username of SNMPV3,


in the range of 1 to 32 bytes.

v1: SNMPV1.

v2c: SNMPv2c.

v3: SNMPV3.

authentication: Performs authentication with the packet without encryption.

privacy: Performs both authentication and encryption with the packet.

Description

Using the snmp-agent target-host command, you can set the destination that
receives the SNMP notification. Using the undo snmp-agent target-host
command, you can remove the host that receives the SNMP notification.

■ The snmp-agent target-host command should be used in cooperation


with the snmp-agent trap enable command.
■ The snmp-agent trap enable command is used to enable to forward Trap
packets. If one host is specified to forward notify message, the host should
be configured at least one snmp-agent target-host command and one
snmp-agent trap enable command.

For the related command, see snmp-agent trap enable, snmp-agent trap
source, snmp-agent trap life.

Example

Enable to send SNMP Trap packets to 10.1.1.1, using the community name of
comaccess.

[3Com] snmp-agent trap enable snmp


[3Com] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname
comaccess
SNMP Configuration Commands 151

Send SNMP Trap packets to 10.1.1.1, using the community name of public.

[3Com] snmp-agent trap enable standard


[3Com] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname
public

snmp-agent trap enable Syntax


snmp-agent trap enable [ trap-type [ trap-list ] ]

undo snmp-agent trap enable [ trap-type [ trap-list ] ]

View

System view

Parameter

trap-type: Enables the trap packet of this type.

trap-list: The parameter list corresponding to the trap packets of trap-type.

Description

Using the snmp-agent trap enable command, you can enable the device to send
Trap packets and set the trap or notification parameters. Using the undo
snmp-agent trap enable command, you can remove the current setting.

By default, sending Trap packets is enabled.

The snmp-agent trap enable command indicates to allow sending all types of
SNMP Trap packets of all the modules, when there is no parameter.

The snmp-agent trap enable command should be used in cooperation with the
snmp-agent target-host command. The snmp-agent target-host command is
used to specify the hosts to which the Trap information will be sent. To send Trap
information, the user should configure at least one snmp-agent target-host
command.

The module trap-type forwarding the Trap packets can be snmp, bgp and vrrp
(VRRP Trap packets).

Types of packets that SNMP modules can send include authentication, coldstart,
linkdown, linkup and warmstart.

For the related command, see snmp-agent target-host, snmp-agent


trap-source, snmp-agent trap-timeout.

Example

Allow sending the Trap packets, which fail to perform SNMP authentication, to
10.1.1.1. The trap packets are in the form of V2C with the community name of
public.

[3Com] snmp-agent trap enable snmp authentication


152 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

[3Com] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname


public v2c

Enable to send all types of BGP Trap packets to 10.1.1.1. The trap packets are in
the form of V3 with the community name of super. The packets are authenticated
but not encrypted.

[3Com] snmp-agent trap enable bgp


[3Com] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname
super v3 authentication

snmp-agent trap life Syntax


snmp-agent trap life seconds

undo snmp-agent trap life

View

System view

Parameter

seconds: Timeout in seconds, ranging 1 to 2592000 with the default value as 120
seconds.

Description

Using the snmp-agent trap life command, you can set the conservation time of
the Trap packet and the Trap packets exceeding the time will be dropped. Using
the undo snmp-agent trap life command, you can remove the current setting.

If the conservation time for the Trap packets the system has configured is seconds.
The Trap packets over the conservation time will be discarded without being sent
or conserved.

For the related command, see snmp-agent trap enable, snmp-agent


target-host.

Example

Set the timeout of the Trap packet to 60 seconds.

[3Com] snmp-agent trap-life 60

snmp-agent trap Syntax


queue-size
snmp-agent trap queue-size size

undo snmp-agent trap queue-size

View

System view
SNMP Configuration Commands 153

Parameter

size: Length of the message queue, ranging 1 to 1000.

Description

Using the snmp-agent trap queue-size command, you can set the length of the
message queue of the Trap packet sent to the destination host. Using the undo
snmp-agent trap queue-size command, you can cancel the setting.

By default, the length is 100.

For the related command, see snmp-agent trap enable, snmp-agent


target-host, snmp-agent trap life.

Example

Set the length of the message queue of the host forwarding the Trap packet to
200.

[3Com] snmp-agent trap queue-size 200

snmp-agent trap source Syntax


snmp-agent trap source interface-type interface-number [ subinterface-type ]

undo snmp-agent trap source

View

System view

Parameter

interface-type: Interface type.

interface-number: Interface number.

subinterface-name: Subinterface type.

Description

Using the snmp-agent trap source command, you can specify the source
address from which Trap will be sent. Using the undo snmp-agent trap source
command, you can remove the Trap source address.

There is always a Trap address when the SNMP Trap message is being sent from a
server, no matter from which interface it is sent. This command can be used to
trace a special event.

For the related command, see snmp-agent trap enable, snmp-agent


target-host.
154 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Example

Specify the IP address of the Ethernet interface 1/0/0 as the source address of Trap
packet.

[3Com] snmp-agent trap source ethernet 1/0/0

snmp-agent usm-user Syntax


snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]

undo snmp-agent usm-user { v1 | v2c } user-name group-name

snmp-agent usm-user v3 user-name group-name [ [ authentication-mode { md5 | sha }


auth-password ] [ privacy des56 priv-password ] ] [ acl acl-number ]

undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string


}

View

System view

Parameter

v1: V1 security mode the user uses.

v2c: V2C security mode the user uses.

v3: V3 security mode the user uses.

user-name: User name, in the range of 1 to 32 bytes.

group-name: Group name the user is corresponding to, in the range of 1 to 32


bytes.

authentication-mode: Specifies the security level as requiring authentication.

md5: Specifies the authentication protocol as HMAC-MD5-96.

sha: Specifies the authentication protocol as HMAC-SHA-96.

auth-password: Authentication password, which is a character string in the range


of 1 to 64 bytes.

privacy: Specifies the security level as encrypted.

des56: Specifies the encryption protocol as DES.

priv-password: Encryption password, which is a character string in the range of 1


to 64 bytes.

acl: Sets the list of access view.

acl-number: Standard access list, in the range of 1 to 99.

local: Indicates the local entity user.


Terminal Service Commands 155

engineid: Specifies the engine ID associated with the user.

engineid-string: Character string of engine ID.

Description

Using the snmp-agent usm-user command, you can add a new user to a SNMP
group. Using the undo snmp-agent usm-user command, you can delete a
SNMP group user.

When the user configures a remote user for a certain Agent, the engine ID is
needed during authentication. If the engine ID changes after the user has been
configured, the user corresponding to the original engine ID will be ineffective.

For SNMPV1 and SNMPV2C, this command adds a new community name. For
SNMPV3, it adds a new user to a SNMP group.

For the related command, see snmp-agent group, snmp-agent community,


snmp-agent local-engineid.

Example

Add a user named "John" to the SNMP group named "Johngroup", with the
security level being "auth", the authentication protocol being HMAC-MD5-96
and the password being "hello".

[3Com] snmp-agent usm-user v3 John Johngroup authentication-mode md5 hello

Terminal Service
Commands

Terminal Service of
Telnet

debugging telnet Syntax


debugging telnet

undo debugging telnet

View

User view

Parameter

None

Description

Using the debugging telnet command, you can enable the debugging for Telnet
connection. Using the undo debugging telnet command, you can disable the
debugging for Telnet connection.

By default, the debugging for Telnet connection is disabled.


156 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

For the related command, see telnet.

Example
<3Com> debugging telnet

display tcp status Syntax

display tcp status

View

Any view

Parameter

None

Description

Using the display tcp status command, you can display all TCP connections
currently established with the router.

This command is used to display all TCP connections currently established with the
router. Compared with display users, the display tcp status command can display
more information about Telnet clients and servers.

The information that this command can display includes: the local address of TCP
connection, local port number, external address, external port number, and
connection state.

For the related command, see telnet.

Example
<3Com> display tcp status
TCPCB Local Address Foreign Address State
129.102.100.142 23 129.102.001.092 ESTABLISHED
028ca414 0.0.0.0.23 0.0.0.0.0 LISTEN

The above shown information indicates: one TCP connection has been set up. the
local IP address of the TCP connection is 129.102.100.142 with the local port
number as 23, and the remote IP address is 129.102.001.92, and there is also a
local server process monitoring the No. 23 port.

telnet Syntax
telnet [ vpn-instance vpn-instance-name ] host-ip-address [ service-port ]

View

User view

Parameter

vpn-instance vpn-instance-name: Sets the vpn-instance name of MPLS VPN.


SSH Configuration Commands 157

host-ip-address: Hostname or IP address of the remote router, in dotted decimal


format.

service-port: TCP port number for the remote router to provide Telnet service, in
the range of 0 to 65535.

Description

Using the telnet command, you can log on another device from the current
router.

By default, if the service-port is not specified, the Telnet port number is 23.

By executing the telnet command, the user can conveniently log on another
device from a router to achieve remote management.

For the related command, see display tcp status.

Example

Log on another router 3Com2 (the IP address is 129.102.0.1) from the current
router 3Com1.

<3Com>telnet 129.102.0.1
Trying 129.102.0.1...
Service port is 23
Connected to 129.102.0.1
<3Com2>

SSH Configuration
Commands

debugging rsa Syntax


debugging rsa

undo debugging rsa

View

User view

Parameter

None

Description

Using the debugging rsa command, you can send the detailed information about
each process and packet structure of RSA algorithm to the information center in
debugging form and to debug certain user-interface separately. Using the undo
debugging rsa command, you can disable the debugging.

By default, the debugging is disabled.


158 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

For the related command, see rsa local-key-pair create, rsa local-key-pair
destroy.

Example

Enable the RSA debugging.

<3Com> debugging rsa

debugging ssh server Syntax


debugging ssh server { VTY index | all }

undo debugging ssh server { VTY index | all }

View

User view

Parameter

index: Debugged SSH channel. In default, its value ranges from 0 to 4 and is
limited by VTY number.

all: All SSH channels.

Description

Using the debugging ssh server command, you can send the information about
negotiation process regulated by SSH1.5 protocol to information center as
debugging formation and to debug certain user-interface separately. Using the
undo debugging ssh server command, you can disable the debugging.

By default, the debugging is disabled.

For the related command, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.

Example

Print debugging information when running SSH.

[3Com] debugging ssh server vty 0


00:23:20: SSH0: starting SSH control process
00:23:20: SSH0: sent protocol version id SSH-1.5-3Com-1.25
00:23:20: SSH0: protocol version id is - SSH-1.5-1.2.26
00:23:20: SSH0: SSH_SMSG_PUBLIC_KEY msg
00:23:21: SSH0: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03
00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished
00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished

display rsa local-key-pair Syntax


public
display rsa local-key-pair public
SSH Configuration Commands 159

View

Any view

Parameter

None

Description

Using the display rsa local-key-pair public command, you can display the public
key of host key pair of server and server key pair. If no key is generated, the system
will prompt that no key is found, e.g., RSA keys not found.

For the related command, see rsa local-key-pair create.

Example
<3Com> display rsa local-key-pair public
% Key pair was generated at: 12:26:33 UTC 2002/4/4
Key name: rtvrp_Host
Usage: Encryption Key
Key Data:
30470240 AF7DB1D0 DA78944F 53B7B59B 40D425D0 DC9C57D2 A60916C2 1F165807
08B84DDB 5F4DB8E7 A115B74E 2D41D96C AC61D276 AA027E41 DD48DE64 696E0934
EB872805 02030100 01
% Key pair was generated at: 12:26:45 UTC 2002/4/4
Key name: rtvrp_Server
Usage: Encryption Key
Key Data:
30670260 C05280D9 BA0D56C8 7BE43379 8634CDE7 83ABA9A2 3F36280E 25995487
4FF6AD7A 0E57871C 761E6D92 9914D8C5 CC577388 5B580B94 C2172C8F 36039EED
160A0478 651DED3A 9CCF1AAD D800AAF2 DF7FBEC4 A13ADA59 9E738319 AF366B8B
519D39F5 02030100 01

display rsa Syntax


peer-public-key
display rsa peer-public-key [ brief | name keyname ]

View

Any view

Parameter

brief: Displays the brief information of all the remote public key.

keyname: Specifies the key name to be displayed. It is the continuous character


string, 0< length value<64.

Description

Using the display rsa peer-public-key command, you can display the specified
RSA public key. If there is no public key specified, all public keys will be displayed.

For the related command, see rsa local-key-pair create.


160 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Example
<3Com> display rsa peer-public-key
Address Bits Name
1023 abcd
1024 hq
1024 wn1
1024 hq_all
[3Com] display rsa peer-public-key name abcd
Key name:abcd
Key address:
Data:
30818602 8180739A 291ABDA7 04F5D93D C8FDF84C 42746319 91C164B0 DF178C55
FA833591 C7D47D53 81D09CE8 2913D7ED F9C08511 D83CA4ED 2B30B809 808EB0D1
F52D045D E40861B7 4A0E1355 23CCD74C AC61F8E5 8C452B2F 3F2DA0DC C48E3306
367FE187 BDD94401 8B3B69F3 CBB0A573 202C16BB 2FC1ACF3 EC8F828D 55A36F1C
DDC4BB45 504F0201 25

display ssh server Syntax


display ssh server { status | session }

View

Any view

Parameter

status: Displays the SSH status information.

session: Displays SSH session information.

Description

Using the display ssh server command, you can display the SSH status or
session.

For the related command, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.

Example

Display SSH status and configuration parameters.

[3Com]display ssh server status


SSH version : 1.5
SSH connection timeout : 60 seconds
SSH server key generating interval : 1 hours
SSH Authentication retries : 3 times
Display SSH session respectively.
[3Com] display ssh server session
ConnectionVersionEncryptionStateUsername
VTY0 1.5 DESSession started3Com
VTY3 1.5 DESSession startedrouter
SSH Configuration Commands 161

peer-public-key end Syntax


peer-public-key end

View

Public key view

Parameter

None

Description

Using the peer-public-key end command, you can return to the system view
from the public key view.

For the related command, see rsa peer-public-key and public-key-code begin.

Example

Exit public view and save the configuration.

[3Com] rsa peer-public-key 3Com003


[3Com-rsa-public-key] peer-public-key end
[3Com]

display ssh Syntax


user-information
display ssh user-information [ username ]

View
Any view

Parameter

username: Valid SSH user name defined by AAA.

Description

Using the display ssh user-information command, you can display the
information about current SSH user including user name, corresponding key name
and user authentication mode. If you specify the username parameter, then the
information about the specified user will be displayed.

For the related command, see ssh user username assign rsa-key, ssh user
username authentication-type.

Example

Display the user information.

[3Com] display ssh user-information


Username user-public-key-name authentication-type
Jin jin rsa
hanqi1 816pubpassword
1024 file3rsa
162 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

4000 hq_rsaall
hanqi_rsa hq_rsa rsa
hanqi_all hq_all all

protocol inbound Syntax


protocol inbound { all | ssh | telnet | pad }

View

User interface view of VTY type

Parameter

all: Supports all the protocols, including Telnet and SSH.

ssh: Only supports SSH, not support Telnet.

telnet: Only supports Telnet, not support SSH.

pad: Only supports pad protocol.

Description

Using the protocol inbound command, you can specify the protocols supported
by the current user interface.

By default, the system supports all the protocols, that is, Telnet and SSH.

When the command is used to specify the protocols supported by the current user
interface and SSH is enabled, SSH is still unavailable if the rsa key of the local
router is not configured. The configuration result will take effect at the next login
request.

If SSH is configured as the protocols supported by the current user interface, you
should configure the corresponding authentication method as
authentication-mode local or authentication-mode scheme default (using AAA) to
ensure the successful login. If the authentication method is configured as
authentication-mode password and authentication-mode none, the configuration
of protocol inbound ssh will fail.

For the related command, see user-interface vty.

Example

Disable the Telnet function of vty0 to vty4 and only support the SSH function.

[3Com] user-interface vty 0 4


[3Com-ui-vty0-4] protocol inbound ssh
Disable the Telnet function of vty0 and only support the SSH function.
[3Com] user-interface vty 0
[3Com-ui-vty0] protocol inbound ssh

public-key-code begin Syntax


public-key-code begin
SSH Configuration Commands 163

View

Public key view

Parameter

None

Description

Using the public-key-code begin command, you can enter the edit view of
public key.

Before using this command, you must use the rsa peer-public-key command to
specify one key name. After the public-key-code begin command is input, the
system enters the edit view of public key and you can input the key data. When
the key data are input, the space can exist between characters and you can press
enter key to continue the data input. The public key configured must be the hex
character ring coded according to public key format. The public key is generated
in stochastic mode by the client software supporting SSH.

For the related command, see rsa peer-public-key, public-key-code end.

Example

Enter the edit view of public key and to input key.

[3Com] rsa peer-public-key 3Com003


[3Com-rsa-public-key] public-key-code begin
[3Com-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[3Com-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[3Com-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[3Com-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[3Com-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[3Com-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[3Com-key-code] public-key-code end

public-key-code end Syntax


public-key-code end

View

Public key edit view

Parameter

None

Description

Using the public-key-code end command, you can quit public key edit view to
public key view and to save the public key configured by the user. In addition, to
quit public key view to public key chain view.
164 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

After this command is executed, the edit process of public key will be ended.
Before saving the public key, the system will check the validity of key. If there are
illegal characters in the public key character string configured by the user, the
system will display relevant prompt information that illegal characters are input.
The public key configured by the user will be discarded so this configuration fails.
If the public key configured is valid, it will be saved in public key chain table of
client.

For the related command, see rsa peer-public-key, public-key-code begin.

Example

Quit and save the configuration.

[3Com-rsa-key-code] public-key-code end


[3Com-rsa-public-key]

rsa local-key-pair create Syntax


rsa local-key-pair create

View

System view

Parameter

None

Description

Using the rsa local-key-pair create command, you can generate the local RSA
host key pair and server key pair.

When this command is used to configure, the system will give alarm and prompt
that former key will be replaced if RSA key has existed. The view of generated key
pair is router name+ server and router name+ host, e.g., 3Com_host and
3Com_server. This command will not be stored in configuration file.

After this command is input, the system will prompt you to enter the digit of host
key. The digit of server key pair should differ from that of host key pair in 128
digits at least. The minimum length of server key pair and host key pair is 512
digits and the maximum length is 2048 digits. If there has been key pair, the user
should confirm whether to change it.

The primary operation to accomplish SSH login is to configure and generate local
RSA key pair. Before performing other SSH configurations, you must accomplish
the configuration of the rsa local-key-pair create command to generate local
key pair. It is necessary to execute this command only once and it is unnecessary to
execute again after the router restarts.

For the related command, see rsa local-key-pair destroy.


SSH Configuration Commands 165

Example

Configure and generate local host key pair and server key pair.

[3Com] rsa local-key-pair create


The name for the keys will be: rtvrp_Host
% You already have RSA keys defined for rtvrp_Host
% Do you really want to replace them? [yes/no]:y
Choose the size of the key modulus in the range of 512 to 2048 for your Keys.
Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]:512
Generating keys...
.....++++++++++++
........................++++++++++++
..........++++++++
............................++++++++
[3Com]

rsa local-key-pair Syntax


destroy
rsa local-key-pair destroy

View

System view

Parameter

None

Description

Using the rsa local-key-pair destroy command, you can remove all RSA keys of
server (including host key pair and server key pair).

After this command is input, you should confirm whether to remove all RSA keys
of server. This command is not stored in configuration file.

For the related command, see rsa local-key-pair create.

Example

Remove all keys of server.

[3Com] rsa local-key-pair destroy


% Keys to be removed are named rtvrp_Host .
% Do you really want to remove these keys? [yes/no]:y
[3Com]

rsa peer-public-key Syntax


rsa peer-public-key key-name

View

System view
166 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Parameter

None

Description

Using the rsa peer-public-key command, you can enter the view of public key
view.

After the command is input, the system will enter the view of public key view. This
command can be used to configure the public key of client with the
public-key-code begin command together. The public key of client is generated
in stochastic mode by the client software. Please use the client software
supporting SSH1.5.

For the related command, see public-key-code begin, public-key-code end.

Example

Enter the public key view.

[3Com] rsa peer-public-key 3Com002


[3Com-rsa-public]

ssh server Syntax


authentication-retries
ssh server authentication-retries times

undo ssh server authentication-retries

View

System view

Parameter

times: Specifies the authentication re-try times, 1<=re-try times<=5.

Description

Using the ssh server authentication-retries command, you can set the SSH
connection authentication re-try times to enable it in next login. Using the undo
ssh server authentication-retries command, you can restore the default value
of SSH connection authentication retry times.

By default, the re-try times are 3.

For the related command, see display ssh sever.

Example

Specify the re-try times for registration authentication as 4.

[3Com] ssh server authentication-retries 4


SSH Configuration Commands 167

ssh server rekey-interval Syntax


ssh server rekey-interval hours

undo ssh server rekey-interval

View

System view

Parameter

hours: Updates period. It ranges from 1 to 24 in hour. 0 cannot be input for this
parameter.

Description

Using the ssh server rekey-interval command, you can set the update times of
server key. Using the undo ssh server rekey-interval command, you can cancel
the current settings.

By default, the server key is not updated.

For the related command, see display ssh sever.

Example

Set the update interval of server key to 3 hours.

[3Com] ssh server rekey-interval 3


[3Com]

ssh server timeout Syntax


ssh server timeout seconds

undo ssh server timeout

View

System view

Parameter

seconds: Specifies the login time-out time. It ranges from 1 to 120 seconds.

Description

Using the ssh server timeout command, you can set the time-out time of SSH
connection authentication to make it valid in next login. Using the undo ssh
server timeout command, you can restore the default value of time-out time of
SSH connection authentication.

By default, the time-out time is 60 seconds.

For the related command, see display ssh sever.


168 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS

Example

Set the login time-out time to 80 seconds.

[3Com] ssh server timeout 80

ssh user assign Syntax


ssh user username assign rsa-key keyname

undo ssh user username assign rsa-key

View

System view

Parameter

keyname: Configured public key name of client. It is the continuous character


string, 0< length value £ 32.

username: Valid SSH user name defined by AAA module.

Description

Using the ssh user assign command, you can assign one existing public key
(keyname) for the user (username). Using the undo ssh user assign command,
you can delete the relationship between the user and its public key.

When the system assigns public key for the user, the system will regard the public
key assigned last if the user has been assign a public key.

AAA module takes charge of the creation and deletion of local system users.
When AAA module creates one user of SSH type, it will notice SSH and SSH will
add the user into user set maintained by it. When AAA module deletes any one
user, it will notice SSH and SSH will match the user in its user name set. SSH will
delete the user from the user set if it finds the match of the user in user name set.

The new configured user public key will be valid in next login.

For the related command, see display ssh user-information.

Example

Assign key key1 for the user smith.

[3Com] ssh user smith assign rsa-key key1


[3Com]

ssh user Syntax


authentication-type
ssh user username authentication-type { password | rsa | all }

undo ssh user username authentication-type { password | rsa | all }


SSH Configuration Commands 169

View

System view

Parameter

password: Forces to specify the authentication mode of the user as password.

rsa: Forces to specify the authentication mode of the user as RSA.

all: Specifies the authentication mode of the user as either password or RSA.

Description

Using the ssh user authentication-type command, you can specify the
authentication method for a special user. Using the undo ssh user
authentication-type command, you can restore the default mode that login is
always denied.

By default, the system will always deny the login.

The authentication mode must be specified for the new user, or the user will not
be able to login. The new configured authentication mode will take effect in next
login.

For the related command, see display ssh user-information.

Example

Specify the authentication mode as password for the user smith.

[3Com] ssh user smith authentication-type password


[3Com3Com]
170 CHAPTER 2: SYSTEM MAINTENANCE & MANAGEMENT COMMANDS
INTERFACE MANAGEMENT
3 COMMANDS

Interface
Management
Commands

debugging physical Syntax


debugging physical { all | error | cell | packet } interface interface-type interface-number

undo debugging physical { all | error | cell | packet } interface interface-type


interface-number

View

User view

Parameter

all: Enables alarming of all levels.

error: Enables error-level alarming.

cell: Enables cell-level alarming.

packet: Enables packet-level alarming.

interface interface-type interface-number: Specifies interface type and number.

Description

Using the debugging physical command, you can enable alarming for a
specified interface. Using the undo debugging physical command, you can
disable alarming for a specified interface.

Example

None

description Syntax
description interface-description

undo description

View

Interface view
172 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Parameter

interface-description: Character string describing the router interface, which is


allowed to comprise no more than 80 characters. By default, the description string
is “3Com Router, xxxxxx interface”.

Description

Using the description command, you can set the interface description. Using the
undo description command, you can restore the default interface description.

This command has no special purpose or function other than identifying an


interface.

For related command, see display interface.

Example

Change the description of the Ethernet interface Ethernet 0/0/0 to “3Com Router
Ethernet interface”.

[3com]interface ethernet 0/0/0


[3com-Ethernet0/0/0]description 3Com Router ethernet interface

display interface Syntax


display interface type number [ .sub-number ]

View

Any view

Parameter

type: Interface type which is used along with number to identify an interface.

number: Interface number which is used along with type for identifying an
interface.

sub-number: Subinterface number.

Description

Using the display interface command, you can display the current running state
and other information of an interface.

Executing this command will display the following information:

■ The physical state and protocol state of the interface


■ The physical features of the interface (including operating mode, DTE/DCE,
clock selection, external cable, etc.)
■ The IP address of the interface
■ The encapsulated link layer protocol of the interface and the running state
of the link layer protocol and the statistics.
Interface Management Commands 173

■ The statistics of the incoming and outgoing packets on the interface

For a related command, see reset counters interface.

Example

View the running state and the relevant information of Serial 0/0/0.

[3com]display interface serial 0/0/0


Serial0/0/0 is up , line protocol is up
Description : 3Com Router, Serial0/0/0 Interface
The Maximum Transmit Unit is 1500, The keepalive is 10(sec)
Internet protocol processing : disabled
Link layer protocol is PPP
LCP opened, MPLSCP stopped
FIFO queuing: (Outbound queue:Size/Length/Discards)
FIFO: 0/75/0
Physical layer is synchronous,Baudrate is 64000 bps
Interface is DCE, Cable type is V35
5 minutes input rate 0.56 bytes/sec, 0.04 packets/sec
5 minutes output rate 0.66 bytes/sec, 0.05 packets/sec
51 packets input, 640 bytes, 0 no buffers
55 packets output, 700 bytes, 0 no buffers
0 input errors, 0 CRC, 0 frame errors
0 overrunners, 0 aborted sequences, 0 input no buffers
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
Table 1 Description of the displayed interface information

Field Description
Serial0 is up Physical layer state of the interface
line protocol is up Link layer state of the interface
5 minutes input rate The input rate of the interface within the last five
minutes
5 minutes output rate The output rate of the interface within the last five
minutes
FIFO queueing: FIFO Type of the output queue on the interface
51 packets input, 640 bytes, 0 Packets and bytes received by the interface and the
no buffers packets discarded due to the unavailability of
receive-buffer.
55 packets output, 700 bytes, 0 Packets and bytes sent by the interface and the packets
no buffers discarded due to the unavailability of send-buffer.
input errors:0, CRC:0, frame The received packets that contain errors, including CRC
errors:0 errors and frame errors.
DCD=UP DTR=UP DSR=UP States of the physical electric signals DCD, DTR, DSR,
RTS=UP CTS=UP RTS, and CTS

interface Syntax
interface type number [ .sub-number ]

undo interface type number [ .sub-number ]

View

System view
174 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Parameter

type: Interface type. The following table lists the interfaces that VRP supports so
far.

number: Interface number. VRP numbers the interfaces separately by interface


type, with the numbers of each type of interfaces begin at 0 or 1.

sub-number: Subinterface number, which is separated from the main interface


number by a dot (“.”).

Description

Using the interface command, you can enter the specified interface view or
create a logical interface or subinterface. Using the undo interface command,
you can delete a specified logical interface or subinterface.
Table 2 Interfaces supported by VRP

Interface Description Attribute


ATM ATM interface Physical interface
AUX AUX interface Physical interface
Analogmodem Analog modem interface Physical interface
Async Asynchronous serial interface Physical interface
Bri ISDN BRI interface Physical interface
Bridge-Template Bridge-group virtual interface Logical interface
Dialer Dialer interface Logical interface
Ethernet Ethernet interface Physical interface
Logic-Channel Logic-channel interface Logical interface
Loopback Loopback interface Logical interface
NULL Null interface Logical interface
MFR Multi-link FR (MFR) interface Logical interface
Serial Synchronous serial interface Physical interface
Virtual-Ethernet VE interface Logical interface
Virtual-Template Virtual-template interface Logical interface
Tunnel Tunnel interface Logical interface

An interface name is represented by interface type + interface number. For


example, Ethernet0/0/0 represents the Ethernet interface numbered 0/0/0, and
Serial0/0/0.1 represents the first subinterface on the interface Serial0/0/0, and
interface Serial3/0/0:2 is the second channel set of the CE1/PRI interface (namely
controller interface) numbered 3/0/0.

To simplify input, the type portion of the interface name can be shortened to
several leading letters, given that these letters do not conflict with other interface
types. Therefore, you can input e0/0/0 for Ethernet 0/0/0 and s0/0/0.1 for Serial
0/0/0.1.

You can enter the view of the desired physical interface and creating logical
interfaces or subinterfaces as needed by executing the interface command.
Interface Management Commands 175

You can create subinterfaces for an Ethernet interface or a serial interface


encapsulated with X.25 or Frame Relay (FR). The subinterface numbered 0
corresponds to the main interface.

Note that executing the undo interface command also deletes the defined logical
interfaces (such as dialer, tunnel, and virtual-template interfaces) and
subinterfaces.

Example

Enter the Ethernet interface view in system view.

[3com]interface ethernet 0/0/0


[3com-Ethernet0/0/0]

Switch from Ethernet0 view to the view of the subinterface Serial0/0/0.1.

[3com-Ethernet0/0/0]interface serial0/0/0.1
[3com-Serial0/0/0.1]

reset counters interface Syntax


reset counters interface [ type number ]

View

User view

Parameter

type: Interface type which is used along with number for identifying an interface.

number: Interface number which is used along with type for identifying an
interface.

Description

Using the reset counters interface command, you can clear the statistics of the
transmitted and received packets on an interface.

If no interface has been specified, the statistics about the transmitted and received
packets on all the interfaces are cleared.

To count the traffic size on an interface within a specific period, you must clear the
existing statistics about the transmitted and received packets on the interface
before taking a new count.

For a related command, see display interface.

Example

Clear the statistics about the transmitted and received packets on Serial 0/0/0.

<3com> reset counters interface serial 0/0/0


176 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

shutdown Syntax
shutdown

undo shutdown

View

Interface view

Parameter

None

Description

Using the shutdown command, you can shut down an interface. Using the undo
shutdown command, you can enable an interface.

This command takes effect not only on physical interfaces but also on tunnel and
MFR interfaces.

In some circumstances, such as when you are modifying the operating parameters
of an interface, the modification do not take effect immediately. Rather, you must
shut down the interface and re-enable it.

For a related command, see display interface.

Example

Shut down Ethernet 0/0/0.

[3com-Ethernet0/0/0]shutdown
% Interface Ethernet0/0/0 is down
% Interface Ethernet0/0/0 changed state to DOWN
% Line protocol ip on interface Ethernet0/0/0, changed state to DOWN

Fundamental Ethernet
Interface
Configuration
Commands

display interface Syntax


ethernet
display interface ethernet interface-number

View

Any view

Parameter

interface-number: Interface number. If no interface has been specified, the


configuration and state information of all the interfaces will be displayed.
Fundamental Ethernet Interface Configuration Commands 177

Description

Using the display interface ethernet command, you can view the configuration
parameters, current running state, and some other information of an Ethernet
interface.

Example

View the state information of the Ethernet interface 2/0/0.

<3com> display interface ethernet 2/0/0


Ethernet2/0/0 current state : UP
Line protocol current state : UP
Description : 3Com Routers, Ethernet0/0 Interface
The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 172.31.29.103/16
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0.fc06.3085
Media type is twisted pair, loopback not set, promiscuous mode not set
100Mb/s-speed mode,Full-duplex mode,link type is autonegotiation
Output flow-control is unsupported, input flow-control is unsupported
Output queue : (Urgent queue : Size/Length/Discards) 0/500/0
Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0
Last 5 minutes input rate 227.13 bytes/sec, 2.67 packets/sec
Last 5 minutes output rate 0.00 bytes/sec, 0.00 packets/sec
Input: 542665 packets, 47721004 bytes
271460 broadcasts, 271205 multicasts
0 errors, 0 runts, 0 giants,
0 CRC, 0 align errors, 0 overruns,
0 dribbles, 0 aborts, 0 no buffers
Output:0 packets, 0 bytes
0 errors, 0 underruns, 0 collisions
0 deferred

duplex Syntax
duplex { full | half | negotiation }

undo duplex

View

Ethernet interface view

Parameter

full: Sets the Ethernet interface to work in full duplex mode.

half: Sets the Ethernet interface to work in half duplex mode.

negotiation: Sets the Ethernet interface to work in auto-negotiation mode.

Description

Using the duplex command, you can set the operating mode of the 100Base-TX
FE interface. Using the undo duplex command, you can restore the default
operating mode of the Ethernet interface.
178 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

By default, the Ethernet interface is working in auto-negotiation mode.

An Ethernet interface on a router that is connected to a hub must work in


half-duplex mode. When an Ethernet interface is connected to a network device
that supports full-duplex, it must work in full-duplex mode, however.

Before setting the FE interface to work in auto-negotiation mode, you must make
sure that the connected remote end has been working in auto-negotiation mode.
If this cannot be guaranteed, the two parties should use the forced setting for the
consistency in operating mode.

For related commands, see speed and display interface.

Example

Set the 100Base-TX FE interface to work in full duplex mode.

[3com-Ethernet0/0/0] duplex full

loopback Syntax
loopback

undo loopback

View

Ethernet interface view

Parameter

None

Description

Using the loopback command, you can enable an Ethernet interface to perform
loopback. Using the undo loopback command, you can disable loopback.

By default, the Ethernet interface is disabled to perform loopback.

You must enable the Ethernet interface to perform loopback only for the purpose
of testing some special functions.

Example

Enable the Ethernet interface to perform loopback.

[3com-Ethernet0/0/0]loopback

mtu Syntax
mtu size

undo mtu
Fundamental Ethernet Interface Configuration Commands 179

View

Ethernet interface view

Parameter

size: MTU size on the Ethernet interface, which is in bytes. It is in the range of 46
to 1500 if the adopted frame format is Ethernet_II.

Description

Using the mtu command, you can set the maximum transmission unit (MTU) of
the Ethernet interface. Using the undo mtu command, you can restore the
default configuration.

MTU defaults to 1500 if the adopted frame format is Ethernet_II.

The MTU setting of an Ethernet interface can affect the assembly and
fragmentation of IP packets on the interface.

For a related command, see display interface.

Example

Set MTU of the Ethernet interface to 1492.

[3com-Ethernet0/0/0]mtu 1492

speed Syntax
speed { 10 | 100 | negotiation }

undo speed

View

Ethernet interface view

Parameter

10: Forces the FE interface to work in 10Base-T (at 10Mbps) mode.

100: Forces the FE interface to work in 100Base-TX (100Mbps) mode.

negotiation: Sets the FE interface to work in auto-negotiation mode.

Description

Using the speed command, you can set the operating speed of the FE interface.
Using the undo speed command, you can restore the default operating speed of
the FE interface.

By default, the FE interface operates in auto-negotiation mode.

Before setting the FE interface to work in auto-negotiation mode, you must make
sure that the connected remote end has been working in auto-negotiation mode.
180 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

If this cannot be guaranteed, the two parties should use the forced setting for
operating consistency.

For related commands, see duplex and display interface.

Example

Set the FE interface to work in 10Base-T mode.

[3com-Ethernet0/0/0]speed 10

Fundamental WAN
Interface
Configuration
Commands

async mode Syntax


async mode { protocol | flow }

View

Asynchronous serial interface view, AUX interface view

Parameter

protocol: Protocol mode, with which the local end directly adopts the configured
link layer protocol parameters to set up a link with the remote end after setting up
a physical link.

flow: Flow mode, which is also known as interactive mode. With this approach,
the two ends set up a link by interacting with each other upon the setup of a
physical link. Specifically, the calling party sends the configuration commands to
the called party (it is equal to the operation of manually inputting configuration
commands at the remote end), sets the link layer protocol operating parameters of
the called party, and then sets up the link. This approach is normally adopted in
the event of man-machine interaction.

Description

Using the async mode command, you can set the operating mode of an
asynchronous serial interface.

By default, the asynchronous serial interface is working in protocol mode and the
AUX interface in flow mode.

For related command, see modem.

Example

Set the asynchronous serial interface to work in flow mode.

[3com-Serial0/0/0]async mode flow


Fundamental WAN Interface Configuration Commands 181

baudrate Syntax
baudrate baudrate

View

Serial interface view

Parameter

baudrate: Baud rate of serial interface in bps. It is in the range of 300 to 115200
for an asynchronous serial interface and 1200 to 2048000 for a synchronous serial
interface.

Description

Using the baudrate command, you can set the baud rate for a serial interface.

By default, the baud rate is 9600 bps on the asynchronous serial interface and
64000 bps on a synchronous serial interface.

Following are the baud rates available for the asynchronous serial interface.

■ 300 bps, 600 bps, 1200 bps, 2400 bps, 4800 bps, 9600 bps, 19200 bps,
38400 bps, 57600 bps, 115200 bps.

Following are the baud rates available for the synchronous serial interface.

■ 1200 bps, 2400 bps, 4800 bps, 9600 bps, 19200 bps, 38400 bps, 57600
bps, 64000 bps, 72000 bps, 115200 bps, 128000 bps, 384000 bps,
2048000 bps.

The baud rate range available for the synchronous serial interface depends on the
applied physical electric specifications.

■ V.24 DTE/DCE supports the range of 1200 bps to 64000 bps


■ V.35 DCE/DCE, X.21 DTE/DCE, EIA/TIA-449 DTE/DCE and EIA-530 DTE/DCE
supports the range of 1200 bps to 2048000 bps

After a synchronous/asynchronous serial interface makes the synchronous/


asynchronous switchover, the baud rate of the interface will resume the default
baud rate in the new operating mode.

When setting baud rate for a serial interface, you should take into consideration
the elements, such as operating mode (synchronous/asynchronous mode) and the
electric specifications of the connected external cable. In addition, you should note
that the baud rate of asynchronous serial interface is only significant for the
connection between router and modem. If two modems are concerned, they will
negotiate the baud rate between them. Therefore, different baud rate settings can
be set on the routers at the two ends of a connection, if the routers are working in
asynchronous mode. In synchronous mode, however, the router working as DCE
will determine the baud rate for the line transmission. Therefore, you must set
baud rate at the DCE side.
182 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Example

Set the baudrate of the asynchronous serial interface to 115200bps.

[3com-Serial0/0/0]baudrate 115200

clock Syntax
clock { dceclk | dteclk1 | dteclk2 | dteclk3 | dteclk4 }

View

Serial interface view

Parameter

dceclk: Sets the interface clock selection mode to DCE clock.

dteclk1: Sets the interface clock selection mode to DTE clock option 1.

dteclk2: Sets the interface clock selection mode to DTE clock option 2.

dteclk3: Sets the interface clock selection mode to DTE clock option 3.

dteclk4: Sets the interface clock selection mode to DTE clock option 4.

Description

Using the clock command, you can set the clock selection mode for a
synchronous serial interface.

By default, dceclk (providing clock to the DTE device) and dteclk3 are selected for
the synchronous serial interfaces at the DCE side and the DTE side.

Different operating clocks are selected for the synchronous serial interfaces
working as DTE and DCE, as shown in the following figure.

TxClk

DCE RxClk DTE

Figure 1 Selecting a clock for a synchronous serial interface

In the figure, “TxClk” represents transmitting clock and “RxClk” receiving clock.

As a DCE device is required to provide clock for the remote DTE device, you must
select DCEclk as the operating clock for the synchronous serial interface working
as DCE.

Working as DTE, the synchronous serial interface must accept the clock provided
by the remote DCE. As transmitting and receiving clocks of synchronization
devices are independent, the receiving clock of a DTE device can be either the
Fundamental WAN Interface Configuration Commands 183

transmitting or receiving clock of the DCE device. So is the transmitting clock.


Therefore, four clock options are available for a DTE device.

The following table gives the four clock selection options.


Table 3 Clock options available for a synchronous serial interface working as DTE

Clock selection
option Description
DTEclk1 TxClk = TxClk, RxClk = RxClk
DTEclk2 TxClk = TxClk, RxClk = TxClk
DTEclk3 TxClk = RxClk, RxClk = TxClk
DTEclk4 TxClk = RxClk, RxClk = RxClk

In the table, the clock ahead of “=” is the DTE clock and the one after is the DCE
clock.

Example

Set the synchronous serial interface working as DTE to use the clock selection
option DTEclk2.

[3com-Serial0/0/0]clock dteclk2

code nrzi Syntax


code nrzi

undo code

View

Synchronous serial interface view

Parameter

None

Description

Using the code nrzi command, you can set the digital signal coding format to
None-Return-to-Zero-Inverse (NRZI) for a synchronous serial interface. Using the
undo code command, you can restore the digital coding format of the
synchronous serial interface to NRZ.

The digital signal coding format defaults to NRZ on the synchronous serial
interface.

Example

Set the digital signal coding format to NRZI on the synchronous serial interface.

[3com-Serial0/0/0]code nrzi
184 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

detect Syntax
1 Asynchronous serial interface

detect dsr-dtr

undo detect dsr-dtr

2 Synchronous serial interface

detect { dcd | dsr-dtr }

undo detect { dcd | dsr-dtr }

View

Synchronous serial interface view, asynchronous serial interface view

Parameter

dsr-dtr: Detects DSR and DTR signals of DSU/CSU.

dcd: Detects the DCD signal of the DSU/CSU on the serial interface.

Description

Using the detect command, you can enable data carrier detection as well as level
detection on a serial interface. Using the undo detect command, you can disable
data carrier detection as well as level detection on the serial interface.

By default, serial interfaces are enabled to make data carrier and level detection.

If this function has been disabled on a serial interface, the system will not detect
the DCD and DSR/DTR signals when determining the state (UP or DOWN) of the
serial interface.

Example

Disable the serial interface to make data carrier detection.

[3com-Serial0/0/0]undo detect dcd

idle-mark Syntax
idle-mark

undo idle-mark

View

Synchronous serial interface view

Parameter

None
Fundamental WAN Interface Configuration Commands 185

Description

Using the idle-mark command, you can set the line idle-mark of the synchronous
serial interface to “FF”. Using the undo idle-mark command, you can restore the
line idle-mark of the synchronous serial interface to “7E”.

Line idle-mark of synchronous serial interfaces defaults to “7E”.

In normal circumstances, the synchronous serial interface uses the code “7E” to
identify the idle state of the line. However, there are still some devices that use
“FF” (that is, the high level of all “1s”) to make the identification. For the sake of
compatibility in this case, it is necessary to configure the line idle-mark of the
synchronous serial interface.

Example

Set the line idle-mark of the synchronous serial interface to FF.

[3com-Serial0/0/0]idle-mark

invert transmit-clock Syntax


invert transmit-clock

undo invert transmit-clock

View

Serial interface view

Parameter

None

Description

Using the invert transmit-clock command, you can enable the inverting of the
transmit-clock signal of the synchronous serial interface at the DTE side. Using the
undo invert transmit-clock command, you can disable inverting the signal.

By default, transmit-clock signal inversion is disabled on the synchronous serial


interface at DTE side.

In some special cases, for the purpose of eliminating the half-period delay of the
clock on the line, you may make the configuration to make the system invert the
transmit-clock signal of the synchronous serial interface at the DTE side. This
command can take effect only on some specific DCE devices. Clock inversion is
unnecessary for general applications.

For related commands, see physical-mode and clock.

Example

Invert the transmit-clock of the synchronous serial interface at DTE side.

[3com-Serial0/0/0]invert transmit-clock
186 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

loopback Syntax
loopback

undo loopback

View

Serial interface view

Parameter

None

Description

Using the loopback command, you can enable a serial interface to perform
loopback. Using the undo loopback command, you can disable the serial
interface to perform loopback.

By default, loopback of the serial interface is disabled.

It is necessary for you to enable the serial interface to perform loopback only for
the purpose of testing some special functions.

Example

Enable the serial interface to perform loopback.

[3com-Serial0/0/0]loopback

mtu Syntax
mtu size

undo mtu

View

Serial interface view

Parameter

size: MTU size on the serial interface, which is in the range of 128 to 1500 bytes
and defaults to 1500.

Description

Using the mtu command, you can set the MTU of a serial interface. Using the
undo mtu command, you can restore the default setting.

The MTU setting of a serial interface can affect the assembly and fragmentation of
IP packets on the interface.

Example

Set MTU of the serial interface to 1200.


Fundamental CE1/PRI Interface Configuration Commands 187

[3com-Serial0/0/0]mtu 1200

physical-mode Syntax
physical-mode { sync | async }

View

Serial interface view

Parameter

sync: Sets the synchronous/asynchronous serial interface to work in synchronous


mode.

async: Sets the synchronous/asynchronous serial interface to work in


asynchronous mode.

Description

Using the physical-mode command, you can set the operating mode of a
synchronous/asynchronous serial interface.

By default, the synchronous/asynchronous serial interface is working in


synchronous mode.

Example

Set the synchronous/asynchronous serial interface to work in asynchronous mode.

[3com-Serial0/0/0]physical-mode async

Fundamental CE1/PRI
Interface
Configuration
Commands

channel-set Syntax
channel-set set-number timeslot-list range

undo channel-set set-number

View

CE1/PRI interface view

Parameter

set-number: The number of the channel set formed by bundling the timeslots on
the interface, which is in the range of 0 to 30.

range: The number of the timeslots that are bundled, which is in the range of 1 to
31. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
188 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

number1-number2, or several discrete timeslots by specifying number1,


number2-number3.

Description

Using the channel-set command, you can bundle some timeslots of a CE1/PRI
interface into a channel-set. Using the undo channel-set command, you can
remove the specified timeslot bundle.

By default, no timeslots are bundled into channel-sets.

A CE1/PRI interface in CE1/PRI mode is physically divided into 32 timeslots


numbered from 0 through 31.

In actual applications, all the timeslots except timeslot 0 can be bundled into
multiple channel-sets and the system will automatically create a serial interface for
each set. This serial interface has the same logic features of synchronous serial
interface.

The serial interface is numbered in the form of serial interface-number


:set-number. The interface-number starts from the maximum serial interface
number plus 1, and the set-number is the number of the channel-set.

Only one timeslot bundling mode can be supported on one CE1/PRI interface
during a time period. In other words, this command cannot be used together with
the pri-set command.

For related command, see pri-set.

Example

Bundle the timeslots 1, 2, 5, 10-15, and 18 of the CE1/PRI interface into


channel-set 0.

[3com-E1 3/0/0]channel-set 0 timeslot-list 1,2,5,10-15,18

Make the same configuration on the CE1/PRI interface on the remote router.

[3com-E1 3/0/0]channel-set 0 timeslot-list 1,2,5,10-15,18

clock Syntax
clock { master | slave }

undo clock

View

CE1/PRI interface view

Parameter

master: Adopts the internal clock mode.

slave: Adopts the line clock mode.


Fundamental CE1/PRI Interface Configuration Commands 189

Description

Using the clock command, you can set the clock mode on a CE1/PRI interface.
Using the undo clock command, you can restore the default clock mode on the
interface.

By default, the CE1/PRI interface adopts the line clock mode (slave).

When a CE1/PRI interface is working as DCE, chose the internal clock for it, that is,
master clock mode. When it is working as DTE, chose the line clock, that is, slave
clock mode for it.

Example

Set the clock mode of the CE1/PRI interface to internal clock (master) mode.

[3com-E1 3/0/0]clock master

code Syntax
code { ami | hdb3 }

undo code

View

CE1/PRI interface view

Parameter

ami: Adopts Alternate Mark Inversion (AMI) line code format.

hdb3: Adopts High Density Bipolar 3 (HDB3) line code format. This parameter is
only significant for a CE1/PRI interface.

Description

Using the code command, you can set the line code format for a CE1/PRI
interface. Using the undo code command, you can restore the default line code
format of the interface.

The line code format of CE1/PRI interface defaults to hdb3.

You should keep the line code format of the interface in consistency with that
used by the remote device.

Example

Set the line code format of the interface E1 3/0/0 to ami.

[3com-E1 3/0/0]code ami

controller e1 Syntax
controller e1 number
190 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

View

System view

Parameter

number: The CE1/PRI interface number.

Description

Using the controller e1 command, you can enter a CE1/PRI interface view.

Example

Enter the view of the interface E1 3/0/0.

[3com]controller E1 3/0/0
[3com-E1 3/0/0]

display controller e1 Syntax


display controller [ e1 number ]

View

Any view

Parameter

number: Interface number.

Description

Using the display controller e1 command, you can display the information
related to a CE1/PRI interface.

Executing this command will display the following information:

■ The physical state of interface


■ The clock mode of interface
■ The frame check mode of interface
■ And the line code format of interface

Example

Display the information related to the E1 interface.

[3com]display controller E1 3/0/0


E1 1-0 is down.
Applique type is Channelized E1 - 75 OHM unbalanced
Framing is NO-CRC4, Line Code is HDB3, Source Clock is slave.
Alarm State is Loss of Frame Alignment.
Fundamental CE1/PRI Interface Configuration Commands 191

frame-format Syntax
frame-format { crc4 | no-crc4 }

undo frame-format

View

CE1/PRI interface view

Parameter

crc4: Sets the frame format on the CE1 interface to CRC4.

no-crc4: Sets the frame format on the CE1 interface to no-CRC4.

Description

Using the frame-format command, you can set the frame format of CE1
interface. Using the undo frame-format command, you can restore the default
frame format of the interface.

By default, the frame format of CE1 interface is no-crc4.

A CE1/PRI interface working in CE1 mode supports both crc4 and no-crc4 frame
formats. Among them, crc4 supports the 4-bit Cyclic Redundancy Check (CRC) on
physical frames whereas no-crc4 does not.

Example

Set the frame format of the interface E1 3/0/0 to crc4.

[3com-E1 3/0/0]frame-format crc4

loopback Syntax
loopback { local | remote }

undo loopback

View

CE1/PRI interface view

Parameter

local: Enables the interface to perform local loopback.

remote: Enables the interface to perform remote loopback.

Description

Using the loopback command, you can enable a CE1/PRI interface to perform
loopback. Using the undo loopback command, you can disable the CE1/PRI
interface to perform loopback.

By default, the interface is disabled to perform loopback in any form.


192 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Loopback is used to check the condition of interface or cable. This function should
be disabled when they are in normal operation.

If a serial interface formed by bundling timeslots of the CT1/PRI interface is


encapsulated with PPP and is set to perform loopback, it is normal for the state of
the link layer protocol to be reported as DOWN.

Example

Set the interface E1 3/0/0 to perform local loopback.

[3com-E1 3/0/0]loopback local

pri-set Syntax
pri-set timeslot-list [ range ]

undo pri-set

View

CE1/PRI interface view

Parameter

range: The number of the timeslots that are bundled, which is in the range of 1 to
31. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.

Description

Using the pri-set command, you can bundle the timeslots of a CE1/PRI interface
into a pri-set. Using the undo pri-set command, you can remove the timeslot
bundle.

By default, no timeslots are bundled into pri-set.

When perform pri-set bundling on a CE1/PRI interface, you should note that you
are not allowed to bundle only timeslot 16, as it will be used as the D channel for
transmitting signals. Attempts to bundle only timeslot 16 will fail.

In a pri-set formed by bundling the timeslots of a CE1/PRI interface, timeslot 0 is


used for Frame Synchronization Control (FSC), timeslot 16 as a D channel for
signaling transmission, and other timeslots as B channels for data transmission.
You may bundle the timeslots except for timeslot 0 into a pri-set (as the D channel,
timeslot 16 is automatically bundled). The logic features of this pri-set will be the
same like those of an ISDN PRI interface. If no timeslots are specified for bundling,
all the timeslots except for timeslot 0 will be bundled into an interface similar to an
ISDN PRI interface in the form of 30B+D.

The system will automatically create a serial interface after the operation of
timeslot bundling on the interface. This serial interface has the same logic features
Fundamental CE1/PRI Interface Configuration Commands 193

of ISDN PRI interface. The serial interface is numbered in the form of serial
number:15. Where, number is the maximum serial interface number plus 1.

Only one timeslot bundling mode can be supported on one CE1/PRI interface
during a time period. In other words, this command cannot be used together with
the channel-set command.

For a related command, see channel-set.

Example

Bundle the timeslots 1, 2, and 8-12 of the CE1/PRI interface into a pri-set.

[3com-E1 3/0/0]pri-set timeslot-list 1,2,8-12

using Syntax
using { ce1 | e1 }

undo using

View

CE1/PRI interface view

Parameter

e1: In E1 mode

ce1: In CE1/PRI mode

Description

Using the using command, you can configure the operating mode for a CE1/PRI
interface. Using the undo using command, you can restore the default operating
mode.

By default, the CE1/PRI interface is working in CE1/PRI mode.

A CE1/PRI interface can work in either E1 mode (also called non-channelized


mode) or CE1/PRI mode (that is, channelized mode).

A CE1/PRI interface in E1 mode equals an interface of 2 Mbps data bandwidth, on


which, no timeslots are divided. Its logic features are the same like those of a
synchronous serial interface. When working in CE1/PRI mode, it is physically
divided into 32 timeslots numbered from 0 to 31. Among them, timeslot 0 is used
for transmitting the Frame Synchronization Control information. This interface can
work as either a CE1 interface or a PRI interface.

After the CE1/PRI interface is enabled to work in E1 mode by using the using e1
command, the system will automatically create a serial interface numbered serial
interface-number:0. The interface-number starts from the maximum serial
interface number plus 1t.
194 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Example

Set the CE1/PRI interface to work in E1 mode.

[3com-E1 3/0/0]using e1

Fundamental CT1/PRI
Interface
Configuration
Commands

cable Syntax
cable { long { 0db | -7.5db | -15db | -22.5db } | short { 133ft | 266ft | 399ft | 533ft | 655ft } }

undo cable

View

CT1/PRI interface view

Parameter

long: Matches a 655-feet and longer transmission line. The options for this
parameter include 0db, -7.5db, -15db and -22.5db. The attenuation parameter is
selected depending on the signal quality received at the receiving end. In this case,
no external CSU is needed.

short: Matches a transmission cable under 655 feet. The options for this
parameter include 133ft, 266ft, 399ft, 533ft and 655ft. The length parameter is
selected depending on the actual length of the transmission line.

Description

Using the cable command, you can set cable attenuation and length on a CT1/PRI
interface to match the distance of the transmission line. Using the undo cable
command, you can restore the default value

The transmission cable attenuation that the CT1/PRI interface matches defaults to
long 0db.

This command is mainly used to configure the signal waveform for transmission to
satisfy various transmitting needs. In practice, the signal quality received by the
receiving end determines whether this command will be used. If the signal quality
is relatively good, use the default setting. In this case, the CT1/PRI interface does
not need an external CSU device.

Example

Set the length of the transmission cable that the CT1/PRI interface matches to 133
feet.

[3com-T1 1/0/0] cable short 133ft


Fundamental CT1/PRI Interface Configuration Commands 195

channel-set Syntax
channel-set set-number timeslot-list range [ speed { 56k | 64k } ]

undo channel-set set-number

View

CT1/PRI interface view

Parameter

set-number: The number of the channel-set formed by bundling the timeslots of


the interface, which is in the range of 0 to 23.

range: The number of the timeslots that are bundled, which is in the range of 1 to
24. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.

speed { 56k | 64k }: The speed of the timeslot bundle, which is in Kbps. If 56k is
selected, the timeslots will be bundled into N x 56 Kbps bundles, and if 64k is
selected, the timeslots will be bundled into N x 64 Kbps bundles. By default, the
system uses 64k.

Description

Using the channel-set command, you can bundle some timeslots of a CT1/PRI
interface into a channel-set. Using the undo channel-set command, you can
remove the specified channel-set.

By default, no timeslots are bundled into channel-sets.

A CT1/PRI interface is physically divided into 24 timeslots numbered from 1


through 24. In actual applications, all the timeslots can be bundled into multiple
channel-sets and the system will automatically create a serial interface for each
set. This serial interface has the same logic features of synchronous serial interface.

The serial interface is numbered in the form of serial interface-number:set-number.


Where, interface-number starts from the maximum serial interface number plus 1,
and set-number is the number of the channel-set.

Only one timeslot bundling mode can be supported on one CT1/PRI interface
during a time period. In other words, this command cannot be used together with
the pri-set command.

For a related command, see pri-set.

Example

Bundle the timeslots 1, 2, 5, 10-15and 18 of the CE1/PRI interface into


channel-set 0.

[3com-T1 1/0/0]channel-set 0 timeslot-list 1,2,5,10-15,18


196 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

clock Syntax
clock { master | slave }

undo clock

View

CT1/PRI interface view

Parameter

master: Adopts the internal clock mode.

slave: Adopts the line clock mode.

Description

Using the clock command, you can set the clock mode on a CT1/PRI interface.
Using the undo clock command, you can restore the default clock mode on the
interface.

By default, the CE1/PRI interface adopts the line clock mode (slave).

When a CT1/PRI interface is working as DCE, chose the internal clock for it, that is,
master clock mode. When it is working as DTE, chose the line clock, that is, the
slave clock mode for it.

Example

Set the clock mode of the CT1/PRI interface to internal clock (master) mode.

[3com-T1 1/0/0] clock master

code Syntax
code { ami | b8zs }

undo code

View

CT1/PRI interface view

Parameter

ami: Adopts the AMI line code format.

b8zs: Adopts the Bipolar with 8-Zero Substitution (b8zs) line code format.

Description

Using the code command, you can set the line code format for a CT1/PRI
interface. Using the undo code command, you can restore the default line code
format of the interface.

The line code format of CT1/PRI interface defaults to b8zs.


Fundamental CT1/PRI Interface Configuration Commands 197

You should keep the line code format of the interface consistent with the one
used by the remote device.

Example

Set the line code format of the interface T1 1/0/0 to ami.

[3com-T1 1/0/0] code ami

controller t1 Syntax
controller t1 number

View

System view

Parameter

number: The CT1/PRI interface number.

Description

Using the controller t1 command, you can enter a CT1/PRI interface view.

Example

Enter the view of the interface T1 1/00.

[3com]controller t1 1/0/0
[3com-T1 1/0/0]

display controller t1 Syntax


display controller t1 number

View

Any view

Parameter

number: Interface number.

Description

Using the display controller t1 command, you can display the information
related to a CT1/PRI interface. All T1 interfaces will be displayed if no parameter is
selected.

Executing this command will display the following information:

■ The physical state of interface


■ The clock mode of interface
■ The frame check mode of interface
198 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

■ And the line code format of interface

Example

Display the information related to the T1 interface.

[3com]display controller t1 1/0/0

frame-format Syntax
frame-format { sf | esf }

undo frame-format

View

CT1/PRI interface view

Parameter

sf: Sets the frame format of CT1/PRI interface to Super Frame (SF).

esf: Sets the frame format of CT1/PRI interface to Extended Super Frame (ESF).

Description

Using the frame-format command, you can set the frame format on a CT1/PRI
interface. Using the undo frame-format command, you can restore to the
default frame format on the interface.

The frame format on the CT1/PRI interface defaults to ESF.

A CT1/PRI interface supports two frame formats, that is, SF and ESF. In SF format,
multiple frames can share the same FSC and signaling information, so that more
significant bits can be used for transmitting user data. In practice, a system should
be tested often. The application of ESF makes it possible for the system to provide
the services while it is being tested.

Example

Set the frame format of T1 1/0/0 to SF.

[3com-T1 1/0/0]frame-format sf

loopback Syntax
loopback { local | remote }

undo loopback

View

CT1/PRI interface view

Parameter

local: Enables the CT1/PRI interface to perform local loopback.


Fundamental CT1/PRI Interface Configuration Commands 199

remote: Enables the interface to perform remote loopback.

Description

Using the loopback command, you can enable a CT1/PRI interface to perform
loopback. Using the undo loopback command, you can disable the CT1/PRI
interface to perform loopback.

By default, the interface is disabled to perform loopback in any form.

Loopback is used to check the condition of interface or cable. This function should
be disabled when they are in normal operation.

If a serial interface formed by bundling timeslots of the CT1/PRI interface is


encapsulated with PPP and is set to perform loopback, it is normal for the state of
the link layer protocol to be reported as DOWN.

Example

Set the interface T1 1/0/0 to perform local loopback.

[3com-T1 1/0/0]loopback remote

pri-set Syntax
pri-set [ timeslot-list range ]

undo pri-set

View

CT1/PRI interface view

Parameter

range: The number of the timeslots that are bundled, which is in the range of 1 to
24. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.

Description

Using the pri-set command, you can bundle the timeslots of a CT1/PRI interface
into a pri-set. Using the undo pri-set command, you can remove the timeslot
bundle.

By default, no timeslots are bundled into pri-set.

When performing pri-set bundling on a CT1/PRI interface, you should note that
you are not allowed to bundle only timeslot 24, because it is the D channel for
transmitting signals. Attempts to bundle only timeslot 24 will fail.

In a pri-set formed by bundling the timeslots of a CT1/PRI interface, timeslot 24 is


used as D channel for signaling transmission, and other timeslots as B channels for
data transmission. All the timeslots can be randomly bundled into a pri-set (as a D
200 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

channel, timeslot 24 is automatically bundled). The logic features of this pri-set will
be the same as those of an ISDN PRI interface. If no timeslots are specified for
bundling, all the timeslots will be bundled into an interface similar to an ISDN PRI
interface in the form of 23B+D.

The system will automatically create a serial interface after the operation of
timeslot bundling on the interface. This serial interface has the same logic features
as an ISDN PRI interface. The serial interface is numbered in the form of serial
number:23, in which number starts from the maximum serial interface number
plus 1.

Only one timeslot bundling mode can be supported on one CE1/PRI interface
during a time period. In other words, this command cannot be used together with
the channel-set command.

For a related command, see channel-set.

Example

Bundle the timeslots 1, 2, and 8-12 of the CT1/PRI interface into a pri-set.

[3com-T1 1/0/0]pri-set timeslot-list 1,2,8-12

E1-F Interface
Configuration
Commands

display fe1 serial Syntax


display fe1 [ serial serial-number ]

View

Any view

Parameter

serial serial-number: Interface type and number. If no interface is specified, the


information of all the E1-F interfaces will be displayed.

Description

Using the display fe1 serial command, you can view the configuration and state
of E1-F interface.

If the specified interface is a serial interface rather than an E1-F interface, the
system will display the error prompt “The serial is not a factional interface”.

Example

Display the information of the E1-F interface.

[3com] display fe1


Serial4/0/0
E1-F Interface Configuration Commands 201

Fractional E1, status is down.


Work mode is FRAMED - 120 OHM balanced.
Framing : NO-CRC4, Line Code is HDB3, Clock : Slave.
Alarm State : Loss-of-Signal.
Table 4 Description of displaying controller FE1 items

Item Description
Framing Frame format (crc4/no-crc4)
Line Code line code format (ami/hdb3)
Clock Clock mode (master/slave)
Alarm State Alarm information

fe1 clock Syntax


fe1 clock { master | slave }

undo fe1 clock

View

E1-F interface view

Parameter

master: Internal clock is used.

slave: Line clock is used.

Description

Using the fe1 clock command, you can configure clock used by an E1-F interface.
Using the undo fe1 clock command, you can restore the default clock of the
interface.

By default, the interfaces use the slave clock.

For an E1-F interface used as DCE, master clock should be used. If the interface is
used as DTE, however, the slave clock should be used.

Example

Set the E1-F interface to use internal clock.

[3com-Serial0/0/0] fe1 clock master

fe1 code Syntax


fe1 code { ami | hdb3 }

undo fe1 code

View

E1-F interface view


202 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Parameter

ami: Adopts AMI line code format.

hdb3: Adopts HDB3 line code format.

Description

Using the fe1 code command, you can configure line code format for an E1-F
interface. Using the undo fe1 code command, you can restore the default line
code format of interface.

By default, E1-F interfaces adopt hdb3.

The line code of an interface should be set consistent with that of the peer.

Example

Set the line code format of the E1-F interface to AMI.

[3com-Serial0/0/0] fe1 code ami

fe1 frame-format Syntax


fe1 frame-format { crc4 | no-crc4 }

undo fe1 frame-format

View

E1-F interface view

Parameter

crc4: Adopts CRC4 as the framing format for the E1-F interface.

no-crc4: Adopts no-CRC4 as the framing format for the E1-F interface..

Description

Using the fe1 frame-format command, you can configure the framing format for
an E1-F interface. Using the undo fe1 frame-format command, you can restore
the default framing format of the interface.

By default, E1-F interfaces use no-crc4.

Example

Set the framing format for the E1-F interface to CRC4.

[3com-Serial0/0/0] fe1 frame-format crc4

fe1 loopback Syntax


fe1 loopback { local | remote }

undo fe1 loopback [ local | remote ]


E1-F Interface Configuration Commands 203

View

E1-F interface view

Parameter

local: Places the interface in local loopback.

remote: Places the interface in remote loopback.

Description

Using the fe1 loopback command, you can configure an E1-F interface in local or
remote loopback. Using the undo fe1 loopback command, you can disable the
local and remote loopback on the interface.

By default, the interfaces are not placed in local or remote loopback.

Local loopback and remote loopback are used for testing the state of interface or
cable itself. These functions should be disabled in normal cases. On an interface,
using this command, but with different arguments, can enable local loopback and
remote loopback, but these two functions cannot be enabled at the same time.

Example

Place the E1-F interface in local loopback.

[3com-Serial0/0/0] fe1 loopback local

fe1 timeslot-list Syntax


fe1 timeslot-list { all | range }

undo fe1 timeslot-list

View

E1-F interface view

Parameter

all: Binds all the time slots on an interface, the interface rate will become 31 X
64kbps (that is, 1984kbps) after binding.

range: Time slots participating in the binding operation, it is in the range of 1 to


31. When specifying time slots for binding, you can configure a single time slot by
using the form of “number”, the time slots in a range by using the form of
“number1-number2”, or multiple time slots by using the form of “number1,
number2-number3”.

Description

Using the fe1 timeslot-list command, you can configure the time slots that will
participate in the binding operation on an E1-F interface. Using the undo fe1
timeslot-list command, you can restore the default setting of time slot binding.
204 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

By default, all the time slots on an E1-F interface are bound. That is, the E1-F
interface rate defaults to 1984kbps.

Time slot binding operation on an E1-F interface will result in changing of


interface rate. For example, after the user binds the time slots 1 through 10, the
interface rate will become 10 X 64kbps.

If an E1-F interface is working in unframed mode, the fe1 timeslot-list command


cannot be configured.

For related commands, see fe1 unframed.

Example

Bind the time slots 1, 2, 5, 10 through 15, and 18 on the E1-F interface.

[3com-Serial0/0/0] fe1 timeslot-list 1,2,5,10-15,18

fe1 unframed Syntax


fe1 unframed

undo fe1 unframed

View

E1-F interface view

Parameter

None

Description

Using the fe1 unframed command, you can configure an E1-F interface to work
in unframed mode. Using the undo fe1 unframed command, you can configure
the E1-F interface to work in framed mode.

By default, E1-F interfaces work in framed mode.

When it works in unframed mode, it is a non-timeslots interface of 2048kbps data


bandwidth. In this case, it is logically equivalent to a synchronous serial interface.

When it works in framed mode, however, it is physically divided into 32 time slots
numbered in the range of 0 to 31, and time slot 0 is used for transmitting
synchronization information.

For related commands, see fe1 timeslot-list.

Example

Set the E1-F interface to work in unframed mode.

[3com-Serial0/0/0] fe1 unframed


T1-F Interface Configuration Commands 205

T1-F Interface
Configuration
Commands

ft1 cable Syntax


ft1 cable { long decibel | short length }

undo ft1 cable

View

T1-F interface view

Parameter

long decibel: Matches the transmission line longer than 655 feet. The argument
decibel can take 0db, -7.5db, -15db, or -22.5db, depending on the signal quality
at the receiving end. In this case, no external CSU is required.

short length: Matches transmission line shorter than 655 feet. The argument
length can take 133ft, 266ft, 399ft, 533ft, and 655ft, depending on the length of
transmission line.

Description

Using the ft1 cable command, you can configure attenuation or length of the
transmission line matched a T1-F interface. Using the undo ft1cable command,
you can restore the default setting.

By default, the transmission line attenuation matched T1-F interfaces is long 0db.

This command is mainly used for configuring the signal waveform required for
different types of transmission. In practice, you can decide whether to use this
command according to the signal quality at the receiving end. If the signal quality
is acceptable, the default setting can be used.

Example

Set the length of the transmission line matched the T1-F interface to 133 feet.

[3com-Serial0/0/0] ft1 cable short 133ft

display ft1 serial Syntax


display ft1 [ serial serial-number ]

View

Any view

Parameter

serial serial-number: Interface type and number. If no interface is specified, the


information of all the T1-F interfaces will be displayed.
206 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Description

Using the display ft1 serial command, you can view the configuration and state
of T1-F interface.

If the specified interface is a serial interface rather than a T1-F interface, the
system will display the error prompt “The serial is not a factional interface”.

Example

Display the information of the T1-F interface.

[3com] display ft1


Serial4/0/0
Fractional T1, status is down.
Work mode is framed - 100 OHM balanced.
Framing : ESF, Line Code is B8ZS, Clock : Slave.
Alarm State : Loss-of-Signal.
Table 5 Description of displaying controller FT1 items

Item Description
Framing Frame format (crc4/no-crc4)
Line Code line code format (ami/hdb3)
Clock Clock mode (master/slave)
Alarm State Alarm information

ft1 clock Syntax


ft1 clock { master | slave }

undo ft1 clock

View

T1-F interface view

Parameter

master: Internal clock is used.

slave: Line clock is used.

Description

Using the ft1 clock command, you can configure the clock used by an E1-F or
T1-F interface. Using the undo ft1 clock command, you can restore the default
clock of the interface.

By default, the interfaces use the slave clock.

For a T1-F interface used as DCE, master clock should be used. If the interface is
used as DTE, however, the slave clock should be used.

Example

Set the T1-F interface to use internal clock.


T1-F Interface Configuration Commands 207

[3com-Serial0/0/0] ft1 clock master

ft1 code Syntax


ft1 code { ami | b8zs }

undo ft1 code

View

T1-F interface view

Parameter

ami: Adopts AMI line code format.

b8zs: Adopts B8ZS line code format.

Description

Using the ft1 code command, you can configure the line code format for a T1-F
interface. Using the undo ft1 code command, you can restore the default line
code format of interface.

By default, T1-F interfaces adopt b8zs.

The line code of an interface should be set in consistency with that of the peer.

Example

Set the line code format of the T1-F interface to AMI.

[3com-Serial0/0/0] ft1 code ami

ft1 frame-format Syntax


ft1 frame-format { sf | esf }

undo ft1 frame-format

View

T1-F interface view

Parameter

sf: Adopts SF as the framing format for the T1-F interface.

esf: Adopts ESF as the framing format for the T1-F interface.

Description

Using the ft1 frame-format command, you can configure the framing format for
a T1-F interface. Using the undo ft1 frame-format command, you can restore
the default framing format of the interface.

By default, T1-F interfaces use esf.


208 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

T1-F interfaces support SF and ESF. In SF, multiple frames can share the same frame
synchronization and signaling information, so that more significant bits can be
used for transmitting user data. In practice, the system test is often required. The
application of ESF technology can ensure normal service when system test is being
carried out.

Example

Set the framing format for the T1-F interface to SF.

[3com-Serial0/0/0] ft1 frame-format sf

ft1 loopback Syntax


ft1 loopback { local | remote }

undo ft1 loopback [ local | remote ]

View

T1-F interface view

Parameter

local: Places the interface in local loopback.

remote: Places the interface in remote loopback.

Description

Using the ft1 loopback command, you can configure a T1-F interface in local or
remote loopback. Using the undo ft1 loopback command, you can disable the
local and remote loopback on the interface.

By default, the interfaces are not placed in local or remote loopback.

Local loopback and remote loopback are used for testing the state of interface or
cable itself. These functions should be disabled in normal cases. On an interface,
using this command but with different arguments can respectively enable local
loopback and remote loopback, but these two functions cannot be enabled at the
same time.

Example

Place the T1-F interface in local loopback.

[3com-Serial0/0/0] ft1 loopback local

ft1 timeslot-list Syntax


ft1 timeslot-list { all | range } [ speed { 56 | 64 } ]

undo ft1 timeslot-list

T1-F interface view


Fundamental CE3 Interface Configuration Commands 209

Parameter

all: Binds all the time slots on an interface. The interface rate will become 24 X
64kbps (that is, 1536kbps) after binding.

range: Time slots participating in the binding operation. It is in the range of 1 to


24. When specifying time slots for binding, you can configure a single time slot by
using the form of “number”, the time slots in a range by using the form of
“number1-number2”, or multiple time slots by using the form of “number1,
number2-number3”.

speed { 56 | 64 }: Speed in kbps, which is used for time slot binding. If the
argument 56 is used, timeslots will be bound into N X 56kbps. If the argument 64
is used, timeslots will be bound into N X 64kbps.

Description

Using the ft1 timeslot-list command, you can configure the time slots that will
participate in the binding operation on a T1-F interface. Using the undo ft1
timeslot-list command, you can restore the default setting of time slot binding.

By default, all the time slots on a T1-F interface are bound. That is, the T1-F
interface rate defaults to 1536kbps.

When performing time slot binding on a T1-F interface, the speed assigned to a
time slot defaults to 64kbps.

The time slot binding operation on a T1-F interface results in a change of interface
rate. For example, after the user binds the time slots 1 through 10, the interface
rate becomes 10 X 64kbps (or 10 X 56 kbps).

Example

Bind the time slots 1, 2, 5, 10 through 15, and 18 on the T1-F interface.

[3com-Serial0/0/0] ft1 timeslot-list 1,2,5,10-15,18

Fundamental CE3
Interface
Configuration
Commands

clock Syntax
clock { master | slave }

undo clock

View

CE3 interface view

Parameter

master: Adopts the internal clock mode.


210 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

slave: Adopts the line clock mode.

Description

Using the clock command, you can set the clock mode on a CE3 interface. Using
the undo clock command, you can restore the default clock mode on the
interface.

By default, the CE3 interface adopts the line clock mode (slave).

The clock is selected depending on the connected remote device. If it is a


transmission device, the local end will use the line clock.

If the CE3 interfaces on the two routers are directly connected, one router should
use the internal clock whereas the other router uses the line clock.

Example

Configure the CE3 interface with internal clock.

[3com-E3 1/0/0] clock master

controller e3 Syntax
controller e3 interface-number

View

System view

Parameter

interface-number: CE3 interface number.

Description

Using the controller e3 command, you can enter the CE3 interface view.

For related command, see display controller e3.

Example

Enter the view of the interface E3 1/0/0.

[3com]controller e3 1/0/0
[3com-E3 1/0/0]

display controller e3 Syntax


display controller e3 interface-number

View

Any view
Fundamental CE3 Interface Configuration Commands 211

Parameter

interface-number: CE3 interface number.

Description

Using the display controller e3 command, you can view the state information of
a CE3 interface.

In addition to the state information of the CE3 interface, the command can display
the information of each E1 line on the CE3 interface if the interface is working in
CE3 mode.

Example

Display the information related to the interface E3 1/0/0.

[3com]display controller e3 1/0/0


E3 1/0/0 is up
Description : 3Com Routers, E3 1/0 Interface
Applique type is CE3 - 75 OHM unbalanced Frame-format G751, line code HDB3, clock slave,
national-bit 1,loopback not set
Alarm: none
ERROR: 0 BPV, 0 EXZ, 0 FrmErr, 0 FEBE
E3-0 CE1 1 is up
Frame-format NO-CRC4, clock master, loopback not set
E3-0 CE1 2 is up
Frame-format NO-CRC4, clock slave, loopback local
E3-0 CE1 3 is up
Frame-format NO-CRC4, clock slave, loopback remote
E3-0 CE1 4 is up
Frame-format CRC4, clock slave, loopback not set
E3-0 CE1 5 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 6 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 7 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 8 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 9 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 10 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 11 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 12 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 13 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 14 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 15 is up
Frame-format NO-CRC4, clock slave, loopback not set
E3-0 CE1 16 is up
Frame-format NO-CRC4, clock slave, loopback not set
212 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

e1 channel-set Syntax
e1 line-number channel-set set-number timeslot-list range

undo e1 line-number channel-set set-number

View

CE3 interface view

Parameter

line-number: E1 line number in the range of 1 to 16.

set-number: The number of the channel-set formed by bundling the timeslots of


E1 line, which is in the range of 0 to 30.

range: The number of the timeslots that are bundled, which is in the range of 1 to
31. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
number1-number2, or several discrete timeslots by specifying number1,
number2-number3.

Description

Using the e1 channel-set command, you can bundle the timeslots of an E1 line.
Using the undo e1 channel-set command, you can remove the timeslot bundle.

By default, no timeslots are bundled into channel-sets.

A CE3 interface can be channelized into 64Kbps lines and the timeslots of each E1
line can be bundled up to 31 channels.

When an E1 line operates at framed (CE1) mode, you can bundle the timeslots on
it. The system will automatically create a serial interface numbered serial number /
line-number:set-number. For example, the serial interface created by the
channel-set 0 of the first e1 line on E3 7/0 will be numbered 7/0/1:0. This interface
can operate at N x 64 Kbps and has the same logic features of a synchronous serial
interface on which you make other configurations.

For related command, see e1 unframed.

Example

Bundle a 128Kbps serial interface on the first E1 line on the interface E3 1/0/0.

[3com-E3 1/0/0]e1 1 channel-set 1 timeslot-list 1,2

e1 set clock Syntax


e1 line-number set clock { master | slave }

undo e1 line-number set clock

View

CE3 interface view


Fundamental CE3 Interface Configuration Commands 213

Parameter

line-number: E1 line number in the range of 1 to 16.

master: Adopts the internal clock mode.

slave: Adopts the line clock mode.

Description

Using the e1 set clock command, you can set the clock mode for an E1 line on a
CE3 interface. Using the undo e1 clock command, you can restore the default
setting.

By defaults, the E1 lines on a CE3 interface adopt line clock.

The E1 lines on a CE3 interface working in channelized mode are allowed to use
separate clocks.

Example

Configure the first E1 line on the E3 interface to adopt line clock mode.

[3com-E3 1/0/0]e1 1 set clock slave

e1 set frame-format Syntax


e1 line-number set frame-format { crc4 | no-crc4 }

undo e1 line-number set frame-format

View

CE3 interface view

Parameter

line-number: E1 line number in the range of 1 to 16.

crc4: The frame format adopted by an E1 line is crc4.

no-crc4: The frame format adopted by an E1 line is no-crc4.

Description

Using the e1 set frame-format command, you can configure the frame format
for an E1 line. Using the undo e1 set frame-format command, you can restore
the default setting.

By default, the frame format no-crc4 is used for E1 line.

Only if an E1 line is working in framed format (which can be set by using the undo
e1 unframed command) can this command be configured.

For related command, see e1 unframed.


214 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Example

Configure the first E1 line on the E3 interface to adopt the frame format crc4.

[3com-E3 1/0/0]e1 1 set frame-format crc4

e1 set loopback Syntax


e1 line-number set loopback { local | remote }

undo e1 line-number set loopback

View

CE3 interface view

Parameter

line-number: E1 line number in the range of 1 to 16.

local: Enables E1 line to perform local loopback.

remote: Enables E1 line to perform remote loopback.

Description

Using the e1 set loopback command, you can set the loopback mode of an E1
line on an E3 interface. Using the undo e1 set loopback command, you can
disable the E1 line to loop back.

By default, E1 lines are disabled to loop back.

If an E1 line encapsulated with PPP has been set to perform loopback, it is normal
for the state of the link layer protocol to be reported as DOWN.

Example

Set the loopback mode of the first E1 line on the E3 interface to local.

[3com-E3 1/0/0]e1 1 set loopback local

e1 shutdown Syntax
e1 line-number shutdown

undo e1 line-number shutdown

View

CE3 interface view

Parameter

line-number: E1 line number in the range of 1 to 16.


Fundamental CE3 Interface Configuration Commands 215

Description

Using the e1 shutdown command, you can shut down an E1 line on the CE3
interface. Using the undo e1 shutdown command, you can enable the E1 line.

By default, E1 line is enabled.

This command will affect not only the specified E1 line but also the serial
interfaces formed by bundling the timeslots of the E1 line. Executing the e1
shutdown command on the specified E1 line will shut down all these serial
interfaces and the data transmission and receiving will be stopped as a result.
Likewise, executing the undo e1 shutdown command will re-enable all these
serial interfaces.

Example

Shut down the first E1 line on the E3 interface.

[3com-E3 1/0/0]e1 1 shutdown

e1 unframed Syntax
e1 line-number unframed

undo e1 line-number unframed

View

CE3 interface view

Parameter

line-number: E1 line number in the range of 1 to 16.

Description

Using the e1 unframed command, you can set an E1 line on a CE3 interface to
work in unframed mode (E1 mode). Using the undo e1 unframed command, you
can set the E1 line on the CE3 interface to work in framed mode (CE1 mode).

By default, E1 lines are working in framed mode.

An E1 line in unframed mode does not contain the frame control information and
cannot be divided into timeslots. Naturally, no timeslot bundling can be performed
on it. In this case, the system automatically creates a serial interface numbered
serial number / line-number:0 for it. This interface operates at 2048 Kbps and has
the same logic features of a synchronous serial interface on which you can make
other configurations.

For related command, see e1 channel-set.

Example

Set the first E1 line on the E3 interface to work in unframed mode.

[3com-E3 1/0/0]e1 1 unframed


216 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

loopback Syntax
loopback { local | payload | remote }

undo loopback

View

CE3 interface view

Parameter

local: Enables the CE3 interface to perform local loopback.

payload: Places the CE3 interface in an remote payload loopback. Data passes the
framer in this case and will be looped back after payload is generated.

remote: Enables the CE3 interface to perform remote loopback. Data does not go
through the framer in this case and will be looped back before the payload has
been generated.

Description

Using the loopback command, you can configure the loopback mode of a CE3
interface. Using the undo loopback command, you can disable the CE3 interface
to perform loopback.

By default, loopback is disabled on the CE3 interface.

It is necessary for you to enable the CE3 interface to perform loopback only for the
purpose of testing some special functions.

If a CE3 interface encapsulated with PPP has been set to perform loopback, it is
normal for the state of the link layer protocol to be reported as DOWN.

Example

Enable the interface E3 1/0/0 to perform local loopback.

[3com-E3 1/0/0] loopback local

national-bit Syntax
national-bit { 0 | 1 }

undo national-bit

View

CE3 interface view

Parameter

0: Sets the national bit of the CE3 interface to 0.

1: Sets the national bit of the CE3 interface to 1.


Fundamental CE3 Interface Configuration Commands 217

Description

Using the national-bit command, you can configure national bit for a CE3
interface. Using the undo national-bit command, you can restore the default
setting.

The national bit of CE3 interface defaults to 1.

It is necessary to set the national bit of an E3 interface to 0 only in some special


circumstances.

For the related command, see controller e3.

Example

Set the national bit of the interface E3 1/0/0 to 0.

[3com-E3 1/0/0] national-bit 0

using Syntax
using { e3 | ce3 }

undo using

View

CE3 interface view

Parameter

e3: Sets the CE3 interface to work in unchannelized mode.

ce3: Sets the CE3 interface to work in channelized mode.

Description

Using the using command, you can configure the operating mode of a CE3
interface. Using the undo using command, you can restore the default setting.

By default, the CE3 interface is working in channelized mode.

Only when the CE3 interface is working in channelized mode can you configure
the E1 lines on it.

When the CE3 interface is working in unchannelized mode, the system


automatically creates a serial interface numbered serial number / 0:0 for it. This
interface operates at 34.368 Mbps and has the same logic features of a
synchronous serial interface on which you can make other configurations.

For related command, see controller e3.

Example

Configure the interface E3 1/0/0 to work in unchannelized mode.

[3com-E3 1/0/0]using e3
218 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Fundamental CT3
Interface
Configuration
Commands

cable Syntax
cable feet

undo cable

View

CT3 interface view

Parameter

feet: Cable length in the range of 0 to 450 feet.

Description

Using the cable command, you can configure the length of the cable with which a
CT3 interface is connected. Using the undo cable command, you can restore the
default length of the cable with which the CT3 interface is connected.

The parameter feet defaults to 49.

The length of the cable for CT3 interface connection refers to the distance
between the router and the cable distribution rack.

Example

Set the cable length to 50 feet for the interface T3 1/0/0.

[3com-T3 1/0/0]cable 50

clock Syntax
clock { master | slave }

undo clock

View

CT3 interface view

Parameter

master: Adopts the internal clock mode.

slave: Adopts the line clock mode.


Fundamental CT3 Interface Configuration Commands 219

Description

Using the clock command, you can set the clock mode on a CT3 interface. Using
the undo clock command, you can restore the default clock mode on the
interface.

By default, the CT3 interface adopts the line clock mode (slave).

The clock is selected depending on the connected remote device. If it is a


transmission device, the local end will use the line clock.

If the CT3 interfaces on the two routers are directly connected, one router should
use the internal clock whereas the other router uses the line clock.

Example

Configure the CT3 interface with internal clock.

[3com-T3 1/0/0]clock master

controller t3 Syntax
controller t3 interface-number

View

System view

Parameter

interface-number: CT3 interface number.

Description

Using the controller t3 command, you can enter the CT3 interface view.

For the related command, see display controller t3.

Example

Enter the view of the interface T3 1/0/0.

[3com]controller t3 1/0/0
[3com-T3 1/0/0]

crc Syntax
crc { 16 | 32 | no-crc}

undo crc

View

Synchronous serial interface view


220 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Parameter

16: Adopt 16-bit CRC.

32: Adopt 32-bit CRC.

no-crc: Adopt no CRC.

Description

Using the crc command, you can configure CRC mode of the serial interface
formed by CT3. Using the undo crc command, you can restore the default setting.

By default, 16-bit CRC is used.

For the related commands, see t1 channel-set, t1 unframed, and using.

Example

Apply 32-bit CRC to the serial interface formed by the interface T3 1/0/0 in
unchannelized mode.

[3com-Serial1/0/0:0] crc 32

frame-format Syntax
frame-format { c-bit | m23 }

undo frame-format

View

CT3 interface view

Parameter

c-bit: Sets the frame format to C-bit.

m23: Sets the frame format to m23.

Description

Using the frame-format command, you can configure the frame format used by
a CT3 interface. Using the undo frame-format command, you can restore the
default frame format used by the CT3 interface.

By default, the CT3 interface adopts the C-bit frame format.

Example

Set the frame format of the interface T3 1/0/0 to m23.

[3com-T3 1/0/0] frame-format m23

loopback Syntax
loopback { local | payload | remote }
Fundamental CT3 Interface Configuration Commands 221

undo loopback

View

CT3 interface view

Parameter

local: Enables the CT3 interface to perform local loopback.

payload: Places the CT3 interface in an external payload loop. Data passes the
framer in this case and will be looped back after payload is generated.

remote: Enables the CT3 interface to perform remote loopback. Data does not go
through the framer in this case and will be looped back before the payload has
been generated.

Description

Using the loopback command, you can configure the loopback mode of a CT3
interface. Using the undo loopback command, you can disable the CT3 interface
to perform loopback.

By default, loopback is disabled on the CT3 interface.

Loopback is usually used for some special detection. It should not be enabled in
normal working condition.

If a CT3 interface encapsulated with PPP has been set to perform loopback, it is
normal for the state of its link layer protocol to be reported as DOWN.

Example

Enable the interface T3 1/0/0 to perform local loopback.

[3com-T3 1/0/0]loopback local

t1 channel-set Syntax
t1 line-number channel-set set-number timeslot-list range [ speed { 56k | 64k } ]

undo t1 line-number channel-set set-number

View

CT3 interface view

Parameter

line-number: T1 line number in the range of 1 to 28.

set-number: The number of the channel-set formed by bundling the timeslots of


T1 line, which is in the range of 0 to 23.

range: The number of the timeslots that are bundled, which is in the range of 1 to
24. When specifying the timeslots to be bundled, you can specify a single timeslot
by specifying a number, a range of timeslots by specifying a range between
222 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

number1-number2, or several discrete timeslots by specifying number1,


number2-number3.

speed: Timeslot bundling mode. If 56k is selected, the timeslots will be bundled
into N x 56Kbps. If 64k is selected, the timeslots will be bundled into N x 64 Kbps.
Speed defaults to 64k.

Description

Using the t1 channel-set command, you can bundle the timeslots of a T1 line.
Using the undo t1 channel-set command, you can remove the timeslot bundle.

By default, no timeslots are bundled into channel-sets.

When a T1 line operates at framed (CT1) mode, you can bundle the timeslots on
it. The system will automatically create a serial interface numbered serial number /
line-number:set-number for the channel-set. This interface operates at N x 64
Kbps (or N x 56 Kbps) and has the same logic features of a synchronous serial
interface on which you can make other configurations.

For a related command, see t1 unframed.

Example

Bundle a 128Kbps serial interface on the first T1 line on the interface T3 1/0/0.

[3com-T3 1/0/0]t1 1 set channel-set 1 timeslot-list 1,2

t1 set clock Syntax


t1 line-number set clock { master | slave }

undo t1 line-number set clock

View

CT3 interface view

Parameter

line-number: T1 line number in the range of 1 to 28.

master: Adopts the internal clock.

slave: Adopts the line clock.

Description

Using the t1 set clock command, you can set the clock mode for a T1 line on a
CT3 interface. Using the undo e1 clock command, you can restore the default
setting.

By defaults, the T1 lines on a CT3 interface adopt line clock.

The E1 lines on a CE3 interface working in channelized mode are allowed to use
separate clocks.
Fundamental CT3 Interface Configuration Commands 223

Example

Configure the first T1 line on the T3 interface to adopt line clock.

[3com-T3 1/0/0]t1 1 set clock slave

t1 set frame-format Syntax


t1 line-number set frame-format { esf | sf }

undo t1 line-number set frame-format

View

CT3 interface view

Parameter

line-number: T1 line number in the range of 1 to 28.

esf: Set the T1 line to use the Extended Super Frame (ESF) format.

sf: Set the T1 line to use the Super Frame (SF) format.

Description

Using the t1 set frame-format command, you can configure the frame format of
T1 line. Using the undo t1 set frame-format command, you can restore the
default setting.

By default, the frame format of T1 line is esf.

Only if a T1 line is working in framed format (which can be set by using the undo
t1 unframed command) can this command be configured.

For the related commands, see t1 set unframed and using.

Example

Adopt the frame format SF for the first T1 line on the T3 interface.

[3com-T3 1/0/0]t1 1 set frame-format sf

t1 set loopback Syntax


t1 line-number set loopback { local | remote }

undo t1 line-number set loopback

View

CT3 interface view

Parameter

line-number: T1 line number in the range of 1 to 28.


224 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

local: Enables the T1 line to perform local loopback.

remote: Enables the T1 line to perform remote loopback.

Description

Using the t1 set loopback command, you can set the loopback mode of a T1 line
on a T3 interface. Using the undo t1 set loopback command, you can disable the
T1 line to loop back.

By default, T1 lines are disabled to loop back.

If a T1 line encapsulated with PPP has been set to perform loopback, it is normal
for the state of its link layer protocol to be reported as DOWN.

Loopback is usually used for some special tests. It should not be enabled in normal
working condition.

Example

Set the loopback mode on the first T1 line on the T3 interface to local.

[3com-T3 1/0/0]t1 1 set loopback local

t1 shutdown Syntax
t1 line-number shutdown

undo t1 line-number shutdown

View

CT3 interface view

Parameter

line-number: T1 line number in the range of 1 to 28.

Description

Using the t1 shutdown command, you can shut down a T1 line on the CT3
interface. Using the undo t1 shutdown command, you can enable the T1 line.

By default, T1 line is enabled.

This command will affect not only the specified T1 line but also the serial
interfaces formed by bundling the timeslots of the T1 line. Executing the t1
shutdown command on the specified T1 line will shut down all these serial
interfaces and the data transmission and receiving will be stopped as a result.
Likewise, executing the undo t1 shutdown command will re-enable all these
serial interfaces.

Example

Shut down the first T1 line on the T3 interface.


Fundamental CT3 Interface Configuration Commands 225

[3com-T3 1/0/0]t1 1 shutdown

t1 unframed Syntax
t1 line-number unframed [ speed { 56k | 64k } ]

undo t1 line-number unframed

View

CT3 interface view

Parameter

line-number: T1 line number in the range of 1 to 28.

speed: Timeslot bundling mode. If 56k is selected, the timeslots will be bundled
into N x 56Kbps. If 64k is selected, the timeslots will be bundled into N x 64 Kbps.
Speed defaults to 64k.

Description

Using the t1 unframed command, you can set a T1 line on a CT3 interface to
work in unframed mode (T1 mode). Using the undo t1 unframed command, you
can set the T1 line on the CT3 interface to work in framed mode (CT1 mode).

By default, T1 lines are working in framed mode.

A T1 line in unframed mode does not contain the frame control information and
cannot be divided into timeslots. Naturally, no timeslot bundling can be performed
on it. In this case, the system automatically creates a serial interface numbered
serial number / line-number:0 for it. This interface operates at 1544 Kbps and has
the same logic features of a synchronous serial interface on which you can make
other configurations.

For the related command, see t1 channel-set.

Example

Set the first T1 line on the T3 interface to work in unframed mode.

[3com-T3 1/0/0]t1 1 unframed

using Syntax
using { t3 | ct3 }

View

CT3 interface view

Parameter

t3: Sets the CT3 interface to work in unchannelized mode.

ct3: Sets the CT3 interface to work in channelized mode.


226 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Description

Using the using command, you can configure the operating mode of a CT3
interface. Using the undo using command, you can restore the default setting.

By default, the CT3 interface is working in channelized mode.

Only when the CT3 interface is working in channelized mode can you configure
the T1 lines on it.

When the CT3 interface is working in unchannelized mode, the system


automatically creates a serial interface numbered serial number / 0:0 for it. This
interface operates at 44.736 Mbps and has the same logic features of a
synchronous serial interface on which you can make other configurations.

Example

Configure the interface T3 1/0/0 to work in unchannelized mode.

[3com-T3 1/0/0]using t3

display controller t3 Syntax


display controller t3 interface-number

View

Any view

Parameter

interface-number: CT3 interface number.

Description

Using the display controller t3 command, you can view the state information of
a CT3 interface.

In addition to the state information of the CT3 interface, the command can display
the information of each T1 line on the CT3 interface if the interface is working in
CT3 mode.

Example

Display the information related to the interface T3 1/0/0.

[3com]display controller t3 1/0/0


T3 1/0/0 is down
Description : 3Com Routers, T3 1/0 Interface
Frame-format C-BIT Parity, line code B3ZS, cable 49 feet, clock slave, loopback not set
Alarm: none
ERROR: 0 BiPolarViolation, 0 EXcessiveZero, 1 FrameError
0 ParityBitError, 0 C-BitParityBitError, 0 FarEndBlockError
ATM E3/T3 Interface Configuration Commands 227

ATM E3/T3 Interface


Configuration
Commands

cable Syntax
cable { long | short }

undo cable

View

ATM T3 Interface view

Parameter

long: Long distance mode. Cable length ranges from 151 to 500 meters.

short: Short distance mode. Cable length ranges from 0 to 150 meters.

Description

Using the cable command, you can configure the cable mode of the ATM T3
cable, to set the distance between the router and the cable distribution frame.
Using the undo cable command, you can restore the default setting.

By default, short distance mode is used.

Example

Set the cable length mode of ATM T3 1/0/0 to long.

<3com> system-view
[3com] interface atm 1/0/0
[3com-Atm1/0/0] cable long

clock Syntax
clock { master | slave }

undo clock

View

ATM E3/T3 interface view.

Parameter

master: Sets the clock mode of ATM E3/T3 to master mode.

slave: Sets the clock mode of ATM E3/T3 to slave mode.

Description

Using the clock command, you can set the clock mode of ATM E3/T3 interface.
Using the undo clock command, you can restore the default setting.
228 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

By default, the clock mode of ATM E3/T3 interface is slave mode.

Example

Set clock mode of ATM E3/T3 interface 2/0/0 as master.

<3com> system-view
[3com] interface atm 2/0/0
[3com-Atm2/0/0] clock master

display interface atm Syntax


display interface atm [ interface-number ]

View

Any view

Parameter

interface-number: Interface number of ATM E3/T3.

Description

Using the display interface atm command, you can view the configuration and
status of ATM E3/T3 interface. If no interface-number is specified, the system will
display the configuration and status of all ATM interfaces.

Example

View the configuration and status of ATM E3/T3 interface 1/1/0.

<3com> display interface atm 1/1/0

frame-format Syntax
frame-format { g832-adm | g751-adm | g751-plcp }

frame-format { cbit-adm | cbit-plcp | m23-adm | m23-plcp }

undo frame-format

View

ATM E3/T3 interface view

Parameter

g832-adm: Configures frame format of ATM E3 as G.823 ATM direct mapping.

g751-adm: Configures frame format of ATM E3 as G.751 ATM direct mapping.

g751-plcp: Configures frame format of ATM E3 as G.751 Physical Layer


Convergence Protocol (PLCP).

cbit-adm: Configures frame format of ATM T3 as C-bit ATM direct mapping.


ATM E3/T3 Interface Configuration Commands 229

cbit-plcp: Configures frame format of ATM T3 as C-bit PLCP.

m23-adm: Configures frame format of ATM T3 as M23 ATM direct mapping.

m23-plcp: Configures frame format of ATM T3 as M23 PLCP.

Description

Using the frame-format command, you can configure frame format of ATM
E3/T3 interface. Using the undo frame-format command, you can restore the
default configuration.

By default, frame format g751-plcp is used for ATM E3 and cbit-plcp used for ATM
T3.

Example

Configure ATM E3 interface 1/0/0 to use frame format G.832 ADM.

<3com> system-view
[3com] interface atm 1/0/0
[3com-Atm1/0/0] frame-format g832-adm

loopback Syntax
loopback { cell | local | payload | remote }

undo loopback

View

ATM E3/T3 interface view

Parameter

cell: Internal cell loopback

local: Internal loopback.

payload: External payload loopback.

remote: External line loopback.

Description

Using the loopback command, you can enable the loopback function of the
interface. Using the undo loopback command, you can disable the loopback
function.

By default, loopback is disabled.

Example

Enable external payload loopback of ATM E3/T3 interface 2/0/0.

<3com> system-view
[3com] interface atm 2/0/0
230 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

[3com-Atm2/0/0] loopback payload

scramble Syntax
scramble

undo scramble

View

ATM E3/T3 interface view

Parameter

None

Description

Using the scramble command, you can enable scrambling function of ATM E3/T3
interface. Using the undo scramble command, you can disable the scrambling
function.

By default, the scrambling function of ATM E3/T3 interface is enabled.

The scramble command is used to enable the scramble and descramble function
on payload, with no influence on the cell header.

Example

Disable the scramble function of ATM E3/T3 interface 2/0/0.

<3com> system-view
[3com] interface atm 2/0/0
[3com-Atm2/0/0] undo scramble

ATM OC-3c/STM-1
Interface
Configuration
Commands

clock Syntax
clock { master | slave }

undo clock

View

ATM interface view

Parameter

master: Adopts the internal clock mode.

slave: Adopts the line clock mode.


ATM OC-3c/STM-1 Interface Configuration Commands 231

Description

Using the clock command, you can set the clock mode on an ATM interface.
Using the undo clock command, you can restore the default clock mode on the
interface.

By default, the ATM interface adopts the slave clock.

When an ATM interface is working as DCE, choose the master clock mode. When
it is working as DTE, choose the slave clock mode for it. When ATM interfaces of
two routers are directly connected by fiber, one end should be configured with the
master clock mode and the other with the slave clock mode.

Example

Adopt the master clock on the ATM interface 4/0/0.

<3com> system-view
[3com] interface atm 4/0/0
[3com-Atm4/0/0] clock master

display interface atm Syntax


display interface atm [ interface-number ]

View

Any view

Parameter

interface-number: Interface number. If no interface has been specified, the


configuration and state information of all the ATM interfaces will be displayed.

Description

Using the display interface atm command, you can view the configuration and
state information of ATM OC-3c/STM-1 interface(s).

Example

View the configuration and state information of the ATM interface 4/0/0.

<3com> display interface atm 4/0/0

frame-format Syntax
frame-format { sdh | sonet }

undo frame-format

View

ATM interface view


232 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Parameter

sdh: Sets the frame format to SDH STM-1.

sonet: Sets the frame format to SONET OC-3.

Description

Using the frame-format command, you can set the frame format of ATM
OC-3c/STM-1 interface. Using the undo frame-format command, you can
restore the default setting.

The frame format on the ATM OC-3c/STM-1 interface defaults to SONET.

Example

Set the frame format on the ATM OC-3c/STM-1 interface to SDH.

[3com-Atm4/0/0] frame-format sdh

loopback Syntax
loopback { cell | local | remote }

undo loopback

View

ATM interface view

Parameter

cell: Enables the ATM interface to perform cell loopback.

local: Enables the ATM interface to perform local loopback.

remote: Enables the ATM interface to perform the remote loopback.

Description

Using the loopback command, you can enable the loopback function on an ATM
OC-3c/STM-1 interface. Using the undo loopback command, you can disable the
loopback function.

By default, loopback function is disabled.

It is necessary for you to enable the interface to perform loopback only for the
purpose of testing some special functions. You should not enable the loopback
function when the interface is providing normal services.

Example

Enable the ATM interface to perform local loopback.

[3com-Atm4/0/0] loopback local


ADSL Interface Configuration Commands 233

scramble Syntax
scramble

undo scramble

View

ATM interface view

Parameter

None

Description

Using the scramble command, you can enable an undo scramble to scramble the
payload on ATM OC-3c/STM-1 interface. Using the undo scramble command,
you can disable the scrambling function.

By default, the ATM OC-3c/STM-1 interface is enabled to scramble the payload.

Executing the scramble command will make an interface to scramble and


descramble the payload but will not affect the cell headers.

Example

Disable the ATM interface to scramble the payload.

[3com-Atm4/0/0] undo scramble

ADSL Interface
Configuration
Commands

activate Syntax
activate

undo activate

View

ADSL interface view

Parameter

None

Description

Using the activate command, you can activate an ADSL interface. Using the undo
activate command, you can deactivate an ADSL interface.

By default, the ADSL interface is active.


234 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Before an ADSL port can operate services, you must activate it. “ACTIVATE” in this
particular context refers to the training conducted between an ADSL central office
and a remote ATU-R. The activation procedure will be specified in compliance with
the ADSL standard, channel mode, uplink and downlink speeds, and the noise
tolerance specified in the line configuration template. It will test the line distance
and state, make the central office and the remote device make negotiation, and
confirm whether the normal operation is allowed in the these conditions. If the
training succeeds, the central office and the remote device can set up a
communication connection for transporting services between them. This process is
also called port activation. This connection will disappear upon the deactivation of
the ADSL port. To transport new services, you must re-activate the port.

This command is used to manually activate/deactivate an ADSL line for the


purpose of testing and troubleshooting.

The commands activate/undo activate and shutdown/undo shutdown are


different because the former can only take effect on ADSL lines.

You should note that ADSL is always online, which is different from DCC.
Therefore, after the device is booted, the ADSL interface will automatically enable
the activation task and enter the active state. It will stay active as long as the line is
in good condition. The router tests the line performance at a regular interval and
will automatically deactivate the line and perform a new training and re-activation
once it finds out that the line performance has deteriorated.

Example

Deactivate the ADSL interface.

[3com-Atm1/0]undo activate

adsl standard Syntax


adsl standard { auto | gdmt | glite | t1413 }

undo adsl standard

View

ADSL interface view

Parameter

auto: Auto-sensing mode.

gdmt: Adopts the G.DMT(G992.1) standard.

glite: Adopts the G.Lite (G992.2) standard.

t1413: Adopts the T1.413 standard.

Description

Using the adsl standard command, you can set the standard applied to an ADSL
interface. Using the undo adsl standard command, you can restore the default
standard used by the ADSL interface.
ADSL Interface Configuration Commands 235

By default, the ADSL standard is set to auto.

You should note that this configuration does not take effect unless you activate
the interface again. If you want to make it take effect immediately, you can
execute the shutdown/undo shutdown command or the activate/undo
activate command.

Example

Set the standard for the interface atm1/0/0 as T1.413.

[3com-Atm1/0/0]adsl stand t1413


[3com -Atm1/0/0]shutdown
Interface Atm1/0/0 has already been shutdown
[3com -Atm1/0/0]undo shutdown
[3com -Atm1/0/0]
%Nov 20 21:17:12 2003 5680 PHY/2/PHY: Atm1/0: change status to up
%Nov 20 21:17:13 2003 5680 IFNET/5/UPDOWN:Line protocol on the interface Atm1/0/0
turns into UP state
[3com -Atm1/0/0]display dsl configuration int atm 1/0/0
Line Params Set by User
Standard: T1.413
Annex: A
Framing: 3
Coding Gain(dB): Auto
Tx Pow Attn(dB): 0
Bit-Swap: disable
LinkCheck: Enable
Actual Config Near End Far End
Standard: T1.413 T1.413
Trellis Coding: Enable Enable
Framing: 3 3
Vendor ID: 0x0039 0x0004
AS0 (DS) LS0(US)
Rate(Bytes): 238 26
Rate(kbps): 7616 832
Latency: Intlv Intlv
FEC(fast): 0 0
S/D/R(Inlv): 1/64/16 8/8/16
DMT Bits Allocation Per Bin (Up/Down Bits:249/2148)
00: 0 0 0 0 0 0 7 8 a a a a 8 a b c c c b b b b b b 9 9 a a 9 8 8 0
20: 0 0 0 0 2 2 2 3 4 4 5 6 6 7 7 8 8 8 8 8 9 9 a a a a a a a 8 9 a
40: 0 a a a a b b b b b a b b b b b b b b b b b b b b b b b b b b b
60: b b b b b b b b b b b b b b b b b b b a 9 4 a b b b b b b b b b
80: b b b b b b b b b b b b b b b b b b b b b b b b b b b b b b b b
a0: b b b a b a b a b b a b b b b b a a b a a b b a a a a a a a a a
c0: a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a
e0: a 9 9 a 9 9 9 9 9 9 8 9 9 9 9 9 9 9 9 9 8 8 8 8 8 7 7 7 7 6 6 6

adsl tx_attenuation Syntax


adsl tx_attenuation attenuation

undo adsl tx_attenuation


236 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

View

ADSL interface view

Parameter

attenuation: Attenuation value, in the range of 0~12. By default, it is 0.

Description

Using the adsl tx_attenuation command, you can set attenuation value for ADSL
transmit power. Using the undo adsl tx_attenuation command, you can restore
the default value.

Example
[3com-Atm1/0/0] adsl tx_attenuation 10

display dsl configuration Syntax


display dsl configuration interface atm interface-number

View

Any view

Parameter

interface-number: Interface number.

Description

Using the display dsl configuration command, you can display the actual ADSL
configuration information.

Example

Display the actual ADSL configuration information.

[3com-Atm1/0]display dsl configuration interface atm 1/0


Line Params Set by User
Standard: T1.413
Annex: A
Framing: 3
Coding Gain(dB): Auto
Tx Pow Attn(dB): 0
Bit-Swap: disable
LinkCheck: Enable
Actual Config Near End Far End
Standard: T1.413 T1.413
Trellis Coding: Enable Enable
Framing: 3 3
Vendor ID: 0x0039 0x0004
AS0 (DS) LS0(US)
Rate(Bytes): 238 26
Rate(kbps): 7616 832
Latency: Intlv Intlv
FEC(fast): 0 0
ADSL Interface Configuration Commands 237

S/D/R(Inlv): 1/64/16 8/8/16


DMT Bits Allocation Per Bin (Up/Down Bits:249/2148)
00: 0 0 0 0 0 0 7 8 a a a a 8 a b c c c b b b b b b 9 9 a a 9 8 8 0
20: 0 0 0 0 2 2 2 3 4 4 5 6 6 7 7 8 8 8 8 8 9 9 a a a a a a a 8 9 a
40: 0 a a a a b b b b b a b b b b b b b b b b b b b b b b b b b b b
60: b b b b b b b b b b b b b b b b b b b a 9 4 a b b b b b b b b b
80: b b b b b b b b b b b b b b b b b b b b b b b b b b b b b b b b
a0: b b b a b a b a b b a b b b b b a a b a a b b a a a a a a a a a
c0: a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a
e0: a 9 9 a 9 9 9 9 9 9 8 9 9 9 9 9 9 9 9 9 8 8 8 8 8 7 7 7 7 6 6 6
Table 6 Displaying information of display dsl configuration

Field Description
Line Params Set by Line parameters at ATU-R end, for example, standard, DMT
User mode, framing, trellis coding or not. You can only modify the
standard for special testing or diagnosis, but not the others.
The following Actual Config
information appears
after the link is
activated.
Actual operating Rate(kbps)
parameters after the
link is activated
Negotiated rate, AS0 Latency
(DS) downlink and LS0
(US) uplink, in units of
kbps
Delay mode and the
options include fast
and interleave.

display dsl status Syntax


display dsl status interface atm interface-number

View

Any view

Parameter

interface-number: Interface number.

Description

Using the display dsl status command, you can display the DSL state
information.

Example

Display the ADSL state information of the interface 1/0/0.

[3com-Atm1/0/0]display dsl status interface atm 1/0/0


State of driver/chipsets
Phy Op State: Active
Xcvr Op State: Data Mode
Active Params Near End Far End
SNR Margin(dB): 16.0 3.0
238 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Attenuation(dB): 1.0 2.0


Coding Gain(dB): 5.5
Tx Power(dBm): 8.3 21.7
Tx Bin Number: 25 219
Rate(kbps): 832 7616
Adsl Count Near End Far End
SEF(sef): 0 0
LOS(los): 0 0
RSI(fec-I): 0 0
RSF(fec-F): 0 0
CRCI(crc-I): 2 0
CRCF(crc-F): 0 0
ATM Count
NCDI(ncd-I): 0 0
NCDF(ncd-F): 0 0
OCDI(ocd-I): 0
OCDF(ocd-F): 0
HECI(hec-I): 0 0
HECF(hec-F): 0 0
Adsl Defects
Overall: 0
SEF(sef): 0 0
LOS(LOS): 0 0
ATM Defects
NCDI(ncd-I): 0 0
NCDF(ncd-F): 0 0
LCDI(lcd-I): 0 0
LCDF(lcd-F): 0 0
Table 7 Displaying information with display dsl status

Field Description
State of driver/chipsets Interface state and transceiver state
Phy Interface state and options include
activating, active, startup, deactivated and
test mode
Xcvr Transceiver state and options include idle,
data mode, handshaking and training.
The following information appears after the Active Params
link is activated.
Link parameters, which include SNR margin, Adsl Count
attenuation, Tx Bin Number etc. The Present
rate(kbps) is consistent with the result of the
display dsl configuration command.
Error and correction statistics form the Adsl Defects
chipset. For their types, refer to ITU-T G. 992
and ANSI T1.413-1998.
It shows the current link situation. When the
link has deteriorated, non-zero value may
appear. While it turns to normal or is
activated again, those existing statistics are
cleared. The Overall failures value is a
aggregate value, but others are not.

display dsl version Syntax


display dsl version interface atm interface-number
Fundamental Logical Interface Configuration Commands 239

View

Any view

Parameter

interface-number: Interface number.

Description

Using the display dsl version command, you can display the DSL version
information and the supported capabilities.

Example

Display the ADSL version information.

[3com-Atm1/0/0]display dsl version interface atm 1/0/0


Adsl board chipset and version info
Dsl Line Type: Adsl Over Pots
Dsl Line Type: Adsl Over Pots
ATM SAR Device: 0x823614f1
ATM SAR Revision: 0x02
Chipset Vendor: GSPN
FW Release: T7941
Revision: 1
DSP Version: 0
AFE Version: 0
PCB Version: 0.0
CPLD Version: 1.0
Driver Version: 2.0
Hardware Version: 1.0
Adsl Capability
ANSI T1.413 Issue 2: Supported
ITU G992.1 ANNEX A: Supported
ITU G992.2 : Supported

Fundamental Logical This chapter only discusses basic configuration of logical interfaces. For
Interface configuration of link-layer and network-layer protocols, refer to corresponding
Configuration sections in this guide.
Commands

Sub-Interface
Configuration
Commands

interface Syntax
interface interface-type interface-number.subinterface-number [ p2mp | p2p ]

undo interface interface-type interface-number.subinterface-number

View

System view
240 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Parameter

interface-type: Type of interface

interface-number: Number of interface, including slot number, card number, and


port number.

subinterface-number: Number of sub-interface, ranging from 0 to 4096.

p2mp: Configures type of sub-interface as point to multipoint

p2p: Configures type of sub-interface as point to point

Description

Using the interface command, you can create sub-interface of point to multipoint
or point to point types. Using the undo interface command, you can delete
specified sub-interface.

By default, the type of sub-interface is point to multipoint.

Presently, point to multipoint or point to point sub-interface can be configured to


ATM interface, interface with frame relay or X.25 as its link layer protocol type. In
contrast, sub-interface of Ethernet is of broadcast type.

Up to 1024 sub-interfaces can be created for one main-interface.

Example

Create a sub-interface on ATM interface 2/0/0.

<3com> system-view

[3com] interface atm 2/0/0.1

[3com-Atm2/0/0.1]

interface ethernet Syntax


interface ethernet interface-number.subinterface-number

undo interface ethernet interface-number.subinterface-number

View

System view

Parameter

interface-number: Number of interface, including slot number, card number, and


port number.

subinterface-number: Number of sub-interface, ranging from 0 to 4096.


Logic-Channel Interface 241

Description

Using the interface ethernet command, you can create Ethernet sub-interface.
Using the undo interface ethernet command, you can delete specified Ethernet
sub-interface.

Ethernet sub-interface is used for VLAN configuration. For a detailed configuration


procedure for VLAN, refer to the section Link Layer Protocol chapter in the 3Com
Router Configuration Guide.

Up to 256 sub-interfaces can be created for one Ethernet interface.

Example

Create a sub-interface on Ethernet interface 1/0/0.

[3com] interface ethernet 1/0/0.1


[3com-Ethernet1/0/0.1]

Logic-Channel
Interface

interface logic-channel Syntax


interface logic-channel interface-number

undo interface logic-channel interface-number

View

System view

Parameter

interface-number: Number of logic-channel, in range of 0~1023.

Description

Using the interface logic-channel command, you can create logic-channel


interface. Using the undo interface ethernet command, you can delete
logic-channel interface.

Once it is created, a logic-channel interface stays in UP state until it is deleted.

Example

Create the logic-channel interface 100.

[3com] interface logic-channel 100


[3com-Logic-Channel100]
242 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Configuration
Command of Virtual
Template and Virtual
Access Interface

broadcast-limit link Syntax


broadcast-limit link number

undo broadcast-limit link

View

Virtual template view

Parameter

number: Maximum link number that the virtual template supports for sending
multicast or broadcast packets, ranging from 0 to 128. The default value is 30.

Description

Using the broadcast-limit link command, you can configure the maximum link
number that virtual template supports for sending multicast or broadcast packets.
Using the undo broadcast-limit link command, you can restore the default
configuration.

When there are many links on a virtual template, sending multicast or broadcast
packets from each link may influence the function of the system. In this case, the
broadcast-limit link command can be used as a limitation, so that multicast or
broadcast packets are discarded if the link number exceeds the limitation.

Example

Configure maximum link number of virtual template 1 supporting sending


multicast or broadcast packet to be 100.

[3com] interface virtual-template 1


[3com-Virtual-Template1] broadcast-limit link 100

display interface Syntax


virtual-template
display interface virtual-template [ number ]

View

Any view

Parameter

virtual-template: Virtual template.

number: Number of virtual template, ranging from 0 to 1023. The state of all
virtual template will be displayed, if this parameter is not specified.
Configuration Command of Virtual Template and Virtual Access Interface 243

Description

Using the display interface virtual-template command, you can view the status
information of virtual template.

Example

View the state of specified virtual template.

<3com> display interface virtual-template 1

display virtual-access Syntax


display virtual-access [ slot slot-number | vt vt-number | user user-name | peer
peer-address | va-number ]

View

Any view

Parameter

slot-number: Slot number of virtual access interface.

vt-number: Virtual template number of virtual access interface.

user-name: Login username of virtual access interface.

peer-address: Peer end address of virtual access interface.

va-number: Sequence number of virtual access interface.

State information of all virtual access interfaces will be displayed, if no parameter


is specified.

Description

Using the display virtual-access command, you can view the state information
of virtual access interface.

Example

View state information of all virtual access interfaces.

<3com> display virtual-access

interface Syntax
virtual-template
interface virtual-template number

undo interface virtual-template number

View

System view
244 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Parameter

number: Number of virtual template, ranging from 0 to 1023.

Description

Using the interface virtual-template command, you can create virtual template
or enter existing virtual template view. Using the undo interface
virtual-template command, you can delete specified virtual template.

A virtual template should be created before the creation of a virtual access


interface, and should be closed after the virtual access interface has been closed
and will not be reused.

In deleting the virtual template, make sure that all its derived virtual access
interfaces have been removed and this virtual template is not in use any more.

Example

Create virtual template 10.

[3com] interface virtual-template 10


[3com-Virtual-Template10]

MP-group Interface
Configuration
Command

display interface Syntax


mp-group
display interface mp-group [ number ]

View

Any view

Parameter

number: Number of MP-group interface. If the number of the interface is not


specified, status information of all MP-group interfaces is displayed.

Description

Using the display interface mp-group command, you can view the status of
MP-group interface.

Example

View status information of MP-group interface.

<3com> display interface mp-group

interface mp-group Syntax


interface mp-group number
MP-group Interface Configuration Command 245

undo interface mp-group number

View

System view

Parameter

number: Number of a MP-group interface. The sequence number ranges from 0


to 1023 so, at most, 1024 MP-group interfaces are supported by one interface
card.

Description

Using the interface mp-group command, you can create a MP-group interface.
Using the undo interface mp-group command, you can delete specified
MP-group interface.

This command is used in concert with the ppp mp mp-group command. Either
MP-group interface or interface added in MP group can be configured first.

Example

Create MP-group interface 3/0/0.

[3com] interface mp-group 3/0/0


[3com-mp-group 3/0/0]

ppp mp mp-group Syntax


ppp mp mp-group number

undo ppp mp mp-group number

View

Interface view

Parameter

number: Number of MP-group interface

Description

Using the ppp mp mp-group command, you can add the current interface to a
specified MP group. Using the undo ppp mp mp-group command, you can
remove the current interface from a specified MP group.

This command is used with the interface mp-group command. Either MP-group
interface or interface added in MP group can be configured first.

It should be noted that the interface added to an MP group must be consistent


with the slot of the MP-group interface.

In addition, the interface added to an MP group must be a physical interface.


Tunnel interfaces do not support this command.
246 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Example

Add serial port 3/0/0 to MP group 3.

[3com] interface serial 3/0/0

[3com-Serial3/0/0] ppp mp mp-group 3/0/0

Remove serial port 3/0/0 from MP group 3/0/0.

[3com-Serial3/0/0] undo ppp mp mp-group 3/0/0

Virtual Ethernet
Interface
Configuration
Command

display interface Syntax


virtual-ethernet
display interface virtual-ethernet [ number ]

View

Any view

Parameter

number: Number of virtual Ethernet interfaces, with sequence number ranging


from 0 to 1023. If the number of interfaces is not specified, the status of all virtual
Ethernet interfaces will be displayed.

Description

Using the display interface virtual-ethernet command, you can view status of a
virtual Ethernet interface.

Example

View the status information of virtual Ethernet interface 1/0/0.

<3com> display interface virtual-ethernet 1/0/0

interface Syntax
virtual-ethernet
interface virtual-ethernet number

undo interface virtual-ethernet number

View

System view

Parameter

number: Number of virtual Ethernet interface, with sequence number ranging


from 0 to 1023.
Virtual Ethernet Interface Configuration Command 247

Description

Using the interface virtual-ethernet command, you can create a virtual Ethernet
interface. Using the undo interface virtual-ethernet command, you can delete
the specified virtual Ethernet interface.

Virtual Ethernet interface is mainly applied to PPPoEoA and IPoEoA.

Example

Create virtual Ethernet interface 12 on interface card 0 of slot 6.

[3com] interface virtual-ethernet 6/0/12


[3com-Virtual-Ethernet6/0/12]

mac-address Syntax
mac-address H-H-H

undo mac-address

View

Virtual Ethernet interface view

Parameter

H-H-H: Mac address of virtual Ethernet interface, in the form of hex character
string.

Description

Using the mac-address command, you can configure the Mac address of a virtual
Ethernet interface. Using the undo mac-address command, you can restore the
default configuration.

By default, for a virtual Ethernet interface created on VIU, its MAC address is the
same as the MAC address of Ethernet interface carried by VIU itself.

For a virtual Ethernet interface created on RSU, its MAC address is 0 by default.

Example

Configure the MAC address of virtual Ethernet interface 10/0/0.

[3com] interface virtual-ethernet 10/0/0


[3com-Virtual-Ethernet10/0/0] mac-address 1000-1000-1000
248 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Configuration
Command of
Loopback Interface
and Null Interface

display interface Syntax


loopback
display interface loopback [ number ]

View

Any view

Parameter

number: Number of Loopback interface, which must be an existing one. If


number of interface is not specified, status of all created loopback interface will be
displayed.

Description

Using the display interface loopback command, you can view status of the
loopback interface.

For the related command, see interface loopback.

Example

View status information of specified Loopback interface.

<3com> display interface loopback 6


LoopBack6 current state : UP
Line protocol current state :UP
Description : 3Com Routers, LoopBack6 Interface
The Maximum Transmit Unit is 1536
Internet Address is 10.10.1.1/8

display interface null Syntax


display interface null [ 0 ]

View

Any view

Parameter

0: Number of Null interface, fixed as 0.

Description

Using the display interface null command, you can view status of Null interface.

The parameter does not affect the execution result.

For a related command, see interface null.


Configuration Command of Loopback Interface and Null Interface 249

Example

View status information of Null0 interface.

<3com> display interface null 0


NULL0 current state : UP
Line protocol current state :UP (spoofing)
Physical is NULL DEV
Description : 3Com Routers, NULL0 Interface
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
5 minutes input rate 0 bytes/sec, 0 packets/sec
5 minutes output rate 0 bytes/sec, 0 packets/sec
0 packets input, 0 bytes, 0 drops
0 packets output, 0 bytes, 0 drops

interface loopback Syntax


interface loopback number

undo interface loopback number

View

System view

Parameter

number: Number of Loopback interface, ranging from 0 to 1023.

Description

Using the interface loopback command, you can create a Loopback interface or
enter Loopback interface view. Using the undo interface loopback command,
you can delete a specified Loopback interface.

After a Loopback interface is created, it always keeps up state, and bears loopback
feature, so it is often used to improve the reliability of configuration.

For the related command, see display interface loopback.

Example

Create Loopback interface 5.

[3com] interface loopback 5


[3com-LoopBack5]

interface null Syntax


interface null 0

View

System view
250 CHAPTER 3: INTERFACE MANAGEMENT COMMANDS

Parameter

none

Description

Using the interface null command, you can enter the Null interface view.

There is only one Null interface, fixed as null0, which is fixed, and cannot be
deactivated or deleted.

For the related command, see display interface null.

Example

Enter view of Null0 interface.

[3com] interface null 0


[3com-NULL0]
LINK LAYER PROTOCOL
4

PPP and MP
Configuration
Commands

display ppp mp Syntax


display ppp mp [ interface interface-type interface-num ]

View

Any view

Parameter

interface-type interface-num: Used to specify the interface to be viewed.

Description

Using the display ppp mp command, you can view all the interface information
and statistics of MP.

For the related commands, see link-protocol ppp and ppp mp.

Example

Display the MP interface information.

<3Com> display ppp mp


Template is Virtual-Template1
Bundle, quid0, 1 member, slot 3, Master link is Virtual-Template1:0
0 lost fragments, 0 reordered, 0 unassigned, sequence 0/0 rcvd/sent
The bundled son channels are: Serial3/0/0
Table 1 3ComMP display information description

Field Description
Template is Virtual-Template1 Virtual-template interface
Bundle quid0 Bundle name
1 member The number of bound channels
slot 3 Bundled in slot 3
Master link is Virtual-Template1:0 Master link
0 lost fragments Lost fragments
0 reordered Reordered packet number
0 unassigned Unassigned fragments
252 CHAPTER 4: LINK LAYER PROTOCOL

Table 1 3ComMP display information description

Field Description
sequence 0/0 rcvd/sent Received sequence number/sent
sequence number
The bundled son channels are: The following displays all the bundled
son channels at this logical channel

Display PPP configuration and operating state of the interface.

The part in boldface is the relative information of PPP, including the current status
of LCP and IPCP. Users can diagnose some faults according to the information.

ip tcp vjcompress Syntax


ip tcp vjcompress

undo ip tcp vjcompress

View

Interface view

Parameter

None

Description

Using the ip tcp vjcompress command, you can enable a PPP interface to
compress the VJ TCP header. Using the undo ip tcp vjcompress command, you
can disable the PPP interface to compress the VJ TCP header.

If the VJ TCP header is permitted to compress at the PPP interface, the interface at
the opposite end shall also permit to compress the VJ TCP header. This command
is only used in the centralized environment.

By default, the VJ TCP header is disabled to compress at the PPP interface.

Example

The VJ TCP header is permitted to compress at the PPP interface

[3Com-dialer0] ip tcp vjcompress

link-protocol ppp Syntax


link-protocol ppp

View

VT view or Dialer view

Parameter

None
PPP and MP Configuration Commands 253

Description

Using the link-protocol ppp command, you can configure the link-layer protocol
encapsulated on the interface as PPP.

By default, the link-layer protocol for interface encapsulation is PPP.

PPP is a link-layer protocol bearing network-layer packets over the point-to-point


link. It defines a whole set of protocols including LCP (link control protocol), NCP
(network-layer control protocol), PAP (Password Authentication Protocol) and
CHAP (Challenge Handshake Authentication Protocol). It is widely used for it
supports user authentication, easy scalability and
synchronization/asynchronization.

For the related command, see display interface.

Example

Configure PPP encapsulation on interface Serial 0/0/0.

[3Com--Dialer0] link-protocol ppp

mp binding-mode Syntax
ppp mp binding-mode { authentication | both | descriptor }

undo ppp mp binding-mode

View

System view

Parameter

authentication: Performs the MP binding according to the authentication user


name of PPP.

both: Performs the MP binding based on both the authentication user name of
PPP and the terminal identifier.

descriptor: Performs the MP binding according to the terminal identifier.

Description

Using the ppp mp binding-mode command, you can set the MP binding
condition. Using the undo ppp mp binding-mode command, you can restore
the default value of the MP binding condition.

By default, it performs the MP binding based on both the authentication user


name of PPP and the terminal identifier.

User name is the peer one received by the PPP link performing the PAP or CHAP
authentication, while the terminal identifier, as a unique flag of a Router, is the
peer one received in performing the LCP negotiation. The system can perform the
MP binding base on the received user name and terminal identifier, and then the
254 CHAPTER 4: LINK LAYER PROTOCOL

interfaces with the identical user name or the same terminal identifier is bound
together.

For the related command, see ppp mp user.

Example

Perform the MP binding only based on the user name of the PPP authentication.

[3Com] ppp mp binding-mode authentication

ppp accounting scheme Syntax


ppp accounting scheme { default | scheme -name }

undo ppp accounting

View

Interface view

Parameter

default: Indicates that the default accounting method list is adopted.

scheme -name: Accounting method list, indicating that which method list is
adopted for accounting.

Description

Using the ppp accounting scheme command, you can set accounting for PPP
user. Using the undo ppp accounting command, you can disable the accounting
.

By default, no ppp accounting is performed.

After PPP authentication succeeds, AAA will begin to charge the peer user. The
command is used to configure the accounting method list. Please refer to “AAA
Configuration” for the detailed method list configuration.

For the related commands, see ppp authentication-mode and aaa


authentication-scheme ppp.

Example

Configure to adopt the default accounting method list for accounting on Serial
0/0/0.

[3Com-Serial0/0/0] ppp accounting scheme default

ppp Syntax
authentication-mode
ppp authentication-mode { chap | pap } [ call-in ] [ scheme { default | scheme -name } ]

undo ppp authentication-mode


PPP and MP Configuration Commands 255

View

Interface view

Parameter

One of chap and pap should be selected.

call-in: Authenticates the peer only when the remote user calls in.

default and scheme-name: indicates the authentication algorithm lists configured


by user while authenticating. For detailed description, refer to “AAA section”.

Description

Using the ppp authentication-mode command, you can set the local PPP
authentication algorithm for the peer router. Using the undo ppp
authentication-mode command, you can cancel the configuration, i.e. no
authentication.

By default, no authentication is performed.

There are two PPP authentication algorithms they are:

■ PAP, a 2-way handshake authentication, which sends the password in plain


text.
■ and, CHAP, a 3-way handshake authentication, which sends the password
in encrypted text.

In addition, the defined AAA authentication algorithm list can be used.

Either CHAP or PAP is just an authentication process. The success of the


authentication is decided by AAA, which can authenticate on the basis of the local
authentication database or AAA server.

For the related commands, see local-user, ppp chap user, ppp pap local-user,
aaa authentication-scheme ppp, ppp pap password, and ppp chap
password.

Example

Authenticate the peer router by means of PAP on interface Serial0/0/0.

[3Com-Serial1/0/0] ppp authentication-mode pap

ppp chap password Syntax


ppp chap password { simple | cipher } password

undo ppp chap password

View

Interface view
256 CHAPTER 4: LINK LAYER PROTOCOL

Parameter

password: Password.

simple or cipher: Passwords in plain text or in encrypted text.

Description

Using the ppp chap password command, you can configure the default CHAP
password while performing CHAP authentication. Using the undo ppp chap
password command, you can cancel the configuration.

While configuring CHAP authentication, you should configure the local password
to be the same as the user password at the other end.

For the related commands, see ppp authentication-mode chap and local-user.

Example

Set the user password as 3Com in plain text when the local router perform the
authentication via CHAP.

[3Com-Serial1/0/0] ppp chap password simple 3Com

ppp chap user Syntax


ppp chap user username

undo ppp chap user

View

Interface view

Parameter

username: User name of CHAP authentication, which is the one sent to the peer
equipment to be authenticated.

Description

Using the ppp chap user command, you can configure the user name when
performing the CHAP authentication. Using the undo ppp chap user command,
you can delete the existing configuration.

By default, the user name of the CHAP authentication is blank.

While configuring CHAP authentication, you should configure the username of


each end as the local_user of the peer end, and configure the corresponding
password accordingly.

For the related commands, see ppp authentication-mode and local-user.


PPP and MP Configuration Commands 257

Example

Configure the local user name as Root when CHAP authentication is performed on
interface Serial0/0/0.

[3Com-Serial1/0/0] ppp chap user Root

ppp compression iphc Syntax


ppp compression iphc [ nonstandard | rtp-connections rtp-connections | tcp-connections
tcp-connections ]

View

Interface view

Parameter

nonstandard: uses the nonstandard mode in compressing the IP/UDP/RTP header

rtp-connections rtp-connections: sets the maximum rtp-connections of the iphc


function, its value ranges from 3 to 1000.

tcp-connections tcp-connections: sets the maximum number of tcp-connections


of the iphc function, its value ranges from 3 to 256.

Description

Using the ppp compression iphc command, you can enable the iphc.

For the related command, see link-protocol ppp.

Example

None

ppp compression stac-lzs Syntax


ppp compression stac-lzs

undo ppp compression stac-lzs

View

Interface view

Parameter

None

Description

Using the ppp compression stac-lzs command, you can set the PPP protocol to
use the Stac compression algorithm. Using the undo ppp compression stac-lzs
command, you can disable the compression at the relevant interface.

By default, compression is disabled.


258 CHAPTER 4: LINK LAYER PROTOCOL

When stac-lzs compression is configured on the interface, the data frame size can
be reduced through data compression without losing the data. However, this
configuration will add load to the router. It is recommended that this function be
disabled when the router has already been overloaded. In addition, only when
stac-lzs is configured at both ends of a point-to-point link, will this link support the
stac-lzs compression.

For the related command, see link-protocol ppp.

Example

Configure stac-lzs compression on the local router.

[3Com-Serial0/0/0] ppp compression stac-lzs

ppp ipcp dns Syntax


ppp ipcp dns { primary-dns-address [ secondary-dns-address ] | admit-any }

undo ppp ipcp dns { primary-dns-address [ secondary-dns-address ] | admit-any }

View

Interface view

Parameter

primary-dns-address: Address of the primary DNS server.

secondary-dns-address: Address of the secondary DNS server.

admit-any: Accepts any DNS address requested by the peer.

Description

Using the ppp dns command, you can enable the Router to provide the DNS
address for the peer. Using the undo ppp dns command, you can disable this
process.

By default, the Router does not provide the DNS address for the peer.

When other devices are connected with the Router (e.g. PC is connected to the
Router by dialing up) via the PPP protocol, the Router can assign the DNS address
to the peer equipment after the negotiation. Thus, the peer equipment can
directly access the network via the domain name.

If you connect the Router with your PC, you can use the command winipcfg or
ipconfig /all on your PC to view the DNS address provided by the Router.

For the related commands, see ppp authentication–mode pap and local-user.

Example

Configure the primary DNS address of the local Router as 100.1.1.1, and the
secondary DNS address as 100.1.1.2.
PPP and MP Configuration Commands 259

[3Com-Serial0/0/0] ppp ipcp dns 100.1.1.1 100.1.1.2

ppp mp Syntax
ppp mp

undo ppp mp

View

Interface view

Parameter

None

Description

Using the ppp mp command, you can enable the interface encapsulated with PPP
to operate in the MP mode. Using the undo ppp mp command, you can enable
the interface to operate in the Single PPP mode.

By default, the interface encapsulated with PPP operates in the Single PPP mode.

To increase the bandwidth, multiple PPP links can be bound to form a logical MP
interface. For this purpose, it is necessary to specify a virtual-template in system
view. MP can be configured and used only at the physical interfaces which can
encapsulate PPP. To enable MP, you must configure the ppp mp command and the
PAP or CHAP authentication at the physical interface.

For the related commands, see link-protocol ppp, ppp mp user, and interface
virtual-template.

Example

Configure the PPP encapsulated interface Serial0/0/0 to work in MP mode.

[3Com-Serial1/0/0] ppp mp

ppp mp lfi Syntax


ppp mp lfi [ delay-per-frag max-delay ]

undo ppp mp lfi [ delay-per-frag ]

View

Virtual template interface view

Parameter

max-delay: Maximum delay in millisecond, its value ranges from 1 to 1000.


260 CHAPTER 4: LINK LAYER PROTOCOL

Description

Using the ppp mp lfi command, you can configure the link fragmentation and
interleaving features. Using the undo ppp mp lfi command, you can restore the
default configuration.

By default, the value of number is 10.

Example

Set a maximum delay of 100 milliseconds for per fragmentation.

[3Com-Virtual-Template0] ppp mp lfi delay-per-frag 100

ppp mp max-bind Syntax


ppp mp max-bind max-bind-num

undo ppp mp max-bind

View

Virtual template interface view

Parameter

max-bind-num: Indicates maximum number of links which can be bound, in the


range from 1 to 128.

Description

Using the ppp mp max-bind command, you can configure maximum number of
bound links of MP. Using the undo ppp mp max-bind command, you can restore
the default configuration.

By default, its value is 16.

Normally, it is not necessary to configure the parameter, which should be


performed under the guidance of technical engineers when necessary. Such a
configuration may have impact on the performance of PPP. If it is necessary to bind
more than 16 PPP channels, the parameter max-bind-num can be changed.

If a VIU board reports failure in MP removing links, it is possible that the maximum
binding number is smaller than the actually configured one. Make sure that the
maximum binding number should be larger than the actual one.

For the related command, see ppp mp.

Example

Set the maximum number of bound links to 12.

[3Com-Virtual-Template10] ppp mp max-bind 12


PPP and MP Configuration Commands 261

ppp mp min-fragment Syntax


ppp mp min-fragment size

undo ppp mp min-fragment

View

Virtual template interface view

Parameter

size: Minimum packet size for MP outgoing packet fragmentating. When the MP
outgoing packet is smaller than this value, fragmentating is avoided. When the MP
packet is larger than this value, fragment is involved. It is in byte in the range from
128 to 1500.

Description

Using the ppp mp min-fragment command, you can set the minimum packet
size when MP outgoing packets begin to be fragmented in multiple-link binding.
Using the undo ppp mp min-fragment command, you can restore the default
setting.

By default, it is 128.

If the small packet fragmentating is not expected, this command can be used to
set larger packet size value of the MP packet fragment.

For the related command, see ppp mp.

Example

Set the minimum packet of the MP packet fragmentating to 500 bytes.

[3Com-Virtual-Template10] ppp mp min-fragment 500

ppp mp user Syntax


ppp mp user username bind virtual-template number

undo ppp mp user username

View

System view

Parameter

username: User name

number: Virtual-template number.

Description

Using the ppp mp user command, you can configure MP binds based on the
username. Using the undo ppp mp user command, you can cancel MP binds.
262 CHAPTER 4: LINK LAYER PROTOCOL

During the establishment of a PPP connection, after PPP authentication succeeds,


if a virtual-template is specified, MP will be bound on the basis of parameters of
the virtual-template and a new virtual interface will be formed to transfer data.

Operating parameters that could be configured on the virtual-template include:

■ Local IP address and the IP address (or IP address pool) assigned to the peer
PPP

PPP working parameter

For the related commands, see ppp mp and ppp mp max-bind.

Example
Specify the corresponding virtual-template as 1 for the username 3Com, and configure the IP
address of the virtual-template as 202.38.60.1.
[3Com] ppp mp user 3Com bind virtual-template 1
[3Com] interface virtual-template 1
[3Com-virtual-template1] ip address 202.38.60.1 255.255.255.0

ppp mp virtual-template Syntax


ppp mp virtual-template [ number ]

undo ppp mp

View

Interface view

Parameter

number: Configures the virtual template number to be bound by the interface,


which ranges from 0 to 1023.

Description

Using the ppp mp virtual-template command, you can configure the virtual
template number to be bound by the interface. Using the undo ppp mp
command, you can disable the MP binding of the interface.

By default, the MP binding of the interface is disabled, and the interface works in
ordinary PPP mode.

This command specifies the virtual template number to be bound on the interface.
The interface using this command to perform the MP binding needs not
configuring PAP or CHAP authentication. Two or more interfaces with the same
virtual template number is bound directly together. Moreover, this command is
mutually exclusive with the ppp mp command. That is, only one of the two
commands can be configured on a same interface.

For the related commands, see link-protocol ppp and interface


virtual-template.
PPP and MP Configuration Commands 263

Example

Configure the PPP encapsulated interface Serial0/0/0 to work in MP view.

[3Com-Serial0/0/0] ppp mp virtual-template 1

ppp pap local-user Syntax


ppp pap local-user username password { simple | cipher } password

undo ppp pap local-user

View

Interface view

Parameter

username: Username sent.

password: Password sent.

simple: Password in plain text.

cipher: Password in encrypted text.

Description

Using the ppp pap local-user command, you can configure the username and
password sent by the local router when it is authenticated by the peer router via
the PAP method. Using the undo ppp pap local-user command, you can disable
the configuration.

By default, when the local router is authenticated by the peer router via the PAP
method, both the username and the password sent by the local router are empty.

When the local router is authenticated via the PAP method by the peer router, the
username and password sent by the local router must be the same as the user and
password of the peer router.

For the related commands, see ppp authentication pap-mode and local-user.

Example

Set the username of the local router authenticated by the peer end via the PAP
method as 3Com and the password as 3Com.

[3Com-Serial1/0/0] ppp pap local-user 3Com password simple 3Com

ppp timer hold Syntax


ppp timer hold seconds

undo ppp timer hold


264 CHAPTER 4: LINK LAYER PROTOCOL

View

Serial interface view

Parameter

seconds: Time interval for the interface to send keepalive packet in second. The
value ranges from 0 to 32767 and defaults to 10.

Description

Using the ppp timer hold command, you can set the timer to send keepalive
packet, while using the undo ppp timer hold command, you can restore the
default value.

For the very slow data links, the seconds parameter must not be set too small.
Because the long datagram can only be transferred totally after a long time, the
transfer of keepalive datagram is delayed. The data link would be regarded to be
broken if the interface has not received the keepalive packet from the other end
for many keepalive periods. So if the keepalive time is set for a very long time, the
datalink would be considered to be broken by the other end, and then be closed.

The keepalive time must be set same at the two end of a ppp link.

For the related command, see display interface.

Example

Set the PPP timer hold to 20 seconds.

[3Com-Serial1/0/0] ppp timer hold 20

ppp timer negotiate Syntax


ppp timer negotiate seconds

undo ppp timer negotiate

View

Interface view

Parameter

seconds: Time of negotiation timeout in seconds. During the PPP negotiation, if


the local end does not receive the response packet of the peer end, PPP will resend
the last packet. The time ranges from 1 to 10 seconds.

Description

Using the ppp timer negotiate command, you can set the PPP negotiation
timeout, while using the undo ppp timer negotiate command, you can restore
the default value.

By default, the PPP timeout is 3 seconds.


PPPoE Server Configuration Commands 265

For the related command, see link-protocol ppp.

Example

Set the PPP negotiation timeout to 5 seconds.

[3Com-Serial1/0/0] ppp timer negotiate 5

PPPoE Server
Configuration
Commands

display pppoe-server Syntax


session
display pppoe-server session { all | packet | statistics interface interface-type
interface-number }

View

Any view

Parameter

all: Displays all information of each PPPoE session.

packet: Displays packet statistics of each PPPoE session.

statistics: Displays the statistics information of PPPoE sessions over an interface.

interface-type interface-number: Specifies an interface.

Description

Using the display pppoe-server session command, you can view the status and
statistics of PPPoE session.

For the related commands, see link-protocol ppp and pppoe-server bind.

Example

View all the session information of PPPoE.

<3Com> display pppoe-server session all


SID Intf State OIntf RemMAC LocMAC
2 Virtual-Template1:0 UP Ethernet0/2/0 0050.ba22.7369 00e0.fc08.f4de
Table 2 Output information description

Field Description
SID Session Identifier
Intf The corresponding Virtual-Template interface
State State of sessions
OIntf corresponding Ethernet interface
RemMAC Remote MAC, MAC address of the other end.
LocMAC Local MAC
266 CHAPTER 4: LINK LAYER PROTOCOL

View the statistics information of PPPoE session.

<3Com> display pppoe-server session packet


SID RemMAC LocMAC InP InO InD OutP OutO OutD
1 0050ba1a02ce 0001af02a40f 42 2980 0 16 343 0
Table 3 Description of the output

Field Description
InP In Packets, Packages received
InO In Octets, Bytes received
InD In Discards, Received and then discarded packages
OutP Out Packets, Packages sent
OutO Out Octets, Bytes sent
OutD Out Discard, Discarded packages that might be sent.

pppoe-server bind Syntax


virtual-template
pppoe-server bind virtual-template number

undo pppoe-server bind

View

Interface view

Parameter

number: Number of the virtual-template for access to PPPoE, and its value ranges
from 0 to 1023.

Description

Using the pppoe-server bind virtual-template command, you can enable


PPPoE on the virtual-template specified by the Ethernet interface. Using the undo
pppoe-server bind command, you can disable PPPoE protocol on the relevant
interface.

By default, PPPoE protocol is disabled.

For the related command, see link-protocol ppp.

Example

Enable PPPoE on virtual-template 1 of Ethernet interface Ethernet1/0/0.

[3Com-Ethernet1/0/0] pppoe-server bind virtual-template 1

pppoe-server Syntax
max-sessions local-mac
pppoe-server max-sessions local-mac number

undo pppoe-server max-sessions local-mac

View

System view
PPPoE Server Configuration Commands 267

Parameter

number: Maximum number of sessions that can be established at a local MAC


address, which ranges from 1 to 4069.

Description

Using the pppoe-server max-sessions local-mac command, you can set the
maximum number of PPPoE sessions that can be established at a local MAC
address. Using the undo pppoe-server max-sessions local-mac command, you
can restore the default configuration.

By default, the value of number is 1000.

For the related commands, see pppoe-server max-sessions remote-mac and


pppoe-server max-sessions total.

Example

Set the maximum number of PPPoE sessions that can be established at a local
MAC address to 50.

[3Com] pppoe-server max-sessions local-mac 50

pppoe-server Syntax
max-sessions
pppoe-server max-sessions remote-mac number
remote-mac
undo pppoe-server max-sessions remote-mac

View

System view

Parameter

number: Maximum number of PPPoE sessions that can be established at a peer


MAC address, which ranges from 1 to 4096.

Description

Using the pppoe-server max-sessions remote-mac command, you can set the
maximum number of PPPoE sessions that can be established at a peer MAC
address. Using the undo pppoe-server max-sessions remote-mac command,
you can restore the default configuration.

By default, the value of number is 1000.

For the related commands, see pppoe-server max-sessions local-mac and


pppoe-server max-sessions total.

Example

Display how to set the maximum number of PPPoE sessions that can be
established at a remote MAC address to 50.
268 CHAPTER 4: LINK LAYER PROTOCOL

[3Com] pppoe-server max-sessions remote-mac 50

pppoe-server Syntax
max-sessions total
pppoe-server max-sessions total number

undo pppoe-server max-sessions total

View

System view

Parameter

number: maximum number of PPPoE sessions that the system can establish,
which ranges from 1 to 65535.

Description

Using the pppoe-server max-sessions total command, you can set the
maximum number of PPPoE sessions that the system can establish. Using the
undo pppoe-server max-sessions total command, you can restore the default
configuration.

By default, the value of number is 4096.

For the related commands, see pppoe-server max-sessions remote-mac and


pppoe-server max-sessions local-mac.

Example

Set the maximum number of PPPoE sessions established by the system to 3000.

[3Com] pppoe-server max-sessions total 3000

PPPoE Client
Configuration
Commands

debugging pppoe-client Syntax


debugging pppoe-client option [ interface type number ]

View

User view and system view

Parameter

option: PPPoE Client debugging switch type, see the following table for more
details.
PPPoE Client Configuration Commands 269

interface type number: Interface type and number, used to enable the debugging
switch of the specified interface. If no interface is specified, the system will enable
the debugging switch of all interfaces.
Table 4 PPPoE Client debugging switch type and explanation

Debugging switch
type Explanation
all Enable all PPPoE Client debugging switches
data Enable the PPPoE Session phase data packet debugging switch
error Enable PPPoE Client error information debugging switch
event Enable PPPoE Client event debugging switch
packet Enable PPPoE Discovery phase negotiation packet debugging
switch
verbose Display the verbose contents of PPPoE data

Description

The command debugging pppoe-client is used to enable PPPoE Client debugging


switch.

Example

None

display pppoe-server Syntax


session
display pppoe-client session { summary | packet } [ dial-bundle-number number ]

View

Any view

Parameter

summary: Displays the summary of PPPoE session.

packet: Displays the statistics of PPPoE session data packet.

dial-bundle-number number: Displays the statistics of the specified PPPoE session.


If PPPoE session is not specified, the system will display the statistics of all PPPoE
sessions.

Description

The command display pppoe-client session is used to display the status and
statistics of PPPoE session.

Example

Display the summary of PPPoE session.

[3Com]display pppoe-client session summary


PPPoE Client Session:
270 CHAPTER 4: LINK LAYER PROTOCOL

ID Bundle Dialer Intf Client-MAC Server-MAC State

1 1 1 Eth0 00e0fc0254f3 00049a23b050 PPPUP

2 2 2 Eth0 00e0fc0254f3 00049a23b050 PPPUP

For more details of the display information, see the following table.
Table 5 Explanation of display pppoe-client session summary

Field Explanation
ID Session ID, PPPoE session ID
Server-MAC Server MAC, server MAC address
Client-MAC Client MAC, client MAC address
Dialer Corresponding Dialer interface of PPPoE session
Bundle Dialer Bundle containing PPPoE session
Intf Ethernet interface containing PPPoE session
State State of PPPoE session

Display the statistics of PPPoE session data packet

<3Com> display pppoe-server session packet


PPPoE Client Session:
SID InP InO InD OutP OutO OutD
=============================================================
1 164 6126 0 83 1069 0
2 304 9886 0 156 2142 0

For more details of the display information, see the following table.
Table 6 Explanation of the information displayed by pppoe-client session packet

Field Explanation
SID Session ID, PPPoE session ID
InP In Packets: number of received packets
InO In Octets: number of received octets
InD In Discards: number of received illegal and discarded packets
OutP Out Packets: number of sent packets
OutO Out Octets: number of sent octets
OutD Out Discard: number of sent and discarded illegal packets

pppoe-client Syntax
pppoe-client dial-bundle-number number [ no-hostuniq ] [ idle-timeout seconds [
queue-length packets ] ]

undo pppoe-client dial-bundle-number number

View

Ethernet interface view or virtual Ethernet interface view


PPPoE Client Configuration Commands 271

Parameter

dial-bundle-number number: Dialer Bundle number corresponding to PPPoE


session, and its value ranges from 1 to 255.The parameter number can be used to
identify a PPPoE session, or as a PPPoE session.

no-hostuniq: The call originated from PPPoE Client does not carry the Host-Uniq
field. By default, no no-hostuniq parameter is configured, i.e. PPPoE session works
in permanent online mode by default.

idle-timeout seconds: Idle time of PPPoE session in seconds, and its value ranges
from 1 to 65535. If the parameter is not configured, PPPoE session will work in
permanent online mode. Otherwise, it will works in packet trigger mode.

queue-length packets: packet number cached in the system before PPPoE session
is established, its value ranges from 1 to 100.Only after idle-timeout is configured
will the parameter be enabled. By default, packets is 10.

Description

Using the pppoe-client command, you can establish a PPPoE session and specify
the Dialer Bundle corresponding to the session. Using the undo pppoe-client
command, you can delete a PPPoE session.

By default, no PPPoE session is configured.

Multiple PPPoE sessions can be configured at one Ethernet interface, i.e. one
Ethernet interface might simultaneously belong to multiple Dialer Bundles.
However, one Dialer Bundle only has one Ethernet interface. PPPoE session and
Dialer Bundle are one-to-one. If the Dialer Bundle at a certain Dialer has had one
Ethernet interface used by PPPoE, any other interfaces cannot be added to this
Dialer Bundle. Likewise, if Dialer Bundle has had interfaces other than the PPPoE
Ethernet interface, this Dialer Bundle can also not be added to the Ethernet
interface used by PPPoE Client.

When PPPoE session works in permanent online mode, and the physical lines go
UP, the Router will immediately initiate PPPoE call to establish PPPoE session. This
PPPoE connection will exist constantly unless users use the command undo
pppoe-client to delete PPPoE session. When PPPoE session works in packet
trigger mode, the Router will not initiate PPPoE call to establish PPPoE session
unless it has data to transmit. If there is no data transmission on the PPPoE link
within seconds, the Router will automatically terminate PPPoE session. Only after it
has new data to transmit, PPPoE session will be re-established.

For the related command, see reset pppoe-client.

Example

Create a PPPoE session on the interface Ethernet 0/0/0.

[3Com-Ethernet0/0/0]pppoe-client dial-bundle-number 1

reset pppoe-client Syntax


reset pppoe-client { all | dial-bundle-number number }
272 CHAPTER 4: LINK LAYER PROTOCOL

View

User view

Parameter

all: Clears all PPPoE sessions.

dial-bundle-number number: Dialer Bundle number, its value ranges from 1 to


255. Used to clear the PPPoE session corresponding to Dialer Bundle.

Description

Using the reset pppoe-client command, you can terminate PPPoE session and
re-initiate the connection later.

If PPPoE session in permanent online mode is terminated using the command


reset pppoe-client, the Router will automatically re-establish PPPoE session in
sixteen seconds. If PPPoE session is terminated in packet trigger mode using the
command reset pppoe-client, the Router will not re-establish PPPoE session
unless it has data to transmit.

For the related command, see pppoe-client.

Example

Clear all PPPoE sessions, and re-initiate PPPoE session later.

<3Com>reset pppoe-client all

VLAN Configuration
Commands

display vlan interface Syntax


display vlan interface interface-type interface-num

View

Any view

Parameter

interface-type interface-num: Specifies the interface. At present, the interface


types supported include Ethernet interface and Gigabit Ethernet interface, and it
only supports sub-interface.

Description

Using the display vlan interface command, you can view VLAN configuration
information on a certain interface (only supporting sub-interface).
VLAN Configuration Commands 273

Example

Display the VLAN configuration information at the Ethernet interface 2/0/0.1.

<3Com> display vlan interface ethernet 2/0/0.1


encapsulation isl vid 60

display vlan Syntax


max-packet-process
display vlan max-packet-process vid

View

Any view

Parameter

vid: VLAN ID, used to identify a VLAN.

Description

Using the display vlan max-packet-process command, you can view the
maximum number of processed packets configured on a certain VLAN per second.

For the related command, see max-packet-process.

Example

Display the maximum number of processed packets configured on the VLAN 10.

<3Com> display vlan max-packet-process 10


Max Packet Process Count for Vid 10 is 300000

display vlan statistics Syntax


interface
display vlan statistics interface interface-type interface-num protocol { arp | ip }

View

Any view

Parameter

interface-type interface-num: Used to specify the interface. At present, the


interface types supported include Ethernet interface and Gigabit Ethernet
interface, and it only supports sub-interface.

arp: packet type is ARP.

ip: packet type is IP.

Description

Using the display vlan statistics interface command, you can view the packet
statistics on a certain VLAN.

For the related command, see reset vlan statistics interface.


274 CHAPTER 4: LINK LAYER PROTOCOL

Example

Display the VLAN statistics on Ethernet subinterface 2/0/0.1.

<3Com> display vlan statistics interface ethernet 0/2/0.1


Packets Discarded :0
Packets forwarded to IP/ARP module : 0
Packets forwarded by VLAN module: 0

display vlan statistics vid Syntax


display vlan statistics vid vid

View

Any view

Parameter

vid: VLAN ID, used to identify a VLAN.

Description

Using the display vlan statistics vid command, you can view the packet statistics
on a certain VLAN, e.g. the received packet number and the sent packet number.

For the related command, see reset vlan statistics interface.

Example

Display the packet statistics on VLAN 10.

<3Com> display vlan statistics vid 10


Packets received: 53
Packets transmitted: 14

max-packet-process Syntax
max-packet-process count vid

undo max-packet-process vid

View

System view

Parameter

count: Maximum number of processed packets.

vid: VLAN ID, used to identify a VLAN.

Description

Using the max-packet-process command, you can set the maximum number of
processed packets per second on a certain VLAN. Using the undo
max-packet-process command, you can restore it to the default setting.
VLAN Configuration Commands 275

By default, the system has no limitation of the maximum number of processed


packets.

After setting the maximum number of processed packets per second on a certain
VLAN, and the received packet number belonging to this VLAN reaches the
limitation, the subsequently received packets belonging to the VLAN will be
discarded. Through this command, you can perform flow control.

For the related command, see display vlan max-packet-process.

Example

Set the maximum number of processed packets per second on the VLAN 10 as
200000.

[3Com] max-packet-process 200000 10

reset vlan statistics Syntax


interface
reset vlan statistics interface interface-type interface-number

View

User view

Parameter

interface-type interface-num: Used to specify the interface. At present, the


interface types supported include Ethernet interface and Gigabit Ethernet
interface, and it only supports sub-interface.

Description

Using the reset vlan statistics interface command, you can clear VLAN statistics
on a certain interface.

For the related command, see show vlan statistics interface.

Example

Clear the VLAN statistics on Ethernet subinterface 2/0/0.1.

<3Com> reset vlan statistics interface ethernet 2/0/0.1

reset vlan statistics vid Syntax


reset vlan statistics vid vid

View

User view

Parameter

vid: VLAN ID, used to identify a VLAN.


276 CHAPTER 4: LINK LAYER PROTOCOL

Description

Using the reset vlan statistics vid command, you can clear the VLAN statistics.

For the related command, see display vlan statistics vid.

Example

Clear the statistics with VLAN ID 10.

<3Com> reset vlan statistics vid 10

vlan-type dot1q Syntax


vlan-type dot1q vid vid

View

Interface view

Parameter

vid: VLAN ID, used to identify a VLAN, its value ranges from 1 to 4094.

Description

Using the vlan-type dot1q command, you can set the encapsulation types on the
sub-interface.

By default, there is no encapsulation on the subinterface, nor VLAN ID related to


the subinterface.

For the related command, see display vlan interface.

Example

Set the Ethernet sub-interface 2/0/0.1 to be related to VLAN ID 60, and its
encapsulation format is dot1q.

[3Com-Ethernet2/0/0.1] vlan-type dot1q vid 60

ISDN Configuration
Commands

debugging isdn Syntax


debugging isdn { cc | q921 | q931 | spid } [ interface type number ]

undo debugging isdn { cc | q921 | q931| spid } [ interface type number ]

View

User view
ISDN Configuration Commands 277

Parameter

cc: Enables ISDN CC module debugging.

q921: Enables Q.921 debugging.

q931: Enables ISDN Q.931 module debugging.

spid: Enables SPID debugging for the BRI interfaces running the NI protocol.

interface type number: Interface type and number. You can enable ISDN signaling
debugging on an interface by specifying its type and number. If no interface has
been specified, the system will enable ISDN signaling debugging on all the ISDN
interfaces.

Description

Using the debugging isdn command, you can enable ISDN debugging. Using the
undo debugging isdn command, you can disable ISDN debugging.

You must enable terminal debugging first before ISDN debugging can take effect.

Example

Enable CC debugging.

<3Com> debugging isdn cc

Disable CC debugging.

<3Com> undo debugging isdn cc

display isdn Syntax


active-channel
display isdn active-channel [ interface type number ]

View

Any view

Parameter

interface type number: Interface type and number.

Description

Using the display isdn active-channel command, you can view the active call
information on ISDN interfaces. If no interface has been specified, the system will
display the active call information on all the ISDN interfaces.

The displayed information can help you with ISDN call troubleshooting.

Example

Display the active call information on the interface bri 0/0/0.

[3Com] display isdn active-channel interface bri 0/0/0


278 CHAPTER 4: LINK LAYER PROTOCOL

Bri0/0/0 :
-------------------------------------------------------------
Channel Call Call Calling Calling Called Called
Info Property Type Number Subaddress Number Subaddress
B1 Digital Out 8810124
B2 Analog In 8810118 380 8810150 2201
-------------------------------------------------------------

display isdn call-info Syntax


display isdn call-info [ interface type number ]

View

Any view

Parameter

interface type number: Interface type and number.

Description

Using the display isdn call-info command, you can view the current states of
ISDN interfaces. If no interface has been specified, the system will display the
current states of all the ISDN interfaces.

Executing this command will output the state of each layer of the ISDN protocol
on one or all interfaces, including the information of Q.921, Q.931 and CC
modules. You may make troubleshooting based on the output information.

For the related command, see display interfaces.

Example

Display the current states of all ISDN interfaces.

[3Com]display isdn call-info


Bri0/0/0:
Link Layer: TEI = NONE, State = TEI_UNASSIGNED
Network Layer: 0 connection(s)
Serial0/0/0:15:
Link Layer: TEI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Network Layer: 1 connection(s)
Connection 1:
CCIndex: 0x0000, State: Active, CES: 1, Channel: 0x00000002
Calling_Num[:Sub]: 003
Called_Num[:Sub]: 002
Table 7 Description of the information displayed by executing display isdn call-info

Item Description
Bri0/0/0 The interface Bri0/0/0 runs ISDN.
Link Layer: TEI = 0, Displays the parameters related to the link layer protocol Q.921
State = of ISDN on the interface.
MULTIPLE_FRAME_EST
ABLISHED
Network Layer: 1 There is only one network layer connection on the interface
connection(s) currently.
ISDN Configuration Commands 279

Table 7 Description of the information displayed by executing display isdn call-info

Item Description
CCIndex Call index
State Call state
Channel Channel map
Calling_Num[:Sub] Calling number: calling sub-address
Called_Num[:Sub] Called number: called sub-address

Disabling an interface will clear all the statistic data related to the interface and
new counting will be started.

display isdn call-record Syntax


display isdn call-record [ interface type number ]

View

Any view

Parameter

interface type number: Displays only the call history of the specified interface.

Description

Using the display isdn call-record command, you can view the information of
ISDN call history.

Executing this command will display information of the calls activated in the last
15 minutes, but the number of retained entries is limited to 100.

Example

Display the information of ISDN call history.

[3Com] display isdn call-record


Call Calling Called Start Stop Seconds
Type Number Number Time Time Used
--------------------------------------------------------------------In 10660016 10660016 03-07-05
11:23:09 - 0
In 10660022 10660022 03-07-05 11:23:09 - 0
Out - 660016 03-07-05 11:23:01 03-07-05 11:23:04 3
Out - 660022 03-07-05 11:23:01 03-07-05 11:23:04 3
In 10660016 10660016 03-07-05 11:23:01 03-07-05 11:23:04 3
In 10660022 10660022 03-07-05 11:23:01 03-07-05 11:23:04 3

display isdn parameters Syntax


display isdn parameters { protocol | interface type number }

View

Any view
280 CHAPTER 4: LINK LAYER PROTOCOL

Parameter

protocol: ISDN protocol type, which can be DSS1, NTT, NI, ETSI, ANSI or AT&T.

interface type number: ISDN interface type and number.

Description

Using the display isdn parameters command, you can view the system
parameters at layers 2 and 3 of the ISDN protocol, such as the durations of system
timers and frame size.

If only ISDN protocol is specified, the system will display the default system
parameters of ISDN.

For the related command, see display interfaces.

Example

Display the system parameters of the ISDN protocol DSS1.

[3Com] display isdn parameters dss1


DSS1 ISDN layer 2 system parameters:
T200(sec) T202(sec) T203(sec) N200 K(Bri) K(Pri)
1 2 10 3 1 7
DSS1 ISDN layer 3 system timers:
Timer-Number Value(sec)
T301 240
T302 15
T303 4
T304 30
T305 30
T308 4
T309 90
T310 40
T313 4
T314 4
T316 120
T317 10
T318 4
T319 4
T321 30
T322 4
Table 8 Description of the displayed system parameters of ISDN

Item Description
T200(sec) Retransmit-timer (in seconds) of the L2 protocol of ISDN
T202(sec) Retransmit-timer (in seconds) for the TEI request messages of the
ISDN L2 protocol
T203(sec) The maximum link idle time (in seconds) of the ISDN L2 protocol
N200 The maximum retransmission times
K(Bri) The maximum number of unacknowledged frames (slide window
size) on the ISDN BRI port.
K(Pri) The maximum number of unacknowledged frames (slide window
size) on the ISDN PRI port.
Timer-Number ISDN L3 timer
ISDN Configuration Commands 281

Table 8 Description of the displayed system parameters of ISDN

Item Description
Value(sec) Duration (in seconds) of each ISDN L3 timer

display isdn spid Syntax


display isdn spid [ interface type number ]

View

Any view

Parameter

interface type number: ISDN interface type and number.

Description

Using the display isdn spid command, you can view the related information of
SPID on the BRI interface running the NI protocol.

You may execute this command to view the SPID type, SPID value and some other
information when ISDN is running. Executing this command without specifying an
interface, you may view the related information of SPI on all the SPID-supported
BRI interfaces. Alternatively, you may view the information only on one interface
by specifying its type and number.

Example

Display the related information of SPID on the NI-supported interface bri 0/0/0.

[3Com] display isdn spid interface bri 0/0/0


Interface bri 0/0/0:
SPID Type : AUTO
SPID B1 :
SPID Num: 124345
Neg State : SPID_ASSIGNED
Init State: INIT_NULL
SPID B2 :
SPID Num: 45645754
Neg State : SPID_ASSIGNED
Init State: INIT_NULL
SPID timer : 30 seconds
SPID resend: 2
Table 9 Description of the SPID parameters

Item Description
SPID Type SPID Type, which can be NIT, STATIC (having only the L3
initialization process), or AUTO (including both the negotiation
and the L3 initialization)
SPID B1 SPID value of the BRI interface B1 channel. It can be a static
configuration or the result of a dynamic negotiation, all
depending on the specified SPID Type.
SPID Num SPID value of the BRI interface.It can be a static configuration or
the result of a dynamic negotiation, all depending on the
specified SPID Type.
282 CHAPTER 4: LINK LAYER PROTOCOL

Table 9 Description of the SPID parameters

Item Description
Neg State Negotiation state of the SPID, which can be SPID_UNASSIGNED,
ASSIGN_AWAITING_SPID, SPID_ASSIGNED,
ASSIGN_AWAITING_CALL_CLEAR.
Init State Initialization state of the SPID, which can be INIT_NULL, INIT_IND,
INIT_PROCEEDING, INIT_END, INIT_AWAITING_CALL_CLEAR.
SPID B2 SPID value of the BRI interface B2 channel. It can be a static
configuration or the result of a dynamic negotiation, all
depending on the specified SPID Type.
SPID timer Duration of the timer TSPID
SPID resend SPID message retransmission times

isdn bch-local-manage Syntax


isdn bch-local-manage

undo isdn bch-local-manage

View

ISDN interface view

Parameter

None

Description

Using the isdn bch-local-manage command, you can enable local ISDN B
channel management. Using the undo isdn bch-local-manage command, you
can disable the setting.

It is very important to put appropriate control on the B channels used for calls in
process, especially in the PRI mode. Proper channel management can improve call
efficiency and reduce call loss. Normally, the centralized B channel management
provided by exchanges can work well. For this reason, you are recommended to
adopt the management function provided by exchanges in most cases, despite the
ISDN module can provide the channel management function as well.

Example

Enable local ISDN B channel management.

[3Com-Bri2/0/0] isdn bch-local-manage

isdn bch-select-way Syntax


isdn bch-select-way { ascending | descending}

View

ISDN interface view


ISDN Configuration Commands 283

Parameter

ascending: Selects B channels in ascending order.

descending: Selects B channels in descending order.

Description

Using the isdn bch-select-way command, you can set a B channel selection
method.

By default, B channels are selected in ascending order.

Example

Configure B channel selection method on the interface Bri2/0/0 to descending


order.

[3Com-Bri2/0/0] isdn bch-select-way descending

isdn caller-number Syntax


isdn caller-number caller-number

undo isdn caller-number

View

ISDN interface view

Parameter

caller-number: Caller number that an incoming ISDN call can carry, which is a
character string of 1 to 24 characters.

Description

Using the isdn caller-number command, you can configure the range of the
numbers that the router can receive. Using the undo isdn caller-number
command, you can delete the configured caller number.

Example

Configure the router to receive only the incoming calls from the caller numbers
with 400.

[3Com-Serial0/0/0:15] isdn caller-number 400

isdn calling Syntax


isdn calling calling-number

undo isdn calling

View

ISDN interface view


284 CHAPTER 4: LINK LAYER PROTOCOL

Parameter

calling-number: Calling number.

Description

Using the isdn calling command, you can have the messages from a calling party
to a called party carry the calling number. Using the undo isdn calling command,
you can delete calling number in the messages that a calling party transmitted.

This command mainly applies on BRI interfaces. If a calling party has configured
this command on its BRI interface, the call party will be able to see the calling
number by viewing the call history information.

Example

Configure the message from a calling party to a called party on interface Bri0/0/0
to carry calling number.

[3Com-Bri0/0/0] isdn calling 8060170

isdn Syntax
check-called-number
isdn check-called-number check-index called-party-number [ : subaddress ]

undo isdn check-called-number check-index

View

ISDN BRI Interface view, ISDN PRI Interface view

Parameter

check-index: Called number or subaddress checking index, which is in the range of


1 to 3.

called-party-number: Called number, a string comprising 1 to 20 digits.

subaddress: Subaddress, which is a string comprising digits and/or case-insensitive


English letters and is 1 to 20 characters in length.

Description

Using the isdn check-called-number command, you can configure the called
number or subaddress that the system should verify when receiving a digital call.
Using the undo isdn check-called-number command, you can remove the
configuration.

By default, the system does not check the called number or subaddress carried by
incoming digital calls.

This command is used for setting the examined item when a digital call is received.
If a subaddress is specified, the system will deny an incoming digital call if the
calling party sends a wrong subaddress or does not send at all.
ISDN Configuration Commands 285

Example

Check whether the called number carried by incoming digital calls is 66668888 on
the interface Bri 0/0/0.

[3Com-Bri0/0/0] isdn check-called-number 1 66668888 : 123

isdn crlength Syntax


isdn crlength call-reference-length

undo isdn crlength

View

ISDN interface view

Parameter

call-reference-length: ISDN call reference length, which can be one or two bytes.

Description

Using the isdn crlength command, you can set length of the call reference used
when a call is placed on an ISDN interface. Using the undo isdn crlength
command, you can restore the default ISDN call reference length on the interface.

Call reference is equal to the sequence number that the protocol assigns to each
call. It is one or two bytes in length and can be used cyclically.

When the router receives a call from a remote device, it can automatically identify
the length of the call reference. However, some devices on the network do not
have such capability. In the event that the router is required to place calls to such a
device connected to it, you must configure the router to use the same call
reference length configured on the connected device.

By default, the call reference length is two bytes for E1 PRI and T1 PRI interfaces
and one byte for BRI interfaces.

You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.

Example

Set the call reference length carried by the ISDN messages on the PRI interface
serial0/0/0:15 to 1 byte.

[3Com-serial0/0/0:15] isdn crlength 1

isdn ignore connect-ack Syntax


isdn ignore connect-ack
286 CHAPTER 4: LINK LAYER PROTOCOL

undo isdn ignore connect-ack

View

ISDN interface view

Parameter

None

Description

Using the isdn ignore connect-ack command, you can configure the router to
switch the ISDN protocol state to ACTIVE to start the data and voice service
communications after sending a CONNECT message without having to wait for a
CONNECT ACK message. Using the undo isdn ignore connect-ack command,
you can restore the default setting.

By default, in the event that the router is communicating with an exchange, the
ISDN protocol must wait for the CONNECT ACK message in response to the
CONNECT message before it can switch to the ACTIVE state to start data and
voice service communications.

In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.

You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.

Example

Set the call process on the BRI interface 0/0/0 to proceed to the ACTIVE state
without waiting for CONNECT ACK messages.

[3Com-Bri0/0/0] isdn ignore connect-ack

isdn ignore hlc Syntax


isdn ignore hlc

undo isdn ignore hlc

View

ISDN interface view

Parameter

None
ISDN Configuration Commands 287

Description

Using the isdn ignore hlc command, you can disable ISDN to carry the higher
layer compatibility (HLC) information element in the SETUP messages sent when
placing voice calls. Using the undo isdn ignore hlc command, you can configure
ISDN to carry the HLC information element in SETUP messages.

By default, HLC information element is carried in SETUP messages when placing


voice calls.

In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.

You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.

Example

Configure ISDN to carry the HLC information element in the SETUP messages for
the voice calls placed on the Bri interface 0/0/0.

[3Com-Bri0/0/0] isdn ignore hlc

isdn ignore llc Syntax


isdn ignore llc

undo isdn ignore llc

View

ISDN interface view

Parameter

None

Description

Using the isdn ignore llc command, you can disable ISDN to carry the Lower
Layer Compatibility (LLC) information element in the SETUP messages sent when
placing voice calls. Using the undo isdn ignore llc command, you can configure
ISDN to carry the LLC information element in SETUP messages.

By default, LLC information element is carried in SETUP messages when placing


voice calls.

In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.

You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
288 CHAPTER 4: LINK LAYER PROTOCOL

call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.

Example

Disable ISDN to carry the LLC information element in the SETUP messages for the
voice calls placed on the interface Bri 0/0/0.

[3Com-Bri0/0/0] isdn ignore llc

isdn ignore Syntax


sending-complete
isdn ignore sending-complete [ incoming | outgoing ]

undo isdn ignore sending-complete [ incoming | outgoing ]

View

ISDN interface view

Parameter

incoming: Ignores the Sending Complete Information Element in SETUP messages


with respect to incoming calls.

outgoing: Sends SETUP messages without the Sending Complete Information


Element with respect to outgoing calls.

Description

Using the isdn ignore sending-complete command, you can configure the ISDN
protocol to ignore the processing on the Sending Complete Information Element.
Using the undo isdn ignore sending-complete command, you can restore the
default setting.

By default, in the event that the router is communicating with an exchange, the
ISDN protocol checks whether the received SETUP messages carry the Sending
Complete Information Element with respect to incoming calls and carries the
Sending Complete Information Element in SETUP messages with respect to
outgoing calls.

In the event that the router is communicating with an ISDN exchange, its settings
must be the same as those on the exchange.

You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.

You can configure this command on an interface only when the ISDN protocol
running on the interface is DSS1 or ETSI.
ISDN Configuration Commands 289

Example

Ignore the Sending Complete Information Element in the received SETUP


messages.

[3Com-Bri0/0/0] isdn ignore sending-complete incoming

Disable carrying the Sending Complete Information Element in the transmitted


SETUP messages.

[3Com-Bri0/0/0] isdn ignore sending-complete outgoing

isdn L3-timer Syntax


isdn L3-timer timer-name time-interval

undo isdn L3-timer { timer-name | all }

View

ISDN interface view

Parameter

timer-name: Name of a L3 timer of the ISDN protocol.

time-interval: Timer duration, which can take on one of the values listed in the
following table.

all: Restores the default durations of all the L3 timers.


Table 10 Description of Q931 timers

Value range
timer-name (in units) Default (in units)
t301 30 ~ 1200 240
t302 5 ~ 60 15
t303 2 ~ 10 4
t304 10 ~ 60 30
t305 4 ~ 30 30
t308 2 ~ 10 4
t309 10 ~ 180 90
t310 10 ~ 180 40
t313 2 ~ 10 4
t316 2 ~ 180 120
t322 2 ~ 10 4

Description

Using the isdn L3-timer command, you can configure the duration of an ISDN L3
timer. Using the undo isdn L3-timer command, you can restore the default
duration of the ISDN L3 timer on the interface.
290 CHAPTER 4: LINK LAYER PROTOCOL

You can view the default durations of the L3 timers in the ISDN protocol by
executing the display isdn parameters command.

Example

Set the duration of the L3 timer T301 on the interface Bri 0/0/0 to 160 seconds.

[3Com-Bri0/0/0] isdn l3-timer t301 160

isdn number-property Syntax


isdn number-property number-property [ calling | called ]

undo isdn number-property [ calling | called ]

View

ISDN interface view

Parameter

number-property: Type and number scheme of ISDN numbers. The argument takes
on a hex value in the range of 0 to FF. When it is expressed in 8 bits, bits 1 through
4 represent the code scheme, bits 5 through 7 represent the code type, and bit 8 is
reserved. The following table lists the possible number type and code schemes. For
more information, see the related protocol for reference.
ISDN Configuration Commands 291

The undefined bits in all the protocols are reserved for other purposes.
Table 11

Field (Bit)
Protocol value Definition
Type Code scheme
8 7
6 5 4
3 2 1
ANSI 0
0 0

User-specified 0
1 0

National network identification 0


1 1

International network identification


0
0 0 0
Unknown/user-specified
0
0 0 1
Carrier identification code
0
0 1 1
Data network identification code (ITU-T AT&T
Recommendation X.121)
0 0 0

Unknown
0 0 1

International
number
0 1 0

National
number
1 0 0

Subscriber
number

0 0 0
0 Unknown
292 CHAPTER 4: LINK LAYER PROTOCOL

Table 11

Field (Bit)
Protocol value Definition

0 0 0
1 ISDN/telephony
numbering loan
(
Recommendatio
n E.164/E.163)

1 0 0
1 Private DSS1
numbering plan
0 0
0
Unknown
0 0
1
International number
0 1
0
National number
0 1
1
Network specific number
1 0
0
Subscriber number
1 1
0
Abbreviated number
1 1
1
Reserved for extension

0 0
0 0 Unknown

0 0
0 1 ISDN/telephony numbering
plan( Recommendation
E.164)

0 0
1 1 Data numbering plan(
Recommendation X.121)
ISDN Configuration Commands 293

Table 11

Field (Bit)
Protocol value Definition

0 1
0 0 Telex numbering plan(
Recommendation F.69)

1 0
0 0 National standard
numbering plan

1 0
0 1 Private numbering plan

1 1
1 1 Reserved for extension
ETSI 0
0 0

Unknown 0
0 1

International number 0
1 0

National number 0
1 1

Network specific number 1


0 0

Subscriber number 1
1 0

Abbreviated number 1
1 1

Reserved for extension


0
0 0 0
Unknown
0
0 0 1
294 CHAPTER 4: LINK LAYER PROTOCOL

Table 11

Field (Bit)
Protocol value Definition
ISDN/telephony numbering plan(
Recommendation E.164)
0
0 1 1
Data numbering plan( Recommendation
X.121)
0
1 0 0
Telex numbering plan( Recommendation
F.69)
1
0 0 0
National standard numbering plan
1
0 0 1
Private numbering plan
1
1 1 1
Reserved for extension NI
0 0 0
0 0 0
0 Unknown
number in
Unknown
numbering plan
0 0 1
0 0 0
1 International
number in ISDN
numbering plan
(Rec. E.164)
0 1 0
0 0 0
1 National
number in ISDN
numbering plan
(Rec. E.164)
0 1 1
1 0 0
1 Network specific
number in
private
numbering plan
1 0 0
0 0 0
ISDN Configuration Commands 295

Table 11

Field (Bit)
Protocol value Definition
1 Local (directory)
number in ISDN
numbering plan
(Rec. E.164)
1 1 0
1 0 0
1 Abbreviated NTT
number in
private
numbering plan
0 0
0
Unknown
0 1
0
National number
0 1
1
Network specific number
1 0
0
Subscriber number

0 0
0 0 Unknown

0 0
0 1 ISDN/telephony numbering
plan( Recommendation
E.164)

1 0
0 1 Private numbering plan
Types and code schemes of ISDN numbers

calling: Code scheme of the calling number.

called: Code scheme of the called number.

Description

Using the isdn number-property command, you can set type and code scheme
of ISDN calling numbers or called numbers. Using the undo isdn
number-property command, you can restore the default type and code scheme
of ISDN calling numbers or called numbers.
296 CHAPTER 4: LINK LAYER PROTOCOL

By default, the number type and code scheme are respectively unknown and ISDN
for both ISDN calling numbers and called numbers, and the number-property
representing them is 01 in hex format.

You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.

Example

Set both number type and code scheme of ISDN calling numbers on the interface
Bri 0/0/0 to unknown.

[3Com-Bri0/0/0] isdn number-property 0 calling

isdn overlap-sending Syntax


isdn overlap-sending [ digits ]

undo isdn overlap-sending

View

ISDN interface view

Parameter

digits: The number of the digits, which is sent each time in overlap-sending mode
and is in the range of 1 to 15.By default, digits are 10.

Description

Using the isdn overlap-sending command, you can set the system to send the
called number information in the overlap mode on the ISDN interface. Using the
undo isdn overlap-sending command, you can set the system to send the called
information in full mode.

In "overlap-sending” mode, the digits of each called number will be sent


separately and the number of the digits sent each time can be set using this
command.

In "full-sending" mode, all the digits of each called number will be collected and
sent at a time.

By default, full-sending mode applies.

You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.
ISDN Configuration Commands 297

Overlap-sending is only suitable for four ISDN protocols: ANSI, DSS1, ETSI, and NI.

Example

Apply the overlap-sending function on the interface Bri0/0/0 and set the number
of digits allowed to be sent each time to 12 digits.

[3Com-Bri0/0/0] isdn overlap-sending 12

isdn pri-slipwnd-size Syntax


isdn pri-slipwnd-size window-size

isdn pri-slipwnd-size default

View

Interface view

Parameter

window-size: Slide window size in the range of 5 to 14. By default, the slide
window size on PRI interfaces is 7.

Description

Using the isdn pri-slipwnd-size command, you can set the slide window size on
a PRI interface. Using the isdn pri-slipwnd-size default command, you can
restore the default slide window size on the PRI interface.

Example

Configure the slide window size on the interface e1 0/0/0 to 10.

[3Com] controller e1 0/0/0


[3Com-E1 0/0/0] using
[3Com-E1 0/0] pri-set
[3Com-Serial0/0/0:15] isdn pri-slipwnd-size 10

isdn protocol-type Syntax


isdn protocol-type protocol

View

ISDN interface view

Parameter

protocol: ISDN protocol, which can be DSS1, NTT, NI, ETSI, ANSI, or AT&T.

Description

Using the isdn protocol-type command, you can set the ISDN protocol to be run
on an ISDN interface.

By default, both BRI and PRI interfaces run the ISDN protocol DSS1.
298 CHAPTER 4: LINK LAYER PROTOCOL

You are not allowed to configure this command on an ISDN interface if there is still
a call on it. This command can take effect only if it is configured when there is no
call on the interface. Alternatively, you can manually disable the interface by
executing the shutdown command, configure the command, and then enable
the interface by executing the undo shutdown command. The operations,
however, will lead to the disconnection of the call existing on the interface.

You are allowed to configure:

ANSI ISDN on BRI and T1 PRI interfaces;

AT&T ISDN on T1 PRI interfaces;

DSS1 ISDN on BRI, E1 PRI, and T1 PRI interfaces;

ETSI ISDN on BRI, E1 PRI, and T1 PRI interfaces;

NI (National ISDN) on BRI interfaces;

NTT ISDN on BRI and T1 PRI interfaces.

Example

Apply ISDN ETSI on the interface Bri0/0/0.

[3Com-Bri0/0/0] isdn protocol-type etsi

isdn send-restart Syntax


isdn send-restart

undo isdn send-restart

View

System view

Parameter

None

Description

Using the isdn send-restart command, you can set restart mark in a distributed
system (6000/3000 DSL Family routers), so that the MPU will control the PRI
interface to send RESTART message after re-establishing a link. Using the undo
isdn send-restart command, you can remove the restart mark.

This command is invalid for the MCU in a centralized system, 6000/3000 DSL
Family Routers for example.

Example

Enable the MCU to automatically send RESTART messages to interface boards


automatically.
ISDN Configuration Commands 299

[3Com] isdn send-restart

Disable automatic RESTART message sending.

[3Com] undo isdn send-restart

isdn spid auto_trigger Syntax


isdn spid auto_trigger

View

ISDN BRI interface view

Parameter

None

Description

Using the isdn spid auto_trigger command, you can enable SPID
auto-negotiation once on the BRI interface running the NI protocol.

On a BRI interface compliant with the North American ISDN protocol, the router
can place a call only after SPID negotiation or initialization. SPID information can
be obtained via static configuration or dynamic negotiation. You may manually
trigger a new SPID negotiation request by executing this command if the SPID
negotiation in dynamic negotiation fails or just for the purpose of testing.

By default, a BRI interface does not originate a SPID negotiation request unless
triggered by a call.

This command applies only on the BRI interface running the NI protocol.

Example

Manually trigger a new SPID negotiation request on the interface bri0/0/0.

[3Com-bri0/0/0] isdn spid auto_trigger

isdn spid nit Syntax


isdn spid nit

undo isdn spid nit

View

ISDN BRI interface view

Parameter

None
300 CHAPTER 4: LINK LAYER PROTOCOL

Description

Using the isdn spid nit command, you can set the SPID processing mode to NIT
(Not Initial Terminal) on an NI-compliant BRI interface. Using the undo isdn spid
nit command, you can disable the NIT mode on the BRI interface.

By default, NIT mode does not apply on BRI interfaces. Instead, static SPID or
dynamic SPID negotiation is applied.

On an NI-compliant BRI interface, calls can be placed only after the SPID
negotiation or initialization is finished. When the router is communicating with an
NI-compliant exchange that does not support SPID negotiation, you can use this
command to set the SPID processing mode on the router to NIT and the ISDN will
ignore ISPID negotiation and initialization.

This command applies only on NI-compliant BRI interfaces.

Example

Ignore SPID negotiation and initialization on the interface bri0/0/0, i.e., adopting
the NIT mode.

[3Com-bri0/0/0] isdn spid nit

isdn spid timer Syntax


isdn spid timer seconds

undo isdn spid timer

View

ISDN BRI interface view

Parameter

seconds: Duration of the SPID timer, which is in the range of 1 to 255 seconds,
and defaults to 30 seconds.

Description

Using the isdn spid timer command, you can set the duration of the timer TSPID
for an NI-compliant BRI interface to timer_length. Using the undo isdn spid
timer command, you can restore the default duration of the timer TSPID for the
NI-compliant BRI interface.

On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. SPID information
can be obtained via static configuration or dynamic negotiation. The timer TSPID is
started when the terminal originates a negotiation or initialization request by
sending the INFORMATION message. You can use this command to modify the
duration of TSPID.

This command applies only on NI-compliant BRI interfaces.


ISDN Configuration Commands 301

Example

Set the duration of TSPID on the interface bri0/0/0 to 50 seconds.

[3Com-bri0/0/0] isdn spid timer 50

isdn spid service Syntax


isdn spid service [audio | data | speech]

undo isdn spid service

View

ISDN BRI interface view

Parameter

audio: Supports audio service.

data: Supports data service.

speech: Supports voice service.

Description

Using the isdn spid service command, you can configure the service types that
must be supported in SPI negotiation on the BRI interface adopting NI protocol.
Using the undo isdn spid service command, you can delete he service types that
must be supported in SPI negotiation on the BRI interface adopting NI protocol.

There are three types of services, you can select any one of them or none. None
means all services are supported. By default, SPID needs to support data and voice
service simultaneously.

Generally, as for the BRI interface adopting North America ISDN protocol, you
need to negotiate or initialize SPID before originate a call. During negotiation,
SPCS may send multiple SPIDs and carry the service types supported by the SPID,
therefore, the router needs to choose a proper SPID according to the local service
type.

This command can only be applied on the BRI interface adopting NI protocol.

Example

Set the service type supported by BRI interface to data and voice.

[3Com-bri0] isdn spid service data


[3Com-bri0/0] isdn spid service speech

isdn spid resend Syntax


isdn spid resend times

undo isdn spid resend


302 CHAPTER 4: LINK LAYER PROTOCOL

View

ISDN BRI interface view

Parameter

times: An integer in the range of 1 to 255 times, which defaults to 1.

Description

Using the isdn spid resend command, you can set the number of INFORMATION
message retransmission attempts for SPID negotiation or initialization on an
NI-compliant BRI interface. Using the undo isdn spid resend command, you can
restore the default number of INFORMATION message retransmission attempts on
the interface.

On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. The timer TSPID
is started when the terminal originates a negotiation or initialization request by
sending the INFORMATION message. If the terminal does not receive any response
upon the expiration of TSPID, it will retransmit the INFORMAITON message. You
can use this command to modify the number of INFORMATION message
retransmission attempts.

This command applies only on NI-compliant BRI interfaces.

Example

Set the allowed number of INFORMATION retransmission attempts to five.

[3Com-bri0/0/0] isdn spid resend 5

isdn spid1 Syntax


isdn spid1 spid

undo isdn spid1

View

ISDN BRI interface view

Parameter

spid: String comprising 1 to 20 digits.

Description

Using the isdn spid1 command, you can configure SPID information for the B1
channel on an NI-compliant BRI interface. Using the undo isdn spid1 command,
you can remove the SPID information of the B1 channel on the interface.

On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. SPID information
can be obtained via static configuration or dynamic negotiation. Only after SPID
ISDN Configuration Commands 303

information is configured for the B1 channel on the BRI interface can the system
makes the L3 initialization to place calls normally.

By default, SPID for the B1 channel on a BRI interface is null.

This command applies only on NI-compliant BRI interfaces.

Example

Set SPID to “012345” for the B1 channel on the interface bri0/0/0.

[3Com-bri0/0/0] isdn spid1 012345

isdn spid2 Syntax


isdn spid2 spid

undo isdn spid2

View

ISDN BRI interface view

Parameter

spid: String comprising 1 to 20 digits.

Description

Using the isdn spid2 command, you can configure SPID information for the B1
channel on an NI-compliant BRI interface. Using the undo isdn spid2 command,
you can remove the SPID information of the B1 channel on the interface.

On a BRI interface compliant with the ISDN protocol in North America, calls can be
placed only after the SPID negotiation or initialization is finished. SPID information
can be obtained via static configuration or dynamic negotiation. Only after SPID
information is configured for the B2 channel on the BRI interface can the system
makes the L3 initialization to place calls normally.

By default, SPID for the B2 channel on a BRI interface is null.

This command applies only on NI-compliant BRI interfaces.

Example

Set SPID to “012345” for the B2 channel on the interface bri0/0/0.

[3Com-bri0/0/0] isdn spid2 012345

isdn statistics Syntax


isdn statistics { clear | continue | display [ flow ] | start | stop }

View

ISDN interface view


304 CHAPTER 4: LINK LAYER PROTOCOL

Parameter

clear: Clears the statistics.

continue: Continues counting.

display: Displays the statistics.

display flow: Displays the statistic information about message flows.

start: Starts counting.

stop: Stops counting.

Description

Using the isdn statistics command, you can have the system make statistics on
the information received and transmitted at an ISDN interface.

By default, no statistics is made on the information transmitted and received at


interfaces.

You can input the isdn statistics start command in the view of an interface to
start making statistics on the messages received and transmitted at the interface,
isdn statistics display command to view the statistic information, isdn statistics
continue to continue the effort in making statistics, isdn statistics display flow to
view the statistics in the form of flow, and isdn statistics stop to stop making
statistics.

Example

Display statistics information on the PRI interface.

[3Com-serial0/0/0:15] isdn statistics display


Q.931 message received and sent out on current port:
CALL_PROC Send(0) Recv(6)
SETUP Send(6) Recv(13)
CONN Send(13) Recv(5)
SETUP_ACK Send(0) Recv(6)
CONNECT_ACK Send(5) Recv(13)
DISCONNECT Send(3) Recv(16)
RELEASE Send(1) Recv(18)
RELEASE_COM Send(18) Recv(1)

SLIP Configuration
Commands

debugging slip Syntax


debugging slip { event | error | packet | all }

View

User view
HDLC Configuration Commands 305

Parameter

packet: Enables packet debugging output switch.

Description

Using the debugging slip command, you can enable the debugging switch of the
SLIP protocol.

Example

None

link-protocol slip Syntax


link-protocol slip

View

Interface view

Parameter

None

Description

Using the link-protocol slip command, you can set the link layer protocol of the
interface as SLIP.

By default, the link-layer protocol for interface is PPP.

P2P link can use simpler link layer protocol SLIP(Serial Line IP), which is mainly used
to run TCP/IP on the P2P serial port. SLIP is only used for the asynchronous link.

SLIP only defines the start and end identifiers of frame, so as to intercept IP packet
on the serial line. Compared with PPP, SLIP has no address concept, negotiation
process, differentiation of packet types (so only one network protocol can be
supported at the same time) and error correction function.

The link layer protocol of the interface shall be consistent with that of the peer
interface.

Example

Configure the link layer protocol on the interface Serial0/0/0 as SLIP.

[3Com-Serial0/0/0] link-protocol slip

HDLC Configuration
Commands

link-protocol hdlc Syntax


link-protocol hdlc
306 CHAPTER 4: LINK LAYER PROTOCOL

View

Interface view

Parameter

None

Description

Using the link-protocol hdlc command, you can configure the interface
encapsulation as HDLC. HDLC is a link layer protocol and can bear network layer
protocols, such as IP and IPX.

By default, the interface is encapsulated with PPP.

For the related commands, see timer hold and display interface.

Example

Configure HDLC encapsulation on interface Serial1/0/0.

[3Com-Serial1/0/0] link-protocol hdlc

timer hold Syntax


timer hold seconds

undo timer hold

View

Interface view

Parameter

seconds: Value of the polling interval. The value is in the range from 0 to 32767 in
seconds. 0 indicates that the link detection function is disabled.

Description

Using the timer hold command, you can set the polling interval. Using the undo
timer hold command, you can restore the default value of the polling interval.

By default, the value of seconds is 10 seconds.

The polling interval should be set to equal at the two ends of the data link. A zero
polling interval set in both ends will close the polling operation of the data link.

For the related command, see display interface.

Example

Set the value of polling interval on interface Serial1/0/0 to 100 seconds.

[3Com-Serial1/0/0] timer hold 100


Frame Relay Configuration Commands 307

Frame Relay
Configuration
Commands

debugging fr Syntax
debugging fr { all | inarp | compress | congestion | de | event | fragment | lmi | mfr control
| packet | transmit-rate } [ interface interface-type interface-number [ dlci dlci-number ] ]

undo debugging fr { all | inarp | compress | congestion | de | event | fragment | ipc | lmi |
mfr control | packet | transmit-rate } [ interface interface-type interface-number [ dlci
dlci-number ] ]

View

User view

Parameter

all: All frame relay information debugging.

arp: Information debugging of frame relay address resolution protocol. When this
parameter is in use, DLCI can be specified.

compress: Information debugging of frame relay compression.

congestion: Information debugging of frame relay traffic congestion


management.

de: DE information debugging of FRTS.

event: Information debugging of frame relay event. When this parameter is


used, no interface can be specified.

fragment: Information debugging of frame relay fragment. When this parameter


is in use, DLCI must be specified.

lmi: Information debugging of frame relay LMI (Local Management Interface)


protocol.

mfr control: Information debugging of multilink frame relay bundle and bundle
link.

packet: Information debugging of frame relay packet. When this parameter is in


use, DLCI can be specified.

transmit-rate: Information debugging of FRTS transmit rate.

interface-type: Interface type.

interface-number: Interface number, in 3-dimension form (slot number/card


number/interface number).

dlci dlci-number: DLCI number of virtual circuit, ranging from 16 to 1007.


308 CHAPTER 4: LINK LAYER PROTOCOL

Description

Using the debugging fr command, you can enable frame relay information
debugging. Using the undo debugging fr command, you can disable frame relay
information debugging.

By default, frame relay information debugging is disabled.

For multilink frame relay, if the information debugging of multilink frame relay
bundle and bundle link (mfr control) are enabled, the sent/received bundle link
controlling information and status change of bundle link will be displayed.

If FRTS function is enabled, the change of frame relay sending rate can be seen
after the transmit rate information debugging (transmit-rate) is enabled.

The enabling of frame relay information debugging greatly affects system


performance, so this command should be used cautiously.

Example

Enable frame relay compression debugging of all interfaces.

<3Com> debugging fr compress

Enable the FRTS congestion management debugging of serial interface 5/0/1.

<3Com> debugging fr congestion interface serial 5/0/1

Enable DE debugging of FRTS on serial interface 5/0/1.

<3Com> debugging fr de interface serial 5/0/1

Enable FRTS transmit rate debugging of serial interface 5/0/1.

<3Com> debugging fr transmit-rate interface serial 5/0/1

Enable debugging of the bundle interface MFR1/0/0, supposing several links have
been bundle on it.

<3Com> debugging fr mfr control interface mfr1/0/0serial3/0/2(Out):


MFR msg=Add_link, Length=28, Link=serial5/1/0, BL state=Add_sent
e1 00 01 01 07 4d 46 52 30 00 02 0c 53 65 72 69 61 6c 32 3a
serial3/0/2(In):
MFR msg=Add_link, Length=30, Link=serial5/1/0, BL state=Add_sent
e1 00 01 01 09 6b 70 6c 6b 70 6c 00 02 0c 53 65 72 69 61 6c
serial3/0/2(Out):
MFR msg=Add_link_ack, Length=28, Link=serial5/1/0, BL state=Add_rx
e1 00 02 01 07 4d 46 52 30 00 02 0c 53 65 72 69 61 6c 32 3a
serial3/0/2(Out):
MFR msg=Hello, Length=9, Link=serial5/1/0, BL state=Up
e1 00 05 03 06 43 4b 01 f6
serial3/0/2(In):
MFR msg=Hello_ack, Length=9, Link=serial5/1/0, BL state=Up
e1 00 05 03 06 2f f7 00 a5
Frame Relay Configuration Commands 309

display fr compress Syntax


display fr compress [ interface interface-type interface-number ]

View

Any view.

Parameter

interface-type: Interface type.

interface-number: Interface number, in 3-dimension form: slot number/card


number/interface number.

Description

Using the display fr compress command, you can view the statistics information
of the frame relay compression. If no interface is specified, the DLCI statistics
information of all the interfaces will be displayed.

For the related command, see fr compression frf9.

Example

View the frame relay compression statistics information of MFR interface 4/0/0.

<3Com> display fr compress interface mfr 4/0/0


MFR4/0/0 -DLCI:25
uncompressed bytes xmt/rcv 0/0 compressed bytes xmt/rcv 0/0
1 min avg ratio xmt/rcv 0.000/0.000 5 min avg ratio xmt/rcv 0.000/0.000

display fr dlci-switch Syntax


display fr dlci-switch [ interface interface-type interface-num ]

View

Any view

Parameter

interface-type: Type of the interface.

interface-number: Number of the interface, including slot-number/ card-number/


port-number.

The specified interface can only be main interface. Information of all interfaces will
be displayed without specifying interface.

Description

Using the display fr dlci-switch command, you can view the information of the
configured FR switching to check if the frame relay switching of a user is correctly
configured.

For the related command, see fr dlci-switch.


310 CHAPTER 4: LINK LAYER PROTOCOL

Example

View the information of the configured FR switching.

<3Com> display fr dlci-switch


Status Interface(Dlci) < -----> Interface(Dlci)
Inactive Serial0/1/1:10(100) Serial1/1/0:10(100)
Table 12 Description of the output information of command display fr dlci-switch

Item Description
Status The status of FR switching function
Interface(Dlci) < -- > Interface(Dlci) Input interface and its DLCI, output interface and its
DLCI

display fr inarp-info Syntax


display fr inarp-info [ interface interface-type interface-num ]

View

Any view

Parameter

interface-type interface-num: Used to specify the interface to be viewed. Only


the main interface can be specified here. The information of all interfaces will be
displayed for the command without specifying an interface.

Description

Using the display fr inarp-info command, you can view the packet statistics of
the FR inverse address resolution protocol.

The packets of FR inverse ARP include the address resolution request packet and
address resolution reply packet. According to the output information via this
command, you can diagnose if the inverse ARP operates normally.

For the related command, see fr inarp.

Example

Display the packet statistics of the FR inverse address resolution protocol.

<3Com> display fr inarp-info


interface Serial1/1/1:1:
dlci type size in/out/drop
200 FRF12(ETE) 80 0/0/0
T
Table 13 Output information description

Item Description
interface Current interface
dlci DLCI number
type Fragment type
size Fragment size
Frame Relay Configuration Commands 311

Table 13 Output information description

Item Description
in/out/drop Received/transmitted/dropped fragments

display fr interface Syntax


display fr interface interface-type interface-num

View

Any view

Parameter

interface-type interface-num: Used to specify the interface to be viewed. The


specified interface can be a main interface or a sub-interface. The whole
information will be displayed for the command without specifying an interface.

Description

Using the display fr interface command, you can view the FR status, which is
helpful for you to perform fault diagnosis.

For the related command, see display interface.

Example

Display the FR protocol status.

<3Com> display fr interface


Serial1/0/0, DTE, physical up, protocol up
Serial1/0/0.1, multi-point, protocol up
Serial1/0/0.2, point-to-point, protocol down
Serial2/0/0, DCE, physical down, protocol down

This command displays the protocol status of each interface encapsulated with FR.

The above information indicates that: Frame Relay interface type of Serial1/0/0 is
DTE. Physical layer protocol and link layer protocol of Serial1/0/0 are activated.

display fr lmi-info Syntax


display fr lmi-info [ interface interface-type interface-num ]

View

Any view

Parameter

interface-type interface-num: Used to specify the interface to be viewed. The


whole information will be displayed for the command without specifying an
interface.
312 CHAPTER 4: LINK LAYER PROTOCOL

Description

Using the display fr lmi-info command, you can view the statistics of LMI
protocol frame.

The LMI protocol is used to maintain the current frame relay link, including the
status enquiry packet and status packet. The displayed information helps you to
diagnose the faults.

For the related command, see fr interface-type.

Example

Display the statistics of LMI protocol frame.

<3Com> display fr lmi-info


Frame relay LMI statistics for interface Serial1/0/0(DTE)
T391DTE = 10 (keepalive 10)
N391DTE = 6, N392DTE = 3, N393DTE = 4
out status enquiry = 96, in status = 85
status timeout = 3, discarded messages = 3
Frame relay LMI statistics for interface Serial2/0/0 (DCE, ANSI)
T391DTE = 0 (no keepalive)
T392DCE = 15, N392DCE = 3, N393DCE = 4
in status enquiry = 0, out status = 0
status enquiry timeout = 0, discarded messages = 0

The above shows various information about the FR LMI protocol.

For example, the Frame Relay interface type of Serial1/0/0 is DTE. LMI protocol
type is Cisco-compatible protocol. T391 parameter on DTE side is 10. N391
parameter on DTE side is 6. N392 parameter on DTE side is 3. N393 parameter on
DTE side is 4. The number Status Enquiry packets sent through Serial1/0/0 is 96.
Received Status Enquiry packets are 85. Timeout packets are 3. Discarded packets
are 3.

display fr map-info Syntax


display fr map-info [ interface interface-type interface-num ]

View

Any view

Parameter

interface-type interface-num: Used to specify the interface to be viewed. The


specified interface can be a main interface or a sub-interface. The whole
information will be displayed for the command without specifying an interface.

Description

Using the display fr map-info command, you can view the FR address mapping
table.
Frame Relay Configuration Commands 313

The displayed information via the command indicates whether the static mapping
configured by a user is correct and whether the dynamic address mapping
operates normally.

For the related commands, see fr map ip and fr inarp.

Example

Display Frame Relay address mapping table.

<3Com> display fr map-info


Map Statistics for interface Serial1/0/2 (DTE)
DLCI = 100, IP INARP 100.100.1.1, Serial1/0/2
create time = 2002/10/21 14:48:44, status = ACTIVE
encapsulation = ietf, vlink = 14, broadcast
DLCI = 200, IP INARP 100.100.1.1, Serial1/0/2
create time = 2002/10/21 14:34:42, status = ACTIVE
encapsulation = ietf, vlink = 0, broadcast
DLCI = 300, IP 1.1.1.1, Serial1/0/2
create time = 2002/10/21 15:03:35, status = ACTIVE
encapsulation = ietf, vlink = 15

The above indicates the information of each MAP configured with Frame Relay
protocol.

For example, as for the first address mapping, the mapping indicates that PVC
(DLCI=100) on Serial1/0/2 establishes the address mapping with the peer end (IP
address is 100.100.1.1) through Inverse ARP. The time of creating the mapping is
2002/10/21 14:48:44, and its status is active. Encapsulation format is IETF, and
broadcast packet is available.

display fr pvc-info Syntax


display fr pvc-info [ interface interface-type interface-num ]

View

Any view

Parameter

interface-type interface-num: Used to specify the interface to be viewed. The


specified interface can be a main interface or a sub-interface. The whole
information will be displayed for the command without specifying an interface.

Description

Using the display fr pvc-info command, you can view the FR PVC table.

This command displays the statistics of the FR PVC status and receiving/sending
data on this VC.

For the related command, see fr dlci.


314 CHAPTER 4: LINK LAYER PROTOCOL

Example

Display the FR PVC table.

<3Com> display fr pvc-info


PVC statistics for interface Serial1/0/0 (DTE, physical UP)
DLCI = 100, USAGE = UNUSED (0000), INTERFACE = Serial1/0/0
create time = 2000/04/01 23:55:39, status = active
in BECN = 0, in FECN = 0
in packets = 0, in bytes = 0
out packets = 0, out bytes = 0
DLCI = 102, USAGE = LOCAL (0010), INTERFACE = Serial1/0/0.1
create time = 2000/04/01 23:56:14, status = active
in BECN = 0, in FECN = 0
in packets = 0, in bytes = 0
out packets = 0, out bytes = 0

The information listed above shows various information about the FR PVC.

The above information indicates that: The PVC (DLCI=100) is the one (UNUSED)
obtained through negotiating with the peer end via LMI. It is configured on
Serial1/0/0. Establishing time is 2000/04/01 23:55:39. PVC status is active. The
packets received of Forward Explicit Congestion Notifications (FECN) and
Backward Explicit Congestion Notifications (BECN) are both 0. Received/sent
frames are 0. Received/sent bytes are 0.

display fr statistics Syntax


display fr statistics [ interface interface-type interface-num ]

View

Any view

Parameter

interface-type interface-num: Used to specify the interface to be viewed. Only


the main interface can be specified here. The information of all interfaces will be
displayed for the command without specifying an interface.

Description

Using the display fr statistics command, you can view the current Frame Relay
statistics about receiving and sending packets.

The output information of this command can help the user to perform FR traffic
statistics and fault diagnosis.

For the related command, see display interface.

Example

Display the Frame Relay statistics about receiving and sending packets.

<3Com> display fr statistics


Frame relay packet statistics for interface Serial1/0/0 (DTE)
Frame Relay Configuration Commands 315

in packets = 84, in bytes = 1333


out packets = 92, out bytes = 1217
discarded in packets = 13, discarded out packets = 0
Frame relay packet statistics for interface Serial1/1/0 (DCE)
in packets = 0, in bytes = 0
out packets = 0, out bytes = 0
discarded in packets = 0, discarded out packets = 0

The above information displays Frame Relay statistics about receiving and sending
packets.

For instance, it is known from the above information that the Frame Relay
interface type of Serial1/0/0 is DTE. Received packets are 84. Received bytes are
1333. Sent packets are 92. Sent bytes are 1217. Discarded packets in received
ones are 13. Discarded packets in sent ones are 0.

display interface mfr Syntax


display interface mfr [interface-number .sub-number]

View

Any view

Parameter

interface-number: Interface number, in 3-dimension form (slot number/card


number/interface number).

Sub-number: sub-interface number.

Description

This command is used to display the information of FR interface, including the


statistical information.

Example

To view the configuration and status information of MFR interface 4/0/123

<3Com> display interface mfr 4/0/123


MFR4/0/123 current state : UP
Line protocol current state : UP
Description : 3Com, 3Com Series, MFR4/0/123 Interface
The Maximum Transmit Unit is 1500
Internet Address is 12.12.12.2/16
link-protocol is FRAME-RELAY IETF
LMI DLCI is 0, LMI type is Q.933a, frame relay DTE
LMI status enquiry sent 435, LMI status received 435
LMI status timeout 0, LMI message discarded 0
FIFO queuing: (Outbound queue:Size/Length/Discards)
FIFO: 0/75/0
5 minutes input rate 0 bytes/sec, 0 packets/sec
5 minutes output rate 0 bytes/sec, 0 packets/sec
1058 packets input, 832389 bytes, 0 drops
619 packets output, 828190 bytes, 0 drops
316 CHAPTER 4: LINK LAYER PROTOCOL

display mfr Syntax


display mfr [ interface interface-type interface-number | verbose ]

View

Any view

Parameter

interface-type: Interface type.

interface-number: Interface number, in 3-dimension form (slot number/card


number/interface number).

verbose: Displays detailed statistics information, including the number of


controlling packets sent and received.

Description

Using the display mfr command, you can view configuration and statistics
information of multilink frame relay bundle and bundle link. If no bundle or
bundle link is specified, information of all bundles and bundle links will be
displayed.

For the related command, see link-protocol fr mfr and interface mfr.

Example

View configuration and state information of all frame relay bundles and frame
relay bundle links.

<3Com-Serial4/1/2>display mfr
Bundle interface:MFR4/1/0, Bundle state = down, Bundle class = A,
fragment disabled
Bundle BID = MFR4/1/0
Number of bundle links = 0, Peer's bundle-id =
Bundle links:
Bundle interface:MFR4/1/1, Bundle state = down, Bundle class = A,
fragment disabled
Bundle BID = MFR4/1/1
Number of bundle links = 1, Peer's bundle-id =
Bundle links:
Serial4/1/1, PHY state = up, link state : add sent,
LID : Serial4/1/1

View detailed state information of all frame relay bundle links.

<3Com> display mfr verbose


Bundle interface:MFR4/1/0, Bundle state = down, Bundle class = A,
fragment disabled
Bundle BID = MFR4/1/0
Number of bundle links = 0, Peer's bundle-id =
Bundle links:
Bundle interface:MFR4/1/1, Bundle state = down, Bundle class = A,
fragment disabled
Bundle BID = MFR4/1/1
Frame Relay Configuration Commands 317

Number of bundle links = 1, Peer's bundle-id =


Bundle links:
Serial4/1/1, PHY state = up, link state : add sent,
LID : Serial4/1/1
Bundle Link statistics:
Add_link: sent packets = 112, rcv'd packets = 2,
Add_link_ack: sent packets = 2, rcv'd packets = 2,
Add_link_rej: sent packets = 0, rcv'd packets = 0,
Remove_link: sent packets = 0, rcv'd packets = 0,
Remove_link_ack: sent packets = 0, rcv'd packets = 0,
Hello: sent packets = 2180, rcv'd packets = 2174,
Hello_ack: sent packets = 2174, rcv'd packets = 2174,
outgoing pak dropped = 0, incoming pak dropped = 83
Cause code = ack timer expiry, Ack timer = 4, Hello timer = 10,
Max retry count = 2,
Current count = 0,
Peer LID =
Table 14 Output information description of display mfr command

Item Description
Bundle interface Bundle
Bundle state Running state of bundle interface
Bundle class Class A indicates if there is one bundle link is in up state, the
bundle is flagged as up. Moreover, all bundle links should be
flagged as down before the bundle is down.
fragment disabled Disable fragmentation function
Bundle BID Bundle identifier
Number of bundle Number of bundle links
links
Peer's bundle-id Bundle identifier of the peer
Bundle links Physical interface information of each bundle link
PHY state Running state of physical interface
Link state Running state of bundle link line protocol
LID Bundle link identifier
Bundle Link statistics: Packet statistics information of bundle link
Add_link Number of “Add_link” packets sent and received
The “Add_link” packet Add_link_ack
is used to notify the
peer that the local
node has prepared for
processing frames.
Number of “Add_link” The “Add_link_ack” packet is used to notify the peer that an
acknowledgment “Add_link” packet has been received.
packets sent and
received
Add_link_rej Number of “Add_link” reject packets sent and received
The “Add_link_rej” Remove_link
packet is used to notify
the peer that an
“Add_link” packet has
been rejected.
Number of “Remove_link” The “Remove_link” packet is used to notify the peer that the local
packets sent and received node is removing a bundle link from the bundle.
318 CHAPTER 4: LINK LAYER PROTOCOL

Table 14 Output information description of display mfr command

Item Description
Remove_link_ack Number of “Remove_link” acknowledgement packets sent and
received
The Hello
“Remove_link_ack”
packet is used to notify
the peer that a
“Remove_link” packet
has been received.
Number of “Hello” The “Hello” packet is used to maintain link state.
packets sent and
received.
Hello_ack Number of “Hello” acknowledgment packets sent and received.
The “Hello_ack” outgoing pak dropped
packet is used to notify
the peer that a “Hello”
packet has been
received.
Number of discarded incoming pak dropped
packets that are sent
Number of discarded Cause code
packets that are
received
The reason for bundle inconsistent bundle: The peer has associated the bundle with another bundle,
link to be in the thus making inconsistent BID.
current state, possibly
being the following
values:
none: The link is in normal bundle link idle: The peer bundle link is idle, which generally occurs when the
state. peer bundle interface is disabled.
ack timer expiry: The loopback detected: Loopback is enabled on the physical line of local bundle
current link state is caused link.
by the timeout of the local
T-ack timer.
other: Other reasons, such unexpected Add_link: The “add_link” message is received when
as LID error. the bundle link is in up state. This case may occur when the line
protocol is ready for being enabled and will disappear once the
connection is created.
Ack timer The time of resending hello message before bundle link receives
acknowledgment message or of waiting for hello
acknowledgment message before resending an “add_link”
message used for initial synchronization.
Hello timer Interval for bundle link to send hello message
Max retry count Maximum retry times for bundle link to resend hello message or
resend “Add_link” that is used for initial synchronization before
the bundle link waits for hello acknowledgement message.
Current count Current retry times
Peer LID Bundle link identifier of the peer link
Frame Relay Configuration Commands 319

fr compression frf9 Syntax


fr compression frf9

undo fr compression

View

Frame relay interface view

Parameter

None

Description

Using the fr compression frf9 command, you can enable frame relay
compression function. Using the undo fr compression command, you can
disable frame relay compression function.

By default, frame relay compression function is disabled.

This command is only valid for point-to-point interfaces. In other words, it is used
for frame relay sub-interfaces of point-to-point type.

Only when the frame relay packets type of the interface is IETF, can frame relay
compression take effect. When this command is configured, the system will
automatically change the packet type of the interface into IETF if the frame relay
packets type of an interface is not IETF.

For the related command, see fr map.

Example

Enable frame relay compression on the point-to-point frame relay sub-interface


Serial4/1/3.1.

[3Com] interface serial 4/1/3.1 p2p


[3Com-Serial4/1/3.1] fr compression frf9

fr compression iphc Syntax


fr compression iphc

undo fr compression iphc

View

Frame Relay interface view

Parameter

None
320 CHAPTER 4: LINK LAYER PROTOCOL

Description

Using the fr compression iphc command, you can enable the IP header
compression. Using the undo fr compression iphc command, you can disable
the function.

By default, the Frame Relay compression function is disabled.

For the related command, see fr map.

Example

Configure the Frame Relay interface Serial 4/1/0 to adopt IP header compression.

[3Com-Serial4/1/0] fr compression iphc

fr dlci Syntax
fr dlci dlci

undo fr dlci dlci

View

Interface view

Parameter

dlci: Virtual circuit number allocated for Frame Relay interface. The range of the
number is 16 to 1007. 0 to 15 and 1008 to 1023 are reserved by the protocol for
special purpose.

Description

Using the fr dlci command, you can configure the virtual circuit for Frame Relay
interface. Using the undo fr dlci command, you can cancel the configuration.

When the Frame Relay interface type is DCE or NNI, it is necessary to manually
configure virtual circuit for interface (either main interface or sub-interface). When
the Frame Relay interface type is DTE, if the interface is main interface, the system
will automatically configure the virtual circuit according to the peer device.

For the related command, see fr interface-type.

Example

Assign a virtual circuit with DLCI 100 to Frame Relay sub-interface Serial1/0/0.1.

[3Com-Serial1/0/0.1] fr dlci 100

fr dlci-switch Syntax
fr dlci-switch in-dlci interface interface-type interface-number dlci out-dlci

undo fr dlci-switch in-dlci


Frame Relay Configuration Commands 321

View

Frame relay interface view and MFR interface view

Parameter

in-dlci: DLCI assigned to an interface to receive datagram, ranging from 16 to


1007.

interface-type: Interface type.

interface-number: Interface number, in 3-dimension form (slot number/card


number/interface number).

out-dlci: DLCI of the specified interface where the packet is forwarded, ranging
from 16 to 1007.

Description

Using the fr dlci-switch command, you can configure a static route for frame
relay PVC switching. Using the undo fr dlci-switch command, you can delete a
static route for frame relay PVC switching.

By default, no static route for frame relay PVC switching is configured.

Before the static route of frame relay PVC is configured, it is necessary to enable
the frame relay PVC switching first by using the command fr switching.

The type of the interface for forwarding packets can be either a frame relay
interface or an MFR interface. If Tunnel interface is specified as the forwarding
interface, the frame relay packets over IP can be realized.

For the related command, see fr switching.

Example

Configure a static route that allows packets on the link with DLCI of 100 on
Seiral1/0/0 to be forwarded via the link with DLCI of 200 on interface Serial2/0/0.

[3Com-Serial1/0/0] fr dlci-switch 100 interface serial2/0/0 dlci 200

Configure a static route that allows packets on the link with DLCI of 200 on
Seiral4/1/2 to be forwarded via the link with DLCI of 300 on Tunnel interface
Serial4/0/0.

[3Com-Serial4/1/2] fr dlci-switch 200 interface Tunnel4/0/0 dlci 300

fr inarp Syntax
fr inarp [ ip ] [ dlci ]

undo fr inarp [ ip ] [ dlci ]

View

Interface view
322 CHAPTER 4: LINK LAYER PROTOCOL

Parameter

Ip: Indicates that the inverse address resolution is performed on the ip network
protocol.

dlci: Data link connection identifier number, i.e., virtual circuit number, indicating
that the inverse address resolution is performed for this DLCI number only.

Description

Using the fr inarp command, you can enable the inverse address resolution of
Frame Relay. Using the undo fr inarp command, you can disable this function.

By default, system permits enabling the Frame Relay inverse address resolution.

When the Frame Relay sends data over the interface, it is necessary to map the
network address to the DLCI numbers. Such a map can be specified manually or
can be completed via the function of automatic inverse address resolution.
Automatic inverse address resolution can be started by using the command.

If it is expected to enable the inverse address resolution function of all PVCs, the
command without any parameters is adopted.

If it is expected to enable the inverse address resolution function in the specified


data link, the command with dlci parameter is adopted.

For the related commands, see fr map, reset fr inarp, and display fr map-info.

Example

Enable the inverse address resolution at all PVCs of the Frame Relay interface
Serial1/0/0.

[3Com-Serial1/0/0] fr inarp

fr interface-type Syntax
fr interface-type { dce | dte | nni }

undo fr interface-type

View

Interface view

Parameter

dte, dce and nni: Three types of Frame Relay interfaces.

Description

Using the fr interface-type command, you can set the Frame Relay interface
type. Using the undo fr interface-type command, you can restore the default
Frame Relay interface type.

By default, the frame relay interface type is DTE


Frame Relay Configuration Commands 323

In Frame Relay, there are two communicating parties, the user side and network
side. The user side is called Data Terminal Equipment (DTE), and the network side
is called Data Communications Equipment (DCE). In a Frame Relay network, the
interface between the Frame Relay switches is Network-to-Network Interface
(NNI), and the corresponding interface adopts the NNI operating view. If the device
is used as Frame Relay switching, the Frame Relay interface should operate in the
NNI view or DCE mode. NE16E/08E/05 routers support the three modes.

In NE16E/08E/05 routers, while configuring the Frame Relay interface type as DCE
or NNI, it is unnecessary to perform the fr switching command in the System
view. Please notice that this is different from Cisco.

For the related command, see link-protocol fr.

Example

Set the type of the frame relay interface Serial1/0/0 to DCE.

[3Com] interface Serial1/0/0


[3Com-Serial1/0/0] fr interface-type dce

fr iphc Syntax
fr iphc { nonstandard | rtp-connections number1 | tcp-connections number2 | tcp-include
}

undo fr iphc { nonstandard | rtp-connections number1 | tcp-connections number2 |


tcp-include }

View

Frame relay interface view and MFR interface view

Parameter

nonstandard: Nonstandard compatible compression format.

rtp-connections number1: The number of RTP compression connections, ranging


from 3 to 255. By default, the number of RTP compression connections is 256.

tcp-connections number2: The number of TCP compression connections, ranging


from 3 to 255. By default, the number of TCP compression connections is 256.

tcp-include: Includes TCP header compression when performing RTP


compression.

Description

Using the fr iphc command, you can enable IP header compression function,
including RTP/TCP header compression. Using the undo fr iphc command, you
can disable this function.

For the related configuration, see fr map ip.


324 CHAPTER 4: LINK LAYER PROTOCOL

Example

Configure the number of RTP compression connections as 200 on the frame relay
Serial1/0/0.

[3Com-Serial1/0/0] fr iphc rtp-connections 200

fr lmi n391dte Syntax


fr lmi n391dte n391-value

undo fr lmi n391dte

View

Interface view

Parameter

Status counter of the PVC. The range of the value is 1 to 255.

Description

Using the fr lmi n391dte command, you can configure N391 parameter at the
DTE side. Using the undo fr lmi n391dte command, you can restore the default
value.

By default, its value is 6.

The DTE sends a Status-Enquiry packet at regular interval set by T391 to the DCE.
There are two types of Status-Enquiry packets: link integrity authentication packet
and link status enquiry packet. The N391 parameter defines the ratio of sending
the two types of packets, that is, link integrity authentication packets: link status
enquiry packets = (N391 - 1): 1.

For the related command, see fr interface-type.

Example

Set DTE as the operating mode of Frame Relay interface Serial1/0/0, and the
counter value of the PVC status to 10.

[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] fr lmi n391dte 10

fr lmi n392dce Syntax


fr lmi n392dce n392-value

undo fr lmi n392dce

View

Interface view
Frame Relay Configuration Commands 325

Parameter

n392-value: Error threshold, which ranges from 1 to 10.

Description

Using the fr lmi n392dce command, you can set N392 parameter at the DCE side.
Using the undo fr lmi n392dce command, you can restore the default
configuration.

By default, the parameter value is 3.

The DCE requires the DTE to send a Status-Enquiry packet at regular interval (set
by T392). If the DCE does not receive the Status-Enquiry packet within a period of
time, it will record the error by adding 1 to the error count. If the errors exceed the
threshold, the DCE would consider the physical channels and all the DLCIs to be
unavailable.

N392 and N393 together define the “error threshold”. N393 defines the event
number observed and N392 defines the error threshold of that number (N393).
That is, if number of errors that occurred to the DCE reaches N392 in N393 events,
DCE will consider the errors have reached the threshold and declare the physical
channels and all DLCIs to be unavailable.

N392 should be less than N393.

For the related commands, see fr interface-type and fr lmi n393dce.

Example

Set the operation of frame relay interface Serial1/0/0 as DCE mode and sets N392
to 5 and N393 to 6.

[3Com] interface Serial1/0/0


[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dce
[3Com-Serial1/0/0] fr lmi n392dce 5
[3Com-Serial1/0/0] fr lmi n393dce 6

fr lmi n392dte Syntax


fr lmi n392dte n392-value

undo fr lmi n392dte

View

Interface view

Parameter

n392-value: Error threshold, which ranges from 1 to 10.


326 CHAPTER 4: LINK LAYER PROTOCOL

Description

Using the fr lmi n392dte command, you can set N392 parameter at the DTE side.
Using the undo fr lmi n392dte command, you can restore the default
configuration.

By default, the parameter is 3.

The DTE sends a Status-Enquiry packet at a regular interval to the DCE to inquire
the link status. On receiving this packet, the DCE will immediately send a
Status-Response packet. If the DTE does not receive the response packet in the
specified time, it will record the error by adding 1 to the error count. If the errors
exceed the threshold, the DTE will consider that the physical channels and all the
DLCIs to be unavailable.

N392 and N393 together define the “error threshold”. N393 indicates the event
number observed and N392 indicates the error threshold of that number (N393).
That is, if N392 errors occurred in N393 Status-Enquiry packets in the DTE, the DTE
would consider that the error has exceeded the threshold and declare the physical
channels and all DLCIs to be unavailable.

N392 at DTE side should be less than N393 at DTE side.

For the related commands, see fr interface-type and fr lmi n393dte.

Example

Set the operation of frame relay interface Serial1/0/0 as the DTE mode and sets
N392 to 5 and N393 to 6.

[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] fr lmi n392dte 5
[3Com-Serial1/0/0] fr lmi n393dte 6

fr lmi n393dce Syntax


fr lmi n393dce n393-value

undo fr lmi n393dce

View

Interface view

Parameter

Event counter. The range of the value is 1~10.

Description

Using the fr lmi n393dce command, you can set the N393 parameter at the DCE
side. Using the undo fr lmi n393dce command, you can restore the default
configuration.

By default, the parameter value is 4.


Frame Relay Configuration Commands 327

The DCE requires the DTE to send a Status-Enquiry packet at a regular interval (set
by T392). If the DCE does not receive the Status-Enquiry packet, it will record the
error by adding 1 to the error count. If the errors exceed the threshold, the DCE
would consider the physical channels and all the DLCIs to be unavailable.

N392 and N393 together define the “error threshold”. N393 defines the event
number observed and N392 defines the error threshold of that number (N393).
That is, if the number of errors that occurred to the DCE reach N392 in N393
events, DCE will consider the errors have reached the threshold and declare the
physical channels and all DLCIs to be unavailable.

N392 at DCE side should be less than N393 at DCE side.

For the related commands, see fr interface-type and fr lmi n392dce.

Example

Set the operation of frame relay interface Serial1/0/0 as DCE mode and sets N392
to 5 and N393 to 6.

[3Com] interface Serial1/0/0


[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dce
[3Com-Serial1/0/0] fr lmi n392dce 5
[3Com-Serial1/0/0] fr lmi n393dce 6

fr lmi n393dte Syntax


fr lmi n393dte n393-value

undo fr lmi n393dte

View

Interface view

Parameter

Event counter. The range of the value is 1~10.

Description

Using the fr lmi n393dte command, you can set N393 parameter at the DTE side.
Using the undo fr lmi n393dte command, you can restore the default
configuration.

By default, the parameter value is 4.

The DTE sends a Status-Enquiry packet at a regular interval to the DCE to inquire
the link status. On receiving this packet, the DCE will immediately send a
Status-Response packet. If the DTE does not receive the response packet in the
specified time, it will record the error by adding 1 to the error count. If the errors
exceed the threshold, the DTE will consider that the physical channels and all the
DLCIs to be unavailable.
328 CHAPTER 4: LINK LAYER PROTOCOL

N392 and N393 together define the “error threshold”. N393 indicates the event
number observed and N392 indicates the error threshold of that number (N393).
That is, if N392 errors occurred in N393 Status-Enquiry packets in the DTE, the DTE
would consider that the error count has exceeded the threshold and declare the
physical channels and all DLCIs to be unavailable.

N392 at DTE side should be less than N393 at DTE side.

For the related commands, see fr interface-type and fr lmi n392dte.

Example

Set the operation of frame relay interface Serial1/0/0 as the DTE mode and sets
N392 to 5 and N393 to 6.

[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] fr lmi n392dte 5
[3Com-Serial1/0/0] fr lmi n393dte 6

fr lmi t392dce Syntax


fr lmi t392dce t392-value

undo fr lmi t392dce

View

Interface view

Parameter

t392-value: Value of the polling timer. The range of the value is 5 to 30, in
seconds.

Description

Using the fr lmi t392dce command, you can set T392 parameter at the DCE side.
Using the undo fr lmi t392dce command, you can restore the default
configuration.

By default, the parameter value is 15s.

This parameter defines the maximum time for DCE waiting for a Status-Enquiry.

T392 at DCE side should be greater than T391 at DTE side.

For the related command, see fr interface-type.

Example

Set the frame relay interface Serial1/0/0 to operate in DCE mode and set T392 to
10s.

[3Com] interface Serial1/0/0


[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dce
Frame Relay Configuration Commands 329

[3Com-Serial1/0/0] fr lmi t392dce 10

fr lmi type Syntax


fr lmi type { ansi | nonstandard | q933a }

undo fr lmi type

View

Interface view

Parameter

ansi: Standard LMI protocol type of ANSI T1.617 Appendix D.

nonstandard: Nonstandard compatible LMI protocol type.

q933a: Standard LMI protocol type of Q.933 Appendix A.

Description

Using the fr lmi type command, you can configure the Frame Relay LMI protocol
type. Using the undo fr lmi type command, you can restore to the default value
of LMI protocol type.

By default, the LMI protocol type is q933a.

The NE16E/08E/05 routers usually support three LMI protocols, namely, Q.933
Appendix A, ANSI T1.617 Appendix D and Nonstandard compatible LMI protocol.

For the related command, see display interface.

Example

Set the FR LIMI type of Serial1/0/0 to nonstandard.

[3Com-Serial1/0/0] fr lmi type nonstandard

fr map ip Syntax
fr map ip { protocol-address [ ip-mask ] | default } dlci [ broadcast ] [ nonstandard | ietf ]

undo fr map ip { protocol-address | default } dlci

View

Interface view

Parameter

protocol-address: Peer protocol address.

ip-mask: IP mask used to establish a network segment map.

dlci: local virtual circuit number, and the range of the value is 16 to 1007.
330 CHAPTER 4: LINK LAYER PROTOCOL

default: Indicates that the system establishes one default map.

broadcast: optional, which is used to specify if broadcast packet can be sent in


the mapping.

nonstandard: Indicates that map adopts nonstandard compatible encapsulation


format.

letf: Indicates that map adopts ietf encapsulation format.

Description

Using the fr map ip command, you can add a FR address mapping. Using the
undo fr map ip command, you can cancel the configuration.

By default, no static address mapping existing and inverse address resolution


enabled.

The mapping can be manually established or can be completed via the inverse
address resolution protocol. Manually configure the static mapping when there are
a few peer hosts or there is a default route. When the peer router supports inverse
address resolution protocol and the network is rather complex, the dynamic
address mapping is established via the inverse address resolution protocol.

For the related commands, see display fr map and fr inarp.

Example

The peer router IP address connected to the local interface serial1/0/0 is


202.38.163.252. There is a virtual circuit with DLCI 50 on local Serial1/0/0
connected to this router. Configure the static address mapping as follows:

[3Com-Serial1/0/0] fr map ip 202.38.163.252 50

fr switch Syntax
fr switch name [ interface interface-type interface-number dlci dlci1 interface
interface-type interface-number dlci dlci2 ]

undo fr switch name

View

System view

Parameter

name: Name of PVC used for frame relay switching, consisting of 30 characters at
most.

interface interface-type interface-number dlci dlci: DLCI number at both ends of


PVC as well as the type and number of its interface. The peer can be specified as
Tunnel interface.
Frame Relay Configuration Commands 331

Description

Using the fr switch command, you can create a PVC used for frame relay
switching and enter frame relay switching view. Using the undo fr switch
command, you can delete a specified PVC.

By default, there is no PVC used for frame relay switching.

The interface for forwarding packets can be either a frame relay interface or an
MFR interface. If Tunnel interface is specified as the forwarding interface, frame
relay packets over IP can thus be realized.

In frame relay switching view, the shutdown/undo shutdown operation can be


executed on a PVC.

If a PVC used for switching has been configured, its interface and DLCI cannot be
changed any longer. To change them, you must delete the defined PVC used for
switching first.

For the related commands, see display fr pvc-info, fr dlci-switch, fr switching,


and fr dlci.

Example

Create a PVC named pvc1 on the DCE serving as the switch, which is from the
DCLI 100 of serial interface 0/0/0 to the DLCI 200 of serial interface 1/0/0.

[3Com] fr switching
[3Com] fr switch pvc1 interface serial 0/0/0 dlci 100 interface serial 1/0/0 dlci 200
[3Com-fr-switching-pvc1]

fr switching Syntax
fr switching

undo fr switching

View

System view

Parameter

None

Description

Using the fr switching command, you can enable frame relay PVC switching.
Using the undo fr switching command, you can disable frame relay PVC
switching.

By default, no FR switching is enabled.

The command is used to enable Frame Relay PVC switching.


332 CHAPTER 4: LINK LAYER PROTOCOL

Example

Enable PVC switching on FR interface.

[3Com] fr switching

interface mfr Syntax


interface mfr interface-number [ .subnumber]

undo interface mfr interface-number [ .subnumber ]

View

System view

Parameter

interface-number: Interface number of a multilink frame relay bundle, including


slot number/card number/interface number, in which interface number ranges
from 0 to 1023.

subnumber: Sub-interface number of a multilink frame relay bundle, ranging


from 0 to 4095.

Description

Using the interface mfr command, you can create a multilink frame relay bundle
interface or sub-interface and enter the corresponding interface view. Using the
undo interface mfr command, you can delete a specified multilink frame relay
bundle interface or sub-interface.

By default, there is no multilink frame relay interface or sub-interface.

Before using the undo interface mfr command to delete an MFR interface, you
must delete all physical interfaces from the MFR interface.

Before an MFR sub-interface is created, the MFR interface must be created first.

For the related commands, see link-protocol fr mfr and mfr bundle-name.

Example

Create a multilink frame relay bundle interface with a point-to-multipoint


sub-interface.

[3Com] interface mfr 4/0/123


[3Com-MFR4/0/123] quit
[3Com] interface mfr 4/0/123.1
[3Com-MFR4/0/123.1]

link-protocol fr Syntax
link-protocol fr [ nonstandard | ietf ]
Frame Relay Configuration Commands 333

View

Interface view

Parameter

nonstandard: Nonstandard compatible encapsulation format.

ietf: Default encapsulation format according to the Internet Engineering Task


Force (IETF) standard.

Description

Using the link-protocol fr command, you can encapsulate interface link layer
protocol as Frame Relay.

By default, the link-layer protocol encapsulated on the interface is PPP, and the
frame relay encapsulation format is IETF.

In VRP, the Frame Relay encapsulation can be either ietf or nonstandard


compatible encapsulation (nonstandard). IETF encapsulation conforms to
RFC1490, that is, it supports the IETF standard.

For the related command, see display interface.

Example

Configure Frame Relay encapsulation on interface Serial1/0/0 and select the


nonstandard encapsulation compatible format.

[3Com-Serial1/0/0] link-protocol fr nonstandard

link-protocol fr mfr Syntax


link-protocol fr mfr interface-number

View

Interface view

Parameter

interface-number: Interface number, in 3-dimension form (slot number/card


number/interface number).

Description

Using the link-protocol fr mfr command, you can configure the current physical
interface as a multilink frame relay bundle link and bundle it onto a specified MFR
interface.

By default, there is no multilink frame relay bundle link.

When this command is configured, the specified MFR interface must exist. A
maximum of 16 physical interfaces can be bundled onto an MFR interface.
334 CHAPTER 4: LINK LAYER PROTOCOL

To delete a physical interface from an MFR interface, use the link-protocol


command to apply a link layer protocol of non frame relay MFR to the interface.

For the related commands, see interface mfr and mfr link-name.

Example

Configure the current serial interface as a bundle link and add it onto the frame
relay bundle interface mfr4/0/123.

[3Com-Serial4/1/2] link-protocol fr mfr 4/0/123

mfr bundle-name Syntax


mfr bundle-name [ name ]

undo mfr bundle-name [ name ]

View

MFR interface view

Parameter

name: Bundle identification, in the form of character string, with a length ranging
from 1 to 49.

Description

Using the mfr bundle-name command, you can set frame relay bundle
identification (BID). Using the undo mfr bundle-name command, you can
restore the default value.

By default, BID is in the form of “mfr + frame relay bundle number”, such as
mfr4/0/123.

Each multilink frame relay bundle has a BID, which is only significant at the local.
Therefore, the BIDs at both ends of the link can be the same.

When changing the BID of an interface, you must execute the shutdown/undo
shutdown command on the interface to make the new BID valid.

For the related command, see mfr link-name.

Example

Set the frame relay link BID to bundle1.

[3Com-MFR4/0/123] mfr bundle-name bundle1

mfr fragment Syntax


mfr fragment

undo mfr fragment


Frame Relay Configuration Commands 335

View

MFR interface view

Parameter

None

Description

Using the mfr fragment command, you can enable fragmentation of a multilink
frame relay bundle. Using the undo mfr fragment command, you can disable the
function.

By default, the fragmentation of a multilink frame relay bundle is disabled.

For the related commands, see mfr fragment-size and mfr window-size.

Example

Enable fragmentation on the MFR interface 4/0/123.

[3Com] interface mfr 4/0/123


[3Com-MFR4/0/123] mfr fragment

mfr fragment-size Syntax


mfr fragment-size bytes

undo mfr fragment-size

View

Frame relay interface view and MFR interface view

Parameter

bytes: Fragment size, in bytes, ranging from 60 to 1500.

Description

Using the mfr fragment-size command, you can configure the maximum
fragment size allowed on a frame relay bundle link. Using the undo mfr
fragment-size command, you can restore the default setting.

By default, the maximum fragment size allowed on a frame relay bundle link is of
300 bytes.

The priority of the fragment size configured in frame relay interface view is higher
than that of the one configured in MFR interface view.

For the related commands, see mfr fragment and mfr window-size.

Example

Configure the maximum fragment size allowed on the multilink frame relay
bundle link Serial4/1/2 to be 70 bytes.
336 CHAPTER 4: LINK LAYER PROTOCOL

[3Com-Serial4/1/2] mfr fragment-size 70

mfr link-name Syntax


mfr link-name [ name ]

undo mfr link-name [ name ]

View

Frame relay interface view

Parameter

name: Name of a bundle link identification, in the form of character string,


ranging from 1 to 49.

Description

Using the mfr link-name command, you can set the frame relay bundle link
identification (LID). Using the undo mfr link-name command, you can restore the
default setting.

By default, LID is the name of the corresponding physical interface.

The peer equipment identifies a frame relay bundle link via LID or associates the
bundle link with a frame relay bundle by using LID. LID is locally valid; therefore,
the LIDs at both ends of a link can be the same.

When changing the bundle LID on an interface, you must execute the
shutdown/undo shutdown command on the interface to make the new bundle
LID valid.

For the related command, see mfr bundle-name.

Example

Set the bundle LID of the multilink frame relay bundle link Serial4/1/2 to be bl1.

[3Com-Serial4/1/2] mfr link-name bl1

mfr retry Syntax


mfr retry number

undo mfr retry

View

Frame relay interface view

Parameter

number: The maximum times that a bundle link can resend hello messages,
ranging from 1 to 5. By default, it is twice.
Frame Relay Configuration Commands 337

Description

Using the mfr retry command, you can set the maximum times that a frame relay
bundle link can resend hello message when waiting for a hello acknowledgement
message. Using the undo mfr retry command, you can restore the default
setting.

If the times that a bundle link resends hello message reach the maximum without
receiving acknowledgement from the peer, the system will regard the link protocol
on the bundle link to be malfunctioning.

Only after the link-protocol fr mfr command is used to associate a frame relay
bundle link interface with a frame relay bundle, can this command be configured.

For the related commands, see mfr timer ack and mfr timer hello.

Example

Set the bundle link Serial4/1/2 to resend hello message for 3 times at most.

[3Com-Serial4/1/2] mfr retry 3

mfr timer ack Syntax


mfr timer ack seconds

undo mfr timer ack

View

Frame relay interface view

Parameter

seconds: Time of waiting for hello acknowledgment message before resending


hello message, in second, ranging from 1 to 10. By default, it is 4 seconds.

Description

Using the mfr timer ack command, you can set the time of waiting for hello
acknowledgment message before frame relay bundle link resends hello message.
Using the undo mfr timer ack command, you can restore the default setting.

For the related commands, see mfr timer hello and mfr retry.

Example

Set the frame relay bundle link Serial4/1/2 to wait for 6 seconds before resending
hello message.

[3Com-Serial4/1/2] link-protocol fr mfr 4/0/123


[3Com-Serial4/1/2] mfr timer ack 6

mfr timer hello Syntax


mfr timer hello [ seconds ]
338 CHAPTER 4: LINK LAYER PROTOCOL

undo mfr timer hello [ seconds ]

View

Frame relay interface view

Parameter

seconds: Interval for a bundle link to send hello message, in seconds, ranging from
1 to 180. By default, it is 10 seconds.

Description

Using the mfr timer hello command, you can set the interval for a frame relay
bundle link to send hello message. Using the undo mfr timer hello command,
you can restore the default setting.

Both ends of a frame relay bundle link periodically send hello message to the peer
end. After the peer receives the hello message, it will response hello
acknowledgement message.

For the related commands, see mfr timer ack and mfr retry.

Example

Set the bundle link Serial4/1/2 to send hello message once every 15 seconds.

[3Com-Serial4/1/2] mfr timer hello 15

mfr window-size Syntax


mfr window-size number

undo mfr window-size

View

MFR interface view

Parameter

number: Number of fragments, ranging from 1 to 16.

Description

Using the mfr window-size command, you can configure the number of
fragments that can be held by the window used in sliding window algorithm
when multilink frame relay reassembles received fragments.

By default, the size of a sliding window is equal to the number of physical


interfaces of an MFR bundle.

For the related commands, see interface mfr, mfr fragment, and mfr
fragment-size.
Frame Relay Configuration Commands 339

Example

Set the size of the sliding window of the MFR bundle interface MFR4/0/123 to be
8.

[3Com-MFR4/0/123] mfr window-size 8

shutdown Syntax
shutdown

undo shutdown

View

Frame relay switching view

Description

Using the shutdown command, you can disable any current switching PVCs.
Using the undo shutdown command, you can enable any current switching
PVCs.

By default, switching PVC is enabled.

Example

Disable all the current switching PVCs.

[3Com] fr switch pvc1 interface serial 1/0/0 dlci 100 interface serial 2/0/0 dlci 200
[3Com-fr-switching-pvc1] shutdown

reset fr inarp Syntax


reset fr inarp

View

User view

Parameter

None

Description

Using the reset fr inarp command, you can clear the address mapping
established by inverse ARP.

In some special cases, for example, when the network architecture changes, the
dynamic address maps originally established will become invalid. hence it is
necessary to establish them again. Users can use this command to clear all the
dynamic address maps.

For the related command, see fr inarp.


340 CHAPTER 4: LINK LAYER PROTOCOL

Example

Clear all the Frame Relay dynamic address maps.

[3Com] reset fr inarp

timer hold Syntax


timer hold seconds

undo timer hold

View

Interface view

Parameter

seconds: value of polling timer, which ranges from 0 to 32767 in seconds. 0


indicates that the LMI protocol is disabled.

Description

Using the timer hold command, you can configure the polling timer at the DTE
side. Using the undo timer hold command, you can restore its default value.

By default, the parameter is 10 seconds.

The parameter defines the interval of Status-Enquiry packet sent by DTE.

For the related commands, see fr interface-type and fr lmi t392dce.

Example

Configure that Frame Relay interface serial1/0/0 to work in DTE mode, and set the
value of polling timer to 15 seconds.

[3Com-Serial1/0/0] link-protocol fr
[3Com-Serial1/0/0] fr interface-type dte
[3Com-Serial1/0/0] timer hold 15

ATM Configuration
Commands

atm-class Syntax
atm-class atm-class-name

undo atm-class atm-class-name

View

Interface view and PVC view


ATM Configuration Commands 341

Parameter

atm-class-name: Name of ATM-Class.

Description

Using the atm-class command, you can apply a set of parameters (which are
defined in ATM-Class) to an ATM interface or a PVC. Using the undo atm-class
command, you can delete the specified ATM-Class.

For the related command, see atm class.

Example

Apply an ATM-Class named "main" to the interface Atm1/0/0.

[3Com-Atm1/0/0] atm-class main

atm class Syntax


atm class atm-class-name

undo atm class atm-class-name

View

System view

Parameter

atm-class-name: Name of ATM-Class.

Description

Using the atm class command, you can create an ATM-Class and enter the
ATM-Class view. Using the undo atm class command, you can delete the
specified ATM-Class.

An ATM-Class is a group of predefined parameters that can be used for ATM


interface or PVC.

For the related command, see atm-class.

Example

Create an ATM-Class named "main".

[3Com] atm class main

clock Syntax
clock { master | slave }

undo clock
342 CHAPTER 4: LINK LAYER PROTOCOL

View

ATM master interface view

Parameter

master: Specify ATM interface to use the internal transmission clock signal.

slave: Restore the line clock signal.

Description

Using the clock command, you can specify ATM interface to use internal
transmission clock signal. Using the undo clock command, you can restore the
usage of network clock signal.

By default, ATM interface uses the network clock signal. This clock signal is usually
provided by the device which provides ATM interfaces.

When two network devices are directly connected in the back-to-back method
through the ATM interfaces, this command is used to set the internal transmission
clock at the ATM interface of one device.

Although this command is valid on both ATM main interface and sub-interface, it
can only be used in ATM main interface view and there is not this command in
ATM sub-interface view.

For the related command, see display atm interface.

Example

Specify ATM interface Atm1/0/0 to use the internal transmission clock.

[3Com-Atm1/0/0] clock master

debugging atm all Syntax


debugging atm all

undo debugging atm all

View

User view

Parameter

None

Description

Using the debugging atm all command, you can enable all the debugging
switches of ATM. Using the undo debugging atm all command, you can disable
the debugging.

By default, all the ATM debugging switches are disabled.


ATM Configuration Commands 343

Because the use of this command can lead to a mass of output information, this
may cause that users cannot control network devices through terminals and the
efficiency of packet transmitting and receiving may be greatly damaged.

For the related commands, see debugging atm error, debugging atm event,
and debugging atm packet.

debugging atm error Syntax


debugging atm error [ interface { interface-name | interface-type interface-num } [ pvc {
pvc-name | vpi/vci } ] ]

undo debugging atm error [ interface { interface-name | interface-type interface-num } [


pvc { pvc-name | vpi/vci } ] ]

View

User view

Parameter

interface-name: ATM interface name. For detailed naming rules, please refer to
the “Interface Configuration” chapter in this manual. If it is not specified, all the
error debugging of ATM are enabled (including global debugging, interface-level
debugging and PVC-level debugging).

interface-type: Interface type, which can determine an ATM interface together


with interface-num.

interface-num: Interface number, which can determine an ATM interface together


with interface-type.

pvc-name: PVC name, optional. If no PVC name and VPI/VCI pair are specified, all
the error debugging of the PVC will be enabled.

vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
Description” in the pvc command.

Description

Using the debugging atm error command, you can enable the error debugging
of ATM. Using the undo debugging atm error command, you can disable the
debugging.

By default, all the ATM error debugging switches are disabled.

The interface-name parameter is actually composed of interface-type and


interface-num. The difference of using them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name.

For the related commands, see display debugging and debugging atm all.

Example

Enable all the error debugging of ATM.


344 CHAPTER 4: LINK LAYER PROTOCOL

<3Com> debugging atm error

debugging atm event Syntax


debugging atm event [ interface { interface-name | interface-type interface-num } [ pvc
{ pvc-name | vpi/vci } ] ]

undo debugging atm event [ interface { interface-name | interface-type interface-num }


[ pvc { pvc-name |[ vpi/vci ] | vpi/vci } ] ]

View

User view

Parameter

interface-name: ATM interface name. For detailed naming rules, please refer to
“Interface Configuration” part of this manual. If it is not specified, all the event
debugging of ATM is enabled by default (including global debugging,
interface-level debugging and PVC-level debugging).

interface-type: Interface type, which can determine an ATM interface together


with interface-num.

interface-num: Interface number, which can determine an ATM interface together


with interface-type.

pvc-name: PVC name, optional. If no PVC name and no VPI/VCI pair are specified,
all the event debugging of PVC will be enabled.

vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
Description” in the pvc command.

Description

Using the debugging atm event command, you can enable the event debugging
of ATM. Using the undo debugging atm event command, you can disable the
debugging.

By default, all the debugging of ATM event is disabled.

The interface-name parameter is actually composed of interface-type and


interface-num. The difference of using them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name.

This command is used to enable all the debugging of events that happen at the
ATM interface or a PVC, which can be used to trace some essential events of the
system. Such information may be helpful for detecting network faults.

Example

The example is a case to enable the debugging of ATM events and display the
results.

Enable all the event debugging of ATM.


ATM Configuration Commands 345

<3Com> debugging atm event

debugging atm packet Syntax


debugging atm packet [ interface { interface-name | interface-type interface-num } [ pvc
{ pvc-name [ vpi/vci ] | vpi/vci } ] ]

undo debugging atm packet [ interface { interface-name | interface-type interface-num


} [ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ]

View

User view

Parameter

interface-name: ATM interface name, optional. For detailed naming rules, please
refer to “Interface Configuration” part of this manual. If it is not specified, all the
packet debugging of ATM are enabled by default (including global debugging,
interface-level debugging and PVC-level debugging).

interface-type: Interface type, which can determine an ATM interface together


with interface-num.

interface-num: Interface number, which can determine an ATM interface together


with interface-type.

pvc-name: PVC name, optional. If no PVC name and no VPI/VCI pair are specified,
all the packet debugging of PVC will be enabled.

vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
Description” in the pvc command.

Description

Using the debugging atm packet command, you can enable the packet
debugging of ATM. Using the undo debugging atm packet command, you can
disable the debugging.

By default, all the debugging of ATM packet is disabled.

The interface-name parameter is actually composed of interface-type and


interface-num. The difference between them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name.

After the packet switch is enabled, the detailed information about


receiving/sending packets at the ATM interface or PVC will be displayed. This will
be very helpful for system troubleshooting.

The received packets will display all the information about received frames , which
can indicate whether the sending side correctly encapsulates these frames. This
will be greatly helpful for the network device detection.

Packet debug information displays the PDU byte information in hex, through
which technical support personnel or engineers can locate some system errors.
346 CHAPTER 4: LINK LAYER PROTOCOL

Since the use of this command can lead to a mass of output information during
each packet receiving and transmitting, this may cause that users cannot control
network devices through their terminals, and thus greatly affect the efficiency of
packet transmitting and receiving.

Example

The example is a case to enable the debugging of ATM packet and display the
results.

Enable all the packet debugging of ATM.

<3Com> debugging atm packet

After some time, the following messages may appear:

……
*515396.229644-atm-8-debug8: Atm1/0/0 pvc 1/32 out ppp pkt, snap, 22
*515396.229710-atm-8-debug8: FE FE 03 CF FF 03 C0 21 01 22 00 0E 01 04 05 DC
*515396.229812-atm-8-debug8: 05 06 00 00 1F 38
*515396.232644-atm-8-debug8: Atm1/0/0 pvc 1/32 out ppp pkt, snap, 22
*515396.232710-atm-8-debug8: FE FE 03 CF FF 03 C0 21 01 23 00 0E 01 04 05 DC
*515396.232812-atm-8-debug8: 05 06 00 00 1F 38

It indicates that PPP packets are being output from PVC 1/32 of Atm1/0/0.

display atm class Syntax


display atm class [ atm-class-name ]

View

Any view

Parameter

atm-class-name: ATM-Class name.

Description

Using the display atm class command, you can view the information about
ATM-Class. By default, if no ATM-Class name is specified, the information of all
ATM-Class is displayed.

For the related command, see atm class.

Example

Display the information about the ATM-Class named "main" in devices.

<3Com> display atm class main

The following information is displayed:

ATM VC-CLASS: main


Service ubr 8000
encapsulation aal5snap
ATM Configuration Commands 347

The explanation on the above messages is:

ATM-Class name is "main", and the following contents are set in the ATM-Class:
the service type is unspecified bit rate and the output peak rate of ATM cells is
8000 and the AAL encapsulation type is SNAP.

display atm interface Syntax


display atm interface [ interface-name | interface-type interface-num ]

View

Any view

Parameter

interface-name: ATM interface name. For detailed naming rules, please refer to
“Interface Configuration” part of this manual. If it is not specified, all the
information about ATM interface will be displayed by default.

interface-type: Interface type, which can determine an ATM interface together


with interface-num.

interface-num: Interface number, which can determine an ATM interface together


with interface-type.

Description

Using the display atm interface command, you can locate the problems
efficiently and get detailed information related to ATM configuration.

The interface-name parameter is actually composed of interface-type and


interface-num. The difference between them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name. When the interface is the main interface, the
information of all interfaces (including sub-interface) at the interface will be
displayed.

For the related command, see display atm.

Example

Display the information about ATM interface atm4/0/0.

<3Com> display atm interface atm 4/0/0

The following information is displayed:

ATM interface Atm4/0/0, State UP


Port Information:
Maximum VCs: 1024,
PVCs: 4, MAPs: 4
input pkts: 0, input bytes: 0, input pkt errors: 0
output pkts: 69, output bytes: 2218, output pkt errors: 8
Sub-interface Information:
PVCs: 4, MAPs: 4
348 CHAPTER 4: LINK LAYER PROTOCOL

input pkts: 0, input bytes: 0, input pkt errors: 0


output pkts: 69, output bytes: 2218, output pkt errors: 8

The explanation on the above messages is:

The maximum number of PVCs on the ATM interface is 1024. The input packets,
bytes and errors of input packets are all 0; output packets are 69, output bytes are
2218 and output packet errors are 8; there are totally 4 PVCs and 4 MAPs at the
interface and the interface status is active (UP).

display atm map-info Syntax


display atm map-info [ interface { interface-name | interface-type interface-num } [ pvc {
pvc-name | vpi/vci } ] ]

View

Any view

Parameter

interface-name: ATM interface name. For detailed naming rules, please refer to
“Interface Configuration” part of this manual. If it is not specified, all the
information about the higher layer mapping table of ATM interface will be
displayed by default.

interface-type: Interface type, which can determine an ATM interface together


with interface-num.

interface-num: Interface number, which can determine an ATM interface together


with interface-type.

pvc-name: PVC name, optional parameter. If no PVC name and no VPI/VCI pair are
specified, the information of the higher layer protocol mapping table about all
PVCs within specified ATM interface will be displayed by default.

vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
Description” in the pvc command.

Description

Using the display atm map-info command, you can view the information about
the upper layer protocol mapping table of ATM.

The interface-name parameter is actually composed of interface-type and


interface-num. The difference between them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name.

For the related commands, see map ip, map ppp, and map bridge.

Example

Display the information about the upper layer protocol mapping table of all ATM
interfaces.
ATM Configuration Commands 349

<3Com> display atm map-info

The following information is displayed:

Atm1/0/0, PVC 1/32, PPP, Virtual-Template10, UP


Atm1/0/0, PVC 1/33, IP & Mask, State UP
100.11.1.1, mask 255.255.0.0, vlink 1
Atm1/0/0, PVC 2/101, ETH, Virtual-Ethernet1/1/1, MAC 00E0.FC01.0203, UP

The explanation on the above messages is:

PVC 1/32 of Atm 1/0/0 interface uses PPPoA mapping, the VT interface numbered
10 is used and the status is activated (UP);

PVC 1/33 of Atm 1/0/0 interface uses IPoA mapping, the configured mapping
static IP address is 100.11.1.1, the address mask is 255.255.0.0, it occupies No.1
vlink and its status is activated (UP);

PVC 2/101 of Atm 1/0/0 interface uses PPPoEoA mapping or IPoEoA mapping, VE
interface numbered 1/1/1 is adopted, the configured MAC address is
00E0.FC01.0203 and its status is activated (UP).

display atm pvc-group Syntax


display atm pvc-group [ interface { interface-name | interface-type interface-num } [ pvc
{ pvc-name [ vpi/vci ] | vpi/vci } ] ]

View

Any view

Parameter

interface-name: ATM interface name. The detailed naming rules can be


determined according to the actual-configured network device type. If it is not
specified, all the information about PVC-Group of ATM interface will be displayed
by default.

interface-type: Interface type, which can determine an ATM interface together


with interface-num.

interface-num: Interface number, which can determine an ATM interface together


with interface-type.

pvc-name: PVC name, optional. If no PVC name and no VPI/VCI pair are specified,
the information about all PVC-Groups within the specified ATM interface will be
displayed by default.

vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
description” in the pvc command.

Description

Using the display atm pvc-group command, you can view the information about
PVC-Group.
350 CHAPTER 4: LINK LAYER PROTOCOL

The interface-name parameter is actually composed of interface-type and


interface-num. The difference between them only relies on a space. In the
command line, there is a space in interface-type and interface-num, but there is no
space in interface-name.

For the related command, see pvc-group.

Example

Display the information about PVC-Group of all ATM interfaces.

<3Com> display atm pvc-group

The following information is displayed:

VPI/VCI PVC-NAME STATE ENCAP PROT INTERFACE GROUP


1/32 3Com UP SNAP IP Atm10/1/0(UP) 1/32
1/33 UP SNAP IP Atm10/1/0(UP) 1/32
3/34 UP SNAP IP Atm10/1/0(UP) 1/32
2/32 UP MUX IP Atm10/1/0.1(UP) 2/32
2/33 UP MUX IP Atm10/1/0.1(UP) 2/32

The explanation on the above messages is as follows (Taking the first record as an
example, and the last four records can refer to the following explanation.):

PVC with VPI/VCI pair as 1/32, its has been activated (UP) and the name is
"3Com". The AAL encapsulation type is SNAP. The application type is IPoA. The
interface is ATM main interface: Slot number is 1, adapter number is 1 and the
interface number is 0. The PVC-Group is created based on PVC "1/32".

display atm pvc-info Syntax


display atm pvc-info [ interface { interface-name | interface-type interface-num } [ pvc {
pvc-name [ vpi/vci ] | vpi/vci } ] ]

View

Any view

Parameter

interface-name: ATM interface name. For detailed naming rules, please refer to
“Interface Configuration” part of this manual. If it is not specified, all the
information about PVC of ATM interface will be displayed by default.

interface-type: Interface type, which can determine an ATM interface together


with interface-num.

interface-num: Interface number, which can determine an ATM interface together


with interface-type.

pvc-name: PVC name, optional parameter. If no PVC name and no VPI/VCI pair are
specified, the information about all PVCs within the specified ATM interface will
be displayed by default.
ATM Configuration Commands 351

vpi/vci: VPI/VCI pair, optional. For more details, please refer to “Parameter
Description” in the pvc command.

Description

Using the display atm pvc-info command, you can view the information about
PVC.

The interface-name parameter is actually composed of interface-type and


interface-num. The difference between them only lies in the space. In the
command line, there are spaces in interface-type and interface-num, but there is
no space in interface-name.

For the related command, see pvc.

Example

Display the information about PVC of all ATM interfaces.

<3Com> display atm pvc-info

The following information is displayed:

VPI/VCI | STATE | PVC-NAME | INDEX | ENCAP | PROT | INTERFACE


--------|-------|----------|-------|-------|------|----------
1/32 |UP |3Com |1 |SNAP |IP |Atm1/0/0 (UP)
1/33 |UP |3Com |5 |MUX |None |Atm1/0/0 (UP)
1/55 |UP |datacomm |2 |SNAP |PPP |Atm1/0/0.1 (UP)
2/66 |UP | |4 |SNAP |IP |Atm1/0/0.4 (UP)
2/101 |UP |beijing |3 |SNAP |ETH |Atm1/0/0.2 (UP)

The explanation on the above messages is as follows (Taking the first record as an
example, and the last four records can refer to the following explanation.):

PVC with VPI/VCI pair as 1/32, its has been activated (UP) and the name is
"3Com". The index number is 1. The AAL encapsulation type is SNAP. The
application type is IPoA. The interface is ATM main interface: Slot number is 1,
adapter number is 0 and the interface number is 0.

encapsulation Syntax
encapsulation aal5-encap

undo encapsulation

View

PVC view

Parameter

aal5-encap: AAL5 encapsulation type, its possible values are as follows:

■ aal5snap: LLC/SNAP (Logical Link Control / Subnet Access Protocol)


encapsulation type
■ aal5mux: MUX encapsulation type
352 CHAPTER 4: LINK LAYER PROTOCOL

■ aal5nlpid: RFC1490 encapsulation type

Description

Using the encapsulation command, you can specify ATM AAL5 encapsulation
type for PVC. Using the undo encapsulation command, you can restore the
default encapsulation.

By default, aal5snap encapsulation is adopted.

Only aal5snap encapsulation supports InARP protocol. InARP is not supported


when aal5mux and aal5nlpid encapsulations are adopted.

To change the encapsulation type for PVC to aal5mux or aal5nlpid, InARP must be
deleted first.

In addition, some types of encapsulations may not support some applications


method (one or more of IPoA, IPoEoA, PPPoA and PPPoEoA). When such cases
appear, the system will give a prompt.

Example

The two examples can both specify AAL5 encapsulation type of PVC as aal5snap.

Display how to specify AAL5 encapsulation type of PVC 1/32 as aal5snap.

[3Com-atm-pvc-Atm1/0/0-1/32] encapsulation aal5snap

Display how to specify AAL5 encapsulation type of PVC 1/33 as aal5snap.

[3Com-atm-pvc-Atm1/0/0-1/33] undo encapsulation

interface atm Syntax


interface atm interface-num

interface atm interface-number.subinterface-num [ multi-point | point-to-point ]

undo interface atm interface-number.subinterface-num

View

System view

Parameter

Interface number: ATM master interface number. For detailed numbering rules,
please refer to “Interface Configuration” part of this manual.

subinterface number: ATM sub-interface number. For detailed numbering rules,


please refer to “Interface Configuration” part of this manual..

multi-point | point-to-point: Sub-interface connection type.


ATM Configuration Commands 353

Description

Using the interface atm command, you can create an ATM sub-interface or enter
an ATM interface view. Using the undo interface atm command, you can delete
an ATM sub-interface.

By default, the connection type of sub-interface is multi-point.

ATM sub-interface has two connection types: multi-point and point-to-point.


Multiple PVCs can be created at the sub-interface of multi-point connection type,
but only one PVC can be created at the sub-interface of point-to-point type.

For the related command, see display atm interface.

Example

The two examples display how to enter the ATM main interface or create/enter the
ATM sub-interface.

Enter the main interface Atm1/0/0.

[3Com] interface atm 1/0/0

Create/enter the sub-interface Atm1/0/0.1 and set its connection type as


point-to-point.

[3Com] interface atm 11/1/0.1 p2p

ip-precedence Syntax
ip-precedence{ pvc-name [ vpi/vci ] | vpi/vci } { min [ max ] | default }

undo ip-precedence{ pvc-name [ vpi/vci ] | vpi/vci }

View

ATM PVC-Group view

Parameter

pvc-name: PVC name, whose maximum length is 16 characters (case insensitive).


It should be unique at ATM interface. And it shouldn't be legal VPI/VCI pair. For
example, "1/20" cannot be a PVC name. The PVC corresponding to pvc-name
must have already been created.

vpi/vci: vpi is ATM Virtual Path Identifier (VPI), which ranges from 0 to 255; vci is
ATM Virtual Channel Identifier (VCI) , which ranges from 0 to 2047. Usually, the
vci values from 0 to 31 are reserved for special usage and cannot be used. PVC
corresponding to vpi/vci must have already been created.

min: Minimum preference of IP packets carried by the PVC.

max: Maximum preference of IP packets carried by the PVC.

default: Packets carried by the PVC with default preference.


354 CHAPTER 4: LINK LAYER PROTOCOL

Description

Using the ip-precedence command, you can set the precedence of IP packets
carried over PVC. Using the undo ip-precedence command, you can delete the
precedence configuration of IP packets carried over PVC.

This command can be only used to set the PVC within the PVC-Group. The
specified minimum preference min must be less than or equal to the specified
maximum preference max.

For the related commands, see pvc-group and pvc.

Example

Display how to set an IP packet named "3Com" whose VPI/VCI is 1/32 and the
PVC carrying preference is 0 to 3.

[3Com-atm-pvc-group-Atm1/0/0-1/32-3Com] ip-precedence 3Com 1/32 0 3

map bridge Syntax


map bridge virtual-ethernet interface-num

undo map bridge

View

PVC view

Parameter

interface-num: Interface number of the VE interface, which is determined by a set


of tri-dimensional indices, i.e., slot number/module number/port number.

Description

Using the map bridge command, you can establish the IPoEoA mapping or
PPPoEoA mapping on the PVC. Using the undo map bridge command, you can
delete the mapping.

By default, no mapping is configured.

Before using this command, make sure that VE has been created.

As the upper layer of the link layer on the VE interface is Ethernet and the lower
layer is carried by AAL5, the MAC address used by VE is not the actual MAC
address and it cannot be obtained from the hardware and must be configured
manually. Users need to configure the correct MAC address by themselves.

Example

The following example shows a complete process of IPoEoA configuration.

Establish a VE interface Virtual-Ethernet2/0/0.

[3Com] interface virtual-ethernet 2


ATM Configuration Commands 355

Configure IP address 10.1.1.1/16 for the VE interface.

[3Com-Virtual-Ethernet2/0/0] ip address 10.1.1.1 255.255.0.0


[3Com-Virtual-Ethernet2/0/0] quit

Establish PVC 1/102 on the ATM interface Atm2/0/0

[3Com] interface atm 2/0/0


[3Com-Atm2/0/0] pvc 1/102

Establish the IPoE mapping using the established VE interface in PVC view.

[3Com-atm-pvc-Atm2/0/0-1/102] map bridge virtual-ethernet2

map ip Syntax
map ip { ip-address [ ip-mask ] | default | inarp [ minutes ] } [ broadcast ]

undo map ip { ip-address | default | inarp }

View

PVC view

Parameter

ip-address: Opposite IP address mapping to PVC.

ip-mask: IP address mask, optional. If a packet cannot find the next hop at the
interface, but the next hop address belongs to the network segment specified by
ip-address and ip-mask, it can be sent over the PVC.

default: A mapping with the default route property is set. If a packet cannot find
a mapping with the same address of next hop at the interface, but one PVC has
the default mapping, the packet can be sent over the PVC.

inarp: Enables Inverse Address Resolution Protocol (InARP) at PVC.

minutes: Time interval to send InARP packets in minutes, optional. The range of
the value is 1 to 600 and the default value is 15.

broadcast: Pseudobroadcast, optional parameter. If a mapping with such property


is configured at PVC, the broadcast packets at the interfaces should be sent a copy
at the PVC.

Description

Using the map ip command, you can create IPoA mapping for PVC. Using the
undo map ip command, you can delete the mapping.

By default, no mapping is configured. If a mapping is set, pseudobroadcast is not


supported by default.

When InARP is used, it must be aal5snap encapsulation type. InARP is not


supported when aal5mux and aal5nlpid encapsulations are adopted.
356 CHAPTER 4: LINK LAYER PROTOCOL

Example

The two examples are the cases creating IPoA mapping for PVC.

Display how to create a static mapping at PVC 1/32, specify the opposite IP
address to 61.123.30.169 and support pseudobroadcast.

[3Com-atm-pvc-Atm1/0/0-1/32] map ip 61.123.30.169 broadcast

Display how to enable InARP at PVC 1/33 to automatically obtain the opposite
address and send InARP packets every 10 minutes.

[3Com-atm-pvc-Atm1/0/0.1-1/33] map ip inarp 10

map ppp Syntax


map ppp virtual-template vt-number

undo map ppp View

View

PVC view

Parameter

Virtual-template (VT) Interface number corresponding to PPPoA. It should be


created previously.

Description

Using the map ppp command, you can create PPPoA mapping at PVC in PVC
view. Using the undo map ppp command, you can delete the mapping.

By default, no mapping is configured.

Before this command is used, the VT must have already been created.

Example

Display a complete PPPoA configuration process.

At first, a VT interface with the number 10 is created and its IP address is


configured.

[3Com] interface virtual-template 10


[3Com-Virtual-Template10] ip address 202.38.160.1 255.255.255.0
[3Com-Virtual-Template10] quit

And then PVC 1/101 at ATM interface Atm1/0/0 is created.

[3Com] interface atm 1/0/0


[3Com-Atm1/0/0] pvc 1/101

The newly created VT interface is used to create the PPPoA mapping.

[3Com-atm-pvc-Atm1/0/0-1/101] map ppp virtual-template 10


ATM Configuration Commands 357

mtu Syntax
mtu mtu-number

undo mtu

View

Interface view

Parameter

mtu-number: MTU size of ATM interface in bytes, the range of the value is 128 to
16384.

Description

Using the mtu command, you can set the size of Maximum Transmission Unit
(MTU) of the ATM interface. Using the undo mtu command, you can restore the
default of the value.

By default, 1500 bytes.

MTU of ATM interface only influences the packet assembling and packet
disassembling of IP layer at the ATM interface. Because of the limit of the QoS
queue length (for example, the default length of the FIFO queue is 75), the too
small MTU will lead to too many fragments and will be dropped by the QoS
queue. In this case, the length of the QoS queue can be enlarged appropriately.
FIFO is the queue dispatching mechanism used by PVC by default, and its queue
length can be changed by using the fifo queue-length command in the PVC view.

This command can be used in ATM main interface and sub-interface at the same
time.

Example

Display how to set MTU of ATM interface Atm1/0/0 to 1492 bytes.

[3Com-Atm1/0/0] mtu 1492

oam frequency Syntax


oam frequency frequency [ up up-count down down-count retry-frequency
retry-frequency ]

undo oam frequency

View

PVC view, ATM Class view.

Parameter

frequency: Time interval to send OAM F5 Loopback cells in seconds, and the
range of the value is 1 to 600.
358 CHAPTER 4: LINK LAYER PROTOCOL

up-count: The number of OAM F5 Loopback cells continuously and correctly


received before PVC status changes to UP. The range of the number is 1 to 600.

down-count: The number of OAM F5 Loopback cells continuously and correctly


not received before PVC status changes to DOWN. The range of the number is 1
to 600.

retry-frequency: Before PVC status changes, the sending interval of OAM F5


Loopback cell in retransmission check, in second. The range of the value is 1 to
1000.

Description

Using the oam frequency command, you can enable the transmission of OAM F5
Loopback cell so as to check the PVC status. You can also enable OAM F5
Loopback retransmission check or modify the related parameters of the
retransmission check. Using the undo oam frequency command, you can disable
the transmission and retransmission check of the cell.

By default, OAM F5 Loopback cell transmission is disabled, but if OAM F5


Loopback cell is received, it should be responded. By default, up-count is 3,
down-count is 5 and retry-frequency is 1 second.

Example

Display how to enable OAM F5 Loopback check at PVC 1/32, with the period of
12 seconds. And set the retransmission check up-count as 4, down-count as 4 and
retransmission period as 1 second.

[3Com-atm-pvc-Atm1/0/0-1/32] oam frequency 12 up 4 down 4 retry-frequency 1

pvc Syntax
pvc { pvc-name [ vpi/vci ] | vpi/vci }

undo pvc { pvc-name [ vpi/vci ] | vpi/vci }

View

ATM interface view or PVC-Group view

Parameter

pvc-name: PVC name, whose maximum length is 16 characters. It shall be unique


at ATM interface (case insensitive), and can not be legal VPI/VCI pair. For example,
"1/20" cannot be a PVC name.

vpi/vci: vpi is ATM Virtual Path Identifier (VPI) in the range 0 to 255; vci is ATM
Virtual Channel Identifier (VCI). Its value range depends on interface type. See the
following table for reference. Usually, the vci values from 0 to 31 are reserved for
special usage and cannot be used
Table 15 VCI range for each type of ATM interface

nterface type VCI


ADSL <0-255>
ATM Configuration Commands 359

Table 15 VCI range for each type of ATM interface

nterface type VCI


GSHDSL <0-255>
ATMOC3 <0-1023>
ATM25 <0-511>
ATME3 <0-1023>
ATMT3 <0-1023>

1) vpi and vci cannot both be 0.

2) A PVC in certain PVC-Group cannot be deleted at ATM interface.

Description

Using the pvc command, you can create a PVC or enter the PVC view at ATM
interface or in PVC-Group view. Using the undo pvc command, you can delete
the specified PVC.

By default, no PVC is created.

This command is used to create a PVC with specified VPI/VC.

Once pvc-name is specified for one PVC (e.g. "3Com"), it is possible to re-enter
the PVC view by inputting pvc pvc-name (e.g. " pvc 3Com"). The deletion of the
PVC can be done by inputting undo pvc pvc-name (e.g. " undo pvc 3Com") or
through the undo pvc vpi/vci (if the VPI/VCI of this PVC is 1/32, it is " undo pvc
1/32") command.

The VPI/VCI pair of each PVC is unique at an ATM interface (including main
interface and sub-interface).

The actual number of PVCs that can be created is determined by the pvc
max-number command.

For the related commands, see display atm pvc-info and pvc max-number.

Example

Display how to create a PVC named "3Com" with VPI/VCI as 1/101.

[3Com-Atm1/0/0] pvc 3Com 1/101

pvc-group Syntax
pvc-group { pvc-name [ vpi/vci ] | vpi/vci }

undo pvc-group { pvc-name [ vpi/vci ] | vpi/vci }

View

ATM interface view


360 CHAPTER 4: LINK LAYER PROTOCOL

Parameter

pvc-name: PVC name, whose maximum length is 16 characters. It is case


insensitive and should be unique at ATM interface. And it shouldn't be legal
VPI/VCI pair. For example, "1/20" cannot be a PVC name. The PVC corresponding
to pvc-name must have already been created.

vpi/vci: vpi is ATM Virtual Path Identifier (VPI) in the range 0 to 255; vci is ATM
Virtual Channel Identifier (VCI). For its value range, refer to VCI range for each
type of ATM interface. Usually, the vci values from 0 to 31 are reserved for special
usage and cannot be used. PVC corresponding to vpi/vci must have already been
created.

Description

Using the pvc-group command, you can create a PVC-Group or enter the
PVC-Group view at ATM interface. Using the undo pvc-group command, you can
delete the specified PVC-Group.

Once pvc-name is specified for some PVC (e.g. "3Com"), it is possible to enter the
PVC-Group view by inputting pvc-group pvc-name (e.g. "pvc-group 3Com"). The
deletion of the PVC-Group can be done by inputting undo pvc-group pvc-name
(e.g. "undo pvc-group 3Com") or through the undo pvc-group vpi/vci (if the
VPI/VCI of this PVC is 1/32, it is " undo pvc-group 1/32") command.

For the related commands, see ip-precedence and pvc.

Example

Display how to create a PVC-Group based on the name "3Com" and the PVC
with VPI/VCI as 1/32.

[3Com-Atm1/0/0] pvc-group 3Com 1/32.

pvc max-number Syntax


pvc max-number max-number

undo pvc max-number

View

ATM master interface view

Parameter

max-number: Maximum number of supported VCs. Value range of this parameter


depends on interface type, as shown in the following table:
Table 16 The maximum number of VCs allowed for each type of ATM interface

Interface type max-number


ADSL <1-32>
GSHDSL <1-32>
ATMOC3 <1-1024>
ATM Configuration Commands 361

Table 16 The maximum number of VCs allowed for each type of ATM interface

Interface type max-number


ATM25 <1-256>
ATME3 <1-1024>
ATMT3 <1-1024>

Description

Using the pvc max-number command, you can set the maximum number of
ATM interface virtual circuits (VC). Using the undo pvc max-number command,
you can restore the default value.

This command is used to set the maximum number of the total available VCs for
ATM main interfaces and sub-interfaces.

Although this command is valid on both ATM main interface and sub-interface, it
can only be used in ATM main interface view and there is not this command in
ATM sub-interface view.

For the related command, see display atm interface.

Example

The two examples can both make ATM interface Atm1/0/0 support totally 2048
VCs.

Display how to set ATM interface Atm1/0/0 to totally support maximum 2048
VCs.

[3Com-Atm1/0/0] pvc max-number 2048

Display how to set ATM interface Atm1/0/0 to support the default maximum
number of VCs (2048).

[3Com-Atm1/0/0] undo pvc max-number

pvp limit Syntax


pvp limit vpi peak-rate

undo pvp limit vpi

View

ATM master interface view

Parameter

vpi: Virtual path identifier of ATM network, its value ranges from 0 to 255.

peak-rate: Normal flow to be held. Value range of this parameter depends on


interface type, as shown in the following table:
362 CHAPTER 4: LINK LAYER PROTOCOL

Table 17 Value ranges of peak-rate

nterface type peak-rate


ADSL <64-640>
GSHDSL <64-2312>
ATMOC3 <2000-155000>
ATM25 <64-25600>
ATME3 <64-34000>
ATMT3 <64-45000>

Description

Using the pvp limit command, you can set the parameters for VP policing. Using
the undo pvp limit command, you can delete the VP policing.

By default, the VP policing is not performed.

When applying VP policing, the parameters of PVC are still valid. Only when the
parameters of PVC and VP policing are satisfied, will the packets be transmitted.
When calculating the traffic, the LLC/SNAP, MUX and NLPID headers are included,
but the ATM cell head is not included.

For the related commands, see pvc, service cbr, service vbr-nrt, and service
vbr-rt, service ubr.

Example

Set the traffic of VP with vpi 1 to 2M.

[3Com-Atm1/0/0] pvp limit 1 2000

service cbr Syntax


service cbr output-pcr [ cdvt cdvt_value ]

View

PVC view

Parameter

output-pcr: Output peak rate of ATM cell in Kbit/s. Value range of this parameter
depends on interface type, as shown in the following table
Table 18 Value ranges of output-pcr

Interface type output-pcr


ADSL <64-640>
GSHDSL <64-2312>
ATMOC3 <2000-155000>
ATM25 <64-25600>
ATME3 <64-34000>
ATM Configuration Commands 363

Table 18 Value ranges of output-pcr

Interface type output-pcr


ATMT3 <64-45000>

cdvt_value: cell delay variation tolerance, in ìs, and the range of the value is 0 to
10000ìs.

Description

Using the service cbr command, you can specify PVC service type as constant bit
rate (CBR).

By default, the service type is UBR after creating a PVC. When the value of cdvt is
not specified, it is 500ìs by default.

This command is used to set the PVC service type and parameter. The newly
specified PVC service type will replace the existing service type. It is recommended
that the PVC with larger bandwidth be created first and then the one with smaller
bandwidth. If the creation fails, the cdvt_value can be adjusted larger to create the
PVC once more. The above case will be prompted in the command line, as follows:

“fail to set service parameter, please adjust cdvt value”

The command does not support ATM E1 interface and ATM E3 interface.

For the related commands, see service vbr-nrt, service vbr-rt, and service ubr.

Example

Create a PVC named "3Com" with VPI/VCI as 1/101.

[3Com-Atm1/0/0] pvc 3Com 1/101

Specify the service type of the PVC as cbr and the peak rate of ATM cell as
50,000Kbits/s.Cell delay variation tolerance is 1000ìs.

[3Com-atm-pvc-Atm1/0/0-1/101-3Com] service cbr 50000 cdvt 1000

service ubr Syntax


service ubr output-pcr

View

PVC view

Parameter

output-pcr: Output peak rate of ATM cell in Kbit/s. For the value ranges of this
parameter, see Value ranges of output-pcr.
364 CHAPTER 4: LINK LAYER PROTOCOL

Description

Using the service ubr command, you can specify the service type of PVC as
Unspecified Bit Rate (UBR) and specify the related rate parameters.

By default, the service type is UBR after creating a PVC.

This command as well as the service vbr-nrt, service vbr-rt and service cbr
commands can be used to set the service type and service parameters of PVC. The
newly specified PVC service type will supersede the existing service type.

For the related commands, see service vbr-nrt, service vbr-rt, and service cbr.

Example

Display how to create a PVC named "3Com" with VPI/VCI as 1/101.

[3Com-Atm1/0/0] service pvc 3Com 1/101

Display how to specify the service type of the PVC as ubr and the peak cell rate of
ATM cell as 100,000Kbps.

[3Com-atm-pvc-Atm1/0/0-1/101-3Com] service ubr 100000

service vbr-nrt Syntax


service vbr-nrt output-pcr output-scr output-mbs

View

PVC view

Parameter

output-pcr: Peak rate of ATM cell output in Kbit/s. For the value ranges of this
parameter, see Value ranges of output-pcr.

output-scr: Sustainable rate of ATM cell output in Kbps. Its value ranges are the
same as those of output-pcr.

output-mbs: Maximum burst size of ATM cell output, i.e., the maximum cache size
of ATM cell output at the interface in cell number.

Description

Using the service vbr-nrt command, you can specify the service type of PVC as
Variable Bit Rate-Non Real Time (VBR-NRT) and specify the related rate
parameters.

By default, the service type is UBR after creating a PVC.

This command as well as the service ubr, service vbr-rt and service cbr commands
can be used to set the service type and service parameters of PVC. The newly
specified PVC service type will supercede the existing service type.

For the related commands, see service vbr-rt, service ubr, and service cbr.
ATM Configuration Commands 365

Example

Display how to create a PVC named "3Com" with VPI/VCI as 1/101.

[3Com-Atm1/0/0] pvc 3Com 1/101

Display how to specify the service type of the PVC as VBR-NRT and set the peak
bit rate of ATM cell to 100,000kbit/s, sustainable bit rate to 50,000Kbps, the
maximum burst size to 320 cells.

[3Com-atm-pvc-Atm1/0/0-1/101-3Com] service vbr-nrt 100000 50000 320

service vbr-rt Syntax


service vbr-rt output-pcr output-scr output-mbs

View

PVC view

Parameter

output-pcr: Peak cell rate of ATM output in Kbit/s. For the value ranges of this
parameter.

output-scr: Sustainable cell rate of ATM output in Kbps. Its value ranges are the
same as those of output-pcr.

output-mbs: Maximum burst size of ATM cell output, i.e., the maximum cache size
of ATM cell output at the interface in cell number. The range of the value is 1 to
512. When it is used in ATM E3 interface, the range of the parameter is 1 to 512.

Description

Using the service vbr-rt command, you can set the service type of PVC to Variable
Bit Rate - Real Time (VBR-RT) and specify the related rate parameters in the PVC
view.

By default, the service type is UBR after creating a PVC.

This command as well as the service ubr, service cbr and service vbr-nrt commands
can be used to set the service type and service parameters of PVC. The newly
specified PVC service type will supercede the existing service type. The command
does not support ATM E1 interface.

For the related commands, see service cbr, service ubr, and service vbr-nrt.

Example

Display how to create a PVC named "3Com" with VPI/VCI as 1/101.

[3Com-if-Atm1/0/0] pvc 3Com 1/101

Display how to specify the service type of the PVC as VBR-NRT and set the peak
cell rate of ATM to 100,000kbit/s, sustainable cell rate to 50,000Kbps, the
maximum burst size to 320 cells.
366 CHAPTER 4: LINK LAYER PROTOCOL

[3Com-atm-pvc-Atm1/0/0-1/101-3Com] service vbr-rt 100000 50000 320

LAPB and X.25


Configuration
Commands

channel Syntax
channel { interface serial interface-number | xot ip-address }

undo channel { interface serial interface-number | xot ip-address }

View

X.25 hunt group view

Parameter

interface-number: Interface number, its value ranges from 0 to 3.

ip-address: IP address of the peer XOT host.

Description

Using the channel command, you can add X.25 interface or XOT channel of one
serial port to the current hunt group. Using the undo channel command, you can
delete the specified interface or XOT channel from the current hunt group.

One interface may belong to six hunt groups at most at the same time.

For the related command, see X25 hunt-group.

Example

Add the serial interface serial0/0/0 to the hunt group hg1.

[3Com] x25 hunt-group hg1 round-robin


[3Com-hg-hg1] channel interface serial0/0/0

debugging pad Syntax


debugging pad { all | error | event | packet }

undo debugging pad { all | error | event | packet }

View

User view

Parameter

all: All debugging switch of PAD.

error: Error debugging switch of PAD.

event: Event debugging switch of PAD.


LAPB and X.25 Configuration Commands 367

packet: Packet debugging switch of PAD.

Description

Using the debugging pad command, you can enable the debugging switch of
PAD.

Using the undo debugging pad command, you can disable the debugging
switch of PAD.

Example

None

debugging x25 xot Syntax


debugging x25 xot { all | event | packet }

undo debugging x25 xot { all | event | packet }

View

User view

Parameter

all: All debugging switch of XOT.

event: Event debugging switch of XOT.

packet: Packet debugging switch of XOT

Description

Using the debugging x25 xot command, you can enable the debugging switch
of XOT

Using the undo debugging x25 xot command, you can disable the debugging
switch of XOT

Example

None

display interface Syntax


display interface serial [ number ]

View

Any view

Parameter

number: Serial interface number.


368 CHAPTER 4: LINK LAYER PROTOCOL

Description

Using the display interface command, you can view the LAPB or X.25 interface
information. After configuring PVC of X.25, users can use the command to obtain
the status information on one interface.

Example

Encapsulate Serial0/0/0 with LAPB protocol and view the encapsulated interface
information using the following commands.

<3Com> system-view
[3Com] interface Serial1/0/0
[3Com-Serial0/0/0] linl-protocol lapb
[3Com-Serial0/0/0] display interface serial 0/0/0
Serial0/0/0 current state : UP
Line protocol current state : UP
Description : 3Com, 3Com Series, Serial4/0/0 Interface
The Maximum Transmit Unit is 1500, Holder timer is 10(sec)
Internet protocol processing : disabled
Link-protocol is X.25 DCE Ietf, address is , state R1, modulo 8
input/output: window sizes 7/7, packet sizes 256/256
Channels: Incoming-only 10-20, Two-way 30-40, Outgoing-only 50-60
Timers: T10 60, T11 180, T12 60, T13 60, Idle_Timer 0 (seconds)
New configuration(will be effective after restart): modulo 8
input/output: window sizes 7/7, packet sizes 256/256
Channels: Incoming-only 10-20, Two-way 30-40, Outgoing-only 50-60
Statistic: Restarts 0 (Restart Collisions 0)
Refused Incoming Call 0, Failing Outgoing Call 0
input/output: RESTART 1/1 CALL 9/2 DIAGNOSE 0/0
DATA 119/121 INTERRUPT 0/0 Bytes 2497/2731
RR 6/113 RNR 0/0 REJ 0/0
Invalid Pr: 0 Invalid Ps: 0 Unknown: 0
Link-protocol is LAPB
LAPB DCE, module 8, window-size 7, max-frame 12056, retry 10
Timer: T1 3000, T2 1500, T3 0 (milliseconds), x.25-protocol
state CONNECT, VS 6, VR 3, Remote VR 6
IFRAME 147/254, RR 11/6, RNR 0/0, REJ 0/0
FRMR 0/0, SABM 0/1, DM 0/0, UA 1/0
DISC 0/0, invalid ns 0, invalid nr 0, link resets 0
FIFO queuing: (Outbound queue:Size/Length/Discards)
FIFO 0/75/0
Physical layer is synchronous,
Interface is DTE, Cable type is V24
5 minutes input rate 0.00 bytes/sec, 0.01 packets/sec
5 minutes output rate 0.07 bytes/sec, 0.01 packets/sec
159 packets input, 3338 bytes, 0 no buffers
261 packets output, 4057 bytes, 0 no buffers
0 input errors, 0 CRC, 0 frame errors
0 overrunners, 0 aborted sequences, 0 input no buffers
DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP

The above information will be displayed after entering the command series, in
which the contents in boldface are those related to X.25 and LAPB protocols. The
main parameters are described as follows:
LAPB and X.25 Configuration Commands 369

■ Link-protocol is X.25 DCE Ietf: Current encapsulation protocol of this


interface is X.25 protocol that works in DCE mode, and the data packet
encapsulation format is IETF.
■ address is: X.121 address of this X.25 interface; this field will be empty if
there is no address.
■ state: Current status of this X.25 interface.
■ modulo: Data packets and traffic control packets sent by this X.25 interface
are numbered in modulo 8 mode.
■ input/output: Window sizes 7/7, packet sizes 256/256: Flow control
parameters of this X.25 interface, including receiving window size, sending
window size, maximum received packet size (in bytes), and maximum sent
packet size (in bytes).
■ Channels: Channel range division of this X.25 interface, sequentially as
incoming-only channel section, two-way channel section, outgoing-only
channel section; if both demarcating values of an section are 0, this section
is disabled.
■ Timers: Delay values of various timers of this X.25 interface, in unit of
second.
■ New Configuration: New configuration of this X.25 interface taking effect
after next restart; if this configuration is wrong, the default value will be
restored.
■ Restarts 0 ( Restart Collision 0): Statistics of this X.25 interface, including
times of restart (including restart collision).
■ Refused Incoming Call: Statistics information of this X.25 interface: times of
call refusals. times of call failures.
■ Failing Outgoing Call: Statistics information of this X.25 interface:
■ input/output: RESTART 1/1 ... REJ 0/0:Statistics information of this X.25
interface: quantities of received and sent packets, format: received
quantity/sent quantity.
■ Invalid Pr: Error statistics information of this X.25 interface: total of received
data packets and traffic control packets carrying erroneous
acknowledgement numbers.
■ Invalid Ps: Error statistics information of this X.25 interface: total of received
data packets carrying erroneous sequence numbers.
■ Unknown: Error statistics information of this X.25 interface: total of
received irresolvable packets.
■ Link-protocol is LAPB: Current encapsulation protocol of this interface is
LAPB protocol.
■ LAPB DCE: LAPB of this interface works in DCE mode.
■ module 8: Information frame and monitoring frame sent by this interface
LAPB are numbered in the modulo 8 view.
■ window-size 7: Window size of this interface LAPB is 7.
■ max-frame 12056: The maximum length of frame sent by the interface
LAPB is 12056 bits.
370 CHAPTER 4: LINK LAYER PROTOCOL

■ retry 10: Maximum re-sending times of information frame of this interface


LAPB is 10.
■ timer: Delay value of timers of this interface LAPB, in milliseconds. The unit
of T3 is second.
■ state: Current status of this interface LAPB.
■ VS: Sending variable of this interface LAPB.
■ VR: Receiving variable of this interface LAPB.
■ Remote VR: Peer’s last acknowledgment on information frame received by
this interface LAPB.
■ IFRAME 147/254 ... DISC 0/0: Statistics information of frames sent and
received by this interface LAPB, format: received quantity/sent quantity.
■ Invalid ns: Error statistics of this interface LAPB, including total of received
information frames carrying erroneous sequence numbers.
■ Invalid nr: Error statistics of this interface LAPB, including total of received
information frames and monitoring frames carrying erroneous
acknowledgment numbers.
■ Link resets: Restarting times of this interface LAPB link.

display x25 alias-policy Syntax


display x25 alias-policy [ interface interface-type slot-number ]

View

Any view

Parameter

interface-type: Interface type.

slot-number: Interface number.

Description

Using the display x25 alias-policy command, you can view X.25 alias table.

For the related command, see x25 alias-policy.

Example

Display X.25 alias table.

<3Com> display x25 alias-policy


Alias for Serial0/0/0:
Alias for Serial1/0/0:
Alias- 1:$20112405$strict
Alias- 2:$20112450left
Alias- 3:20112450$right

The above information indicates: the interface Serial0/0/0 is set without alias, and
the interface Serial1/0/0 is set with 3 aliases, which are $20112405$ (in strict
LAPB and X.25 Configuration Commands 371

match mode), $20112405 (in left alignment match mode) and 20112405$ (in
right alignment match mode).

display x25 Syntax


hunt-group-info
display x25 hunt-group-info [ hunt-group-name ]

View

Any view

Parameter

hunt-group-name: hunt group name

Description

Using the display x25 hunt-group-info command, you can view the status
information of X.25 hunt group.

You can use this command to learn the hunt group of the Router and the
information about the interfaces and XOT channel inside the hunt group.

For the related command, see x25 hunt-group.

Example

Display the status information of X.25 hunt group hg1.

[3Com] display x25 hunt-group-info hg1


HG_ID : hg1 HG_Type: round-robin
member state vc-used in-pkts out-pkts
Serial0/0/0 Last 2 51 20
Serial1/0/0 Next 1 21 15
1.1.1.1 Normal 1 24 3

The following table introduces the meaning of each field in the displayed
information.
Table 19 Explanation of each field in the command display x25 hunt-group-info

Field Explanation
hg1 Hunt group name
round-robin Hunt group call channel selection policy
member Interfaces or XOT channel contained in hunt group
state The state of the current interface or XOT channel, including:
Last:Last: last used Next: interfaces or XOT channel selected by rotary selection policy
next
Normal: normal state vc-used
Call number on the in-pkts
interface or XOT
channel (including call
success and call failure)
372 CHAPTER 4: LINK LAYER PROTOCOL

Table 19 Explanation of each field in the command display x25 hunt-group-info

Field Explanation
Input flow on the out-pkts
interface or XOT
channel in packets
Output flow on the
interface or XOT
channel in packets

display x25 map Syntax


display x25 map

View

Any view

Parameter

None

Description

Using the display x25 map command, you can view the X.25 address mapping
table.

The X.25 address mapping can be configured in two methods: special


configuration (through the x25 map command) or implied configuration (through
the x25 pvc command). The display x25 map command can be used to show all
the address mappings.

For the related commands, see x25 map, x25 pvc, x25 switch pvc, x25 xot pvc,
and x25 fr pvc.

Example

Display the X.25 address map table.

<3Com> display x25 map


Interface:Serial3/0/0(protocol status is up):
ip address:202.38.162.2 X.121 address: 22
map-type: SVC_MAP VC-number: 0
Facility:
ACCEPT_REVERSE;
BROADCAST;
PACKET_SIZE: I 512 O 512 ;

display x25 pad Syntax


display x25 pad [ pad-id ]

View

Any view
LAPB and X.25 Configuration Commands 373

Parameter

pad-id: PAD ID, its value ranges from 0 to 255. If it is not specified, all PAD
connection information will be displayed.

Description

Using the display x25 pad command, you can view X.25 PAD connection
information.

PAD is a kind of application similar to telnet. It can establish the connection


between two ends through X121 address, and then, to carry out configuration
operations.

For the related commands, see display x25 vc and x25 xot.

Example

Display X.25 PAD connection information.

[3Com] display x25 pad


UI-INDEX130:
From remote 22 connected to local 11, State: Normal
X.3Parameters(In):
1:1,2:0,3:2,4:1,5:0,6:0,7:21,8:0,9:0,10:0,11:14
12:0,13:0,14:0,15:0,16:127,17:21,18:18,19:0,20:0,21:0,22:0
X.3Parameters(Out):
1:1,2:0,3:2,4:1,5:0,6:0,7:21,8:0,9:0,10:0,11:14
12:0,13:0,14:0,15:0,16:127,17:21,18:18,19:0,20:0,21:0,22:0
Input:
Pkts(total/control): 13/2 bytes:12
queue(size/max) :0/200
Output:
Pkts(total/control): 15/2 bytes:320

display x25 switch-table Syntax


pvc
display x25 switch-table pvc

View

Any view

Parameter

None

Description

Using the display x25 switch-table pvc command, you can view X.25 switching
virtual circuit table.

For the related commands, see x25 pvc, x25 switch pvc, x25 xot pvc, x25 fr
pvc, and x25 switch svc.
374 CHAPTER 4: LINK LAYER PROTOCOL

Example

Display X.25 switching virtual circuit table.

[3Com] display x25 switch-table pvc


#1 (In: Serial0/0/0-vc1024)<— —>(Out: Serial1/0/0-vc1}
#2 (In: Serial1/0/0-vc1024)<— —>(Out: Serial0/0/0-vc1}

display x25 switch-table Syntax


svc
display x25 switch-table svc { dynamic | static }

View

Any view

Parameter

None

Description

The command display x25 switch-table svc is used to display X.25 switching
routing table.

For the related command, see x25 switch svc.

Example

Display X.25 switching routing table.

[3Com] display x25 switch-table svc static


Number Destination Substitute- Substitute- CUD SwitchTo(type/name)
src dst
1 11 I/Serial2/0/0
2 22 I/Serial2/1/0
3 133 H/hg1
4 132 T/123.123.123.123
5 133 T/123.123.123.123
T/124.124.124.124
T/125.125.125.125
6 111 222 333 T/4.4.4.4
Total of static svc is 6.
The item type of SwitchTo meaning:
I: interface H: hunt-group T: xot

The following table introduces the meaning of each field in the displayed
information.
Table 20 Explanation of each field in the command display x25 switch-table svc

Field Explanation
Number Sequence number of this route in the routing table
Substitute-src X.121 source address after substitution, if the content is blank,
it means no substitution.
Substitute-dst X.121 destination address after substitution, if the content is
blank, it means no substitution.
LAPB and X.25 Configuration Commands 375

Table 20 Explanation of each field in the command display x25 switch-table svc

Field Explanation
CUD Call User Data
SwitchTo Forwarding address of this route, including interface, XOT
channel and hunt group

display x25 vc Syntax


display x25 vc [ lci ]

View

Any view

Parameter

lci: Logical channel identifier, its value ranges from 1 to 4095. If the logical
channel identifier is not specified, all virtual circuits will be displayed.

Description

Using the display x25 vc command, you can view the information about the X.25
virtual circuit.

SVC (Switched Virtual Circuit) is set up temporarily by X.25 through call


connection when data transmission is required. PVC is configured manually and
exists regardless of the data transmission requirement. When the router works in
X.25 switched mode, virtual circuits will be set up in order to transfer the switched
data. The information about these virtual circuits can be shown via this command,
and only some fields in the displayed information differ.

For the related commands, see x25 pvc, x25 switch pvc, x25 xot pvc, and x25
fr pvc.

Example

Display X.25 virtual circuit.

<3Com> display x25 vc


Interface: Serial2/0/0
SVC 1
State: P4
Map: ip 10.1.1.2 to 130
Window size: input 2 output 2
Packet Size: input 128 output 128
Local PS: 5 Local PR: 5 Remote PS: 5 Remote PR: 4
Local Busy: FALSE Reset times: 0
Input/Output:
DATA 5/5 INTERRUPT 0/0
RR 0/0 RNR 0/0 REJ 0/0
Bytes 420/420
Snd Queue(Current/Max): 0/200
Interface: Serial2/1/0
SVC 10
State: P4
376 CHAPTER 4: LINK LAYER PROTOCOL

SVC <--> Serial2/0/0 SVC 60


Window size: input 2 output 2
Packet Size: input 128 output 128
Local PS: 0 Local PR: 0 Remote PS: 0 Remote PR: 0
Local Busy: FALSE Reset times: 0
Input/Output:
DATA 5/5 INTERRUPT 0/0
RR 0/0 RNR 0/0 REJ 0/0
Bytes 420/420
Snd Queue(Current/Max): 0/200
Interface: Serial2/0/0-1.1.1.1
PVC 1
State: P/Inactive
XOT PVC <--> Serial2/0/0 PVC 1 connected
Window size: input 2 output 2
Packet Size: input 128 output 128
Local PS: 0 Local PR: 0 Remote PS: 0 Remote PR: 0
Local Busy: FALSE Reset times: 0
Input/Output:
DATA 0/0 INTERRUPT 0/0
RR 0/0 RNR 0/0 REJ 0/0
Bytes 0/0
Snd Queue(Current/Max): 1/200
Interface: Serial2/0
PVC 1
State: D3
PVC <--> XOT Serial2/0/0-1.1.1.1 PVC 1 connected
Window size: input 2 output 2
Packet Size: input 128 output 128
Local PS: 0 Local PR: 0 Remote PS: 0 Remote PR: 0
Local Busy: FALSE Reset times: 0
Input/Output:
DATA 0/0 INTERRUPT 0/0
RR 0/0 RNR 0/0 REJ 0/0
Bytes 0/0
Snd Queue(Current/Max): 0/200
Interface: Serial2/0/0
SVC 59
State: P4
PAD: UI-130 From remote 130 connected to local 220
Window size: input 2 output 2
Packet Size: input 128 output 128
Local PS: 3 Local PR: 1 Remote PS: 1 Remote PR: 2
Local Busy: FALSE Reset times: 0
Input/Output:
DATA 9/11 INTERRUPT 0/0
RR 6/2 RNR 0/0 REJ 0/0
Bytes 53/363
Snd Queue(Current/Max): 0/200

display x25 xot Syntax


display x25 xot

View

Any view
LAPB and X.25 Configuration Commands 377

Parameter

None

Description

Using the display x25 xot command, you can view XOT link information.

You can use the command display x25 xot to view the detailed information
about all XOT links, including peer ip and port, local ip and port, keepalive setting
of socket and come/go interface names.

For the related commands, see x25 switch svc xot and x25 xot pvc.

Example

Display XOT link information.

[3Com] display x25 xot


SVC 1024: ( ESTAB )
tcp peer ip: 10.1.1.1, peer port: 1998
tcp local ip: 10.1.1.2, local port: 1024
socket keepalive period: 5, keepalive tries: 3
come interface name: Serial0/0/0-10.1.1.1-1024
go interface name: Serial0/0/0:

The above information indicates: there is one established XOT link via SVC, whose
peer IP is 10.1.1.1, peer port is 1998, local IP is 10.1.1.2, local port is 1024,
keepalive period of socket is 5 seconds, keepalive tries are 3, come interface name
is Serial0/0/0-10.1.1.1-1024 (XOT interface), and go interface name is Serial0/0/0.

lapb max-frame Syntax


lapb max-frame n1-value

undo lapb max-frame

View

Interface view

Parameter

n1-value: The value of the parameter N1 in bits, and its value ranges from 1096 to
12104.By default, the parameter N1 of LAPB is 12032.

Description

Using the lapb max-frame command, you can configure the LAPB parameter N1.
Using the undo lapb max-frame command, you can restore the default value.

N1 shall indicate the maximum bit of I frame that DCE or DTE wish to receive from
DTE or DCE, and its value is maximum transmission unit (MTU) plus the total bytes
of protocol header times 8, which stipulates the maximum length of transmission
frame.
378 CHAPTER 4: LINK LAYER PROTOCOL

Example

Set the parameter N1 of LAPB on the interface Serial 0/0/0 is 1160.

[3Com-Serial0/0/0] lapb max-frame 1160

lapb modulo Syntax


lapb modulo { 128 | 8 }

undo lapb modulo

View

Interface view

Parameter

128: Using modulus 128 numbering view.

8: Using modulus 8 numbering view.

Description

Using the lapb modulo command, you can specify the LAPB frame numbering
view (also called modulo). Using the undo lapb modulo command, you can
restore the default value.

By default, the LAPB frame protocol view is modulo 8.

There are two LAPB frame numbering views: modulo 8 and modulo 128. Each
information frame (I frame) is numbered in sequence, ranging from 0 to the
modulo minus 1. In addition, sequential numbers will cycle within the range of
modulo.

Modulo 8 is a basic view, LAPB can implement all the standards via the view. It is
sufficient for most links.

For the related command, see lapb window-size.

Example

Set the LAPB frame numbering view on Serial0/0/0 to modulo 8.

[3Com-Serial0/0/0] lapb modulo 8

lapb retry Syntax


lapb retry n2-value

undo lapb retry

View

Interface view
LAPB and X.25 Configuration Commands 379

Parameter

n2-value: The value of N2, its value ranges from 1 to 255.By default, the
parameter N2 of LAPB is 10.

Description

Using the lapb retry command, you can configure LAPB parameter N2. Using the
undo lapb retry command, you can restore the default value.

The value of N2 indicates the maximum retries that DCE or DTE sends one frame
to DTE or DCE.

Example

Set the LAPB parameter N2 on Serial0/0/0 to 20.

[3Com-Serial0/0/0] lapb retry 20

lapb timer Syntax


lapb timer { t1 t1-value | t2 t1-value | t3 t3-value }

undo lapb timer { t1 | t2 | t3 }

View

Interface view

Parameter

t1-value: The value of timer T1 in ms, its value ranges from 1 to 64000ms.The
default value of T1 is 2000ms.

t2-value: Value of the timer T2 in ms, ranging 1 to 32000.The default value of T2


is 1000ms.

t3-value: Value of the timer T3 in ms, its value ranges from 0 to 255. The default
value of T3 is 0ms.

Description

Using the lapb timer command, you can configure the LAPB timers T1, T2 and
T3..Using the undo lapb timer command, you can restore their default values.

T1 is a transmission timer. When T1 expires, DTE (DCE) will start retransmission.


The value of T1 shall be greater than the maximum time between the sending of a
frame and the receiving of its response frame.

T2 is a reception timer. When it expires, the DTE/DCE must send an


acknowledgement frame so that this frame can be received before the peer
DTE/DCE T1 timer expires (T2<T1).

T3 is an idle channel timer, when it expires, the DCE reports to the packet layer
that the channel stays idle for a long time. T3 should be greater than the timer T1
(T3>T1) on a DCE. When T3 is 0, it indicates that it does not function yet.
380 CHAPTER 4: LINK LAYER PROTOCOL

Example

Set the LAPB timer T1 on Serial0/0/0 to 3000ms.

[3Com-Serial0/0/0] lapb timer t1 3000

lapb window-size Syntax


lapb window-size k-value

undo lapb window-size

View

Interface view

Parameter

k-value: Maximum number of I frame of unacknowledged sequence number that


DTE or DCE may send, if the modulus is 8, the value of the window parameter K
ranges 1 to 7. If the modulus is 128, the value of the window parameter K ranges
1 to 127. By default, the window parameter K is 7.

Description

Using the lapb window-size command, you can configure the LAPB window
parameter K. Using the undo lapb window-size command, you can restore the
default value of the LAPB window parameter K.

The value of the window parameter K is determined by the value of modulus.

For the related command, see lapb modulo.

Example

Set the LAPB window parameter K on the interface Serial 0/0/0 to be 5.

[3Com-Serial0/0/0] lapb window-size 5

link-protocol lapb Syntax


link-protocol lapb [ dte | dce ] [ ip | multi-protocol ]

View

Interface view

Parameter

dte: Indicates that the interface works in DTE mode of LAPB.

dce: Indicates that the interface works in DCE mode of LAPB.

ip: Indicates that the network layer protocol borne by LAPB is IP.
LAPB and X.25 Configuration Commands 381

Description

Using the link-protocol lapb command, you can specify the link layer protocol of
the interface as LAPB.

By default, DTE is the default LAPB operating mode. IP is the default network layer
protocol.

Though LAPB is a layer-2 protocol of X.25, it can act as an independent link-layer


protocol for simple data transmission. Generally, LAPB can be used when two
routers are directly connected with a dedicated line. At that time one end works in
the DTE mode, and the other in the DCE mode.

For the related command, see display interface.

Example

Configure LAPB as the link layer protocol of the interface Serial 0/0/0, and enable
it to work in DCE mode.

[3Com-Serial0/0/0] link-protocol lapb dce

link-protocol x25 Syntax


link-protocol x25 [ dte | dce ] [ ietf | nonstandard ]

View

Interface view

Parameter

dte: Indicates that the interface works in DTE mode.

dce: Indicates that the interface works in DCE mode.

letf: Based on the standard stipulation of the IETF RFC 1356, encapsulate IP or
other network protocols on the X.25 network.

nonstandard: Encapsulates IP or other network protocols on the X.25 network


with nonstandard.

Description

Using the link-protocol x25 command, you can encapsulate X.25 protocol to the
specified interface.

By default, the link-layer protocol for interface is PPP. When the interface uses
X.25 protocol, it works in DTE IETF mode by default.

If the X.25 switching function is not used, and two Routers are directly connected
back to back via the X.25 protocol, one Router shall work in DTE mode, while the
other shall work in DCE mode. When two Routers are connected via the X.25
public packet network, they shall generally work in DTE mode. If the X.25
switching function is used, the Router shall generally work in DCE mode.
382 CHAPTER 4: LINK LAYER PROTOCOL

In practice, select the IETF format of datagram if there is no special requirement.

For the related command, see display interface.

Example

Specify X.25 as the link layer protocol of the interface Serial 0/0/0 that works in
DTE IETF mode.

[3Com-Serial0/0/0] link-protocol x25 dte ietf

pad Syntax
pad x121-address

View

User view

Parameter

x121-address: x121 destination address.

Description

Using the pad command, you can establish a PAD connection with the remote
site.

PAD is a kind of application similar to telnet. It can establish the connection


between two ends through X121 address, and then, to carry out configuration
operations.

Example

Establish a PAD connection, and the destination x121 address is 2.

<03Com> pad 2

reset xot Syntax


reset xot local local-ip-address local-port remote remote-ip-address remote-port

View

User view

Parameter

local-ip-address: Local IP address of the XOT connection.

local-port: Local port number of the XOT connection.

remote-ip-address: Remote IP address of the XOT connection.

remote-port: Remote port number of the XOT connection.


LAPB and X.25 Configuration Commands 383

Description

For SVC, using the reset xot command, you can initiatively clear an XOT link.

For PVC, using reset xot command, you can initiatively reset an XOT link.

You can initiatively clear or reset the XOT link using the command reset xot.
When you clear or reset the XOT link, you can obtain the required ports using the
commands display x25 xot or display tcp status.

For the related commands, see display x25 vc, x25 switching, display x25 xot,
and display tcp status.

Example

Clear or reset an XOT link.

[3Com] reset xot local 10.1.1.1 1998 remote 10.1.1.2 1024

x25 alias-policy Syntax


x25 alias-policy match-type alias-string

undo x25 alias-policy match-type alias-string

View

Interface view

Parameter

match-type: Match type of the alias. There are 9 optional match types:

■ free: Free match


■ free-ext: Extended free match
■ left: Left alignment match
■ left-ext: Extended left alignment match
■ right: Right alignment match
■ right-ext: Extended right alignment match
■ strict: Strict match
■ whole: Whole match
■ whole-ext: Extended whole match

alias-string: String of the alias

Description

Using the x25 alias-policy command, you can configure the alias of an X.121
address. Using the undo x25 alias-policy command, you can delete the alias of
an X.121 address.

By default, no x.25 alias is configured.


384 CHAPTER 4: LINK LAYER PROTOCOL

When an X.25 call is forwarded between networks, different X.25 networks may
perform some operations on the destination addresses (that is, the called DTE
address) carried by this call packet, for example, regularly adding or deleting the
prefix and suffix. In this case, a user needs to set an interface alias for the router to
adapt this change. Please consult your ISP to learn if the network supports this
function before deciding whether the alias function is enabled or not.

For the details about the X.25 alias matching method, please see the chapter LAPB
and X.25 Configurations in Operation Manual.

For the related commands, see display x25 alias-policy and x25 x121-address.

Example

Configure the link-layer protocol on interface Serial0/0/0 as X.25 and its X.121
address to 20112451, and set two aliases with different match types for it.

[3Com] interface serial 0/0/0


[3Com-Serial0/0/0] link-protocol x25
[3Com-Serial0/0/0] x25 x121-address 20112451
[3Com-Serial0/0/0] x25 alias-policy right 20112451$
[3Com-Serial0/0/0] x25 alias-policy left $20112451

With the above configurations, a call whose destination address is 20112451 can
be accepted as long as it can reach the local X.25 interface Serial0/0/0, no matter
whether the network is performing the prefix adding operation or suffix adding
operation.

x25 call-facility Syntax


x25 call-facility facility-option

undo x25 call-facility facility-option

View

Interface view

Parameter

facility-option: User facility option, its value includes:

■ closed-user-group number: Specifies a closed user group (CUG) number for


the X.25 interface. The facility enables DTE to belong to one or more CUGs.
CUG allows the DTEs in it to communicate with each other, but not to
communicate with other DTEs.
■ packet-size input-size output-size: Specifies the maximum packet size
negotiation in initiating call from X.25 interface. Maximum packet size
negotiation is part of flow control parameter negotiation. It needs two
parameters: maximum reception packet size and maximum transmission
packet size, which must range from 16 to 1024 (including 16 and 1024),
and must be the integer power of 2.
■ reverse-charge-request: Specifies reverse charging request while calling
from X.25 interface.
LAPB and X.25 Configuration Commands 385

■ roa-list name: Specifies an ROA list name configured by the command X25
roa-list in system view for the X.25 interface.
■ send-delay value: Specifies the maximum network send delay request while
calling from X.25 interface. You can set this request to any value ranging
from 0 to 65534 ms (including 0 and 65534).
■ threshold in out: Specifies throughput negotiation while calling from X.25
interface. The values of in/out are defined as 75, 150, 300, 600, 1200,
2400, 4800, 9600, 19200, and 48000.
■ window-size input-window-size output-window-size: Specifies the window
size negotiation while calling from X.25 interface. Window size negotiation
is a part of flow control parameter negotiation. It needs two parameters:
reception window size and transmission window size, which must be in the
range of 1 to modulo -1 (including 1 and modulo -1).The default values of
the two parameters are 2.

Description

Using the x25 call-facility command, you can set user options for an X.25
interface. After an option is set, all X.25 calls from the X.25 interface will carry the
relevant information field in call packet. Using the undo x25 call-facility
command, you can delete the set option.

By default, no facility is set.

The user facilities set via this command are available for all the calls originating
from this X.25 interface. You can set a user option for an X.25 call from a certain
address mapping through the command x25 map protocol-name protocol-address
x.121-address x.121-address [ option ].

For the related command, see x25 map.

Example

Specify the flow control parameter negotiation with the peer end for the calls
from the X.25 interface serial0/0/0.

[3Com-Serial0/0/0] x25 call-facility packet-size 512 512


[3Com-Serial0/0/0] x25 call-facility window-size 5 5

x25 cug-service Syntax


x25 cug-service [ incoming-access ] [ outgoing-access ] [ suppress { all | preferential } ]

undo x25 cug-service

View

Interface view

Parameter

incoming-access: Performs the suppress processing of incoming access

outgoing-access: Performs the suppress processing of outgoing access


386 CHAPTER 4: LINK LAYER PROTOCOL

all: Suppresses all CUGs configured with preferential suppress

preferential: Only processes those CUGs configured with preferential suppress

Description

Using the x25 cug-service command, you can map the local CUG facility to the
network CUG. When the call with CUG facility meets CUG suppress conditions, it
will be processed. Using the undo x25 cug-service command, you can delete
CUG suppress. The command is used on DCE side, and you can use the command
link-protocol x25 dce to set DCE as the working mode of the interface.

By default, no CUG suppress is defined.

For the related commands, see x25 call-facility and x25 local-cug.

Example

Define the suppress processing of incoming access on the interface Serial0/0/0.

[3Com-Serial0/0/0] x25 cug-service incoming-access

x25 default-protocol Syntax


x25 default-protocol protocol-type

undo x25 default-protocol

View

Interface view

Parameter

protocol-type: Protocol type, may be IP.

Description

Using the x25 default-protocol command, you can set the default upper-layer
protocol carried over X.25 for the X.25 interface. Using the undo x25
default-protocol command, you can restore the default upper-layer protocol.

By default, IP is carried over X.25.

During X.25 SVC setup, the called device will check the call user data field of X.25
call request packet. If it is an unidentifiable one, the called device will deny the
setup of the call connection. However, a user can specify a default upper-layer
protocol carried over X.25. When X.25 receives a call with unknown CUD, the call
can be treated based on the default upper-layer protocol specified by a user.

For the related command, see x25 map.

Example

Set the default upper-layer protocol over the X.25 interface Serial0/0/0 as IP.
LAPB and X.25 Configuration Commands 387

[3Com-Serial0/0/0] x25 default-protocol ip

x25 hunt-group Syntax


x25 hunt-group hunt-group-name { round-robin | vc-number }

undo x25 hunt-group hunt-group-name

View

System view

Parameter

hunt-group-name: Name of hunt group.

round-robin: Select call channel using cyclic selection policy.

vc-number: Select call channel using the policy of computing available logical
channel.

Description

Using the x25 hunt-group command, you can create or enter an X.25 hunt
group. Using the undo x25 hunt-group command, you can delete the specified
X.25 hunt group.

X.25 hunt group supports two call channel selection policies: round-robin mode
and vc-number mode, and a hunt group only uses one channel selection policy.
The round-robin mode will select next interface or XOT channel inside hunt group
for each call request using cyclic selection method. The vc-number mode will
select the interface with the most idle-logical channels in hunt group for each call
request.

A hunt group can have 10 interfaces or XOT channels at most, and it may
nondistinctively select the available channels between interface and XOT channel.

XOT channel cannot join the hunt group that adopts the vc-number selection
policy.

For the related command, see display x25 hunt-group.

Example

Create hunt group hg1 which uses cyclic selection policy.

[3Com] x25 hunt-group hg1 round-robin


[3Com-hg-hg1]

x25 ignore Syntax


called-address
x25 ignore called-address

undo x25 ignore called-address


388 CHAPTER 4: LINK LAYER PROTOCOL

View

Interface view

Parameter

None

Description

Using the x25 ignore called-address command, you can enable it to ignore the
X.121 address of the called DTE when X.25 initiates calls. Using the undo x25
ignore called-address command, you can disable this function.

By default, this function is disabled.

According to X.25, the calling request packet must carry the address bits.
However, on some occasions, the X.25 calling request does not have to carry the
called/calling DTE address in a specific network environment or as is required by
the application. This command enables users to specify whether the call request
packet sent by X.25 in the 3Com series routers carries the called DTE address.

For the related commands, see x25 response called-address, x25 response
calling-address, and x25 ignore calling-address.

Example

Specify the call request packet from the X.25 interface Serial0/0/0 not to carry the
called DTE address.

[3Com-Serial0/0/0] x25 ignore called-address

x25 ignore Syntax


calling-address
x25 ignore calling-address

undo x25 ignore calling-address

View

Interface view

Parameter

None

Description

Using the x25 ignore calling-address command, you can enable it to ignore the
X.121 address of the calling DTE when X.25 initiates calls. Using the undo x25
ignore calling-address command, you can disable this function.

By default, this function is disabled.

According to X.25, the calling request packet must carry the address bits.
However, on some occasions, the X.25 calling request does not have to carry the
LAPB and X.25 Configuration Commands 389

called/calling DTE address in a specific network environment or as is required by


the application. This command enables users to specify whether the call request
packet sent by X.25 in the 3Com series routers carries the calling DTE address.

For the related commands, see x25 response called-address, x25 response
calling-address, and x25 ignore called-address.

Example

Specify the call request packet from the X.25 interface Serial0/0/0 not to carry the
calling DTE address.

[3Com-Serial0/0/0] x25 ignore calling-address

x25 local-cug Syntax


x25 local-cug cug-number network-cug cug-number [ no-incoming ] [ no-outgoing ] [
preferential ]

undo x25 local-cug cug-number

View

Interface view

Parameter

local-cug cug-number: Number of local cug.

network-cug cug-number: Number of network cug.

no-incoming: Suppresses incoming access.

no-outgoing: Suppresses outgoing access.

preferential: Suppresses the CUGs configured with preferential.

Description

Using the x25 local-cug command, you can define CUG suppress rules. Using the
undo x25 local-cug command, you can delete the rules. CUG suppress rules have
two: suppressing all CUG facilities and suppressing the mapping CUG facility
configured with preferential.

By default, no suppress rule is defined.

For the related commands, see x25 call-facility and x25 cug-service.

Example

Define the rule on the serial interface Serial0/0/0: the incoming calls with 100
local CUGs or 200 network CUGs are denied.

[3Com-Serial0/0/0] x25 cug-service


[3Com-Serial0/0/0] x25 local-cug 100 network-cug 200 no-incoming
390 CHAPTER 4: LINK LAYER PROTOCOL

x25 map Syntax


x25 map { ip | compressedtcp } protocol-address x121-address x.121-address [ option ]

undo x25 map { ip | compressedtcp } protocol-address

View

Interface view

Parameter

ip: Uses IP protocol.

compressedtcp: Uses TCP header compression.

protocol-address: Network protocol address of the peer host.

x.121-address: X.121 address of the peer host.

option: Specifies some attributes or user facilities for the address mapping.

Description

Using the x25 map command, you can set the address mapping between IP
address used by LANs and X.121 address. Using the undo x25 map command,
you can delete one existing mapping.

By default, no address mapping is set.

Since X.25 protocol can multiplex more logical virtual circuits on a physical
interface, you need to manually specify the mapping relation between all network
addresses and X.121 address.

Once you have specified an address mapping, its contents (including protocol
address, X.121 address and all options) cannot be changed. To make
modifications, you can first delete this address mapping via the undo x25 map
command, and then establish one new address mapping.

Two or more address mappings with an identical protocol address shall not exist
on the same X.25 interface.

Detailed explanations are as follows:

■ broadcast: Sends any broadcasts of internetworking protocol and the


multicast of IP to the destination. This option provides powerful support for
some routing protocols (such as Routing Information Protocol).
■ closed-user-group group-number: Number of the closed user group
corresponding to this address mapping.
■ encapsulation-type: Encapsulation type, optional types include
nonstandard, ietf, multi-protocol and snap.
■ idle-timer minutes: Maximum idle time for the VC associated with the
address mapping. 0 means that the idle time is infinite.
■ no-callin: Disables accepting call to the address mapping.
LAPB and X.25 Configuration Commands 391

■ no-callout: Disables call originating from the address mapping.


■ packet-size input-packet output-packet: When the address mapping is used
to originate a call, it will negotiate the maximum packet size in bytes with
the peer end. Its value must range from 16 to 4096 (including 16 and
4096), and must be the integer power of 2.
■ reverse-charge-accept: If a call initiated by the address mapping carries
reverse charging request, to accept the call, this option must be configured
in the address mapping.
■ reverse-charge-request: Specifies reverse charging request while calling
from the address mapping.
■ roa-list name: Specifies an ROA list name configured by the command X25
roa-list in system view for the X.25 interface.
■ send-delay milliseconds: When the address mapping is used to originate a
call, it carries the maximum transmission delay request.
■ threshold in out: When the address mapping is used to originate a call, it
negotiates throughput with the peer end. The values of in/out are defined
to be 75, 150, 300, 600, 1200, 2400, 4800, 9600, 19200, and 48000.
■ vc-per-map count: Maximum number of VCs associated with the address
mapping.
■ window-size input-window-size output-window-size: When the address
mapping is used to originate a call, it negotiates the window size with the
peer end. The values of input-window-size and output-window-size range
between 1 and the number that is 1 less than the modulus of the X.25
interface where the address mapping exists (including 1 and modulus minus
1).

For the related commands, see display x25 map, x25 reverse-charge-accept,
x25 call-facility, x25 timer idle, and x25 vc-per-map.

Example

Set two address mappings on the X.25 interfaces Serial0/0/0 and Serial1/0/0,
respectively, and the four address mappings have different attributes.

[3Com] interface serial 0/0/0


[3Com-Serial0/0/0] x25 map ip 202.38.160.11 x121-address 20112451
reverse-charge-request reverse-charge-accept
[3Com-Serial0/0/0] x25 map ip 202.38.160.138 x121-address 20112450 packet-size 512
512 idle-timer 10
[3Com] interface serial1/0/0
[3Com-Serial1/0/0] x25 map ip 20.30.4.1 x121-address 25112451 window-size 4 4
broadcast
[3Com-Serial0/0/0] x25 map ip 20.30.4.8 x121-address 25112450 no-callin

x25 modulo Syntax


x25 modulo modulus

undo x25 modulo


392 CHAPTER 4: LINK LAYER PROTOCOL

View

Interface view

Parameter

modulus: Modulus, whose value is 8 or 128.

Description

Using the x25 modulo command, you can set the window modulus of an X.25
interface. Using the undo x25 modulo command, you can restore its default
window modulus.

By default, the window modulus of X.25 interface is modulus 8 mode.

The slip window is the basis for X.25 traffic control, and the key about the slip
window is that the sent packets are numbered cyclically in order and are to be
acknowledged by the peer end. The order in numbering refers to the ascending
order, like “…2, 3, 4, 5, 6…” “Cyclically” means that the numbering starts again
from the beginning when a certain number (called modulus) is reached. For
example, when the modulus is 8, the numbering goes “…4, 5, 6, 7, 0, 1…”.

X.25 defines two numbering modulus: 8 (also called the basic numbering) and
128 (also called extended numbering), and the X.25 of the 3Com series routers
supports both views.

For the related commands, see display interface, x25 call-facility, x25 map,
x25 pvc, x25 switch pvc, x25 xot pvc, x25 fr pvc, and x25 window-size.

Example

Set the modulus on the X.25 interface Serial0/0/0 to 128.

[3Com-Serial0/0/0] x25 modulo 128

x25 packet-size Syntax


x25 packet-size input-packet output-packet

undo packet-size

View
Interface view

Parameter

input-packet: Maximum input packet length in bytes, its value ranges from 16 to
1024 (including 16 and 1024) and must be the integer power of 2.By default, the
maximum input packet length of X.25 interface is 128 bytes.

output-packet: Maximum output packet length in bytes, its value ranges from 16
to 1024 (including 16 and 1024) and must be the integer power of 2. By default,
the maximum output packet length of X.25 interface is 128 bytes.
LAPB and X.25 Configuration Commands 393

Description

Using the x25 packet-size command, you can set the maximum input and output
packet lengths of X.25 interface. Using the undo x25 packet-size command, you
can restore their default values.

Usually, the X.25 packet-switching network has a limitation of the transmission


packet size, and the maximum size of a data packet sent by the DTE shall not
exceed this size (otherwise it will trigger the reset of the VC).In this way, the DTE
devices at sending end and receiving end are required to have datagram
fragmentation and reassembly functions. The DTE device at sending end
fragments the datagram with a length exceeding the maximum transmission
packet length based on the maximum transmission packet length, and sets M bit
in other fragments besides the final fragment. After receiving these fragments, the
DTE at receiving end will reassemble them as a datagram to submit the upper-layer
protocol based on the M bit. Please consult users' ISP about this maximum
receiving packet length.

Normally, the maximum receiving packet length is equivalent to the maximum


send packet. Unless users' ISP allows, please do not set these two parameters to
different values.

For the related commands, see x25 call-facility, x25 pvc, x25 switch pvc, x25
xot pvc and x25 fr pvc.

Example

Set the maximum receiving packet length and maximum sending packet length
on X.25 interface Serial0/0/0 to 256 bytes.

[3Com-Serial0/0/0] x25 packet-size 256 256

x25 pvc Syntax


x25 pvc pvc-number protocol-type protocol-address x121-address x.121-address [
option ]

undo x25 pvc pvc-number

View

Interface view

Parameter

pvc-number: PVC number, which must range from 1 to 4095 (including 1 and
4095), and must be in the PVC channel range.

protocol-type: Upper-layer protocol carried over the permanent virtual circuit,


which may be IP or compressedtcp.

protocol-address: Network protocol address of the peer end of the PVC.

x.121-address: X.121 address of the peer end of this PVC.

option: Attribute of the PVC.


394 CHAPTER 4: LINK LAYER PROTOCOL

Description

Using the x25 pvc command, you can configure one PVC route encapsulated with
datagram. Using the undo x25 pvc command, you can delete this route.

By default, no PVC encapsulated with datagram is created. When creating such a


PVC, you do not set the relevant attributes for the PVC, its flow control
parameters will be the same as that of the X.25 interface on which it resides (the
flow control parameters on an X.25 interface can be set by the x25 packet-size
and x25 window-size commands).

As one corresponding address mapping is impliedly established while establishing


the PVC, it is unnecessary (or impossible) to establish an address mapping first
before establishing PVCs.

Before establishing PVCs, users should first enable the PVC channel section. The
section is between 1 and the latest unprohibited channel section PVC number
minus 1 (including 1 and the lowest PVC number minus 1). Naturally, if the lowest
PVC number is 1, the PVC section will be disabled naturally. The following table
shows some typical PVC sections.
Table 21 PVC channel section of some typical configurations

Incoming-only Two-way Outgoing-only channel PVC channel


channel range channel range range range
[0, 0] [1, 1024] [0, 0] Disabled
[0, 0] [10, 24] [0, 0] [1, 9]
[1, 10] [15, 30] [0, 0] Disabled
[5, 10] [15, 25] [30, 32] [1, 4]
[0, 0] [0, 0] [20, 45] [1, 19]
[0, 0] [0, 0] [0, 0] [1, 4095]

Detailed explanations of PVC options are follows:

■ broadcast: Forward broadcast packet to the peer PVC.


■ encapsulation-type: Encapsulation type, which may be nonstandard, ietf,
multi-protocol and snap.
■ packet-size input-packet output-packet: Specifies the maximum receiving
packet length and maximum sending packet length. The length is counted
in byte, which must range from 16 to 4096 (including 16 and 4096), and
must be the integer power of 2.
■ window-size input-window-size output-window-size: Specifies the receiving
window and transmitting window sizes of the VC, which range between 1
and the number that is 1 less than the modulus of the X.25 interface where
the address mapping exists (including 1 and modulus minus 1).

For the related commands, see display x25, x25 map.

Example

Configure the link layer protocol on the interface Serial0/0/0 to X.25, enable PVC
channel section, and set two VCs.
LAPB and X.25 Configuration Commands 395

[3Com] interface serial 0/0/0


[3Com-Serial0/0/0] link-protocol x25
[3Com-Serial0/0/0] x25 vc-range bi-channel 8,102 4
[3Com-Serial0/0/0] x25 pvc 2 ip 202.38.168.1 x121-address 20112451 broadcast
packet-size 512 512
[3Com-Serial0/0/0] x25 pvc 6 ip 202.38.168.3 x121-address 20112453 broadcast
window-size 5 5

x25 queue-length Syntax


x25 queue-length queue-length

undo x25 queue-length

View

Interface view

Parameter

queue-length: Length of queue in packets, which ranges from 0 to 9999.By


default, the data queue length on X.25 VC is 500.

Description

Using the x25 queue-length command, you can set the data queue length on
X.25 VC. Using the undo x25 queue-length command, you can restore its
default value.

When the data traffic is too heavy, you can use this command to extend the
receiving queue and sending queue of the X.25 VC to avoid data loss that may
affect transmission performance. It should be noted here that modifying this
parameter would not affect the existing data queue of VC.

For the related command, see x25 packet-size

Example

Set the VC data queue length of the X.25 interface Serial0/0/0 to 75 datagrams.

[3Com-Serial0/0/0] x25 queue-length 75

x25 receive-threshold Syntax


x25 receive-threshold count

undo x25 receive-threshold

View

Interface view

Parameter

count: The number of data packets that can be received before previous
acknowledgement, ranging from 0 to input window size. If it is set to 0 or the
input window size, this function will be disabled. If it is set to 1, X.25 of the 3Com
396 CHAPTER 4: LINK LAYER PROTOCOL

serial routers will send an acknowledgement for each correct packet received. By
default, the number of data packets that can be received on X.25 before previous
acknowledgement is 0.

Description

Using the x25 receive-threshold command, you can set the number of
receivable maximum packets before X.25 sends the acknowledged packet. Using
the undo x25 receive-threshold command, you can restore its default value.

After enabling this function, the 3Com series routers can send acknowledgement
to the peer router upon the receipt of some correct packets, even if the input
window is not yet full. If there is not much data traffic in users' application
environment and users pay more attention to the response speed, they can
appropriately adjust this parameter to meet the requirement.

For the related command, see x25 window.

Example

Specify that each VC on the X.25 interface Serial0/0/0 acknowledges each


correctly received data packet.

[3Com-Serial0/0/0] x25 receive-threshold 1

x25 response Syntax


called-address
x25 response called-address

undo x25 response called-address

View

Interface view

Parameter

None

Description

Using the x25 response called-address command, you can enable X.25 to carry
the address information of the called DTE in sending call reception packet. Using
the undo x25 response called-address command, you can disable the above
function.

By default, this function is disabled.

According to X.25, the call receiving packet of a call may or may not carry an
address code group, depending on the specific network requirements. This
command enables users to easily specify whether the call receiving packet of a call
sent by X.25 of the 3Com series routers carries the called DTE address.

For the related commands, see x25 response calling-address, x25 ignore
called-address, and x25 ignore calling-address.
LAPB and X.25 Configuration Commands 397

Example

Specify that the call receiving packet of a call sent from the X.25 interface
Serial0/0/0 carries the called DTE address.

[3Com-Serial0/0/0] x25 response called-address

x25 response Syntax


calling-address
x25 response calling-address

undo x25 response calling-address

View

Interface view

Parameter

None

Description

Using the x25 response calling-address command, you can enable X.25 to carry
the address information of the calling DTE in sending call reception packet. Using
the undo x25 response calling-address command, you can disable the above
function.

By default, this function is disabled.

According to X.25, the call receiving packet of a call may or may not carry an
address code group, depending on the specific network requirements. This
command enables users to easily specify whether the call receiving packet of a call
sent by X.25 of the 3Com series routers carries the calling DTE address.

For the related commands, see x25 response called-address, x25 ignore
called-address, and x25 ignore calling-address.

Example

Specify that the call receiving packet of a call sent from the X.25 interface
Serial0/0/0 carries the calling DTE address.

[3Com-Serial0/0/0] x25 response calling-address

x25 Syntax
reverse-charge-accept
x25 reverse-charge-accept

undo x25 reverse-charge-accept

View

Interface view
398 CHAPTER 4: LINK LAYER PROTOCOL

Parameter

None

Description

Using the x25 reverse-charge-accept command, you can enable this interface to
accept the call with “reverse charging request”, the information added by some
certain user facilities. Using the undo x25 reverse-charge-accept command, you
can disable this above function.

By default, this function is disabled.

This function does not affect any call without “reverse charging request”.

If you enable this function on an X.25 interface, all these calls that reach the
interface will be accepted. If you enable this function for a certain address
mapping by the option reverse-charge-accept in the command x25 map, only such
calls that reach the interface and map this address will be accepted, while other
calls (carrying reverse charging request, and not mapping this address) will be
cleared.

For the related command, see x25 map.

Example

Set the “accepting calls with reverse charging request” function on interface
Serial0/0/0.

[3Com-Serial0/0/0] x25 reverse-charge-accept

x25 roa-list Syntax


x25 roa-list roa-name roa-id1 [ , id2, id3.... ]

undo x25 roa-list roa-name id1 [ , id2, id3.... ]

View

System view

Parameter

roa-name: Name of ROA.

id: ID specified for this ROA, and its value ranges from 0 to 9999. You can specify
multiple IDs for the ROA.

Description

Using the x25 roa-list command, you can define ROA list. Using the undo x25
roa-list command, you can delete ROA list items.

By default, no ROA list is defined.


LAPB and X.25 Configuration Commands 399

You can configure multiple (0 to 20) ROAs, and each ROA can be specified with
multiple(1 to 10) IDs. After configuring ROA, you can cite it by its name in the
commands x25 call-facility or x25 map.

For the related commands, see x25 call-facility and x25 map.

Example

Define two ROA lists, and cite them on the interfaces Serial 0/0/0 and Serial 1/0/0.

[3Com] x25 roa-list list1 11 23 45


[3Com] x25 roa-list list2 345
[3Com] interface serial 0/0/0
[3Com-Serial0/0/0] x25 call-facility roa-size list1
[3Com] interface serial 1/0/0
[3Com-Serial0/0/0] x25 call-facility roa-list list2

x25 switch pvc Syntax


x25 switch pvc pvc-number1 interface serial number pvc pvc-number2 [ option ]

undo x25 switch pvc pvc-number1

View

Interface view

Parameter

pvc-number1: PVC number on the input interface, and its value ranges from 1 to
4095.

pvc-number2: PVC number on the output interface, and its value ranges from 1 to
4095.

number: Number of the input interface.

option: Attribute of PVC.

Description

Using the x25 switch pvc (packet switching) command, you can configure one
PVC route. Using the undo x25 switch pvc command, you can delete one PVC
route.

By default, no PVC route is defined.

Based on the X.25 switching configuration, you can use the 3Com series Routers
as a simple X.25 switch. When PVC switching is configured, the link layer
protocols on the input and output interfaces must be X.25. Moreover, the
specified PVCs on the two interfaces have been presented and enabled. Note that
PVC switching cannot be configured on the X.25 sub-interface.

Detailed explanations of PVC options are as follows:

■ broadcast: Forwards broadcast packet to the peer PVC.


400 CHAPTER 4: LINK LAYER PROTOCOL

■ encapsulation-type: Encapsulation type, which may be nonstandard, ietf,


multi-protocol and snap.
■ packet-size input-packet output-packet: Specifies the maximum receiving
packet length and maximum sending packet length. The length is counted
in byte, which must range from 16 to 4096 (including 16 and 4096), and
must be the integer power of 2.
■ window-size input-window-size output-window-size: Specifies the input
window and output window sizes of the VC, which range between 1 and
the number that is 1 less that the modulus of the X.25 interface where the
address mapping exists (including 1 and modulus minus 1).

For the related commands, see display x25 vc and x25 switching.

Example

Perform the packet switching between PVC1 on the Serial0/0/0 and PVC1 on the
Serial1/0/0.

[3Com-Serial0/0/0] link-protocol x25 dce ietf


[3Com-Serial0/0/0] interface serial1/0/0
[3Com-Serial0/0/0] link-protocol x25 dce ietf
[3Com-Serial1/0/0] x25 switch pvc 1 interface serial 0/0/0 pvc 1

x25 switch svc Syntax


hunt-group
x25 switch svc x.121-address [ sub-dest destination-address ] [ sub-source
source-address ] hunt-group hunt-group-name

undo x25 switch svc x.121-address [ sub-dest destination-address ] [ sub-source


source-address ] hunt-group hunt-group-name

View

System view

Parameter

x.121-address: Destination address of X.121.This parameter consists of mode


matching string, and its length ranges from 1 to 15 characters. For the specific
description of mode matching, see the segment Description.

sub-dest destination-address: Substitution destination address.

sub-source source-address: Substitution source address.

hunt-group-name: Name of hunt group.

Description

Using the x25 switch svc hunt-group command, you can add an X.25 switching
route whose forwarding address is a hunt group. Using the undo x25 switch svc
hunt-group command, you can delete the specified X.25 switching route.

By default, no X.25 switching route is configured.


LAPB and X.25 Configuration Commands 401

After the X.25 switching route whose forwarding address is a hunt group is
configured, the relevant X.25 call request packet will be forwarded to different
interfaces or XOT channels in the specified hunt group, so as to implement the
load sharing under X.25 protocol.
Table 22 X.121 mode matching rules

Matchable
Wildcard characters Matching rules Example character string
* Matching zero fo* fo, foo, fooo
or more
previous
characters
+ Matching zero fo+ fo, foo, fooo
or more
previous
characters
^ Matching the ^hell hell, hello, hellaaa
beginning of the
entered
characters
$ Matching the ar$ ar, car, hear
end of the
entered
characters
\char Matching a b\+ b+
single character
specified by
char.
. Matching l.st last, lbst, lost
arbitrary single
character
.* Matching fo.* fo, foo, fot
arbitrary zero or
more characters.
.+ Matching fo.+ foo, fot, foot
arbitrary one or
more characters.

Table 23 Input rules of X.121 address mode matching string

Characters Input rules


* Cannot be placed at the beginning of character string
Cannot be placed after Cannot be placed before and after the symbols + and *.
the symbol ^
+ Cannot be placed at the beginning of character string
Cannot be placed Cannot be placed before and after the symbols + and *.
after the symbol ^
\ Cannot be placed at the end of character string
^ Cannot be placed before the symbols + and *.

For the related commands, see display x25 switch-table svc.

Example

Add an X.25 switching route, whose destination address is 8888 and forwarding
address is the hunt group hg1, and substitute the destination address with 9999.
402 CHAPTER 4: LINK LAYER PROTOCOL

[3Com] x25 switch svc 111 sub-dest 9999 sub-source 8888 hunt-group hg1

x25 switch svc xot Syntax


x25 switch svc x.121-address [ sub-dest destination-address ] [ sub-source
source-address ] xot ip-address1 [ ip-address2 ] … [ ip-address6 ] [ xot-option ]

undo x25 switch svc x.121-address [ sub-dest destination-address ] [ sub-source


source-address ] [ xot ip-address1 [ ip-address2 ] … [ ip-address6 ] ]

View

System view

Parameter

x.121-address: Destination address of X.121. This parameter consists of mode


matching string, and its length ranges from 1 to 15 characters. For the specific
description of mode matching, see Table 10-4 and Table 10-5.

sub-dest destination-address: Substitution destination address.

sub-source source-address: Substitution source address.

ip-address1 - ip-address6: Destination IP address of XOT connection, up to 6


addresses can be configured.

xot-option: XOT channel parameter option. For the specific configuration, see XOT
channel parameter option.

Description

Using the x25 switch svc xot command, you can add an X.25 switching route
whose forwarding address is XOT channel. Using the undo x25 switch svc xot
command, you can delete the specified X.25 switching route.

By default, no X.25 switching route is configured.

After configuring the XOT switching command of X.25 SVC, a user can cross IP
network from the local X.25 network to implement the interconnection with the
remote X.25 network. If a user configures the keepalive attribute, the link
detection for XOT will be supported.
Table 24 XOT channel parameter option

Option Explanation
timer seconds Keepalive timer delay of XOT connection. The timer sends the
keepalive packet upon timeout to detect the connection
availability. Its value ranges from 1 to 3600.
retry times Number of maximum retries of sending keepalive. If the number
exceeds times, the XOT connection will be disconnected. Its value
ranges from 3 to 3600.
source interface-type Interface name of initiating XOT connection
interface-name
LAPB and X.25 Configuration Commands 403

For the related commands, see x25 switch svc interface, display x25
switch-table svc, and x25 switching.

Example

Switch SVC 1 to the destination address 10.1.1.1.

[3Com] x25 switch svc 1 xot 10.1.1.1

x25 switching Syntax


x25 switching

undo x25 switching

View

System view

Parameter

None

Description

Using the x25 switching command, you can enable the X.25 switching function.
Using the undo x25 switching command, you can disable this function, which
will not affect the established VC switching function.

By default, X.25 packet switching function is disabled.

X.25 packet switching is used to accept packets from an X.25 interface and send
them to a certain interface based on the destination information contained in the
packets. The Router can be used as a small-sized packet switch by the packet layer
switching function.

For the related commands, see x25 pvc, x25 switch pvc, x25 xot pvc, x25 fr
pvc, x25 switch svc, display x25 vc, and display x25 switch-table svc.

Example

Enable X.25 switching function.

[3Com] x25 switching

x25 timer hold Syntax


x25 timer hold minutes

undo x25 timer hold

View

Interface view
404 CHAPTER 4: LINK LAYER PROTOCOL

Parameter

minutes: Value of delay time in minutes, and its value ranges from 0 to 1000. If
the previous call failed at one destination, the X.25 won’t send calls to such a
destination again within the time set by this command.

By default, the delay time is 0.

Description

Using the x25 timer hold command, you can set the delay to send calls to a
destination with failed calls. Using the undo x25 timer hold command, you can
restore its default value.

Frequently sending call requests to a wrong destination (which does not exist or is
faulty) will deteriorate the operating efficiency of the 3Com series router. The use
of this function can avoid this problem to a certain extent. If this parameter is set
to 0, it is equal to disabling the function. In addition, this function is only effective
to the calls originated from the local. That is to say, this parameter is meaningless
when the X.25 operates in the switching mode.

For the related command, see display interface.

Example

Set the parameter of the X.25 interface Serial0/0/0 to 5 minutes.

[3Com-Serial0/0/0] x25 timer hold 5

x25 timer idle Syntax


x25 timer idle minutes

undo x25 timer idle

View

Interface view

Parameter

minutes: Maximum idle time of SVC in minutes, and its value ranges from 0 to
255.By default, this value is 0.

Description

Using the x25 timer idle command, you can set the maximum idle time of the
SVC on the interface. Using the undo x25 timer idle command, you can restore
its default value.

When a SVC stays idle (no data transmission) for a period (the period length is
decided by the parameter), the router will clear this SVC automatically. If this
parameter is set to 0, this SVC will be reserved no matter how long it stays idle.
LAPB and X.25 Configuration Commands 405

The configuration of this parameter will affect all the SVCs on this X.25 interface.
Also users can set the maximum idle time for a SVC attached to this address
mapping through the option in the command x25 map.

For PVC or the established SVC for X.25 switching, the command will be disabled.

For the related command, see x25 map.

Example

Set the maximum idle time of the SVC on the interface Serial 0/0/0 to 10 minutes.

[3Com-Serial0/0/0] x25 timer idle 10

x25 timer tx0 Syntax


x25 timer tx0 seconds

undo x25 timer tx0

View

Interface view

Parameter

seconds: Delay time for the X.25 restarting timer in seconds. It ranges 0 to 1000.
By default, the delay on the X.25 DTE restarting timer is 180 seconds and that on
the DCE timer is 60 seconds.

Description

Using the x25 timer tx0 command, you can set the restart/retransmission timer
delay for DTE (or DCE). Using the undo x25 timer tx0 command, you can restore
their default values.

According to X.25, a timer should be started when a DTE sends a restart request
(or a DCE sends a restart indication). If no peer acknowledgement is received after
this timer is timeout, the sending end will take some measures to guarantee the
normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.

For the related commands, see x25 timer tx1, x25 timer tx2, and x25 timer
tx3.

Example

Set the restarting timer delay on the X.25 interface Serial0/0/0 to 120 seconds.

[3Com-Serial0/0/0] x25 timer tx0 120

x25 timer tx1 Syntax


x25 timer tx1 seconds

undo x25 timer tx1


406 CHAPTER 4: LINK LAYER PROTOCOL

View

Interface view

Parameter

seconds: Delay time of calling request (indication) transmission timer in seconds,


and its value ranges from 0 to 1000. By default, the delay time on a DTE call timer
is 200 seconds; that on a DCE call sending timer is 180 seconds.

Description

Using the x25 timer tx1 command, you can set calling request (indication)
transmission timer delay for DTE (or DCE). Using the undo x25 timer tx1
command, you can restore its default value.

According to X.25, a timer should be started when a DTE sends a call request (or a
DCE sends a call indication). If no peer acknowledgement is received after this
timer is timeout, the sending end will take some measures to guarantee the
normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.

For the related commands, see x25 timer tx0, x25 timer tx2, and x25 timer
tx3.

Example

Set the timer delay on the X.25 interface Serial0/0/0 to 100 seconds.

[3Com-Serial0/0/0] x25 tx1 100

x25 timer tx2 Syntax


x25 timer tx2 seconds

undo x25 timer tx2

View

Interface view

Parameter

seconds: Delay time of resetting request (indication) timer in seconds, and its value
ranges from 0 to 1000. By default, the delay time on a DTE reset timer is 180
seconds; that on a DCE reset timer is 60 seconds.

Description

Using the x25 timer tx2 command, you can set resetting request (indication)
transmission timer delay for DTE (or DCE). Using the undo x25 timer tx2
command, you can restore its default value.

According to X.25, a timer should be started when a DTE sends a reset request (or
a DCE sends a reset indication). If no peer acknowledgement is received after this
timer is timeout, the sending end will take some measures to guarantee the
LAPB and X.25 Configuration Commands 407

normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.

For the related commands, see x25 timer tx0, x25 timer tx1, and x25 timer
tx3.

Example

Set the reset timer delay on the X.25 interface Serial0/0/0 to 120 seconds.

[3Com-Serial0/0/0] x25 tx2 120

x25 timer tx3 Syntax


x25 timer tx3 seconds

undo x25 timer tx3

View

Interface view

Parameter

seconds: Delay time of clearing request (indication) transmission timer in seconds,


and its value ranges from 0 to 1000. By default, the delay time on a DTE clearing
timer is 180 seconds; that on a DCE clearing timer is 60 seconds.

Description

Using the x25 timer tx3 command, you can set clearing request (indication)
transmission timer delay for DTE (or DCE). Using the undo x25 timer tx3
command, you can restore its default value.

According to X.25, a timer should be started when a DTE sends a clear request (or
a DCE sends a clear indication). If no peer acknowledgement is received after this
timer is timeout, the sending end will take some measures to guarantee the
normal proceeding of the local procedure. This parameter specifies the delay time
of this timer before the timeout.

For the related commands, see x25 timer tx0, x25 timer tx1, and x25 timer
tx2.

Example

Set the delay time of clearing timer on the X.25 interface Serial0/0/0 to 100
seconds.

[3Com-Serial0/0/0] x25 timer tx3 100

x25 vc-per-map Syntax


x25 vc-per-map count

undo x25 vc-per-map


408 CHAPTER 4: LINK LAYER PROTOCOL

View

Interface view

Parameter

count: Maximum number of VCs, and its value ranges from 1 to 8.By default, its
value is 1.

Description

Using the x25 vc-per-map command, you can set the maximum number of VCs
for connections with the same destination device. Using the undo x25
vc-per-map command, you can restore their default values.

If the parameter is greater than 1, and the sending window and the sending
queue of VC are filled full, the system will create a new VC to the same
destination. If the new VC cannot be created, the datagram will be discarded.

For the related commands, see display interface and x25 map.

Example

Set the maximum value of VCs on the X.25 interface Serial 0/0/0 to 3.

[3Com-Serial0/0/0] x25 vc-per-map 3

x25 vc-range Syntax


x25 vc-range [ in-channel lic hic ] [ bi-channel ltc htc ] [ out-channel loc hoc ]

undo x25 vc-range

View

Interface view

Parameter

ltc htc: Lowest and highest two-way channels of X.25 VC, and its value ranges
from 0 to 4095. If htc (highest two-way channel) is set to 0, ltc (lowest two-way
channel) must also be set to 0, which indicates that the two-way channel section is
disabled. By default, the htc of X.25 VC is 1024.

lic hic: Lowest and highest incoming-only channels of X.25 VC, and its value
ranges from 0 to 4095.If hic (highest incoming-only channel) is set to 0, lic (lowest
incoming-only channel) must also be set to 0, which indicates that the
incoming-only channel section is disabled. By default, the hic in X.25 VC range is
0.

loc hoc: Lowest and highest outgoing-only channels of X.25 VC, and its value
ranges from 0 to 4095. If hoc (highest outgoing-only channel) is set to 0, loc
(lowest outgoing-only channel) must also be set to 0, which indicates that the
outgoing-only channel section is disabled. By default, the hoc in X.25 VC range is
0.
LAPB and X.25 Configuration Commands 409

Description

Using the x25 vc-range command, you can set highest and lowest values of X.25
VC range. Using the undo x25 vc-range command, you can restore their default
values.

By default, VRP X.25 disables incoming-only channel range and outgoing-only


channel, and only the two-way channel range (1-1024) is reserved for use. Please
set the VC range correctly according to the requirements of the ISP.

Example

Configure the link layer protocol on the interface Serial 0/0/0 to X.25, enable
incoming-only channel section and two-way channel section and disable outgoing
–only channel section. After executing a series of commands, the three sections
are [1, 7], [8, 1024] and [0, 0], respectively.

[3Com] interface serial 0/0/0


[3Com-Serial0/0/0] link-protocol x25
[3Com-Serial0/0/0] x25 vc-range in-channel 1 7 bi-channel 8 1024

x25 window-size Syntax


x25 window-size input-window-size output-window-size

undo x25 window-size

View

Interface view

Parameter

input-window-size: Size of input window. When X.25 window modulus is 8, its


value ranges from 1 to 7. When X.25 window modulus is 128, its value ranges
from 1 to 127.By default, its value is 2.

output-window-size: Size of output window. When X.25 window modulus is 8, its


value ranges from 1 to 7. When X.25 window modulus is 128, its value ranges
from 1 to 127. By default, its value is 2.

Description

Using the x25 window-size command, you can set the sizes of input and output
windows on the interface X.25. Using the undo x25 window-size command,
you can restore their default values.

This parameter in-packets determines the maximum number of correctly received


packets before X.25 sends the acknowledgement information. As long as the
bandwidth allows, the greater the window size, the higher the transmission
efficiency.

Out-packets determines the maximum number of data packets sent by X.25


before it receives the correct acknowledgment information. As long as the
bandwidth allows, the greater the window size, the higher the transmission
efficiency.
410 CHAPTER 4: LINK LAYER PROTOCOL

Please consult users' ISP about the sending and receiving window sizes. Unless
supported by the network, do not set these two parameters to different values.

For the related commands, see display interface, x25 map, x25 pvc, x25
switch pvc, x25 xot pvc, x25 fr pvc, and x25 receive-threshold.

Example

Set the receiving and sending window sizes on the X.25 interface Serial0/0/0 to 5.

[3Com-Serial0/0/0] x25 window-size 5 5

x25 x121-address Syntax


x25 x121-address x.121-address

undo x25 x121-address

View

Interface view

Parameter

x.121-address: X.121 address of an interface. It is formatted using the numerical


string from 1 to 15 bytes.

Description

Using the x25 x121-address command, you can set the X.121 address of an X.25
interface. Using the undo x25 x121-address command, you can delete the
address.

If the Router is accessed to X.25 public packet network, the ISP must assign a valid
X.121 address to it. If two Routers are only directly connected back to back, a user
can randomly specify the valid X.121 address. If you only wants the Router to
work in switching mode, the X.121 address needs not to be configured.

When you reconfigure an X.121 address for an X.25 interface, you need not
delete the original X.121 address, because the new address will overwrite the old
one. After an X.25 interface is re-configured, the original X.121 address will be
deleted. So the X.121 address must be re-configured to work properly.

Note: For the format of the X.121 address and the dynamic conversion between IP
address and X.121 address, please refer to ITU-T Recommendation X.121 and the
relative RFC document.

For the related command, see display interface.

Example

Configure the link layer protocol on the interface Serial 0/0/0 as X.25, and X.121
address as 20112451.

[3Com] interface serial 0/0/0


[3Com-Serial0/0/0] link-protocol x25
LAPB and X.25 Configuration Commands 411

[3Com-Serial0/0/0] x25 x121-address 20112451

x25 xot pvc Syntax


x25 xot pvc pvc-number1 ip-address interface type number pvc pvc-number2 [
xot-option ] [ packet-size input-packet output-packet window-size input-window-size
output-window-size ]

undo x25 pvc pvc-number1

View

Interface view

Parameter

pvc-number1: Number of PVC on the local interface, and its value ranges from 1
to 4095.

pvc-number2: Number of PVC on the peer interface, and its value ranges from 1
to 4095.

ip-address: IP address of the peer destination for connection with XOT.

interface type number: Type and number of interface, and the interface type can
only be Serial.

xot-option: Option of XOT channel parameter. For the specific configuration, see
XOT channel parameter option.

packet-size input-packet output-packet: Specifies the maximum receiving packet


length and maximum sending packet length. The length is counted in byte, which
must range from 16 to 4096 (including 16 and 4096), and must be the integer
power of 2.

window-size input-window-size output-window-size: Specifies the receiving


window and sending window sizes of the VC, which range between 1 and the
number that is 1 less than the modulus of the X.25 interface where the address
mapping exists (including 1 and modulus minus 1).

Description

Using the x25 xot pvc command, you can add a PVC route of XOT. Using the
undo x25 pvc command, you can delete the specified PVC route of XOT.

By default, no PVC route is configured.

After configuring the XOT switching command of X.25 PVC, a user can cross IP
network from the local X.25 network to implement the interconnection with the
remote X.25 network. If a user configures the keepalive attribute, the link
detection for XOT will be supported.

For the related commands, see display x25 vc and x25 switching.
412 CHAPTER 4: LINK LAYER PROTOCOL

Example

Connect PVC1 on the interface Serial0/0/0(10.1.1.1) of Router RTA with PVC2 on


the interface Serial1/0/0(10.1.1.2) of Router RTB via XOT tunnel, and then perform
packet switching.

Perform the configurations on the Router RTA.

[3Com-Serial0/0/0] ip address 10.1.1.1 255.255.255.0


[3Com-Serial0/0/0] link-protocol x25 dce ietf
[3Com-Serial0/0/0] x25 xot pvc 1 10.1.1.2 interface serial 1/0/0 pvc 2

Perform the configurations on the Router RTB.

[3Com-Serial1/0/0] ip address 10.1.1.2 255.255.255.0


[3Com-Serial0/0/0] link-protocol x25 dce ietf
[3Com-Serial1/0/0] x25 xot pvc 2 10.1.1.1 interface serial 0/0/0 pvc 1

x29 timer Syntax


inviteclear-time
x29 timer inviteclear-time seconds

View

System view

Parameter

seconds: Delay time in seconds, and its value ranges from 5 to 2147483. The delay
of waiting for response after inviting PAD clear procedure, its default value is 5.

Description

Using the x29 timer inviteclear-time command, you can set the delay of waiting
for response after inviting PAD clear procedure. After exceeding the time, the
system will forcedly exit from the PAC connection and start x.25 clear procedure.

Example

Set the parameter of X.29 to 10 seconds.

[3Com] x29 timer inviteclear-time 10


NETWORK PROTOCOL
5

IP Address
Configuration
Commands

display ip interface Syntax


display ip interface { interface-type interface-number | interface-name }

View

Any view

Parameter

interface-type: Interface type.

interface-number: Interface sequence number.

interface-name: Interface name.

Description

Using the display ip interface command, you can display the running condition
of all the interfaces.

Example
3Com<3Com> display ip interface Ethernet6/0/0

Ethernet6/0/0 current state : UP


Line protocol current state : UP
Internet Address : 5.5.5.5/8
Broadcast address : 0.0.0.0
The Maximum Transmit Unit : 1500 bytes
input packets : 1231, bytes : 57557, multicasts : 1177
output packets : 0, bytes : 0, multicasts : 0

The following information is displayed: the current physical link state of Ethernet
6/0/0 is UP, the protocol of link layer is UP, the IP address is 5.5.5.5, the broadcast
address is 0.0.0.0, the maximum transmit unit is 1500 bytes and some other
information about packets receiving/sending via this interface.

ip address Syntax
ip address ip-address net-mask [ sub ]
414 CHAPTER 5: NETWORK PROTOCOL

undo ip address [ ip-address net-mask [sub] ]

View

Interface view

Parameter

ip-address: Interface IP address, in dot delimitated decimal format.

net-mask: The mask of the corresponding subnet, in dot delimitated decimal


format.

sub: To enable communications among different subnets, the configured slave IP


address should be used.

Description

Using the ip address command, you can set an IP address for an interface. Using
the undo ip address command, you can delete an IP address of the interface.

By default, no IP address is configured.

IP address is classified into five types, and users can select proper IP subnet
according to actual conditions. Moreover, in the case that part of the host address
is composed of 0, or the entire host address is composed of 1, the address has
some special use and can not be used as an ordinary IP address.

The mask identifies the network number in an IP address.

Under normal conditions, one interface only needs to be configured with one IP
address. However, to enable one interface of a router to connect to several
subnets, one interface can be configured with several IP addresses. Among them,
one is master IP address, and others are slave IP addresses. The following is the
relationship between the master and slave IP addresses:

If a master IP address is configured while there’s already an existing master IP


address, the original one will be deleted and the newly configured will take effect.

The command undo ip address without parameters indicates to delete all the
IP addresses of the interface. The command undo ip address ip-address
net-mask indicates to delete the master IP address, and undo ip address
ip-address net-mask sub indicates to delete the slave address. All the slave
addresses must be deleted before the master IP address can be deleted.

In addition, any two IP addresses configured for all interfaces on a router cannot
be located in the same subnet.

For the related commands, see ip route-static, display ip interface, and


display interface.

Example

Configure the interface Serial 0/0/0 with the master IP address as 129.102.0.1, the
slave IP address is 202.38.160.1, and the subnet mask of both is 255.255.255.0.
IP Address Configuration Commands 415

[3Com-Serial1/0/0] ip address 129.102.0.1 255.255.255.0


[3Com-Serial1/0/0] ip address 202.38.160.1 255.255.255.0 sub

ip address Syntax
ppp-negotiate
ip address ppp-negotiate

undo ip address ppp-negotiate

View

Interface view

Parameter

None

Description

Using the ip address ppp-negotiate command, you can allow IP address to be


assigned through negotiation at the interface. Using the undo ip address
ppp-negotiate command, you can disable this function.

By default, no interface ip address negotiation is allowed.

As PPP supports IP address negotiation, only when the interface is encapsulated


with the link-layer protocol PPP, can the IP address negotiation at this interface be
configured.

Normally, it is not necessary to configure ip address negotiation. Only in some


special circumstances such as, accessing Internet through the ISP, the IP addresses
of the interface that are connected with the ISP are allocated by the ISP through
negotiation.

When IP address negotiation for the interface is configured, it is not necessary to


configure the IP address manually for this interface.

Example

Display how to set IP address of interface Serial 0/0/0 to be allocated by peer


through negotiation.

[3Com-Serial0/0/0] ip address ppp-negotiate

ip address unnumbered Syntax


ip address unnumbered { interface interface-type interface-number | interface-name }

undo ip address unnumbered

View

Interface view

Parameter

interface-type: Name of the unnumbered interface.


416 CHAPTER 5: NETWORK PROTOCOL

interface-number: Serial number of the unnumbered interface.

interface-name: Interface name of the unnumbered interface.

Description

Using the ip address unnumbered command, you can enable an interface to


borrow the IP address of another interface. Using the undo ip address
unnumbered command, you can disable this function on the interface.

By default, an interface does not borrow IP addresses from other interfaces.

This command is used to enable serial interfaces encapsulated with PPP, HDLC,
Frame Relay, SLIP and Tunnel to borrow the IP addresses from the Ethernet
interface or other interfaces.

Example

Display how to make the serial interface 0/0/0 encapsulated with PPP borrow the
unnumbered IP address from Ethernet interface 0/0/0.

[3Com-Serial0/0/0] ip address unnumbered Ethernet 0/0/0

remote address Syntax


remote address { ip-address | pool [ pool-number ] }

undo remote address

View

Interface view

Parameter

ip-address: IP address.

pool-number: Address pool number, i.e., assigning one address in the


pool-number to the peer interface. It is a number ranging 0 to 99 with the default
value as 0.

Description

Using the remote address command, you can configure to assign IP address for
the peer interface. Using the undo remote address command, you can disable
the IP address assigned for the peer interface.

By default, the interface does not assign address for the peer interface.

When an interface is encapsulated with PPP, but not configured with IP address,
perform the following task to configure the negotiable attribute of IP address for
this interface (configuring the ip address ppp-negotiate command on local
router while configuring the remote address command on the peer router), so that
the local interface can accept the IP address originated from PPP negotiation. This
IP address is assigned by the opposite end. This configuration is mainly used to
obtain IP address assigned by ISP when accessing Internet via ISP.
ARP Configuration Commands 417

For the related command, see ip address ppp-negotiate.

Example

The serial interface encapsulated with PPP assigns an IP address 10.0.0.1 for the
peer.

[3Com-Serial0/0/0] remote address 10.0.0.1

ARP Configuration
Commands

arp static Syntax


arp static ip-address ethernet-address [ vpn-instance-name ]

undo arp ip-address [ vpn-instance-name ]

View

System view

Parameter

ip-address: IP addresses of the ARP mapping entries in dot deliminated decimal


format.

ethernet-address: Ethernet MAC address of ARP mapping entries. Its format is


H-H-H, in which H is a hexadecimal number with 1 to 4 bits.

vpn-instance-name: The name of VPN instance.

Description

Using the arp static command, you can configure ARP mapping table. And using
the undo arp command, you can delete mapping items corresponding to some
addresses in the ARP mapping table.

By default, the mapping table of the system ARP is empty and the address
mapping can be obtained through dynamic ARP.

Normally, ARP mapping table is maintained by dynamic ARP, only in special


circumstances is manual configuration needed. Besides, ARP mapping table is
used for LAN only, WAN address resolution is accomplished in a different way, for
instance the inverse address resolution of frame relay.

For the related commands, see arp static and display arp.

Example

Configure the Ethernet MAC address e0-fc01-0 corresponding to the IP address


129.102.0.1.

[3Com] arp static 129.102.0.1 e0-fc01-0


418 CHAPTER 5: NETWORK PROTOCOL

Configure the Ethernet MAC address aa-fcc-12 corresponding to the IP address


11.0.0.1.

[3Com] arp static 11.0.0.1 aa-fcc-12

arp check enable Syntax


arp check enable
undo arp check enable

View
System view
Parameter
None

Description
Using the arp check enable command, you can enable ARP entry check to have
the device not learn the ARP entries with broadcast MAC addresses. Using the
undo arp check enable command, you can disable ARP entry check to have the
system learn the ARP entries with broadcast MAC addresses.
By default, ARP entry check is enabled. The device does not learn the ARP entries
with broadcast MAC addresses.

Example
Enable ARP entry check.
[Router] arp check enable

debugging arp packet Syntax


debugging arp packet

undo debugging arp packet

View

User view

Parameter

None

Description

Using the debugging arp packet command, you can enable ARP packets
debugging; and using the undo debugging arp packet command, you can
disable the function.

Example

Enable ARP packets debugging.

<3Com> debugging arp packet


ARP Configuration Commands 419

display arp Syntax


display arp [ static | dynamic | all ]

View

Any view

Parameter

static: Indicates to show the static ARP entries.

dynamic: Indicates to show the dynamic ARP entries.

all: Indicates to show all ARP entries.

Description

Using the display arp command, you can view the ARP mapping table.

By default, all the ARP entries of the RSU are displayed.

For the related commands, see arp static and reset arp.

Example

Display all static ARP entries.

<3Com> display arp static


IP Address MAC AddressType Vrf NameInterface
129.102.0.100e0-fc01-0000S
10.110.28.4400e0-fc07-5b2bIEth0/0

reset arp Syntax


reset arp [ all | dynamic | static | interface { interface-type interface-number |
interface-name } ]

View

User view

Parameter

static: Indicates to clear the static ARP entries.

dynamic: Indicates to clear the dynamic ARP entries.

all: Indicates to clear all ARP entries.

interface: Indicates the selected interface.

interface-type: Interface type.

interface-number: Interface sequence number.

interface-name: Interface name.


420 CHAPTER 5: NETWORK PROTOCOL

Description

Using the reset arp command, you can clear the ARP entries in the ARP mapping
table.

By default, if slot-number is not specified, the operation will be performed upon


RSU board.

When operation is performed to the interface with specified interface, the


interface type can only be Ethernet, GE or virtual Ethernet and only the dynamic
entries can be deleted on the interface.

For the related commands, see arp static and display arp.

Example

The following example shows how to delete the dynamic entries in the ARP
mapping table on Ethernet 0/0/0.

arp-proxy enable Syntax


arp-proxy enable
undo arp-proxy enable

View
Ethernet interface view

Parameter
None

Description

Using the arp-proxy enable command, you can enable proxy ARP on an interface.
Using the undo arp-proxy enable command, you can disable proxy arp on the
interface.

By default, the proxy ARP is disabled.

This command is applied on Ethernet interface. As for the hosts in the same hop
but on different physical networks, the proxy ARP function hides the fact that the
physical network are separated, and makes the user feel like he is on the same and
one physical network.

Example
Enable proxy ARP at Ethernet 0/0/0.
[Router-Ethernet0/0/0]arp-proxy enable
Static Domain Name Resolution 421

Static Domain Name


Resolution

display ip host Syntax


display ip host

View

Any view

Parameter

None

Description

Using the display ip host command, you can display all the host names and their
corresponding IP addresses.

Example

Display all the host names and their corresponding IP addresses.

<3Com> display ip host


Host Age Flags Address(es)
eth 0 static 6.1.1.1
3Com 0 static 1.1.1.1

ip host Syntax
ip host hostname ip-address

undo ip host hostname [ ip-address ]

View

System view

Parameter

hostname: The name of a host, a character string with its length from 1 to 20.

ip-address: The IP address corresponding to a host name, whose format can be


A.B.C.D

Description

Using the ip host command, you can configure the IP address corresponding to a
host name; while using the undo ip host command, you can remove the IP
address corresponding to a host name.

By default, the static domain name table is empty, i.e. there’s no host name and IP
address pair.
422 CHAPTER 5: NETWORK PROTOCOL

Example

Configure the IP address corresponding to the host name router1 as 10.110.0.1.

[3Com] ip host router1 10.110.0.1

Configure the IP address corresponding to the host name router2 as 10.110.0.2.

[3Com] ip host router2 10.110.0.2

Configure to assign the IP address 10.110.0.3 to the host name router3.

[3Com] ip host router3 10.110.0.3

Remove the IP address 10.110.0.2 corresponding to the host name router2.

[3Com] undo ip host router2 10.110.0.2

DNS Client
Configuration
Commands

dns resolve Syntax


dns resolve
undo dns resolve

View
System view

Parameter
None

Description
Using the dns resolve command, you can enable DNS resolving. Using the undo
dns resolve command, you can disable DNS resolving.
By default, DNS resolving is disabled.

Example
Enable DNS resolving.
[Router] dns resolve

dns server Syntax


dns server ip-address
undo dns server [ip-address]

View
System view
DNS Client Configuration Commands 423

Parameter
ip-address: IP address of a DNS server.

Description
Using the dns server command, you can configure IP address of a DNS server.
Using the undo dns server command, you can delete IP address of a DNS server.

Example
Configure IP address of a DNS server.
[Router] dns server 10.110.66.1
Delete IP address of a specified DNS server.
[Router] undo dns server 10.110.66.1
Delete IP addresses of all the DNS servers.
[Router] undo dns server

dns domain Syntax


dns domain domain-name
undo dns domain [domain-name]

View
System view

Parameter
domain-name: DNS domain name.

Description
Using the dns domain command, you can configure a DNS domain name. Using
the undo dns domain command, you can delete one or all DNS domain names.

Example
Configure a DNS domain name.
[Router] dns domain huawei-3com.com
Delete a specified DNS domain name.
[Router] undo dns domain huawei-3com.com
Delete all the DNS domain names.
[Router] undo dns domain

display dns domain Syntax


display dns domain [dynamic]

View
Any view

Parameter
dynamic: displays DNS domain names that are dynamically obtained through
DHCP or by other means.

Description
Using the display dns domain command, you can view the DNS domain names
that are manually configured. Using the display dns domain dynamic command,
424 CHAPTER 5: NETWORK PROTOCOL

you can view the DNS domain names that are dynamically obtained through DHCP
or other protocols.

Example
Display the DNS domain names that are manually configured.
[Router] display dns domain
No Domain-name
0 3com.com

Display the DNS domain names that are dynamically obtained.

[Router]display dns domain dynamic


No Domain-name
0 3com.com

display dns server Syntax


display dns server [dynamic]

View
Any view

Parameter
dynamic: displays DNS server addresses that are dynamically obtained through
DHCP or other protocols.

Description
Using the display dns server command, you can view the DNS server addresses
manually configured. Using the display dns server dynamic command, you can
view the DNS server addresses that are dynamically obtained through DHCP or
other protocols.

Example
Display the DNS server addresses that are dynamically obtained.
[Router]display dns server dynamic
Domain-server IpAddress
0 10.72.66.36

Display the DNS server addresses that are manually configured.

[Router]display dns server


Domain-server IpAddress
0 10.72.74.5

display dns Syntax


dynamic-host display dns dynamic-host

View
Any view

Parameter
None
DNS Client Configuration Commands 425

Description
Using the display dns dynamic-host command, you can view the current contents
in the domain name cache of the DNS client.
The DNS client retains the result of each successful domain name resolution in its
cache. If it receives the same resolving request later, it first looks up the cache for a
match. And if no match is found, it sends a domain name resolving request to the
DNS server. You can use this command to view the current contents in the buffer.

Example
Display the current contents in the domain name cache of the DNS client.
[Router]display dns dynamic-host
No Domain-name Ipaddress TTL Alias
0 www.baidu.com 202.108.249.134 63000
1 www.yahoo.akadns.net 66.94.230.39 24
2 www.hotmail.com 207.68.172.239 3585
3 www.eyou.com 61.136.62.70 3591

reset dns dynamic-host Syntax


reset dns dynamic-host

View
User view

Parameter
None

Description
Using the reset dns dynamic-host command, you can clear the current contents in
the domain name cache of the DNS client.

Example
Clear the current contents in the domain name cache of the DNS client.
[Router]reset dns dynamic-host

debugging dns Syntax


debugging dns
undo debugging dns

View
User view

Parameter
None

Description
Using the debugging dns command, you can enable DNS client debugging. Using
the undo debugging dns command, you can disable DNS client debugging.
By default, DNS client debugging is disabled.
426 CHAPTER 5: NETWORK PROTOCOL

Example
Enable DNS client debugging.
<Router>debugging dns
<Router>undo debugging dns

DHCP Public
Configuration
Commands

dhcp enable Syntax


dhcp enable

undo dhcp enable

View

System view

Parameter

None

Description

Using the dhcp enable command, you can enable DHCP services. Using the undo
dhcp enable command, you can disable DHCP services.

By default, DHCP services are enabled.

Before you can configure DHCP, you must enable DHCP services. This
configuration is essential to both DHCP server and DHCP relay.

Example

Enable DHCP services on current router.

[3Com] dhcp enable

dhcp select (in Interface Syntax


View)
dhcp select { global | interface | relay }

undo dhcp select

View

Interface view

Parameter

global: The address DHCP client gets is the one selected by the local DHCP server
from a global address pool upon the receipt of the DHCP request from the client.
DHCP Public Configuration Commands 427

interface: The address DHCP client gets is the one selected by the local DHCP
server from an interface address pool upon the receipt of the DHCP request from
the client.

relay: The address DHCP client gets is allocated by an external DHCP server.

Description

Using the dhcp select command in interface view, you can select a method for
disposing the DHCP packets destined to the local device. Using the undo dhcp
select command in interface view, you can restore the default setting.

By default, DHCP packets destined to the local device will be sent to the internal
server and the clients sending them will be allocated with addresses selected from
a global address pool (in global approach).

For the related command, see dhcp select (in system view).

Example

Allocate addresses selected from an interface address pool on the internal DHCP
server to the clients sending DHCP packets destined to the local device.

[3Com-Ethernet1/0/0] dhcp select interface

dhcp select (in System Syntax


View)
dhcp select { global | interface | relay } { interface ethernet-subinterface-range | all }

undo dhcp select { interface ethernet-subinterface-range | all }

View

System view

Parameter

global: The address DHCP client gets is the one selected by the local DHCP server
from a global address pool upon the receipt of the DHCP request from the client.

interface: The address DHCP client gets is the one selected by the local DHCP
server from an interface address pool upon the receipt of the DHCP request from
the client.

relay: The address DHCP client gets is allocated by an external DHCP server.

ethernet-subinterface-range: Includes all the subinterfaces between two


subinterfaces (including these two subinterfaces) by inserting the keyword “to”
between these two interfaces.

all: All the interfaces.

Description

Using the dhcp select command in system view, you can select a method for
multiple interfaces in a specified range to dispose the DHCP packets destined to
428 CHAPTER 5: NETWORK PROTOCOL

the local device. Using the undo dhcp select command in system view, you can
restore the default setting.

By default, DHCP packets destined to the local device will be sent to the internal
server and the clients sending them will be allocated with addresses selected from
a global address pool (in global approach).

For the related command, see dhcp select (in interface view).

Example

Configure the interfaces in the range of Ethernet2/0/0.1 to Ethernet2/0/0.5 to


allocate addresses selected from an interface address pool maintained by the
internal server to the clients sending DHCP packets destined to the local device.

[3Com] dhcp select interface interface ethernet 2/0/0.1 to ethernet 2/0/0.5

dhcp server detect Syntax


dhcp server detect
undo dhcp server detect

View
Interface view

Parameter
None

Description
Using the dhcp server detect command, you can enable pseudo-DHCP-server
detection. Using the undo dhcp server detect command, you can disable the
function.
By default, pseudo-DHCP-server detection is disabled.

Example
Enable pseudo DHCP server detection on the interface Ethernet 2/0/0.
[3Com-Ethernet2/0/0] dhcp server detect

DHCP Server
Configuration
Commands

debugging dhcp server Syntax


debugging dhcp server { all | error | events | packets }
undo debugging dhcp server { all | error | events | packets }

View
User view
DHCP Server Configuration Commands 429

Parameter

all: All debugging functions of DHCP server.

error: Error debugging on the DHCP server, specifically, the debugging on the
errors that occur when the DHCP server processes DHCP packets, allocates
addresses, etc.

events: Event debugging on the DHCP server, specifically, the debugging on the
events such as address allocation, ping detection timeout, etc.

packet: DHCP packet debugging, specifically, the debugging on the packets that
the DHCP server has received and sent and on the ping packets sent for the
purpose of detection and the received response packets.

Description
Using the debugging dhcp server command, you can enable debugging on the
DHCP server. Using the undo debugging dhcp server command, you can
disable debugging.
By default, debugging is disabled on the DHCP server.

Example
Enable event debugging on the DHCP server.
<3Com> debugging dhcp server events
*0.62496500-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: ICMP Timeout
*0.62496583-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Still Need to ICMP detect for 1 times
*0.62497000-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: ICMP Timeout
*0.62497083-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: All Try finished
*0.62497166-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Ack User's Lease

Enable packet debugging on the DHCP server.

<3Com> debugging dhcp server packet


*0.62080906-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: receive DHCPRELEASE from 00.05.5D.85.D5.45.
*0.62081016-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Release Lease for MAC 00.05.5D.85.D5.45. IP is 5.5.5.2
*0.62082240-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: receive DHCPDISCOVER from 00.05.5D.85.D5.45.
*0.62082350-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Sending ICMP ECHO to Target IP: 5.5.5.2
*0.62082733-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Sending ICMP ECHO to Target IP: 5.5.5.2
*0.62083233-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Send DHCPOFFER to MAC=> 00.05.5D.85.D5.45. Offer IP=> 5.5.5.2
*0.62083366-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: receive DHCPREQUEST from 00.05.5D.85.D5.45.
*0.62083483-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Send DHCPACK to MAC=> 00.05.5D.85.D5.45. Offer IP=> 5.5.5.2
430 CHAPTER 5: NETWORK PROTOCOL

Enable error debugging on the DHCP server.

<3Com> debugging dhcp server error


*0.63269475-DHCP SER-8-DHCPS_DEBUG_COMMON:
DhcpServer: Icmp Packet is not EHHOREPLY!

dhcp server dns-list (in Syntax


Interface View) dhcp server dns-list ip-address [ ip-address ]
undo dhcp server dns-list { ip-address | all }

View
Interface view

Parameter

ip-address: IP address of DNS. You can configure up to eight IP addresses


separated by spaces in a command.

Description
Using the dhcp server dns-list command in interface view, you can configure
DNS IP addresses for an interface configured with a DHCP address pool. Using the
undo dns-list command in interface view, you can delete the configuration.
By default, no DNS address is configured.
By far, only up to eight DNS server addresses can be set in each DHCP address
pool.
For the related commands, see dhcp server dns-list (in system view), dhcp
server ip-pool, and dns-list.

Example
Configure the DNS server address 1.1.1.254 for the DHCP address pool of the
interface Ethernet1/0/0.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server dns-list 1.1.1.254

dhcp server dns-list (in Syntax


System View) dhcp server dns-list ip-address [ ip-address ] { interface ethernet-subinterface-range |
all }
undo dhcp server dns-list { ip-address | all } { interface ethernet-subinterface-range | all }

View

System view

Parameter

ip-address: IP address of DNS. You can configure up to eight IP addresses


separated by spaces in a command.

ethernet-subinterface-range: Includes any the subinterfaces whose interface


number lies between the two given subinterface number (including these two
DHCP Server Configuration Commands 431

subinterfaces) by inserting the keyword “to” between these two interface


numbers.

all: In the undo form of the command, the first “all” refers to all the Gateway
(GW) addresses and the second, all the interfaces.

Description
Using the dhcp server dns-list command in system view, you can assign DNS IP
addresses to the DHCP address pool of multiple interfaces in a specified range.
Using the undo dns-list command in system view, you can delete the
configuration.
By default, no DNS address is configured.
Only up to eight DNS server addresses, by far, can be set in each DHCP address
pool.
For the related commands, see dhcp server dns-list (in interface view), dhcp
server ip-pool, and dns-list.

Example
Assign the DNS server address 1.1.1.254 to the DHCP address pool of the
interfaces in the range of Ethernet1/0/0.0 to Ethernet2/0/0.5.
[3Com] dhcp server dns-list 1.1.1.254 interface ethernet 2/0/0.0 to ethernet 2/0/0.5

dhcp server Syntax


domain-name (in dhcp server domain-name domain-name
Interface View)
undo dhcp server domain-name domain-name

View
Interface view

Parameter

domain-name: Domain name that the DHCP server allocates to clients, which is a
string comprising at least three characters and at most 50 characters.

Description
Using the dhcp server domain-name command in interface view, you can
configure the domain name that the DHCP address pool of the current interface
allocates to clients. Using the undo dhcp server domain-name command in
interface view, you can delete the configured domain name.
By default, no domain name has been allocated to DHCP clients and domain name
is null.
For the related commands, see dhcp server ip-pool, dhcp server domain-name
(in system view), and domain-name.

Example

Configure the domain name eth1_0_0.com.cn in an interface DHCP address pool.

[3Com] interface ethernet 1/0/0


[3Com-Ethernet 1/0/0] dhcp server domain-name eth1_0_0.com.cn
432 CHAPTER 5: NETWORK PROTOCOL

dhcp server Syntax


domain-name (in System dhcp server domain-name domain-name { interface ethernet-subinterface-range | all }
View)
undo dhcp server domain-name domain-name { interface ethernet-subinterface-range |
all }

View
System view

Parameter

domain-name: Domain name that the DHCP server allocates to clients, which is a
string comprising 3 to 50 characters.

ethernet-subinterface-range: Includes any the subinterfaces whose interface


number lies between two subinterface numbers (including these two
subinterfaces) by inserting the keyword “to” between these two interface
numbers.

all: All the interfaces.

Description
Using the dhcp server domain-name command in system view, you can
configure the domain name that the DHCP address pool of the interfaces in a
specified range allocates to DHCP clients. Using the undo dhcp server
domain-name command in system view, you can delete the configured domain
name.
By default, no domain name is configured for clients.
After configuring this command you cannot view the configuration of the
command by executing the display current-configuration command. By
executing the dhcp server domain-name command respectively on the specified
interfaces, you can fulfill the batch configurations of the command.
For the related command, see dhcp server ip-pool.

Example
Configure eth2_1_5.com.cn as the domain name in the interface DHCP address
pool of the interfaces Ethernet2/0/0.1 through Ethernet2/0/0.5.
[3Com] dhcp server domain-name eth1_0_0.com.cn interface ethernet 2/0/0.1 to
ethernet 2/0/0.5

dhcp server expired (in Syntax


Interface View) dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
undo dhcp server expired

View
Interface view

Parameter

day day: Number of days in the range of 0 to 365.

hour hour: Number of hours in the range of 0 to 23.


DHCP Server Configuration Commands 433

minute minute: Number of hours in the range of 0 to 59.

unlimited: The valid period is unlimited.

Description
Using the dhcp server expired command in interface view, you can configure a
valid period allowed for leasing IP addresses in the current interface DHCP address
pool. Using the undo dhcp server expired command in interface view, you can
restore the default setting.
By default, the leasing valid period is one day.
For the related commands, see dhcp server ip-pool, dhcp server expired (in
system view), and expired.

Example
Set the valid period for leasing IP addresses in the interface address pool
maintained by Ethernet1/0/0 to unlimited.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server expired unlimited

dhcp server expired (in Syntax


System View) dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited } { interface
ethernet-subinterface-range | all }
undo dhcp server expired { interface ethernet-subinterface-range | all }

View
System view

Parameter

day day: Number of days in the range of 0 to 365.

hour hour: Number of hours in the range of 0 to 23.

minute minute: Number of hours in the range of 0 to 59.

unlimited: The valid period is unlimited.

ethernet-subinterface-range: Includes any the subinterfaces whose interface


number lies between two subinterface numbers (including these two
subinterfaces) by inserting the keyword “to” between these two interface
numbers.

all: All the interfaces.

Description
Using the dhcp server expired command in system view, you can configure a
valid period allowed for leasing IP addresses in the interface DHCP address pool of
the interfaces in a specified range. Using the undo dhcp server expired
command in system view, you can restore the default setting.
By default, the leasing valid period is one day.
434 CHAPTER 5: NETWORK PROTOCOL

After configuring this command, you cannot view the configuration by executing
the display current-configuration command. By calling the dhcp server
expired command respectively on the specified interfaces, you can fulfill the
batch configurations of the command.
For the related commands, see dhcp server ip-pool, dhcp server expired (in
interface view), and expired.

Example
Set the valid period for leasing IP addresses in the interface address pool of the
interfaces in the range of Ethernet2/0/0.1 to Ethernet2/0/0.5 to unlimited.
[3Com] dhcp server expired unlimited interface ethernet 2/0/0.1 to ethernet 2/0/0.5

dhcp server forbidden-ip Syntax


dhcp server forbidden-ip low-ip-address [ high-ip-address ]
undo dhcp server forbidden-ip low-ip-address [ high-ip-address ]

View
System view

Parameter

low-ip-address: The low IP address that does not participate in the auto-allocation.

high-ip-address: The high IP address that does not participate in the


auto-allocation. It must belong to the same segment to which the low-ip-address
belongs as well and must not be smaller than the low-ip-address. If this parameter
is not specified, there will be only one IP address, i.e., low-ip-address.

Description
Using the dhcp server forbidden-ip command, you can exclude IP addresses in a
specified range to participate in the auto-allocation. Using the undo dhcp server
forbidden-ip command, you can delete the configuration.
By default, all the IP addresses in address pools participate in the auto-allocation.
You can configure multiple IP address ranges that do not participate in the
auto-allocation. Before using the undo dhcp server forbidden-ip command to
delete the setting, you must make sure that you are using exactly the same
parameters that you have configured. In other words, you cannot delete only
some addresses from the configured range.
For the related commands, see dhcp server ip-pool, network, and static-bind
ip-address.

Example
Reserve the IP addresses in the range of 10.110.1.1 to 10.110.1.63 so that these
addresses will not participate in the address auto-allocation.
[3Com] dhcp server forbidden-ip 10.110.1.1 10.110.1.63

dhcp server ip-pool Syntax


dhcp server ip-pool pool-name
DHCP Server Configuration Commands 435

undo dhcp server ip-pool pool-name

View
System view

Parameter
pool-name: Address pool name uniquely identifying an address pool, which is a
string comprising at least one character and 35 characters at most.

Description
Using the dhcp server ip-pool command, you can create a DHCP address pool
and access the DHCP address pool view. Using the undo dhcp server ip-pool
command, you can delete the specified address pool.
By default, no DHCP address pool is created.
If the specified address pool has existed, executing the dhcp server ip-pool
command will directly access the DHCP address pool view. If the address pool does
not exist, the DHCP server will create it before accessing the DHCP address pool
view. Each DHCP server is allowed to configure multiple address pools, but no
more than 50.
For the related commands, see dhcp enable, expired, and network.

Example
Create DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0]

dhcp server nbns-list (in Syntax


Interface View) dhcp server nbns-list ip-address [ ip-address ]
undo dhcp server nbns-list { ip-address | all }

View
Interface view

Parameter

ip-address: IP address of NetBIOS server. You can configure up to eight IP


addresses separated by spaces in a command.

all: All the NetBIOS server IP addresses.

Description
Using the dhcp server nbns-list command in interface view, you can configure
NetBIOS server addresses in the DHCP address pool of current interface. Using the
undo dns-list command in interface view, you can delete the configuration.
By default, no NetBIOS address is configured.
By far, only up to eight NetBIOS addresses can be configured in each DHCP
address pool.
For the related commands, see dhcp server ip-pool, dhcp server nbns-list (in
system view), nbns-list, and netbios-type.
436 CHAPTER 5: NETWORK PROTOCOL

Example
In the DHCP address pool of Ethernet1/0/0, allocate the NetBIOS server at
10.12.1.99 to the clients.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server nbns-list 10.12.1.99

dhcp server nbns-list (in Syntax


System View) dhcp server nbns-list ip-address [ ip-address ] { interface ethernet-subinterface-range |
all }
undo dhcp server nbns-list { ip-address | all } { interface ethernet-subinterface-range | all
}

View
System view

Parameter

ip-address: IP address of NetBIOS server. You can configure up to eight IP


addresses separated by spaces in a command.

all: In the undo form of the command, the first “all” refers to all the NetBIOS
server addresses and the second, all the interfaces.

ethernet-subinterface-range: Includes any the subinterfaces whose interface


number lies between two subinterface numbers (including these two
subinterfaces) by inserting the keyword “to” between these two interface
numbers.

Description
Using the dhcp server nbns-list command in system view, you can configure
NetBIOS server addresses for the clients that get ip address from the DHCP address
pool of the interfaces in a specified range. Using the undo dhcp server nbns-list
command in system view, you can delete the configuration.
By default, no NetBIOS address is configured.
By far, only up to eight NetBIOS addresses can be configured in each DHCP
address pool.
After configuring this command, you cannot view the configuration by executing
the display current-configuration command. By calling the dhcp server
nbns-list command respectively on the specified interfaces, you can fulfill the
batch configurations of the command.
For the related commands, see dhcp server ip-pool, dhcp server nbns-list (in
interface view), nbns-list, and netbios-type.

Example
In the DHCP address pool of interfaces in the range of Ethernet2/0/0.1 to
Ethernet2/0/0.5, assign the NetBIOS server at 10.12.1.99 to the clients.
[3Com] dhcp server nbns-list 10.12.1.99 interface ethernet 2/0/0.1 to ethernet 2/0/0.5
DHCP Server Configuration Commands 437

dhcp server netbios-type Syntax


(in Interface View) dhcp server netbios-type { b-node | h-node | m-node | p-node }
undo dhcp server netbios-type

View
Interface view

Parameter

b-node: Broadcast mode, i.e., hostname-IP maps are obtained by means of


broadcast.

p-node: Peer-to-peer mode, i.e., maps are obtained by means of communicating


with the NetBIOS server.

m-node: Mixed (m) mode, i.e., the mode of type b nodes running “peer-to-peer”
communications mechanism.

h-node: Hybrid (h) mode, i.e., the mode of type p nodes possessing some of the
broadcast features.

Description
Using the dhcp server netbios-type command in interface view, you can
configure the NetBIOS node type of the DHCP clients of the current interface.
Using the undo dhcp server netbios-type command in interface view, you can
restore the default setting.
By default, clients adopt type h node (h-node).
Hostname-IP maps are required in the event that DHCP clients use the NetBIOS
protocol on a WAN.
For the related commands, see dhcp server ip-pool, netbios-type, dhcp server
netbios-type (in system view), and nbns-list.

Example
In the DHCP address pool of Ethernet1/0/0, set the NetBIOS node type of its clients
to p-node.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server netbios-type p-node

dhcp server netbios-type Syntax


(in System View) dhcp server netbios-type { b-node | h-node | m-node | p-node } { interface
ethernet-subinterface-range | all }
undo dhcp server netbios-type { interface ethernet-subinterface-range | all }

View
System view

Parameter

b-node: Broadcast mode, i.e., hostname-IP maps are obtained by means of


broadcast.
438 CHAPTER 5: NETWORK PROTOCOL

p-node: Peer-to-peer mode, i.e., maps are obtained by means of communicating


with the NetBIOS server.

m-node: Mixed (m) mode, i.e., the mode of type b nodes running “peer-to-peer”
communications mechanism.

h-node: Hybrid (h) mode, i.e., the mode of type p nodes possessing some of the
broadcast features.

ethernet-subinterface-range: Includes all the subinterfaces between two


subinterfaces (including these two subinterfaces) by inserting the keyword “to”
between these two interfaces.

all: All the interfaces.

Description
Using the dhcp server netbios-type command in system view, you can configure
a NetBIOS node type for the DHCP clients of the interfaces in a specified range.
Using the undo dhcp server netbios-type command in system view, you can
restore the default setting.
By default, clients adopt type h node (h-node).
Hostname-IP maps are required in the event that DHCP clients use the NetBIOS
protocol on a WAN.
After configuring this command, you cannot view the configuration by executing
the display current-configuration command. By calling dhcp server
netbios-type respectively on the specified interfaces, you can fulfill the batch
configurations of the command.
For the related commands, see dhcp server ip-pool, netbios-type, dhcp server
netbios-type, and nbns-list.

Example
In the DHCP address pool of interfaces in the range of Ethernet2/0/0.1 to
Ethernet2/0/0.5, set the NetBIOS node type of clients to p-node.
[3Com] dhcp server netbios-type p-node interface ethernet 2/0/0.1 to ethernet 2/0/0.5

dhcp server option (in Syntax


Interface View) dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address }
undo dhcp server option code

View
Interface view

Parameter

code: Option value that needs to be assigned by the user.

ascii ascii-string: ASCII string.

hex hex-string: 2-digit or 4-digit hexadecimal string, such as hh or hhhh.

ip-address ip-address: IP address.


DHCP Server Configuration Commands 439

Description
Using the dhcp server option command in interface view, you can configure a
DHCP self-defined option for the DHCP address pool of the current interface.
Using the undo dhcp server option command in interface view, you can delete
the configuration.
For the related commands, see option and dhcp server option (in system
view).

Example
Define the hexadecimal strings of the option code 100 to 0x11 and 0x22 for the
DHCP address pool of the interface Ethernet1/0/0.
[3Com] interface ethernet 1/0/0
[3Com-Ethernet 1/0/0] dhcp server option 100 hex 11 22

dhcp server option (in Syntax


System View) dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address } {
interface ethernet-subinterface-range | all }
undo dhcp server option code { interface ethernet-subinterface-range | all }

View
System view

Parameter

code: Option value that needs to be assigned by the user.

ascii ascii-string: ASCII string.

hex hex-string: 2-digit or 4-digit hexadecimal string, such as hh or hhhh.

ip-address ip-address: IP address.

ethernet-subinterface-range: Includes all the subinterfaces between two


subinterfaces (including these two subinterfaces) by inserting the keyword “to”
between these two interfaces.

all: All the interfaces.

Description
Using the dhcp server option command in system view, you can configure a
DHCP self-defined option for the interfaces in a specified range. Using the undo
dhcp server option command in system view, you can delete the configuration.
After configuring this command, you cannot view the configuration by executing
the display current-configuration command. By calling dhcp server option
respectively on the specified interfaces, you can fulfill the batch configurations of
the command.
For the related commands, see dhcp server option (in interface view) and
option.
440 CHAPTER 5: NETWORK PROTOCOL

Example
Define the hexadecimal strings of the option code 100 to 0x11 and 0x22 for the
interface DHCP address pool of the interfaces in the range of Ethernet2/0/0.1 to
Ethernet2/0/0.5.
[3Com] dhcp server option 100 hex 11 22 interface ethernet 2/0/0.1 to ethernet 2/0/0.5

dhcp server ping Syntax


dhcp server ping { packets number | timeout milliseconds }
undo dhcp server ping { packets | timeout }

View
System view

Parameter

packets number: The maximum number of ping packets allowed to be sent, which
is in the range of 0 to 10 and defaults to 2, with 0 indicating that no ping
operation will be performed.

timeout milliseconds: The longest time period that the DHCP server waits for the
response to each ping packet, which is in the range of 0 to 10000 milliseconds
and defaults to 500 milliseconds.

Description
Using the dhcp server ping command, you can configure the maximum number
of ping packets that the DHCP server is allowed to send and the longest time
period that the DHCP server should wait for the response to each ping packet.
Using the undo dhcp server ping command, you can restore the default
settings.
To prevent the address collision resulted from repeated IP address allocation, DHCP
server sends ping packets to detect that an address is available.

Example
Allow the DHCP server to send up to ten ping packets and wait 500 milliseconds
(the default setting) for the response to each packet.
[3Com] dhcp server ping packets 10

dhcp server static-bind Syntax


dhcp server static-bind ip-address ip-address mac-address mac-address
undo dhcp server static-bind { ip-address ip-address | mac-address mac-address }

View
Interface view

Parameter

ip-address: Statically bound IP address. It must be a valid IP address selected from


the current interface address pool.

mac-address: Statically bound MAC address.


DHCP Server Configuration Commands 441

Description

Using the dhcp server static-bind command, you can configure a static address
binding in the DHCP address pool of the current interface. Using the undo dhcp
server static-bind command, you can delete the configuration.

By default, static address binding is not configured in any interface address pool.

In all the static address binding operations performed on an interface, the IP


addresses and the MAC addresses must be unique.

Example
Statically bind the MAC address 0000-e03f-0305 with the IP address 10.1.1.1.
[3Com-Ethernet1/0/0] dhcp server static-bind 10.1.1.1 0000-e03f-0305

display dhcp server Syntax


conflict display dhcp server conflict [ ip ip-address | all ]

View
Any view

Parameter

ip-address: A specified IP address.

all: All the IP addresses.

Description
Using the display dhcp server conflict command, you can view the DHCP
address conflict statistics, including the information in conflicted IP address,
conflict detection type, conflict time, etc.
If no optional parameter has been specified, the information displayed will depend
on the current view:
■ In Ethernet interface view, the information displayed is concerned with the
address pool of the current interface.
■ In any other views, the information displayed is concerned with all the
address pools.

For the related command, see reset dhcp server conflict.

Example
View the DHCP address conflict statistics.
<3Com> display dhcp server conflict
Address Discover Time
10.110.1.2 Jan 11 2003 11:57: 7 PM
Table 1 Description of the information displayed by executing display dhcp server conflict

Major item Description


Address The conflicted IP address
Discover Time Time when the conflict is discovered
442 CHAPTER 5: NETWORK PROTOCOL

display dhcp server Syntax


expired display dhcp server expired [ ip ip-address | pool [ pool-name ] | interface [
interface-name ] all ]

View
Any view

Parameter

ip-address: A specified IP address.

pool-name: Name of a global address pool. All the global address pools will apply
if no address pool has been specified.

interface-name: Interface address pool. All the interface address pools will apply if
no interface has been specified.

all: All the IP addresses.

Description
Using the display dhcp server expired command, you can view the expired
address leases in a DHCP address pool. In certain conditions, the addresses of the
expired leases will be allocated to other DHCP clients.

Example
View the expired leases in DHCP address pools.
<3Com> display dhcp server expired all
Global pool:
IP address Hardware address Lease expiration Type
Interface pool:
IP address Hardware address Lease expiration Type
DHCP Server Configuration Commands 443

Table 2 Description of the information displayed by executing display dhcp server expired

Major item Description


Global pool: Expired address leases in global address pools.
Interface pool: Expired address leases in interface address pools.
IP address The bound IP address
Hardware address The bound MAC address
Lease expiration The lease expiration time
Type Address binding type

display dhcp server Syntax


free-ip display dhcp server free-ip

View
Any view

Parameter
None

Description
Using the display dhcp server free-ip command, you can view the ranges of
available addresses in DHCP address pools, i.e., information of the IP addresses
that have not been allocated yet.

Example
View the ranges of the available addresses in DHCP address pools.
<3Com> display dhcp server free-ip
IP Range from 1.0.0.0 to 2.2.2.1
IP Range from 2.2.2.3 to 2.255.255.255
IP Range from 4.0.0.0 to 4.255.255.255
IP Range from 5.5.5.0 to 5.5.5.0
IP Range from 5.5.5.2 to 5.5.5.255

display dhcp server Syntax


ip-in-use display dhcp server ip-in-use [ ip ip-address | pool [ pool-name ] | interface [
interface-name ] ]

View
Any view

Parameter

ip-address: Specifies an IP address. If no IP address has been specified, information


of all the bound addresses will be displayed.

pool-name: Specifies a global address pool. If no global address pool has been
specified, the bound addresses in all the global address pools will be displayed.
444 CHAPTER 5: NETWORK PROTOCOL

interface-name: Specifies an interface address pool. If no interface address pool


has been specified, the bound addresses in all the interface address pools will be
displayed.

Description
Using the display dhcp server ip-in-use command, you can view the address
binding information of DHCP clients, such as the information in hardware address,
IP address, and address lease expiration.
If no optional parameter has been specified, the information output by executing
the command will be:
■ In Ethernet interface view, the information in the address pool of the
current interface.
■ In any other views, the information in all the address pools.
For the related command, see reset dhcp server ip-in-use.

Example
View the DHCP address binding information.
<3Com> display dhcp server ip-in-use all
Global pool:
IP address Hardware address Lease expiration Type
2.2.2.2 44444-4444-4444 NOT Used Manual
Interface pool:
IP address Hardware address Lease expiration Type
5.5.5.1 0050-ba28-930a Jun 5 2003 10:56: 7 AM Auto:COMMITED
Table 3 Description of the information output by executing display dhcp server ip-in-use

Major item Description


Global pool: Address binding information of global address pools
Interface pool: Address binding information of interface address pools
IP address The bound IP address
Hardware address The bound MAC address
Lease expiration The lease expiration time
Type Address binding type

display dhcp server Syntax


statistics display dhcp server statistics

View
Any view

Parameter
None

Description
Using the display dhcp server statistics command, you can view the statistics on
the DHCP server, including such information as number of DHCP address pools,
automatically or manually bound address and expired addresses, number of
unknown packets, number of DHCP request packets, and number of response
packets.
DHCP Server Configuration Commands 445

For the related command, see reset dhcp server statistics.

Example
View the statistic information on the DHCP server.
<3Com> display dhcp server statistics
Global Pool:
Pool Number: 5
Binding
Auto: 0
Manual: 1
Expire: 0
Interface Pool:
Pool Number: 1
Binding
Auto: 1
Manual: 0
Expire: 0
Boot Request: 6
Dhcp Discover: 1
Dhcp Request: 4
Dhcp Decline: 0
Dhcp Release: 1
Dhcp Inform: 0
Boot Reply: 4
Dhcp Offer: 1
Dhcp Ack: 3
Dhcp Nak: 0
Bad Messages: 0
Table 4 Description of the information output by executing display dhcp server statistics

Major item Description


Global Pool: Statistics of global address pools
Interface Pool: Statistics of interface address pools
Pool Number Number of address pools
Auto Number of automatically bound IP addresses
Manual Number of manually bound IP addresses
Expire Number of IP addresses of expired leases
Boot Request Number of messages that DHCP clients sent to the DHCP
server
Dhcp Discover, Dhcp Statistics of the received DHCP packets
Request, Dhcp Decline,
Dhcp Release, Dhcp
Inform
Boot Reply Number of messages that the DHCP server sent to DHCP
clients
Dhcp Offer, Dhcp Ack, Statistics of the transmitted DHCP packets
Dhcp Nak
Bad Messages Statistics of packets containing errors
446 CHAPTER 5: NETWORK PROTOCOL

display dhcp server tree Syntax


display dhcp server tree [ pool [ pool-name ] | interface [ interface-name ] | all ]

View
Any view

Parameter

pool-name: Name of a global address pool. All the global address pools will apply
if no address pool has been specified.

interface-name: Interface address pool. All the interface address pools will apply if
no interface has been specified.

all: All the DHCP address pools.

Description
Using the display dhcp server tree command, you can view the tree-structure
information of DHCP address pools, including the address pool at each node,
option, address lease period, and DNS server information.
If no optional parameter has been specified, the information output by executing
the command will be:
■ In Ethernet interface view, the information displayed is concerned with the
address pool of the current interface.
■ In any other views, the information in all the address pools.

Example
View the tree-structure information of DHCP address pools.
<3Com> display dhcp server tree all
Global pool:
Pool name: 5 network 10.10.1.0 255.255.255.0
Child node:6
Sibling node:7
option 1 ip-address 255.0.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 6 host 10.10.1.2 255.0.0.0
hardware-address 1111.2222.3333 ethernet
Parent node:5
option 1 ip-address 255.255.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 7 network 10.10.1.64 255.255.255.192
PrevSibling node:5
Sibling node:8
option 1 ip-address 255.0.0.0
Pool name: 8 network 20.10.1.1 255.255.255.0
Child node:9
PrevSibling node:7
option 1 ip-address 255.0.0.0
gateway-list 2.2.2.2
DHCP Server Configuration Commands 447

nbns-list 3.3.3.3
netbios-type m-node
expired 2 0 0
option 58 hex 00 01 51 80
option 59 hex 00 00 00 3C
Pool name: 9 network 30.10.1.64 255.255.255.0
Parent node:8
option 1 ip-address 255.0.0.0
gateway-list 2.2.2.2
dns-list 1.1.1.1
domain-name 444444
nbns-list 3.3.3.3
netbios-type m-node
expired 2 0 0
option 58 hex 00 01 51 80
option 59 hex 00 00 00 3C
Interface pool:
Pool name: Ethernet11/2/0
network 5.5.5.0 mask 255.255.255.0
option 1 ip-address 255.255.255.0
gateway-list 5.5.5.5
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Table 5 Description of the information output by executing display dhcp server tree

Major item Description


Global pool: Global address pool information
Interface pool: Interface address pool information
Pool Name: Address pool name
network Address ranges available for allocation
host 10.10.1.2 hardware-address 1111.2222.3333 ethernet
255.0.0.0
Statically bound IP address and MAC address
child node:6 The child node of the current node is address pool 6.
The node in this Child node, which is the child node (subnet) address pool of the
position can be: current address pool
Parent node, which is Sibling node, which is the next sibling node (another subnet on
the father node the same natural network segment) address pool. The order of
(natural network sibling nodes depends on the order in which they are configured.
segment) address pool
of the current node
PrevSibling node, option
which is the previous
sibling node of the
current node
Self-definable DHCP expired
option
The address lease gateway-list
period that is indicated
by days, hours, and
minutes
The egress GW router dns-list
allocated to DHCP
clients
448 CHAPTER 5: NETWORK PROTOCOL

Table 5 Description of the information output by executing display dhcp server tree

Major item Description


The DNS servers domain-name
allocated to DHCP
clients
Domain name nbns-list
specified for DHCP
clients
The NetBIOS server netbios-type
allocated to DHCP
clients
NetBIOS node type
specified for DHCP
clients

dns-list Syntax
dns-list ip-address [ ip-address ]
undo dns-list { ip-address | all }

View
DHCP address pool view

Parameter
ip-address: IP address of the DNS. You can configure up to eight IP addresses
separated by spaces in a command.

Description
Using the dns-list command, you can configure DNS server IP addresses in a
global DHCP address pool. Using the undo dns-list command, you can delete the
configuration.
By default, no DNS server address is configured.
By far, only up to eight DNS server addresses can be set in each DHCP address
pool.
For the related commands, see dhcp server dns-list interface, dhcp server
dns-list, and dhcp server ip-pool.

Example
Specify 1.1.1.254 as a DNS server address for DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] dns-list 1.1.1.254

domain-name Syntax
domain-name domain-name
undo domain-name domain-name

View
DHCP address pool view
DHCP Server Configuration Commands 449

Parameter
domain-name: Domain name that the DHCP server allocates to clients, which is a
string comprising at least three characters and at most 50 characters.

Description
Using the domain-name command, you can configure the domain name that a
global address pool of the DHCP server allocates to clients. Using the undo
domain-name command, you can delete the configured domain name.
By default, no domain name has been allocated to DHCP clients and domain name
is null.
For the related commands, see dhcp server ip-pool, dhcp server domain-name
interface, and dhcp server domain-name.

Example
Set the domain name of DHCP address pool 0 to mydomain.com.cn.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] domain-name mydomain.com.cn

expired Syntax
expired { day day [ hour hour [ minute minute ] ] | unlimited }
undo expired

View
DHCP address pool view

Parameter

day day: Number of days in the range of 0 to 365.

hour hour: Number of hours in the range of 0 to 23.

minute minute: Number of hours in the range of 0 to 59.

unlimited: The valid period is unlimited.

Description
Using the expired command, you can configure a valid period allowed for leasing
IP addresses in a global DHCP address pool. Using the undo expired command,
you can restore the default setting.
By default, the leasing valid period is one day.
For the related commands, see dhcp server ip-pool, dhcp server expired, and
dhcp server expired interface.

Example
Set the IP address lease period of global address pool 0 to three minutes, two
hours, and one day.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] expired 1 2 3
450 CHAPTER 5: NETWORK PROTOCOL

gateway-list Syntax
gateway-list ip-address [ ip-address ]
undo gateway-list { ip-address | all }

View
DHCP address pool view

Parameter

ip-address: IP address of egress GW router. You can configure up to eight IP


addresses separated by spaces in a command.

all: IP addresses of all the egress GW routers.

Description
Using the gateway-list command, you can configure IP addresses of the egress
GW routers used by DHCP clients. Using the undo gateway-list command, you
can delete the configuration.
By default, no egress GW router is configured.
For the related commands, see dhcp server ip-pool and network.

Example
Associate the egress GW router at 10.110.1.99 with DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] gateway-list 10.110.1.99

nbns-list Syntax
nbns-list ip-address [ ip-address ]
undo nbns-list { ip-address | all }

View
DHCP address pool view

Parameter

ip-address: IP address of NetBIOS server. You can configure up to eight IP


addresses separated by spaces in a command.

all: All the NetBIOS server IP addresses.

Description
Using the nbns-list command, you can configure NetBIOS server addresses in a
global DHCP address pool for the clients. Using the undo nbns-list command,
you can remove the configured NetBIOS server addresses.
By default, no NetBIOS address is configured.
By far, only up to eight NetBIOS addresses can be configured in each DHCP
address pool.
For the related commands, see dhcp server ip-pool, dhcp server nbns-list,
dhcp server nbns-list interface, and netbios-type.
DHCP Server Configuration Commands 451

Example
In the DHCP address pool 0, allocate the NetBIOS server at 10.12.1.99 to the
clients.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] nbns-list 10.12.1.99

netbios-type Syntax
netbios-type { b-node | h-node | m-node | p-node }
undo netbios-type

View
DHCP address pool view

Parameter

b-node: Broadcast mode, i.e., hostname-IP maps are obtained by means of


broadcast.

p-node: Peer-to-peer mode, i.e., maps are obtained by means of communicating


with the NetBIOS server.

m-node: Mixed (m) mode, i.e., the mode of type b nodes running “peer-to-peer”
communications mechanism.

h-node: Hybrid (h) mode, i.e., the mode of type p nodes possessing some of the
broadcast features.

Description
Using the netbios-type command, you can configure the NetBIOS node type of
the clients of a global DHCP address pool. Using the undo netbios-type
command, you can restore the default setting.
By default, clients adopt type h node (h-node).
For the related commands, see dhcp server ip-pool, dhcp server netbios-type
(in interface view), dhcp server netbios-type (in system view), and
nbns-list.

Example
Specify b-node as the NetBIOS node type of clients of DHCP address pool 0.
[3Com] dhcp server ip-pool 0
[3Com-dhcp-0] netbios-type b-node

network Syntax
network ip-address [ mask netmask ]
undo network

View
DHCP address pool view
452 CHAPTER 5: NETWORK PROTOCOL

Parameter

ip-address: The subnet address of an IP address pool used for dynamic allocation.

mask netmask: Network mask of the IP address pool. Natural mask will be
adopted if the parameter is not specified.

Description
Using the network command, you can configure an IP address range used for
dynamic allocation. Using the undo network command, you can delete the
configuration.
By default, no IP address range has been configured for dynamic allocation.
Each DHCP address pool can be configured with a network segment and the new
configuration will replace the old one. If the system requires several such address
segments, you should configure them in multiple address pools.
For the related commands, see dhcp server ip-pool and dhcp server
forbidden-ip.

Example
Use 192.168.8.0/24 as the address space for DHCP address pool 0.
[3Com-dhcp-0] network 192.168.8.0 mask 255.255.255.0

option Syntax
option code { ascii ascii-string | hex hex-string | ip-address ip-address }
undo option code

View
DHCP address pool view

Parameter

code: Option value that needs to be assigned by the user.

ascii ascii-string: ASCII string.

hex hex-string: 2-digit or 4-digit hexadecimal string, such as hh or hhhh.

ip-address ip-address: IP address.

Description
Using the option command, you can configure the self-defined options for a
DHCP global address pool. Using the undo option command, you can delete the
DHCP self-defined options.
New options are emerging along with the development of DHCP. In order to
accommodate these options, manual option addition is supported so that they can
be added into the attribute list maintained by the DHCP server.
For the related commands, see dhcp server option (in interface view) and
dhcp server option interface (in system view).
DHCP Server Configuration Commands 453

Example
Define the hexadecimal strings of the option code 100 to 0x11 and 0x22.
[3Com-dhcp-0] option 100 hex 11 22

reset dhcp server Syntax


conflict reset dhcp server conflict [ ip-address | all ]

View
User view

Parameter

ip-address: A specified IP address.

all: All the address pools.

Description
Using the reset dhcp server conflict command, you can clear the statistics about
DHCP address collision.
In the case that no parameter has been specified when the command is
configured, the scope in which the command takes effect will depend on the view
in which the command is executed:
■ If the command is executed in Ethernet interface view, it will take effect on
the address pool of the current interface.
■ If the command is executed in any other views, it will take effect on all the
address pools.
For the related command, see display dhcp server conflict.

Example
Clear all the address collision statistics.
<3Com> reset dhcp server conflict

reset dhcp server Syntax


ip-in-use reset dhcp server ip-in-use [ ip ip-address | pool [ pool-name ] | interface [
interface-name ] | all ]

View
User view

Parameter

ip-address: Binding information of a specified IP address.

pool-name: Specifies a global address pool. All the global address pools will apply
if no address pool has been specified.

interface-name: Specifies an interface address pool. If no interface has been


specified, all the interface address pools will apply.

all: All the address pools.


454 CHAPTER 5: NETWORK PROTOCOL

Description
Using the reset dhcp server ip-in-use command, you can clear the DHCP
dynamic address binding information.
In the case that no parameter has been specified when the command is
configured, the scope in which the command takes effect will depend on the view
in which the command is executed:
■ If the command is executed in Ethernet interface view, it will take effect on
the address pool of the current interface.
■ If the command is executed in any other views, it will take effect on all the
address pools.

For the related command, see display dhcp server ip-in-use.

Example
Clear the binding information of the address 10.110.1.1.
<3Com> reset dhcp server ip-in-use ip 10.110.1.1

reset dhcp server Syntax


statistics reset dhcp server statistics

View
User view

Parameter
None

Description
Using the reset dhcp server statistics command, you can clear the statistics on
the DHCP server, including such information as number of DHCP address pools,
automatically and manually bound addresses and expired addresses, number of
unknown packets, number of DHCP request packets, and number of response
packets.
For the related command, see display dhcp server statistics.

Example
Clear statistic information of the DHCP server.
<3Com> reset dhcp server statistics

static-bind ip-address Syntax


static-bind ip-address ip-address [ mask netmask ]
undo static-bind ip-address

View
DHCP address pool view

Parameter

ip-address: IP address to be bound.


DHCP Server Configuration Commands 455

netmask: Mask of the IP address to be bound. If it is not specified, the natural


mask will be adopted.

Description
Using the static-bind ip-address command, you can bind an IP address statically.
Using the undo static-bind ip-address command, you can delete the statically
bound IP address.
By default, no IP address is bound statically.
The commands static-bind ip-address and static-bind mac-address must be
used in pairs so that an IP address and a MAC address can be bound together.
For the related commands, see dhcp server ip-pool, network, and static-bind
mac-address.

Example
Bind the PC at the MAC address 0000-e03f-0305 with the IP address 10.1.1.1
using the mask 255.255.255.0.
[3Com-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
[3Com-dhcp-0] static-bind mac-address 0000-e03f-0305

static-bind mac-address Syntax


static-bind mac-address mac-address
undo static-bind mac-address

View
DHCP address pool view

Parameter
mac-address: The host MAC address to be bound, which is in the format of
H-H-H.

Description
Using the static-bind mac-address command, you can bind a MAC address
statically. Using the undo static-bind mac-address command, you can delete the
statically bound MAC address.
By default, no MAC address is bound statically.
The commands static-bind mac-address and static-bind ip-address must be
used in pairs so that a MAC address and an IP address can be bound together.
For the related commands, see dhcp server ip-pool, and static-bind
ip-address.

Example
Bind the PC at the MAC address 0000-e03f-0305 with the IP address 10.1.1.1
using the mask 255.255.255.0.
[3Com-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
[3Com-dhcp-0] static-bind mac-address 0000-e03f-0305
456 CHAPTER 5: NETWORK PROTOCOL

DHCP Client
Configuration
Commands

debugging dhcp client Syntax


debugging dhcp client { event | packet | error | all }
undo debugging dhcp client { event | packet | error | all }

View
User view

Parameter

event: Protocol events of the DHCP client, which include address allocation and
data updating.

packet: DHCP packets received and sent by the DHCP client.

error: Unknown packet information or error information.

all: Enables debugging of the DHCP client in all the information (event, packet,
and error).

Description
Using the debugging dhcp client command, you can enable debugging on the
DHCP client. Using the undo debugging dhcp client command, you can disable
debugging on the DHCP client. By default, DHCP client debugging is disabled.

Example
Enable event debugging on the DHCP client.
<3Com>debugging dhcp client event

display dhcp client Syntax


display dhcp client [ verbose ]

View
Any view

Parameter
verbose: Statistic details of the DHCP client.

Description
Using the display dhcp client command, you can display the statistic information
of the DHCP client. Executing the command attached without the keyword
parameter verbose will display only the brief address allocation information on the
DHCP client.

Example
Display the statistic details of the DHCP client.
[3Com] display dhcp client verbose
DHCP Client Configuration Commands 457

DHCP client statistic infomation:


Ethernet0/0:
Current machine state: BOUND
Alloced IP: 169.254.0.2 255.255.0.0
Alloced lease: 86400 seconds, T1: 43200 seconds, T2: 75600 seconds
Lease from 2002.09.20 01:05:03 to 2002.09.21 01:05:03
Server IP: 169.254.0.1
Transaction ID = 0x3d8a7431
Default router: 2.2.2.2
DNS server: 1.1.1.1
Domain name: 3Com.com
Client ID: 3Com-00e0.fc0a.c3ef-Ethernet0/0
Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds.
Ethernet2/0:
Current machine state: HALT
The statistic information shows that two interfaces, i.e., Ethernet0/0 and
Ethernet2/0, have been configured to be DHCP clients.
Ethernet0/0 has been assigned with the address 169.254.0.2/16 subject to the
lease expiration of 86400 seconds and the current machine state is BOUND. The
renewal timer is set to 43200 seconds, the rebinding timer to 75600 seconds, and
the lease expiration to the period since 2002.09.20 01:05:03 to 2002.09.21
01:05:03. The selected DHCP server is at 169.254.0.1, the GW at 2.2.2.2, and the
DNS server at 1.1.1.1, given the domain name is 3Com.com. In addition, the next
timeout will happen 1 second, 56 minutes, and 11 hours later.
The allocation process has not been started at Ethernet2/0 yet. The current
machine state is HALT, which is normally as a result of the DOWN state of the
interface.
Display more details of the DHCP client.
[3Com]display dhcp client verbose
DHCP client statistic infomation:
Ethernet0/0:
Current machine state: BOUND
Alloced IP: 169.254.0.2 255.255.0.0
Alloced lease: 300 seconds, T1: 150 seconds, T2: 262 seconds
Lease from 2002.09.15 07:11:55 to 2002.09.15 07:16:55
Server IP: 169.254.0.1
Transaction ID = 0x3d8432b1
Client ID: 3Com-00e0.fc0a.c3ef-Ethernet0/0
Next timeout will happen after 0 days 0 hours 1 minutes 36 seconds.
Table 6 Statistic information field description of DHCP client

Item Description
Ethernet0/0 Interface where the client is allowed to dynamically obtain an IP
address
Current machine state State of the client state machine
Alloced IP IP address allocated to the client
lease Lease period
T1 Duration of the renewal timer
T2 Duration of the rebinding timer
Lease from….to…. The starting time and the end time of the lease
Server IP The selected DHCP server address
Transaction ID Transaction ID
458 CHAPTER 5: NETWORK PROTOCOL

Table 6 Statistic information field description of DHCP client

Item Description
Client ID User ID
Default router GW address
DNS server DNS server address
Domain name Domain name
Requested IP The requested IP address
Offered IP The provided IP address

ip address dhcp-alloc Syntax


ip address dhcp-alloc
undo ip address dhcp-alloc

View
Interface view

Parameter
None

Description
Using the ip address dhcp-alloc command, you can allocate local IP addresses by
making use of DHCP. Using the undo ip address dhcp-alloc command, you can
disable the allocation of local IP addresses via DHCP negotiation. This command
must be configured and executed in Ethernet interface (including subinterface)
view.
By default, DHCP negotiation is not used for the allocation of local IP addresses.

Example
Adopt DHCP negotiation for the allocation of local IP addresses on Ethernet0/0/0.
[3Com-Ethernet0/0/0] ip address dhcp-alloc

DHCP Relay
Configuration
Commands

debugging dhcp relay Syntax


debugging dhcp relay
undo debugging dhcp relay

View
User view

Parameter
None
DHCP Relay Configuration Commands 459

Description
Using the debugging dhcp relay command, you can enable debugging on the
DHCP-relay module. Using the undo debugging dhcp relay command, you can
disable DHCP-relay module debugging.

Example
Enable DHCP-relay module debugging.
<3Com>debugging dhcp relay

dhcp relay release Syntax


dhcp relay release { client-ip mac-address } [ server-ip ]

View
Interface view
System view

Parameter

client-ip: IP address of the DHCP client.

mac-address: MAC address of the DHCP client, which is in the format of H-H-H.

server-ip: IP address of the DHCP server.

Description
Using the dhcp relay release command, you can send an IP address releasing
request to a DHCP server via the DHCP relay.
Given that no IP address of DHCP server has been specified, release packets will be
sent either to all the DHCP servers, if this command is configured in system view,
or to all the relay addresses configured on an interface, if this command is
configured in the interface view.

Example
Send a release packet to the DHCP server at 10.110.91.174, requesting to release
the IP address 192.2.2.25, which was offered to the client whose MAC address is
0050-ba34-2000.
[3Com] dhcp relay release 192.2.2.25 0050-ba34-2000 10.110.91.174

display dhcp relay Syntax


address display dhcp relay address [ interface interface-name | all ]

View
Any view

Parameter

interface-name: Specifies an interface name, which is represented by interface


type plus interface number.

all: All the interfaces.


460 CHAPTER 5: NETWORK PROTOCOL

Description
Using the display dhcp relay address command, you can view the DHCP relay
address configuration of an interface.
For the related commands, see ip relay address and ip relay address interface.

Example
View the DHCP relay address configurations of all the interfaces.
<3Com> display dhcp relay address all
** Ethernet11/2/0 DHCP Relay Address **
Relay Address [0] : 3.3.3.3

display dhcp relay Syntax


statistics
display dhcp relay statistics

View
Any view

Parameter
None

Description
Using the display dhcp relay statistics command, you can view the statistics of
DHCP relay in packet errors, DHCP packets received from clients, DHCP packets
received from and sent to servers, and DHCP packets sent to clients (including
unicast and broadcast packets).

Example
View DHCP relay statistics.
<3Com> display dhcp relay statistics
Bad Packets recieved: 0
DHCP packets received from clients: 0
DHCP DISCOVER packets received: 0
DHCP REQUEST packets received: 0
DHCP INFORM packets received: 0
DHCP DECLINE packets received: 0
DHCP packets received from servers: 0
DHCP OFFER packets received: 0
DHCP ACK packets received: 0
DHCP NAK packets received: 0
DHCP packets sent to servers: 0
DHCP packets sent to clients: 0
Unicast packets sent to clients: 0

ip relay address Syntax


ip relay address ip-address
undo ip relay address [ ip-address ]

View
Interface view
DHCP Relay Configuration Commands 461

Parameter
ip-address: IP relay address in dot-deliminated decimal format.

Description
Using the ip relay address command, you can specify the exact location of a
DHCP server by configuring an IP relay address for it. Using the undo ip relay
address command, you can delete one or all relay IP addresses used by an
interface.
By default, no relay IP address has been configured.
Executing undo ip relay address without ip-address will delete all the relay IP
addresses configured on the current interface.

As the packets sent by DHCP client machines in some phases of DHCP are
broadcast packets, the interfaces configured with relay IP addresses must support
broadcast. In other words, this command can be used on the broadcast-supported
network interfaces, Ethernet interfaces for example.

For the related command, see dhcp select interface.

Example
Add two relay IP addresses on Ethernet 0/0/0.
[3Com-Ethernet0/0/0] ip relay address 202.38.1.2
[3Com-Ethernet0/0/0] ip relay address 202.38.1.3

ip relay address cycle Syntax


ip relay address cycle
undo ip relay address cycle

View
System view

Parameter
None

Description
Using the ip relay address cycle command, you can adopt the polling approach
to relay packets, ensuring that different clients use different DHCP servers and the
same clients use the same DHCP server so long as it is possible. Using the undo ip
relay address cycle command, you can adopt the broadcast approach to relay
packets to broadcast client requests to all the DHCP servers.
By default, the broadcast approach is adopted.
Suppose that there are three clients, i.e., A, B, and C, and the DHCP server has
been configured with three relay addresses, i.e., S1, S2, and S3. If the polling
approach is adopted to relay packets, A, B, and C will respectively use the relay
addresses S1, S2, and S3. If A is shut down and restarted again, it will continue to
use S1. But if a client other than these three clients started, it will use S1. Thus, the
relay addresses will be used cyclically.
For the related command, see ip relay address.
462 CHAPTER 5: NETWORK PROTOCOL

Example
Adopt the polling approach to relay.
[3Com] ip relay address cycle

ip relay address Syntax


interface ip relay address ip-address [ interface ethernet-subinterface-range | all ]
undo ip relay address { ip-address | all } { interface ethernet-subinterface-range | all }

View
System view

Parameter

ip-address: IP address of the DHCP server.

ethernet-subinterface-range: Includes all the subinterfaces whose interface


number lies between two subinterface numbers (including these two
subinterfaces) by inserting the keyword “to” between these two interface
numbers.

all: In the undo form of the command, the first “all” refers to all the relay
addresses and the second all, the interfaces.

Description
Using the ip relay address interface command, you can configure a relay
address for the Ethernet interfaces in a specified range for the purpose of
transparent forwarding. Using the undo ip relay address interface command,
you can delete the configured relay address.
By default, no relay IP address has been configured on any Ethernet interface.
For the related command, see ip relay address.

Example
Add a relay IP address for the interfaces in the range of Ethernet2/0/0.1 to
Ethernet2/0/0.5.
[3Com] ip relay address 202.38.1.2 interface ethernet 2/0/0.1 to ethernet 2/0/0.5

reset dhcp relay Syntax


statistics reset dhcp relay statistics

View
User view

Parameter
None

Description
Using the reset dhcp relay statistics command, you can clear the DHCP relay
statistics.
For the related command, see display dhcp relay statistics.
IP Performance Configuration Commands 463

Example
Clear the DHCP relay statistics.
<3Com> reset dhcp relay statistics

IP Performance
Configuration
Commands

debugging ip Syntax
debugging ip { icmp | packet [ acl { acl-number1 | acl-number2 } ] }
undo debugging ip { icmp | packet }

View
User view

Parameter

acl-number1: ACL based on the interface, in the range of 1000 to 1999.

acl-number2: ACL in the range of 1 to 199. The ACL in the range of 1 to 99 is the
basic ACL and that in the range of 100 to 199 is the advanced ACL.

Description
Using debugging ip icmp command, you can enable the ICMP debugging. Using
the undo debugging ip icmp command, you can disable the ICMP debugging.
The debugging ip packet command is used to enable the IP packet debugging.
The filtration to the debugging information can be accomplished by filtering the IP
packets via acl. Using the undo debugging ip packet command, you can disable
the IP packet debugging.

Example
Enable the IP debugging.

<3Com> debugging ip packet


*0.129680-IP-8-debug_case:
Delivering, interface = Serial0/0/0, version = 4, headlen = 20, tos = 6,pktlen = 70, pktid = 49,
offset = 0, ttl = 1, protocol = 17,checksum = 50, s = 1.1.1.2, d = 224.0.0.2
prompt: IP packet is delivering up!
*0.129680-IP-8-debug_case:
Sending, interface = Serial0/0/0, version = 4, headlen = 20, tos = 6,pktlen = 70, pktid = 49,
offset = 0, ttl = 1, protocol = 17,checksum = 55147, s = 1.1.1.2, d = 224.0.0.2
prompt: Sending the packet from local at Serial0/0/0
<3Com> debugging ip icmp
*0.157090-IP-8-debug_icmp:
ICMP Receive: echo(Type=8, Code=0), Src = 127.0.0.1, Dst = 1.1.1.2
*0.157090-IP-8-debug_icmp:
ICMP Send: echo-reply(Type=0, Code=0), Src = 1.1.1.2, Dst = 127.0.0.1
*0.157090-IP-8-debug_icmp:
ICMP Receive: echo-reply(Type=0, Code=0), Src = 1.1.1.2, Dst = 127.0.0.1
464 CHAPTER 5: NETWORK PROTOCOL

debugging tcp event Syntax


debugging tcp event [ task_id socket_id ]
undo debugging tcp event [ task_id socket_id ]

View
User view

Parameter

task_id: The ID of a task.

socket_id: The ID of a socket.

Description
Using the debugging tcp event command, you can enable TCP events
debugging. And using the undo debugging tcp event command, you can
disable TCP events debugging.
There is a limit for the number of debugging switches enabled, that is, only a fixed
number of debugging switches can be enabled at one time (combination of task
ID and socket ID). In addition, when TCP is enabled to receive connection request
reactively, a new socket will be created to establish that connection, and some
programs will create a new task to process the connection, like Telnet server. So, to
view information about a connection, such parameters as task_id and socket_id
cannot be used for filtering.

Example
Enable debugging of TCP events.
<3Com> debugging tcp event
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 0,
TCPCB 0x02c6fd74 created
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 1,
state CLOSED changed to SYN_SENT
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 1,
sending SYN, seq = 74249530,
LA = 127.0.0.1:1025, FA = 1.1.1.1:23
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = Co0(2), socketid = 1,
advertising MSS = 512,
LA = 127.0.0.1:1025, FA = 1.1.1.1:23
*0.630270-SOCKET-8-TCP EVENT:
1043494683: task = VTYD(9), socketid = 0,
received MSS = 512,
LA = 1.1.1.1:23, FA = 127.0.0.1:1025
*0.50959090-SOCKET-8-TCP EVENT:
733759463: sending RST to 2.2.2.1:11022
*0.1293330-SOCKET-8-TCP EVENT:
1043495346: task = Co0(2), socketid = 1,
connection refused because remote sent RST!
LA = 1.1.1.1:1026, FA = 1.1.1.2:21
<3Com> display debugging
TCP:
IP Performance Configuration Commands 465

TCP event debugging is on for task any socket any

debugging tcp md5 Syntax


debugging tcp md5
undo debugging tcp md5

View
User view

Parameter
None

Description
Using the debugging tcp md5 command, you can enable the MD5
authentication debugging of the TCP connection. Using the undo debugging
tcp md5 command, you can disable the MD5 authentication debugging of the
TCP connection.

Example
Enable the MD5 authentication debugging of the TCP connection.
<3Com> debugging tcp md5

debugging tcp packet Syntax


debugging tcp packet [ task_id socket_id ]

undo debugging tcp packet [ task_id socket_id ]

View
User view

Parameter

task_id: The ID of a task.

socket_id: The ID of a socket.

Description
Using the debugging tcp packet command, you can enable the debugging of
TCP connection. The number of debugging switches users can enable is limited,
that is, at the same time only a fixed number of debugging switches can be
enabled (combination of task ID and socket ID). Using the undo debugging tcp
packet command, you can disable the debugging of TCP connection.

Example
Enable the debugging of TCP connection.
<3Com> debugging tcp packet
<3Com> display debugging
*0.100070-SOCKET-8-TCP PACKET:
1043204051: Input: Co0(5) socketId = 2, state = SYN_SENT,
src = 127.0.0.1:1025, dst = 2.2.2.2:23,
seq = 11084380, ack = 0, optlen = 4, flag = SYN ,
466 CHAPTER 5: NETWORK PROTOCOL

window = 8192
1043204051: Output: Co0(5) SocketId = 2, State = SYN_SENT,
src = 127.0.0.1:1025, Dst = 2.2.2.2:23,
Seq = 11084380, Ack = 0, Datalen = 4, Flag = ACK PSH ,
Window = 8192
1043204051: Retrans: Co0(5) SocketId = 2, State = SYN_SENT,
Src = 127.0.0.1:1025, Dst = 2.2.2.2:23,
Seq = 11084380, Ack = 0, Optlen = 4, Flag = SYN ,
Window = 8192

debugging udp packet Syntax


debugging udp packet [ task_id socket_id ]

undo debugging udp packet [ task_id socket_id ]

View
User view

Parameter

task_id: The ID of a task.

socket_id: The ID of a socket.

Description
Using the debugging udp packet command, you can enable the debugging of
UDP connection. The number of debugging switches users can enable is limited,
that is, at the same time only a fixed number of debugging switches can be
enabled (combination of task ID and socket ID). Using the undo debugging udp
packet command, you can disable the debugging of UDP connection.

Example
Enable the debugging of UDP connection.
<3Com> debugging udp packet
<3Com> display debugging
*0.377770-SOCKET-8-UDP:
1043494431: Output: task = ROUT(6), socketid = 3,
src = 1.1.1.1:520, dst = 255.255.255.255:520, datalen = 24,

display fib Syntax


display fib

View
Any view

Parameter
None

Description
Using the display fib command, you can view the summary of the Forwarding
Information Base.
IP Performance Configuration Commands 467

This command outputs the Forwarding Information Base in a list, in which each
line represents one route. The following points are included:
■ a Destination address/mask length
■ a Next hop
■ The current flag, which is expressed in the combination of G, H and U. G
represents Gateway, H is Host (host route), and U is UP (available).
■ a Time stamp
■ an Outbound interface

Example
Display the summary of the forwarding information base.
<3Com> display fib
Destination/MaskNexthopFlagTimeStampIInterface
80.10.0.2/3280.10.0.2GHUt[0]Serial2/0/0
80.10.255.255/32127.0.0.1HUt[0]InLoopBack0
80.10.0.0/1680.10.0.1Ut[0]Serial2/0/0
80.50.0.2/3280.50.0.2GHUt[0]Serial2/0/0
80.50.255.255/32127.0.0.1HUt[0]InLoopBack0

display fib acl Syntax


display fib acl { listnumber | listname }

View
Any view

Parameter

listnumber: The ACL rules expressed in number, ranging from 1 to 99.

listname: The ACL rules expressed in name.

Description
Using the display fib acl command, you can filter and display FIB information.
According to ACL number or name entered, you can display the FIB table entries
matching the filtering rules in a format.
A standard ACL name must be input if the ACL is expressed in name; otherwise,
the system will prompt an abnormal entering. When the ACL name or number
ranging from 1 to 99 is entered, the corresponding ACL will be searched. If no
ACL is found, all FIB table entries information will be displayed; and if such an ACL
is found, the FIB table entries information will be output in a format.
If the number of FIB table entries matching the filtering rules is 0, the following
information will be output:
Route entry matched by access-list 2:
Summary count: 0

If the number of FIB table entries matching the filtering rules is not 0, the FIB table
entry information will be output in the following format:

Route entry matched by access-list 1:


468 CHAPTER 5: NETWORK PROTOCOL

Summary count: 1
Destination/MaskNexthopFlagTimeStampInterface
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0

Example
Display the FIB table entries matched by the ACL.
<3Com> display fib acl 10
Route entry matched by access-list 10:
Summary counts: 1
Destination/MaskNexthopFlagTimeStampInterface
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0

display fib begin Syntax


display fib | [ { begin | include | exclude } text ]

View
Any view

Parameter

text: Character.

Description

Using the display fib command, you can output the lines related to the line
containing the character string text in the buffer according to the regular
expression.

Using the display fib | begin text command, you can view the lines beginning
from the line containing the character string text to the end line of the buffer.

Using the display fib | include text command, you can just view the lines
containing the character string text.

Using the display fib | exclude text command, you can view the lines not
containing the character string text.

Example
Display the lines beginning from the line containing the character string
“169.254.0.0” to the end line of the buffer:
<3Com> display fib | begin 169.254.0.0
Destination/MaskNexthopFlagTimeStampInterface
169.254.0.0/162.1.1.1Ut[0]Ethernet0/0/0
2.0.0.0/16 2.1.1.1 U t[0]Ethernet0/0/0
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0

Display all the lines containing the character string “Ethernet0”:

<3Com> display fib | include ethernet0/0/0


Destination/MaskNexthopFlagTimeStampInterface
169.254.0.0/162.1.1.1Ut[0]Ethernet0/0/0
2.0.0.0/16 2.1.1.1U t[0]Ethernet0/0/0

Display all the lines not containing the character string ”169.254.0.0”:
IP Performance Configuration Commands 469

<3Com> display fib | exclude 169.254.0.0


Destination/MaskNexthopFlagTimeStampInterface
2.0.0.0/16 2.1.1.1 U t[0]Ethernet0/0/0
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0

display fib ip-prefix Syntax


display fib ip-prefix listname

View
Any view

Parameter

listname: The name of the prefix list.

Description
Using the display fib ip-prefix command, you can filter and display FIB
information. According to the name of prefix-list entered, you can display the FIB
entries matching the filtering rules in the prefix list in a format.
If there is no FIB table entry matching the prefix list, the prompt information will
be displayed that the number of FIB entry matched by the prefix list is 0. If the
name of ip-prefix cannot be found, all FIB table entries will be displayed; if the FIB
table entries after filtering is not 0, they will be output in a format.
If no FIB table entry matching the prefix list, the following information will be
output:
Route entry matched by prefix-list abc1:
Summary count: 0

If the number of FIB table entries after filtering is not 0, FIB table entry information
will be output in the following format:

Route entry matched by prefix-list abc2:


Summary count: 1
Destination/Mask Nexthop Flag TimeStamp Interface
127.0.0.0/8 127.0.0.1 U t[0] InLoopBack0

Example
Display the FIB table entries matched by the prefix list abc0.
<3Com> display fib ip-prefix abc0
Route Entry matched by prefix-list abc0:
Summary count: 4
Destination/MaskNexthopFlagTimeStampInterface
127.0.0.0/8127.0.0.1Ut[0]InLoopBack0
127.0.0.1/32127.0.0.1Ut[0]InLoopBack0
169.0.0.0/82.1.1.1SU t[0]Ethernet 0/0/0
169.0.0.0/152.1.1.1SUt[0]Ethernet 0/0/0

display fib longer Syntax


display fib dest-addr1 [ dest-mask2 ] [ longer ]
470 CHAPTER 5: NETWORK PROTOCOL

1. Using the above command, you can display the FIB table entries matching the
destination address. Different parameters selected leads to different matching
methods.

display fibdest-addr1 dest-mask1 dest-addr2 dest-mask2

2. Using the above command, you can display the FIB table entries whose
destination address ranges from dest-addr1 dest-mask1 to dest-addr2
dest-mask2, including the FIB entries exactly matching dest-addr1 dest-mask1 and
dest-addr2 dest-mask2.

View
Any view

Parameter

dest-addr1: The destination IP address 1, which is expressed in dot-deliminated


decimal format.

dest-mask1: The subnet mask 1 corresponding to the destination IP address 1,


which is the mask in dot-deliminated decimal format or the mask length in
integer format.

dest-addr2: The destination IP address 2, which is expressed in dot-deliminated


decimal format.

dest-mask2: The subnet mask 2 corresponding to the destination IP address 2,


which is the mask in dot-deliminated decimal format or the mask length in
integer format.

Description
Different parameters selected leads to different matching methods;
■ display fib dest-addr: According to the destination address, if FIB table
entries can be found within the range of natural mask, all the subnets will
be displayed. Otherwise, only the FIB table entries found by operating the
longest match will be displayed,
■ display fib dest-addr dest-mask: The FIB table entries exactly matching the
destination address and mask are displayed,
■ display fib dest-addr longer: The FIB table entries matching the destination
addresses within the range of natural mask,
■ display fib dest-addr dest-mask longer: The FIB table entries matching the
destination IP addresses within the entered mask rang,.
■ The display fib dest-addr1 dest-mask1 dest-addr2 dest-mask2
command is used to display FIB table entries whose destination address is
within the range from dest-addr1 dest-mask1 to dest-addr2 dest-mask2.

Example
Display the FIB table entries whose destination address matches169.253.0.0
longest with the natural mask range.
<3Com> display fib 169.253.0.0
Destination/MaskNexthopFlagTimeStampInterface
IP Performance Configuration Commands 471

169.0.0.0/162.1.1.1 Ut[0]Ethernet0/0/0

Display the FIB entries whose destination address is within the range from
69.254.0.0/16 to 169.254.0.6/16.

<3Com> display fib 169.254.0.0 255.255.0.0 169.254.0.6 255.255.0.0


Destination/MaskNexthopFlagTimeStampInterface
169.254.0.1/162.1.1.1Ut[0]Ethernet0/0/0

display fib statistics Syntax


display fib statistics

View
Any view

Parameter
None

Description
Using the display fib statistics command, you can display the total numbers of
FIB table entries.

Example
Display the total numbers of FIB table entries.
<3Com> display fib statistics
Route Entry Count : 30

display ip Syntax
fast-forwarding cache display ip fast-forwarding cache

View
Any view

Parameter
None

Description
Using the display ip fast-forwarding cache command, you can view the
information on the fast-forwarding table.

Example
Display the information of the fast-forwarding table.
[Router] display ip fast-forwarding cache
Fast-Forwarding cache:
Index SrIP SrPort DsIP DsPort Pro Input_If Output_If FLAG
600:0 1.1.3.149 1463 10.10.26.30 23 6 Ethernet0/0/0 Ethernet1/0/0 81

The above information indicates that the latest cache contains the data flow from
port 1463 at 1.1.3.149 to port 23 at 10.10.26.30, with a protocol number 6, i.e.
the TCP data, ingress is Ethernet0/0/0 and the egress is Ethernet1/0/0.
472 CHAPTER 5: NETWORK PROTOCOL

display ip interface Syntax


display ip interface [ interface-type interface-number | interface-name ]

View
Any view

Parameter

interface-type: Interface type.

interface-number: Interface number.

interface-name: Interface name.

Description
Using the display ip interface command, you can view the information of IP
interfaces.
By default, if no interface is specified, the information about all IP interfaces will
be displayed.
This command is used to display all the information related to IP on the interface.
The information is helpful for fault diagnosis. For the related command, see
display interface.

Example
Display IP-related information at the interface Serial 0/0/0.
<3Com> display ip interface Serial 0/0/0
Serial 0/0/0 current state : UP
Line protocol current state : UP
Internet Address : 10.10.10.10/16
Broadcast address : 10.10.255.255
The Maximum Transmit Unit : 1500 bytes
input packets : 1231, bytes : 57557, multicasts : 1177
output packets : 0, bytes : 0, multicasts : 0

The above information shows that the physical link state of the interface serial
0/0/0 is UP, link-layer protocol state is UP, the maximum transmit unit is 1500
bytes, the IP address is 10.10.10.10, the broadcast subnet is 10.10.255.255 and
the packet receiving/sending conditions at this interface.

display ip socket Syntax


display ip socket [ socktype sock_type ] [ task_id socket_id ]

View
Any view

Parameter

sock_type: The type of a socket: (tcp:1, udp 2, raw ip 3)

task_id: The ID of a task.

socket_id: The ID of a socket.


IP Performance Configuration Commands 473

Description
Using the display ip socket command, you can display the information about all
sockets in the current system.

Example
Display the information about the socket of TCP type.
<3Com> display ip socket socktype 1
SOCK_STREAM:
Task = VTYD(9), socketid = 1, Proto = 6,
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 4096, rcvbuf = 4096, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN
socket state = SS_PRIV SS_ASYNC
SOCK_DGRAM:
Task = ROUT(6), socketid = 1, Proto = 17,
LA = 0.0.0.0:0, FA = 0.0.0.0:0,
sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0,
socket option = SO_UDPCHECKSUM
socket state = SS_PRIV SS_ASYNC
SOCK_RAW:
Task = ROUT(6), socketid = 2, Proto = 2,
LA = 0.0.0.0, FA = 0.0.0.0,
sndbuf = 32767, rcvbuf = 32767, sb_cc = 0, rb_cc = 0,
socket option = 0,
socket state = SS_PRIV SS_NBIO SS_ASYNC

Explanations of the display information:

■ SOCK_STREAM: the socket type.


■ Proto: the protocol number used by the socket.
■ sndbuf: the sending buffer size of the socket.
■ rcvbuf: the receiving buffer size of the socket.
■ sb_cc: the current data size in the sending buffer. The value makes sense
only for the socket of TCP type, because only TCP is able to cache data.
■ rb_cc: the current data size in the receiving buffer.
■ socket option: the option of the socket.
■ socket state: the state of the socket.

Display the information about the socket with socket ID as 4 and task ID as 8.

<3Com> display ip socket 8 4


Task = VTYD(8), socketid = 4, Proto = 6,
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 4096, rcvbuf = 4096, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN
socket state = SS_PRIV SS_ASYNC

display ip statistics Syntax


display ip statistics
474 CHAPTER 5: NETWORK PROTOCOL

View
Any view

Parameter
None

Description
Using the display ip statistics command, you can view IP traffic statistics
information. This command is used to display such statistics information as IP
packet transmit/receive, packet assembly/disassembly, which is helpful to fault
diagnosis.
For the related commands, see display interface, display ip interface, and reset
ip statistics.

Example
Display the IP traffic statistic information.
<3Com> disp ip stat
Input: sum 0 local 0
bad protocol 0 bad format 0
bad checksum 0 bad options 0
Output: forwarding 0 local 0
dropped 0 no route 0
compress fails 0
Fragment:input 0 output 0
dropped 0
fragmented 0 couldn't fragment 0
Reassembling:sum 0 timeouts 0

display icmp statistics Syntax


display icmp statistics

View
Any view

Parameter
None

Description
Using the display icmp statistics command, you can view the statistics of ICMP
packet traffic.
For the related command, see display interface.

Example
Display the statistics of ICMP packet traffic.
[Router] display icmp statistics
Input: bad formats 0 bad checksum 0
echo 5 destination unreachable 0
source quench 0 redirects 0
echo reply 15 parameter problem 0
timestamp 0 information request 0
IP Performance Configuration Commands 475

mask requests 0 mask replies 0


time exceeded 1
Output:echo 15 destination unreachable 0
source quench 0 redirects 0
echo reply 5 parameter problem 0
timestamp 0 information reply 0
mask requests 0 mask replies 0
time exceeded 1
■ Input: bad formats-Number of input packets in bad format
■ bad checksum-Number of input packets with wrong checksum
■ echo-Number of input/output echo request packets
■ destination unreachable-Number of input/output packets with unreachable
destination
■ source quench-Number of input/output source quench packets
■ redirects-Number of input/output redirected packets
■ echo reply-Number of input/output echo reply packets
■ parameter problem-Number of input/output packets with parameter problem
■ timestamp-Number of input/output timestamp packets
■ information request-Number of input information request packets
■ mask requests-Number of input/output mask request packets
■ mask replies-Number of input/output mask reply packets
■ information reply-Number of output information reply packets
■ time exceeded-Number of time exceeded packets

display tcp statistics Syntax


display tcp statistics

View
Any view

Parameter
None

Description
Using the display tcp statistics command, you can view TCP traffic statistic
information.
The command is used to display the traffic statistic information of all the active
TCP connections. Statistics information is classified into two parts, receiving and
sending, and each part is further classified according to different types of packets.
For example, for receiving packets, there are retransmission packet numbers,
keep-alive detection packet numbers, etc. Also the statistics closely related to
connection are displayed, such as, connection number received, retransmission
packet numbers and keep-alive detection packet numbers. The unit of statistics
results is packet, and sometimes is byte.
For the related command, see display tcp status.
476 CHAPTER 5: NETWORK PROTOCOL

Example
Display the TCP traffic statistic information.
<3Com> display tcp statistics
Received packets:
Total: 0
packets in sequence: 0 (0 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, bad offset : 0, too short : 0
duplicate packets : 0 (0 bytes), partially duplicate packets : 0(0 bytes)
out-of-order packets : 0 (0 bytes)
packets with data after window : 0 (0 bytes)
packets after close : 0
ack packets:0 (0 bytes), duplicate ack packets:0, ack packets with unsend data:0
Sent packets:
Total: 0
urgent packets: 0
control packets: 0 ( 0 RST)
window probe packets: 0, window update packets: 0
data packets : 0 (0 bytes), data packets retransmitted: 0 (0 bytes)
ack only packets : 0(0 delayed)
Total retransmit timeout: 0, connections dropped in retransmit timeout: 0
Keepalive timeout: 0, keepalive probe: 0, dropped connections in keepalive: 0
Initiated connections: 0, accepted connections: 0,established connections: 0
Closed connections: 0,( dropped: 0, embryonic dropped: 0)
Dropped packets with MD5 authentication : 0
Permitted packets with MD5 authentication : 0

The above information means:

■ Receiving statistics:
■ Total number of packets received: 0
■ The number of packets reaching as the order (total bytes: 0): 0
■ Window detection packets number: 0, window upgrading packets number:
0.
■ The number of packet verification errors: 0, the number of packet length
errors: 0.
■ The number of totally repeated packets: 0 (the total bytes: 0), the number
of partial repeated packets: 0 (the total bytes: 0).
■ The number of packets with confusing order: 0 (the total bytes: 0).
■ The number of packets reaching outside of the receiving window: 0 (the
total bytes: 0).
■ The number of packets reaching after connection being closed: 0.
■ The confirmed packets number: 0 (the bytes of the confirmed data: 0), the
repeated confirmed packets number: 0, ACK packets number already being
confirmed but not being sent yet: 0.
■ Sending statistics:
■ Total number of packets sent: 0.
■ The urgent packets number: 0.
■ The control packets number: 0. (RST packets number: 0).
IP Performance Configuration Commands 477

■ The window detection packets number: 0, the window upgrading packets


number: 0.
■ The data packets number: 0 (the total bytes: 0) he retransmission packets
number: 0 (the total bytes: 0).
■ ACK packets number: 0 (delay ACK packets number: 0)
■ The time-out times of retransmission timer: 0, the connection number
discarded due to retransmission times beyond limitation: 0.
■ The time-out times of keep-alive timer: 0, the times of sending keep-alive
detection packets: 0.
■ The number of connections initiated: 0, the number of connections
received: 0, the number of connections established: 0.
■ The number of connections closed already: 0, the number of connections
discarded accidentally (after SYN is received):0, the times of connections
actively failed to establish (before SYN is received): 0.
■ The packets number discarded after MD5 verification: 0.
■ The packets number passing MD5 verification: 0.

display tcp status Syntax


display tcp status

View
Any view

Parameter
None

Description
Using the display tcp status command, you can monitor TCP connection any
time.
For the related command, see display local-user.

Example
Display the TCP connection status.
<3Com> display tcp status
TCPCB Local AddressForeign AddressState
0442c394 10.110.93.146.2310.110.93.175.1538ESTAB
045d8074 0.0.0.0.210.0.0.0.0 LISTEN

display udp statistics Syntax


display udp statistics

View
Any view

Parameter
None
478 CHAPTER 5: NETWORK PROTOCOL

Description
Using the display udp statistics command, you can view TCP traffic statistic
information.
The command is used to display the traffic statistic information of all the active
TCP connections. Statistics information is classified into two parts, receiving and
sending, and each part can be further classified according to different types of
packets, as checksum packets and error packets, for example. Moreover there are
statistics closely related to connection, such as the number of broadcast packets.
The statistics information is organized in terms of packet.
For relate configuration, please refer to the reset udp statistics command.

Example
Display the UDP traffic statistic information.
<3Com> display udp statistics
Received packet:
Total:0
checksum error:0
shorter than header:0, data length larger than packet:0
no socket on port:0
broadcast:0
not delivered, input socket full:0
input packets missing pcb cache:0
Sent packet:
Total:0

The displayed information is explained as below:

UDP packet is received, 0 packet has checksum error. And there is 0 packet whose
packet length is shorter than the packet header, 0 packet whose data length is
bigger than the packet length, 0 packet whose socket uses this port No. 0 packet
being broadcast packet, 0 packet not being delivered due to full socket buffer, 0
packet not finding pcb and 0 UDP packet being sent.

ip fast-forwarding Syntax
ip fast-forwarding [ inbound | outbound ]
undo ip fast-forwarding

View
Interface view

Parameter

inbound: Allows fast-forwarding only on the inbound interface.

outbound: Allows fast-forwarding only on the outbound interface.

Description
Using the ip fast-forwarding command, you can enable fast packet forwarding
on the outbound interface. Using the undo ip fast-forwarding command, you
can disable fast-forwarding on the outbound interface.
By default, fast-forwarding is allowed on both inbound and outbound interfaces.
IP Performance Configuration Commands 479

Fast-forwarding is well suited to high-speed links (such as Ethernet and FR). Its
function will be rendered useless, however, on a low-speed link, due to the low
transmission rate such a link can provide.
3Com Series Routers support fast-forwarding on the links of various high-speed
interfaces such as Ethernet, synchronous PPP, FR, and HDLC, on the interfaces
configured with firewall and NAT features, and on the virtual tunnel interface of
GRE as well. However, it should be noted that the interface configured with the
function of fast-forwarding will be unable to send ICMP redirection packets.

Example
Disable the interface to fast forward packets.
[3Com-Ethernet/0/0] undo ip fast-forwarding

Enable the interface to fast forward packets on ingress.

[3Com-Ethernet0/0/0] ip fast-forwarding inbound

reset ip fast-forwarding Syntax


cache reset ip fast-forwarding cache

View
User view

Parameter
None

Description
Using the reset ip fast-forwarding cache command, you can reset the
fast-forwarding cache.
This command is used to clear the fast-forwarding cache. The fast-forwarding
table will not contain any fast-forwarding entry after having been cleared.

Example
Clear the fast-forwarding cache.
<3Com> reset ip fast-forwarding cache

reset ip statistics Syntax


reset ip statistics

View
User view

Parameter
None

Description
Using the reset ip statistics command, you can clear the IP statistics information.
In some special cases, it is necessary to clear the IP statistics information and
perform new statistics.
480 CHAPTER 5: NETWORK PROTOCOL

For the related commands, see display ip interface and display ip statistics.

Example
Clear IP statistics information.
<3Com> reset ip statistics

reset tcp statistics Syntax


reset tcp statistics

View
User view

Parameter
None

Description
Using the reset tcp statistics command, you can clear TCP traffic statistic
information. After the execution of this command, there’s no prompt information
on the screen, and the existing statistics are cleared.
For the related command, see display tcp statistics.

Example
Display the TCP traffic statistic information.
<3Com> reset tcp statistics

reset udp statistics Syntax


reset udp statistics

View
User view

Parameter
None

Description
Using the reset udp statistics command, you can clear the UDP statistics
information. After the execution of this command, there’s no prompt information
on the screen, and the existing statistics are cleared.

Example
Clear UDP traffic statistics information.
<3Com> reset udp statistics

tcp mss Syntax


tcp mss value
undo tcp mss
IP Performance Configuration Commands 481

View
Interface view

Parameter

Value: The threshold for the TCP packet to be fragmented, with the value ranging
from 128 to 2048.

Description
Using the tcp mss command, you can designate a value as a threshold for TCP
packets to be fragmented. The undo tcp mss command is used to prevent TCP
packets from being fragmented. As the default MTU of the interface being 1500
bytes, this restricts the total length of encryption packet head + data link
expenditure + IP packet head + TCP packet to 1500 bytes. So the dear length of
TCP packets to fragment may be about 1200 bytes.
By default, TCP packets are not fragmented.

Example
Configure the threshold of TCP packet fragmentation to be 300.
3Com-Ethernet0/0/0] tcp mss 300

tcp timer fin-timeout Syntax


tcp timer fin-timeout time-value
undo tcp timer fin-timeout

View
System view

Parameter

time-value: TCP finwait timer value, in second, with the value range of 76 to 3600.

Description
Using the tcp timer fin-timeout command, you can configure the TCP finwait
timer. Using the undo tcp timer fin-timeout command, you can restore the
default value of the timer.
By default, TCP finwait timer value is 675 seconds.
When the TCP connection status changes from FIN_WATI_1 to FIN_WAIT_2, the
finwait timer is enabled. If FIN packet is not received before the timeout of finwait
timer, the TCP connection will be closed.
The configuration of this parameter needs to be implemented under the guidance
of the technical support engineers.
For the related commands, see tcp timer syn-timeout and tcp window.

Example
Configure the TCP finwait timer value as 675 seconds.
[3Com] tcp timer fin-timeout 675
482 CHAPTER 5: NETWORK PROTOCOL

tcp timer syn-timeout Syntax


tcp timer syn-timeout time-value
undo tcp timer syn-timeout

View
System view

Parameter

time-value: TCP synwait timer value in second, with the value range of 2 to 600.

Description
Using the tcp timer syn-timeout command, you can configure the TCP synwait
timer. Using the undo tcp timer syn-timeout command, you can restore the
default value of the timer.
By default, TCP synwai timer value is 75 seconds.
When a syn packet is sent, TCP enables the synwait timer. If the response packet is
not received before synwait timeout, the TCP connection will be disabled.
The configuration of this parameter needs to be implemented under the guidance
of the technical support engineers.
For the related commands, see tcp timer fin-timeout and tcp window.

Example
Configure the TCP synwait timer value as 75 seconds.
[3Com] tcp timer syn-timeout 75

tcp window Syntax


tcp window-size window
undo tcp window

View
System view

Parameter

window-size: The size of the transceiving buffer of the connection-oriented Socket


in kilobytes (KB), with the value ranging 1 to 32.

Description
Using the tcp window command, you can configure the size of the transceiving
buffer of the connection-oriented Socket. Using the undo tcp window
command, you can restore the default size of the buffer.
By default, the size of the connection-oriented transceiving buffer is 4K bytes.
The configuration of this parameter needs to be implemented under the guidance
of the technical support engineers.
For the related commands, see tcp timer fin-timeout and tcp timer
syn-timeout.
IP Performance Configuration Commands 483

Example
Configure the size of the transceiving buffer of the connection-oriented Socket as
4 KB.
[3Com] tcp window 4

debugging nat Syntax


debugging nat { alg | event | packet [ interface { interface-type interface-number |
interface-name } ] }
undo debugging nat { alg | event | packet [ interface { interface-type interface-number |
interface-name } ] }

View
User view

Parameter

alg: Enables the application level gateway NAT debugging information.

event: Enables NAT event debugging information.

packet: Enables NAT data packet debugging information.

Interface: Enables NAT packet debugging for a special interface.

Description
Using the debugging nat command, you can enable the NAT debugging
function. Using the undo debugging nat command, you can disable the NAT
debugging function.

display nat Syntax


display nat { address-group | aging-time | all | outbound | server | statistics | session [
vpn-instance vpn-instance-name ] [ slot slot-number ] [ destination ip-addr ] [source
global global-addr | source inside inside-addr ] }

View
Any view

Parameter

address-group: Displays the information of the address pool.

aging-time: Displays the effective time for NAT connection.

all: Displays all the information about NAT.

outbound: Displays the information of the outbound NAT.

server: Displays the information of the internal server.

statistics: Displays the statistics of current NAT records.

session: Displays the information of the currently activated connection.


484 CHAPTER 5: NETWORK PROTOCOL

vpn-instance vpn-instance-name: Displays the NAT table items of a special VPN.


The omittance of this parameter means that NAT items for all VPNs will be listed
out.

slot slot-number: Designates the slot number of an interface. This parameter is


reserved especially for distributed environment use.

destination ip-addr: Displays the NAT table items of a special IP destination.

source global global-addr: Only displays the NAT entry with address as
global-addr after NAT.

source inside inside-addr: Only displays the NAT entry with internal address as
inside-addr.

Description
Using the display nat command, you can display the configuration of address
translation. Users can verify if the configuration of address translation is correct
according to the output information after execution of this command. When
address translation connection information is displayed, the parameters of
global-addr and inside-addr can be specified for the display nat session command
simultaneously.

Example
Display all the information about address translation.
<3Com> display nat all
NAT address-group Information:
1: from 11.1.1.1to11.1.1.20
2: from 22.1.1.1to22.1.1.20
NAT outbound information:
Serial0/0/0: acl(11)-NAT address-group(1) [no-pat]
Serial0/0/0: acl(22)-NAT address-group(2) [no-pat]
Server in private network information:
InterfaceGlobalAddrGlobalPort InsideAddr InsidePort Pro
Serial0/0/0201.119.11.380805.5.5.580(www)6(tcp)
Serial0/0/0201.119.11.32121 5.5.5.521(ftp)6(tcp)
NAT aging-time value information:
tcp------aging-time value is 240(seconds)
udp------aging-time value is 40(seconds)
icmp-----aging-time value is 20(seconds)

The information above indicates:

Two address pools are configured: Address pool 1 ranges from 11.1.1.1 to
11.1.1.20, and address tool 2 ranges from 22.1.1.1 to 22.1.1.20.

Two address translation associations are configured at Serial0/0/0: ACL 11 is


associated with address pool 1 and one-to-one address translation is performed;
and ACL 22 is associated with address pool 2, and one-to-one address translation
is performed.

Serial0/0/0 is configured with 2 internal servers: the www server of


http://202.119.11.3:8080, whose internal address is 5.5.5.5; and the ftp server of
ftp://202.119.11.3:2121, whose internal address is 5.5.5.5.
IP Performance Configuration Commands 485

nat address-group Syntax


nat address-group group-number start-addr end-addr
undo nat address-group group-number

View
System view

Parameter

group-number: defined Address pool ID, it is an integer ranging from 0 to 31.

start-addr: Starting IP address in the address pool.

end-addr: Ending IP address in the address pool.

Description
Using the nat address-group command, you can configure an address pool.
Using the undo nat address-group command, you can delete an IP address pool.
Address pool indicates the cluster of some outside IP addresses. If start-addr and
end-addr are the same, it means that there is only one address.

CAUTION: The length of an address pool (numbers of all addresses contained in


an address pool) cannot exceed 256.

The address pool cannot be deleted, if it has been correlated to some certain
access control list to perform the address translation.

Example
Configure an address pool from 202.110.10.10 to 202.110.10.15, with its NAT
pool ID being 1.
[3Com] nat address-group 1 202.110.10.10 202.110.10.15

nat aging-time Syntax


{ default | { dns | ftp-ctrl | ftp-data | icmp | pptp | tcp | tcp-fin | tcp-syn | udp
} seconds }

View
System view

Parameter

default: Sets the address translation lifetime values to the defaults.

dns: Sets the address translation lifetime for DNS to 60 seconds (default).

ftp-ctrl: Sets the address translation lifetime for FTP control links to 7200 seconds
(default).

ftp-data: Sets the address translation lifetime for FTP data links to 240 seconds
(default).

icmp: Sets the address translation lifetime for ICMP to 60 seconds (default).
486 CHAPTER 5: NETWORK PROTOCOL

pptp: Sets the address translation lifetime for PPTP to 86400 seconds (default).

tcp: Sets the address translation lifetime for TCP to 86400 seconds (default).

tcp-fin: Sets the address translation lifetime for TCP FIN or TCP RST connections to
60 seconds (default).

tcp-syn: Sets the address translation lifetime for TCP SYN connections to 60
seconds (default).

udp: Sets the address translation lifetime for UDP to 300 seconds (default).

seconds: Time value in the range 10 to 86400 (24 hours).

Description
Using the nat aging-time command, you can set the lifetime of NAT connections.
This command is used to set the lifetime of address translation connection in
seconds, and different time values are set for different types of protocols.

nat outbound Syntax


nat outbound acl-number [ address-group group-number [ no-pat ] ]
undo nat outbound acl-number [ address-group group-number [ no-pat ] ]

View
Interface view

Parameter

address-group: Configures address translation by means of address pool. If the


address pool is not specified, use the IP address of the interface as the translated
address, i.e., the "easy ip" feature.

no-pat: Uses simple address translation, which means only to translate the address
of the packet but not use port information.

acl-number: ACL index in the range of 1 to 199 (the advanced ACL can be used).

group-number: The number of a defined address pool.

Description
Using the nat outbound command, you can associate an ACL with an address
pool, indicating that the address specified in the acl-number can be translated by
using address pool group-number. Using the undo nat outbound command, you
can remove the corresponding address translation.
Translation of the source address of the packet that conforms to the ACL is
accomplished by configuring the association between the ACL and the address
pool. The system performs address translation by selecting one address in the
address pool or by directly using the IP address of the interface. Users can
configure different address translation associations at the same interface. The
corresponding undo form of the command can be used to delete the related
IP Performance Configuration Commands 487

address translation association. Normally, this interface is connected to ISP, and


serves as the exit interface of the inside network.
The command without the address-group parameter implements the "easy-ip"
feature. When performing address translation, the IP address of the interface is
used as the translated address and the ACL can be used to control which
addresses can be translated.

Example
Enable the hosts of the 10.110.10.0/24 network segment to perform address
translation by selecting the addresses from 202.110.10.10 to 202.110.10.12 as
the translated address. Suppose that the interface Serial0/0/0 connects to ISP.
[3Com] acl number 1
[3Com-acl-basic-1] rule permit source 10.110.10.0 0.0.0.255
[3Com-acl-basic-1] rule deny

Configure the address pool.

[3Com] nat address-group 1 202.110.10.10 202.110.10.12

Allow address translation and use the addresses of address pool 1 for address
translation. During translation, the information of TCP/UDP port is used.

[3Com-Serial0/0/0] nat outbound 1 address-group 1

Delete the corresponding configuration.

[3Com-Serial0/0/0] undo outbound 1 address-group 1

Configuration of simple address translation (not using the TCP/UDP port


information to perform the address translation)

[3Com-Serial1/0/0] nat outbound 1 address-group 1 no-pat

Delete the corresponding configuration.

[3Com-Serial0/0/0] undo nat outbound 1 address-group 1 no-pat

The configuration that can be used when performing address translation by using
the IP address of interface Serial0/0/0 directly.

[3Com-Serial0/0/0] nat outbound 1

Delete the corresponding configuration.

[3Com-Serial0/0/0] undo nat outbound 1

nat server Syntax


nat server [ vpn-instance vpn-instance-name ] protocol pro-type global global-addr
global-port1 global-port2 inside host-addr1 host-addr2 host-port
nat server [ vpn-instance vpn-instance-name ] protocol pro-type global global-addr [
global-port ] inside host-addr [ host-port ]
undo nat server [ vpn-instance vpn-instance-name ] protocol pro-type global
global-addr global-port1 global-port2 inside host-addr1 host-addr2 host-port
488 CHAPTER 5: NETWORK PROTOCOL

undo nat server [ vpn-instance vpn-instance-name ] protocol pro-type global


global-addr [ global-port ] inside host-addr [ host-port ]

View
Interface view

Parameter

vpn-instance-name: The virtual route forwarding instance of the VPN the internal
server belongs to. If the parameter is not configured, it represents that the internal
server belongs to an ordinary private network, other than one MPLS VPN.

global-addr: An IP address provided for the outside to access (a legal IP address).

global-port: A service port number provided for the outside to access. If ignored,
its value shall be the same with the host-port’s value.

host-addr: IP address of the server in internal LAN.

host-port: Service port number provided for a server in the range of 0 to 65535,
and the common used port numbers are replaced by key words. For example,
www service port number is 80, which can also be represented by www. ftp
service port number is 21, and ftp can also stands for it. If the inside-port is 0, it
indicates that all the types of services can be provided and the key word any can
be used to stand for it in this situation. If the parameter is not configured, it is
considered as the case of any, which is the same as that there is a static connection
between global-addr and host-addr. When the host-port is configured as any, the
global-port also should be any, otherwise the configuration is illegal.

global-port1, global-port2: Specifies a port range through two port numbers,


forming a corresponding relation with the internal host address range.
global-port2 must be larger than global-port1.

host-addr1, host-addr2: Defines a group of consecutive address ranges, which


respectively one-to-one matches the port ranges defined above. host-addr2 must
be bigger than host-addr1. The number of the address ranges should be the same
as the number of ports defined by global-port1 and global-port2.

pro-type: The protocol type carried by IP, possibly being a protocol ID, or a key
word as a substitution. For example: icmp (its protocol ID is 1), tcp (its protocol ID
is 6), udp (its protocol ID is 7).

Description
Using the nat server command, you can define the mapping table of an internal
server. Users can access the internal server with the address and port as host-addr
and host-port respectively through the address port defined by global-addr and
global-port. Using the undo nat server command, you can remove the mapping
table.
Through this command, you can configure some internal network servers for
outside use. The internal server can locate in the ordinary private network or in
MPLS VPN. For example, www, ftp, telnet, kpop3, dns and so on.
Up to 256 internal server conversion commands can be configured on one
interface and at most 4096 internal servers can be configured on one interface.
IP Performance Configuration Commands 489

Up to 1024 internal server conversion commands can be configured in one


system. If the nat servers are configured in the form of port range (i.e., specify a
port range through configuring global-port1 and global-port2, forming a
corresponding relation with the address range of the internal hosts), then the
number of internal servers will be the same as that of the ports configured, and
the max number of them are also 4096.
The interface on which this command is configured is interconnected with ISP and
serves as the gateway of the internal network.

Example
Specify the IP address of the interior www server of the LAN as 10.110.10.10, the
IP address of the interior ftp server as 10.110.10.11. It is expected that the outside
can access WEB through http:// 202.110.10.10:8080 and connect FTP web site
through ftp://202.110.10.10. Suppose that Serial0/0/0 is connected to ISP.
[3Com-Serial0/0/0] nat server protocol tcp global 202.110.10.10 8080 inside 10.110.10.10
www
[3Com] ip vpn-instance vrf10
[3Com-vpn-instance] route-distinguisher 100:001
[3Com-Serial0/0/0] nat server protocol tcp global 202.110.10.10 inside 10.110.10.11 ftp

Specify one interior host 10.110.10.12, expecting that the host of the exterior
network can ping it with ping 202.110.10.11 command.

[3Com-Serial0/0/0] nat server protocol icmp global 202.110.10.11 inside 10.110.10.12

Delete the www server.

[3Com-Serial0/0/0] undo nat server protocol tcp global 202.110.10.10 8070 inside
10.110.10.10 www

By the command below, the internal ftp server of VPN vrf10 can be removed.

[3Com-Serial0/0/0] undo nat server protocol tcp global 202.110.10.11 8070 inside
10.110.10.11 ftp

Specify an outside address as 202.110.10.10, and map the ports ranging from
1001 to 1100 to the addresses of 10.110.10.1 to 10.110.10.100 respectively to
access ftp service inside VPN vrf10. 202.110.10.10:1001 accesses 10.110.10.1
and 202.110.10:1002 accesses 10.110.10.2, etc.

[3Com-Serial0/0/0] nat server protocol tcp global 202.110.10.10 1001 1100 inside
10.110.10.1 10.110.10.100 telnet

reset nat Syntax


reset nat { log-entry | session slot slot-number }

View
User view

Parameter

log-entry: Clears NAT log buffer.


490 CHAPTER 5: NETWORK PROTOCOL

slot slot-number: Number of the interface card, which only exists in the
distributed environment.

session: Clears the information of the address translation table.

Description
This command is used to clear up the mapping tables of address translation in the
memory and release all the memory dynamically allocated to store the mapping
tables.

Example
In the central environment, clear NAT log buffer.
<3Com> reset nat log-entry

In the distributed environment, clear NAT log buffer.

<3Com> reset nat log-entry slot 10

In the central environment, clear information of the address translation table.

<3Com> reset nat session

In the distributed environment, clear information of the address translation table.

<3Com> reset nat session slot 10

IP Unicast Policy
Routing Configuration
Commands

apply default Syntax


output-interface apply default output-interface interface-type interface-number [ ... interface-type
interface-number ]
undo apply default output-interface interface-type interface-number [ ... interface-type
interface-number ]

View
Route-policy view

Parameter

interface-type: Interface type.

interface-number: Interface number.

Description
Using the apply default output-interface command, you can set default
forwarding interface for packets. Using the undo apply default
output-interface command, you can cancel the configuration of the default
forwarding interface of packets.
IP Unicast Policy Routing Configuration Commands 491

This command is used to set forwarding interface for the matched IP packet, and
the clause is valid for the packet whose route has not been found.
For the related commands, see apply ip-precedence, apply ip-address
next-hop, apply output-interface, and apply ip-address default next-hop.

Example
Set the default forwarding interface of packets as serial 0/0/0.
[3Com-route-policy] apply default output-interface serial 0/0/0

apply ip-address default Syntax


next-hop apply ip-address default next-hop ip-address [...ip address ]
undo apply ip-address default next-hop ip-address [...ip address ]

View
Route-policy view

Parameter

ip-address: IP address of default next hop.

Description
Using the apply ip-address default next-hop command, you can set the default
next hop of a packet. Using the undo apply ip-address default next-hop
command, you can cancel the configured default packet next hop.
This command is only valid for the packet whose route has not been found.
For the related commands, see apply ip-precedence, apply output-interface,
apply default output-interface, and apply ip-address next-hop.

Example
Set the default next hop of a packet to 1.1.1.1.
[3Com-route-policy] apply ip-address default next-hop 1.1.1.1

apply ip-address Syntax


next-hop apply ip-address next-hop ip-address [ ip-address ]
undo apply ip-address next-hop ip-address [ ip-address ]

View
Route-policy view

Parameter

ip-address: IP address of next hop.

Description
Using the apply ip-address next-hop command, you can set the packet next
hop. Using the undo apply ip-address next-hop command, you can cancel the
configuration about the next hop.
This command is used to set the next hop for the matched IP packet and at most
two next hops can be specified. The next hop should be adjacent to this device.
492 CHAPTER 5: NETWORK PROTOCOL

For the related commands, see apply ip-precedence, apply output-interface,


apply default output-interface, and apply ip-address default next-hop.

Example
Set the packet next hop to 1.1.1.1.
[3Com-route-policy] apply ip-address next-hop 1.1.1.1

apply ip-precedence Syntax


apply ip-precedence value
undo apply ip-precedence

View
Route-policy view

Parameter

value: The preference value. There are totally 8 (in the range 0 to 7) preferences:

■ 0 routine
■ 1 priority
■ 2 immediate
■ 3 flash
■ 4 flash-override
■ 5 critical
■ 6 internet
■ 7 network

Description
Using the apply ip-precedence command, you can set precedence of IP packets.
Using the undo apply ip-precedence command, you can remove the precedence
of IP packets. This command is used to configure the set clause of route-policy and
the preference for the matched IP packets.
For the related commands, see apply output-interface, apply ip-address
next-hop, apply default output-interface, and apply ip-address default
next-hop.

Example
Set the preference of IP packet to 5 (critical).
[3Com-route-policy] apply ip-precedence critical

apply output-interface Syntax


apply output-interface interface-type interface-number [ interface-type
interface-number ]
undo apply output-interface interface-type interface-number [ interface-type
interface-number ]
IP Unicast Policy Routing Configuration Commands 493

View
Route-policy view

Parameter

interface-type: Interface type.

interface-number: Interface number.

Description
Using the apply output-interface command, you can set a packet forwarding
interface. Using the undo apply output-interface command, you can cancel the
configuration on a forwarding interface.
This command is used to set the packet forwarding interface for the matched IP
packet. At most two forwarding interfaces can be specified.
For the related commands, see apply ip-precedence, apply ip-address
next-hop, apply default output-interface, and apply ip-address default
next-hop.

Example
Specify forwarding interface as serial0/0/0 for the matched IP packet.
[3Com-route-policy] apply output-interface Serial 0/0/0

display ip policy Syntax


display ip policy

View
Any view

Parameter
None

Description
Using the display ip policy command, you can view the routing policies of local
and configured interface policy routings. This command is used to display the
routing policies of local and configured interface policy routings.

Example
Display the routing policies of the local and configured interface policy routings.
<3Com> display ip policy
Route-policy Interface
pr02 Local
pr02 Virtual-Template0
pr01 Ethernet 0/0/0

The first line is prompt information. The first row shows where is used the routing
policy indicated in the second row. Take the first line as an example, "local"
indicates that the policy routing is used on the local router, i.e., all packets sent
from the local router (not forward through it) using the policy routing "pr02". The
494 CHAPTER 5: NETWORK PROTOCOL

second and third lines represent that the interfaces virtual-template0 and
Ethernet0/0/0 use route policy pr02 and pr01 respectively.

display ip policy setup Syntax


display ip policy setup { policy-tag | local | interface interface-type interface-number }

View
Any view

Parameter

policy-tag: Displays the setting information of policy routings identified by


map-tag.

local: Displays the setting information of local policy routings.

interface: Displays the setting information of interface policy routings.

interface-type: Interface type.

interface-number: Interface number.

Description
Using the display ip policy setup command, you can view the setting
information of policy routings.
The display output of the display ip policy setup local command is the same as
that with policy-tag which will be shown soon, except that it displays the policy
routing enabled on the local router but not the configuration of a certain specified
route-policy.
The display ip policy setup interface command displays the configuration of
the policy routing enabled on the interface.

Example
Display the specific configurations of the specified policy routing, enabled or
disabled.
<3Com> display ip policy setup pr01
route-policy pr01 permit node 0
if-match acl 11
apply ip-address next-hop 3.3.3.3

This command displays the specific configuration of the policy routing named
pr01. As shown above, the policy routing has one 0 node and includes an if-match
clause and an apply clause. For the accurate meanings of the if-match clause and
the apply clause, you can refer to the configuration guide of the command. The
example shows how the option map-tag is used.

display ip policy statistic Syntax


display ip policy statistic { { policy-tag | local | interface interface-type interface-number
} [ verbose ] }
IP Unicast Policy Routing Configuration Commands 495

View
Any view

Parameter

policy-tag: Displays the statistics of the policy identified by policy-tag performing


policy routing process on packets.

local: Displays the statistics of local policy routing packets.

interface: Displays the statistics of interface policy routings.

interface-type: Interface type.

interface-number: Interface number.

verbose: Displays the detailed information.

Description
Using the display ip policy statistic command, you can view the statistics of
policy routings.

Example
Display the matching statistics of the specified policy routing.
<3Com> display ip policy statistic local
local policy pr02 summary information:
Main board
Total success packet number: 0
Total failure packet number: 0

The above information shows the forwarding success and failure times for all the
forwarding policy (i.e., the apply clause) of the local router policy routing.

To display the more detail statistics classified according to each apply clause, the
option verbose should be added.

<3Com> display ip policy statistic local verbose


local policy pr02 detail information:
Main board
apply output-interface: NULL0
Total success packet number: 0
Fail for interface not exists: 0
Fail for interface down: 0
apply ip-address next-hop: 5.5.5.5
Total success packet number: 0
Fail for error next-hop: 0
Fail for interface not exists: 0
Fail for interface down: 0

If the optional field verbose is added, the more detail statistics of each apply clause
in the policy routing will be displayed separately and the statistics of the
forwarding errors has been classified.
496 CHAPTER 5: NETWORK PROTOCOL

if-match acl Syntax


if-match acl acl-number
undo if-match acl acl-number

View
Route-policy view

Parameter

acl-number: Address access control list number.

Description
Using the if-match acl command, you can set the match condition for IP address.
Using the undo if-match acl command, you can delete the IP address match
condition.
An acl-number can be basic standard access-list or advanced access-list.
For the related command, see if-match packet-length.

Example
Set packets that accord with the access list 10 to be matched.
[3Com] route-policy map1 permit node 10
[3Com-route-policy] if-match acl 10

if-match packet-length Syntax


if-match packet-length min-len max-len
undo if-match packet-length

View
Route-policy view

Parameter

min-len: Minimum packet length of network layer.

max-len: Maximum packet length of network layer.

Description
Using the if-match packet-length command, you can set length match
conditions of IP packets. Using the undo if-match packet-length command, you
can delete the configuration about IP packet length match conditions.
For the related command, see if-match acl.

Example
Set the packet in the range 100 to 200 to be matched.
[3Com] route-policy map1 permit node 10
[3Com-route-policy] if-match packet-length 100 200

ip local policy Syntax


route-policy
ip local policy route-policy policy-tag
IP Unicast Policy Routing Configuration Commands 497

undo ip local policy route-policy policy-tag

View
System view

Parameter
policy-tag: Policy name.

Description
Using the ip local policy route-policy command, you can enable local policy
routing. Using the undo ip local policy route-policy command, you can delete
the existing setting of the policy routing.
By default, interface local policy routing is disabled.
This command is used to enable or disable the local policy routing for the packets
sent by the local device. If there is no special demand, it is recommended that
users do not configure local policy routing.
For the related command, see ip policy route-policy.

Example
Enable a local policy routing at system view. The policy routing is specified by
route-policy AAA.
[3Com] ip local policy route-policy AAA

ip policy route-policy Syntax


ip policy route-policy policy-name
undo ip policy route-policy policy-name

View
Interface view

Parameter
policy-name: Policy name.

Description
Using the ip policy route-policy command, you can enable policy routing at an
interface. Using the undo ip policy route-policy command, you can delete the
existing policy routing at an interface.
By default, interface policy routing is disabled.
For the related command, see ip local policy route-policy.

Example
Enable the policy routing specified by route-policy AAA at the interface Ethernet
0/0/0.
[3Com-ethernet0/0/0] ip policy route-policy AAA
498 CHAPTER 5: NETWORK PROTOCOL

IP Multicast Policy
Routing Configuration
Commands

apply ip-address Syntax


next-hop apply ip-address next-hop { acl acl-number | ip-address [ ip-address ] }
undo apply ip-address next-hop [ acl acl-number | ip-address [ ip-address ] ]

View
Route-policy view

Parameter

acl-number: Standard ACL number ranging from 1 to 99.

ip-address: Specifies the next hop address. Multiple next hop addresses can be
specified.

Description
Using the apply ip-address command, you can configure the next hop IP address
list in a route-node. Using the undo apply ip-address command, you can remove
the configuration.
By default, no apply clause is defined.
This command specifies the next hop address for packets that match the if-match
acl command. It specifies the next hop IP address list for multicast policy routing
through the ACL. This command is in juxtaposition relation with the apply
output-interface command. If both apply clauses are configured at the same
time, in multicast policy routing, the packets will be replicated and forwarded to
all the interfaces and next hops specified by the ACLs respectively. This is different
from unicast policy routing because only one apply clause works.

For the next hop IP address, the specified ACL is the standard ACL.

For the related commands, see if-match acl, apply output-interface, and
display ip multicast-policy.

apply output-interface Syntax


apply output-interface acl acl-number
undo apply output-interface [ acl acl-number ]

View
Route-policy view

Parameter
acl-number: ID of interface-based ACL, ranging from 1000 to 1999.

Description
Using the apply output-interface command, you can configure an outgoing
interface list in a route-node. Using the undo apply output-interface command,
you can remove the configuration.
IP Multicast Policy Routing Configuration Commands 499

By default, no apply clause is defined.


This command specifies outgoing interfaces for packets that match the if-match
command. It specifies outgoing interfaces for multicast policy routing through the
ACL. The action executed to packets that meet the if-match conditions defined by
the match clause are as follows: If outgoing forwarding interfaces are set in the
route-node through the ACL, the packets will be replicated and forwarded to all
interfaces specified by the ACL.
For an outgoing interface, the specified ACL is the one based on interface.
This command is in juxtaposition relation with the apply ip-address next-hop
command. If both apply clauses are configured at the same time, in multicast
policy routing, the packets will be replicated and forwarded to all the interfaces
and next hops specified by the ACLs respectively. This is different from unicast
policy routing because only one apply clause works.

For the related commands, see apply ip-address next-hop, if-match acl, and
display ip multicast-policy.

debugging ip Syntax
multicast-policy debugging ip multicast-policy [ acl-number ]
undo debugging ip multicast-policy

View
User view

Parameter

acl-number: ID of interface-based ACL ranging 1000 to 1999.

Description
Using the debugging ip multicast-policy command, you can enable the
debugging of IP multicast policy routing. Using the undo debugging ip
multicast-policy command, you can disable the debugging of multicast policy
routing.
The contents of the debugging information contain the route-node that the
packets match and the next hop/outgoing interface to which the packets are
forwarded. The debugging information output can be filtered with the
interface-based ACL.
It should be noted that enabling the debugging will affect the performance of the
system. You should disable the debugging when the system is running normally.
For the related command, see route-policy.

display ip Syntax
multicast-policy display ip multicast-policy [ setup interface interface-name | statistic interface
interface-name ]

View
Any view
500 CHAPTER 5: NETWORK PROTOCOL

Parameter

interface-name: Interface name.

Description
Using the display ip multicast-policy command, you can view the multicast
policy routing information.

Example
Display the information about the multicast policy routing configured on interface
Ethernet2/0/0.
[3Com] display ip multicast-policy setup interface ethernet2/0/0
route-policy cc permit node 10
if-match acl 110
apply ip-address next-hop acl 50
route-policy cc permit node 20
if-match acl 120
apply output-interface acl 1005

Display the statistic information about the multicast policy routing configured on
interface Ethernet2/0/0.

[3Com] display ip multicast-policy statistic interface ethernet2/0/0


interface Ethernet2/0/0 multicast-policy routing summary information:
Total packets matched: 5
Total packets forward : 20

if-match acl Syntax


if-match { acl acl-number | ip-prefix ip-prefix-name }
undo if-match { acl acl-number | ip-prefix ip-prefix-name }

View
Route-policy view

Parameter

acl-number: Standard or extended ACL number ranging from 1 to 199.

ip-prefix-name: Specifies the name of an address prefix list used for filtering.

Description
Using the if-match acl command, you can set conditions that multicast packets
should meet in each policy node. Using the undo if-match acl command, you can
remove the match conditions set.
By default, no if-match clause is defined.
If a packet meets the if-match conditions specified in a policy node, actions
specified by the node will be performed. If a packet does not meet the if-match
conditions specified in a policy node, the next node will be detected. If a packet
does not meet the conditions of all policy nodes, the packet will return to the
normal forwarding flow. The configuration and use of this command are the same
as those of the same command in the unicast policy routing.
IP Multicast Policy Routing Configuration Commands 501

ip multicast-policy Syntax
route-policy ip multicast-policy route-policy policy-name
undo ip multicast-policy route-policy policy-name

View
Interface view

Parameter

policy-name: Specifies the name of a route-policy, which uniquely identifies one


route-policy.

Description
Using the ip multicast-policy route-policy command, you can enable a
multicast policy routing on an interface. Using the undo ip multicast-policy
route-policy command, you can remove a multicast policy route applied on the
interface.
By default, no multicast route policy is enabled.
Using this command can enable multicast policy routing defined by the
route-policy named policy-name on an interface.
When multicast policy routing is configured on an interface of a router, all
multicast packets entering the router on the interface will be filtered.
The filter method is that all policy nodes of the route-policy specified by the policy
routing are tried in the order of the ascending sequence of the numbers. If a
packet meets the if-match conditions specified in a policy node, actions specified
by the node will be performed. If a packet does not meet the if-match conditions
specified in a policy node, the next node will be detected. If a packet does not
meet the conditions of any policy nodes, the packet will return to the normal
forwarding flow.
For the related command, see route-policy.

Example
Enable multicast policy routing named map1 on interface Ethernet 2/0/0.
[3Com-Ethernet2/0/0] ip multicast-policy route-policy map1

route-policy Syntax
route-policy policy-name { permit | deny } node sequence-number
undo route-policy policy-name [ permit | deny ] [ node sequence-number ]

View
System view

Parameter

policy-name: Specifies the name of a route-policy, which uniquely identifies one


route-policy.

permit: Specifies the match mode of the route-policy node defined as permit.
When a route entry meets the if-match clause of the node, the entry is permitted
502 CHAPTER 5: NETWORK PROTOCOL

to pass the filter of the node and the apply clause of the node will be performed.
If a route entry does not meet the if-match clause of the node, the next node of
the route-policy will be tested. For multicast policy routing configuration, all the
if-match clauses except the if-match acl clause are invalid.

deny: Specifies the match mode of the route-policy node defined as deny. When a
route entry meets the if-match clause of the node, the entry is denied to pass the
filter of the node and the next node will not be tested. For multicast policy routing
configuration, all the if-match clauses except the if-match acl clause are invalid.

sequence-number: Identifies a node in the route-policy. When the route-policy is


used for routing information filtering, the node with a smaller sequence-number is
tested first. This parameter ranges from 0 to 65535.

Description
Using the route-policy command, you can configure a route-policy node and
enter the route-policy view. Using the undo route-policy command, you can
remove a route-policy or a node.
By default, no route-policy is defined.
The policy of IP multicast policy routing is implemented by configuring
route-policies. Multiple route-policies can be configured on a router. Each
route-policy may contain multiple route-nodes. Different route-nodes in a
route-policy are identified by different integer sequence-numbers. In each
route-node, set the conditions that packets should match (i.e., the match rule)
with the if-match command, and configure the forwarding actions to be
executed to packets that meet the match conditions with the apply command.
The logical relation that filter the if-match clauses is “and”. This means that any
if-match clause passing the filter will cause others to be ignored.
Only the if-match acl clause is effective for multicast policy routing. The logical
relation between route-policy nodes is “or”. That is, one packet forwarded in one
policy node results in all the following nodes being ignored. If all permit nodes can
not succeed in matching with the features of packet or any deny node is matched,
the packet will then be forwarded or discarded normally, up to the route table.
When multicast policy routing is configured on an interface of a router, all
multicast packets entering the router on the interface will be filtered. The filter
method is that all policy nodes of the route-policy are applied in the ascending
sequence of their ID(a number).
For the related commands, see if-match, apply output-interface, apply
ip-address next-hop, and display ip multicast-policy.

Example
Configure a route-policy named map1 with the node ID of 10 and with the match
mode of permit and enter the route-policy view.
[3Com] route-policy map1 permit node 10
[3Com-route-policy]
IPX Configuration Commands 503

IPX Configuration
Commands

debugging ipx packet Syntax


debugging ipx packet [ interface-type interface-num | interface-name ]
undo debugging ipx packet [ interface-type interface-num | interface-name ]

View
User view

Parameter

interface-type: Interface type.

interface-num: Interface number.

interface-name: Interface name.

Description
Using the debugging ipx packet command, you can enable IPX packet
debugging switch to view the contents of IPX packet received and transmitted.
Using the undo debugging ipx packet command, you can disable the
debugging switch.

By default, IPX packet debugging switch is disabled.

Example
Enable IPX packet debugging switch.
<3Com> debugging ipx packet
*0.8942310-IPX-8-IPXPKT:
Sending, interface = Serial3/0/0,
pktlen = 40, hops = 0, pkttype = 0x1,
dstnet = 0xb, dstnode = ffff-ffff-ffff, dstsocket = 0x453,
srcnet = 0xb, srcnode = 00e0-fc01-5517, srcsocket = 0x453
prompt: Sending the packet.
*0.8942610-IPX-8-IPXPKT:
Delivering, interface = Serial3/0/0,
pktlen = 480, hops = 0, pkttype = 0x4,
dstnet = 0xb, dstnode = ffff-ffff-ffff, dstsocket = 0x452,
srcnet = 0xb, srcnode = 00e0-fc01-54f6, srcsocket = 0x452
prompt: IPX packet is delivering up!
Table 7 Description of display information of the debugging ipx packet command

Item Description
pktlen = Length of packet in decimal format (not including MAC address
header).
hops = How many routers the packet has passed through.
pkttype = Packet type in hexadecimal format.
dstnet = Destination network number of the packet.
dstnode = Destination node address of the packet.
dstsocket = Destination socket of the packet.
srcnet = Source network number of the packet.
504 CHAPTER 5: NETWORK PROTOCOL

Table 7 Description of display information of the debugging ipx packet command

Item Description
srcnode = Source node address of the packet.
srcsocket = Source socket of the packet.
promt: Prompt of how router processes the packet and reasons of
discarding packet.

debugging ipx ping Syntax


debugging ipx ping
undo debugging ipx ping

View
User view

Parameter
None

Description
Using the debugging ipx ping command, you can enable IPX Ping packet
debugging switch to view the contents of Ping packet received and transmitted.
Using the undo debugging ipx ping command, you can disable the debugging
switch.
By default, IPX Ping packet debugging switch is disabled.

Example
Enable IPX Ping packet debugging switch.
<3Com> debugging ipx ping
*0.15396012-IPX-8-IPXHWPING:
Ping receiving: Request, Src = a.00e0-fc04-8859, Dst = a.00e0-fc01-54f6
*0.15396130-IPX-8-IPXPING:
Ping sending: Response, Src = a.00e0-fc01-54f6, Dst = a.00e0-fc04-8859
Table 8 Description of display information of the debugging ipx ping command

Item Description
Src = Source address of Ping packet.
Dst = Destination address of Ping packet.
IPX Configuration Commands 505

debugging ipx rip Syntax


debugging ipx rip { packet [ verbose ] | event }
undo debugging ipx rip { packet [ verbose ] | event }

View
User view

Parameter

packet: Debugging information of packet received and transmitted.

verbose: Displays detailed information about packet received and transmitted.

event: Event debugging information, such as Up/Down of an interface and


related timer events.

Description
Using the debugging ipx rip command, you can enable RIP debugging switch to
view information on RIP packet received and transmitted, routing changes and
timer expiry. Using the undo debugging ipx rip command, you can disable RIP
debugging switch.
By default, IPX RIP debugging switch is disabled.

Example
Enable IPX RIP packet debugging switch.
<3Com> debugging ipx rip packet
Send RIP Response to Ethernet0/0, length 96
src:a.00e0-fc01-5517(453), dst:a.ffff-ffff-ffff(453)
Number of Entries in Pkt: 8
Enable IPX RIP packet verbose debugging switch.
<3Com> debugging ipx rip packet verbose
Send RIP Response to Ethernet0/0, length 96
src:a.00e0-fc01-5517(453), dst:a.ffff-ffff-ffff(453)
Number of Entries in Pkt: 8
Network 0x1, hops 2, delay 2
Network 0x2, hops 2, delay 2
Network 0x3, hops 2, delay 2
Network 0x4, hops 2, delay 2
Network 0x5, hops 2, delay 2
Network 0x6, hops 2, delay 2
Network 0x8, hops 2, delay 8
Network 0xa, hops 1, delay 2

Enable IPX RIP event debugging switch.

<3Com> debugging ipx rip event


*0.274181351-IPXRIP-8-IPXRIP_Event:
The number 1 equal route nexthop: 00e0-fc04-8859
*0.274181450-IPXRIP-8-IPXRIP_Event:
The network 8 totally have 1 equal route
506 CHAPTER 5: NETWORK PROTOCOL

debugging ipx Syntax


rtpro-flash debugging ipx rtpro-flash
undo debugging ipx rtpro-flash

View
User view

Parameter
None

Description
Using the debugging ipx rtpro-flash command, you can turn on the debugging
switch of route refreshing in the IPXRM module. Using the undo debugging ipx
rtpro-flash command, you can turn off the debugging switch of route refreshing
in the IPXRM module.
This kind of debugging information is generated when routes are refreshed for the
sake of route change.

Example
Switch on route refreshing debugging for IPXRM module.
<3Com>debugging ipx rtpro-flash
<3Com>
Remove an IPX static route.
[3Com]undo ipx route-static b2 Serial 1
*0.18537610 3Com RMX/8/DBG:
IPXRM set a Rth on the flash list, ulRthDest = 0xb2 .
[3Com]
*0.18537820 3Com RMX/8/DBG:
IPXRM finish a flash, reset a Rth on the flash list, ulRthDest = 0xb2 .
[3Com]

debugging ipx Syntax


rtpro-interface debugging ipx rtpro-interface
undo debugging ipx rtpro-interface

View
User view

Parameter
None

Description
Using the debugging ipx rtpro-interface command, you can turn on the
debugging switch of interface change in the IPXRM module. Using the undo
debugging ipx rtpro-interface command, you can turn off the debugging
switch of interface change in the IPXRM module.
IPX Configuration Commands 507

Such debugging information is generated whenever IPXRM module receives


interface change messages. These messages are generated when interface status
changes between up and down, or interface is added or removed.

Example
Enable IPX RIP packet debugging switch
<3Com> debugging ipx rip packet

Switch on interface change debugging for IPXRM module.

<3Com>debugging ipx rtpro-interface


<3Com>

Trigger interface change by using shut/undo shut command.

[3Com-Serial1] shut
[3Com-Serial1]

%Oct 24 14:11:27 2003 3Com PHY/2/PHY: Serial1: change status to down

%Oct 24 14:11:27 2003 3Com IFNET/5/UPDOWN:Line protocol on the interface


Serial1 turns into DOWN state

%Oct 24 14:11:27 2003 3Com IFNET/5/UPDOWN:Protocol IPX on the interface


Serial1 turns into DOWN state

*0.19023320 3Com RMX/8/DBG:IPXRM recieve interface change msg, msg type


IPX_IF_DOWN .if_index is 0x286 .Interface name is Serial1 .

[3Com-Serial1]
[3Com-Serial1]undo shut
[3Com-Serial1]

%Oct 24 14:11:34 2003 3Com PHY/2/PHY: Serial1: change status to up

%Oct 24 14:11:34 2003 3Com IFNET/5/UPDOWN:Line protocol on the interface


Serial1 turns into UP state

%Oct 24 14:11:34 2003 3Com IFNET/5/UPDOWN:Protocol IPX on the interface


Serial1 turns into UP state

*0.19032220 3Com RMX/8/DBG:IPXRM recieve interface change msg, msg type


IPX_IF_UP .if_index is 0x286 .Interface name is Serial1 .

[3Com-Serial1]

debugging ipx Syntax


rtpro-routing debugging ipx rtpro-routing
undo debugging ipx rtpro-routing

View
User view
508 CHAPTER 5: NETWORK PROTOCOL

Parameter
None

Description
Using the debugging ipx rtpro-routing command, you can turn on the
debugging switch of route change in the IPXRM module. Using the undo
debugging ipx rtpro-routing command, you can turn off the debugging switch
of route change in the IPXRM module.
This kind of debugging information is generated when route changes as addition,
deletion or attribute adjustment occur.

Example
Switch on route change debugging for IPXRM module.
<3Com>debugging ipx rtpro-routing
<3Com>
Add a static route
3Com]ipx route-static d10 Serial 1

*0.19579120 3Com RMX/8/DBG:IPXRM ADD route !

Dest: d10 Nexthop: 0.0000-0000-0000

Interface: a.00e0-fcfb-3a00(Serial1)

Protocol: Static Preference: 60

Ticks: 6 Hops: 1

*0.19579230 3Com RMX/8/DBG:IPXRM route change to ACTIVE !

Dest: d10 Nexthop: 0.0000-0000-0000

Interface: a.00e0-fcfb-3a00(Serial1)

Protocol: Static Preference: 60

Ticks: 6 Hops: 1

debugging ipx sap Syntax


packet debugging ipx sap [ packet [ verbose ] | event ]
undo debugging ipx sap [ packet [ verbose ] | event ]

View
User view

Parameter

packet: Debugging information of packet received and transmitted.

verbose: Displays detailed information about packet received and transmitted.

event: Event debugging information, such as Up/Down of an interface and


related timer events.
IPX Configuration Commands 509

Description
Using the debugging ipx sap command, you can enable IPX SAP debugging
switch to view information on SAP packet received and transmitted, routing
changes and timer expiry. Using the undo debugging ipx sap command, you
can disable IPX SAP debugging switch.
Enabling IPX SAP debugging switch, you can confirm whether SAP packet is
received. Normally, a router or server sends out an SAP update packet every
minute. By default, each SAP packet includes up to seven service information
items at most. If a lot service information needs advertising on the network, the
router sends out multiple packets per update. For example, if a router has 20
service information items in SIT, it sends three SAP packets per update. The first
SAP includes the first seven items, the second SAP includes the next seven items,
and the last update includes the last six items.

The debugging ipx sap command generates significant amount of output, use it
with caution on networks that have many interfaces and a great deal of service
information. Disable debugging switch immediately after debugging to reduce
effect to normal services as possible.

Example
Enable SAP packet verbose debugging switch.
<3Com> debugging ipx sap packet verbose
*0.20909856-IPXSAP-8-IPX SAP: MSG: Receive Response Packet From Eth0,Length 480
Src: 000a.0000-0104-8f02 (0452) Dest: 000a.ffff-ffff-ffff (0452)
Number of entries in pkt: 7
Server type 2000 "PS1" 0008.000a-000a-000a (0452) hop 3
Server type 2345 "kkkkk" 000d.0005-0005-0005 (0452) hop 6
Server type 9000 "kiran-temp" 000d.0006-0006-0006 (0452) hop 16
Server type 6000 "kiran3" 000d.0003-0003-0003 (0452) hop 6
Server type 5000 "kiran2" 000d.0002-0002-0002 (0452) hop 16
Server type 4000 "kiran1" 000d.0001-0001-0001 (0452) hop 16
Server type 1000 "FS2" 000d.000a-000a-000a (0452) hop 2

Enable SAP packet debugging switch.

<3Com> debugging ipx sap packet


*0.20909856-IPXSAP-8-IPX SAP : MSG:Recieve Response Packet From Eth0,Length 480
Src: 000a.0000-0104-8f01 (0452) Dest: 000a.ffff-ffff-ffff (0452)
Number of entries in pkt: 4

Enable SAP event debugging switch.

<3Com> debugging ipx sap Event


*0.20776625-IPXSAP-8-IPX SAP: MSG:
IPXSAP: Route UP Event Received: N

display ipx interface Syntax


display ipx interface [ interface- type interface-num | interface-name ]

View
Any view
510 CHAPTER 5: NETWORK PROTOCOL

Parameter

Interface-type: Interface type.

Interface-num: Interface number.

Interface-name: Interface name.

Description
Using the display ipx interface command, you can view IPX interface
configuration information and interface parameters in communication devices.

Example
Display IPX configuration and statistics of the interface Ethernet1/0/0.
<3Com> display ipx interface ethernet 1/0/0
Ethernet1/0/0 is up
IPX address is 2.00E0-FC01-0000 [up]
SAP is enabled
Split horizon is enabled
Update change only is disabled
Forwarding of IPX type 20 propagation packet is enabled
Delay of this IPX interface, in ticks is 1
SAP GNS response is enabled
RIP packet maximum size is 432 bytes
SAP packet maximum size is 480 bytes
IPX encapsulation is Netware 802.3
0 received, 0 sent
0 bytes received, 0 bytes sent
0 RIP received, 0 RIP sent, 0 RIP discarded
0 RIP specific requests received, 0 RIP specific responses sent
0 RIP general requests received, 0 RIP general responses sent
0 SAP received, 0 SAP sent, 0 SAP discarded
0 SAP requests received, 0 SAP responses sent
Table 9 Description of display information of the display ipx interface command

Item Description
Ethernet1/0/0 is ... In terms of physical layer and link layer status, the current
interface is UP, DOWN or administratively DOWN.
IPX address is ... IPX network ID and node value of the current interface. Refer to
the commands ipx network and ipx enable for details of
network ID and node value.
[up] IPX protocol status of the current interface.
SAP is … Whether SAP is enabled on the current interface.
Split horizon is … Whether split horizon is enabled on the current interface. The
related command is ipx split-horizon.
Update change only is Whether trigger update is enabled on the current interface. The
… related command is ipx update-change-only.
Forwarding of IPX type Whether IPX type 20 propagation packet is permitted to be
20 propagation packet forwarded on the current interface. The related command is ipx
is ... netbios-propagation.
Delay of this IPX Delay value of the current interface. The value is configured by
interface, in ticks is ... the ipx tick command.
SAP GNS response is ... Whether SAP GNS reply is enabled on the current interface. The
related command is ipx sap gns-disable-reply.
IPX Configuration Commands 511

Table 9 Description of display information of the display ipx interface command

Item Description
RIP packet maximum Maximum size of RIP updating packet on the current interface.
size is ... bytes The related command is ipx rip mtu.
SAP packet maximum Maximum size of SAP updating packet on the current interface.
size is ... bytes The related command is ipx sap mtu.
received Total number of packets received on the current interface.
sent Total number of packets sent on the current interface.
bytes received Total number of bytes received on the current interface.
bytes sent Total number of bytes sent on the current interface.
RIP received Total number of IPX RIP packets received on the current
interface.
RIP sent Total number of IPX RIP packets sent on the current interface.
RIP discarded Total number of IPX RIP packets discarded on the current
interface.
RIP specific requests Total number of IPX RIP specific requests received on the current
received interface.
RIP specific responses Total number of IPX RIP specific responses sent on the current
sent interface.
RIP general requests Total number of IPX RIP general requests received on the current
received interface.
RIP general responses Total number of IPX RIP general responses sent on the current
sent interface.
SAP received Total number of SAP packets received on the current interface.
SAP sent Total number of SAP packets sent on the current interface.
SAP discarded Total number of SAP packets discarded on the current interface.
SAP requests received Total number of SAP requests received on the current interface.
SAP responses sent Total number of SAP responses sent on the current interface.

display ipx routing-table Syntax


display ipx routing-table [ network ] [ verbose ]
display ipx routing-table protocol { default | direct | rip | static } [ inactive | verbose ]

View
Any view

Parameter

network: Destination network ID of IPX static route. It is an 8-bit hexadecimal


number, ranging from 1 to 0xFFFFFFFE. Display IPX routing information to
specified destination network ID.

verbose: Displays detailed route information, including active and inactive routes.

default: Displays all the default routing information.

direct: Displays all the directly connected routing information.

rip: Displays all IPX RIP routing information.


512 CHAPTER 5: NETWORK PROTOCOL

static: Displays all IPX static routing information.

inactive: Only displays inactive routing information.

Description

Using the display ipx routing-table command, you can view active IPX routing
information.

Using the display ipx routing-table verbose command, you can view detailed
IPX routing information including active and inactive routes.

Using the display ipx routing-table network command, you can view active IPX
routing information to specified destination network ID.

Using the display ipx routing-table network verbose command, you can view
detailed IPX routing information to specified destination network ID including
active and inactive routes.

Using the display ipx routing-table protocol { rip | static | default | direct }
command, you can view IPX routing information for specified destination type
including active and inactive routes.

Using the display ipx routing-table protocol { rip | static | default | direct }
verbose command, you can view detailed IPX routing information for specified
destination type including active and inactive routes.

Example
Display active IPX routing information.
[3Com] display ipx routing-table
Routing tables:
Summary count: 4
Dest_Ntwk_ID Proto Pre Ticks Hops Nexthop Interface
0x11 Direct 0 6 0 0.0000-0000-0000 Serial0/0/0
0x22 RIP 100 7 1 11.0000-0165-6401 Serial0/0/0
0x33 Direct 0 1 0 0.0000-0000-0000 Ethernet0/0/0
0x100 Static 60 6 1 0.0000-0000-0000 Serial0/0/0

The following table explains the contents in the above displayed information:

Table 10 Description of display information of the display ipx routing-table command

Item Description
Dest_Ntwk_ID Destination network ID of the route
Proto Protocol type of the route
Pre Preference of the route
Ticks Ticks value of the route
Hops Hops value of the route
Nexthop The next hop of the route
Interface Outgoing interface of the route

Display detailed IPX routing information, including active and inactive routes.
IPX Configuration Commands 513

<3Com> display ipx routing-table verbose


Routing tables:
Destinations: 103 Routes: 103
Destination Network ID: 0x11
Protocol: Direct Preference: 0
Ticks: 6 Hops: 0
Nexthop: 0.0000-0000-0000 Time: 0
Interface: 11.0000-0165-6400(Serial0)
State: <Active>
Destination Network ID: 0x22
Protocol: RIP Preference: 100
Ticks: 7 Hops: 1
Nexthop: 11.0000-0165-6401Time: 15
Interface: 11.0000-0165-6400(Serial0)
State: <Active>
Destination Network ID: 0x33
Protocol: Direct Preference: 0
Ticks: 1 Hops: 0
Nexthop: 0.0000-0000-0000Time: 0
Interface: 33.0000-0165-6400(Ethernet0)
State: <Active>
Destination Network ID: 0x100
Protocol: Static Preference: 60
Ticks: 6 Hops: 1
Nexthop: 0.0000-0000-0000Time: 0
Interface: 11.0000-0165-6400(Serial0)
State: <Active>
Table 11 Description of display information of the display ipx routing-table verbose
command

Item Description
Time Aging time value of the route. Without aging, the value of
interface route and static route is 0.
State State can be <Active>, <Inactive> or <Delete>. <Active>
indicates active route, <Inactive> indicates inactive route and
<Delete> indicates the route is being deleted.

display ipx routing-table Syntax


statistics display ipx routing-table statistics

View
Any view

Parameter
None

Description
Using the display ipx routing-table statistics command, you can view IPX
routing statistics.

Example
Display IPX routing statistics.
<3Com> display ipx routing-table statistics
514 CHAPTER 5: NETWORK PROTOCOL

Routing tables:
Proto/State route active added deleted freed
Direct 2 2 2 0 0
Static 1 1 2 1 1
RIP 1 1 1 0 0
Default 0 0 0 0 0
Total 4 4 5 1 1

display ipx service table Syntax


display ipx service-table [ [ type service-type | name name | network network | order {
network | type } ] | [ inactive ] ] [ verbose ]

View
Any view

Parameter

type: Displays information for specified service type ID.

service-type: The type of service.

name: Displays information for specified server name.

name: Name of the server.

network: Displays service information of the server on specified network


segment.

network: The network ID of the network segment.

order: Displays service information after classified by the type.

network: Classified by the network ID.

type: Classified by the service type.

inactive: Displays inactive service information.

verbose: Displays details about service information.

Description
Using the display ipx service-table command, you can view contents of an IPX
service information table. The output information of the command helps users
with IPX SAP troubleshooting.

Example
Display contents of IPX service information table.
[3Com] display ipx service-table
Abbreviation: S - Static, Pref - Preference(Decimal), NetId - Network number,
NodeId - Node address, hop - Hops(Decimal), Recv-If - Interface from which the service is
receieved
Name Type NetId NodeId Sock Pref Hops Recv-If
FS2 1000 000d 000a-000a-000a 0452 500 02 Eth1/0/0
PS1 2000 0008 000a-000a-000a 0452 500 03 Eth1/0/0
IPX Configuration Commands 515

kkkkk 2345 000d 0005-0005-0005 0452 500 06 Eth1/0/0


Hello3 6000 000d 0003-0003-0003 0452 500 06 Eth1/0/0
Display contents of service information table of type 5.
[3Com] display ipx service-table type 5
Abbreviation: S - Static, Pref - Preference(Decimal), NetId - Network number,
NodeId - Node address, hop - Hops(Decimal), Recv-If - Interface from which the service is
receieved
Name Type NetId NodeId Sock Pref Hops Recv-If
Prn1 0005 000d 000a-000a-000a 0452 500 02 Eth1/0/0
Prn2 0005 0008 000a-000a-000a 0452 500 03 Eth1/0/0
Prn3 0005 000d 0005-0005-0005 0452 500 06 Eth1/0/0
Prn4 0005 000d 0006-006-0006 0452 500 06 Eth1/0/0

display ipx statistics Syntax


display ipx statistics

View
Any view

Parameter
None

Description
Using the display ipx statistics command, you can view statistics and type of IPX
packet transmitted and received.

Example
Display IPX statistics.
<3Com> display ipx statistics
Received: 0 total, 0 packets pitched
0 packets size errors, 0 format errors
0 bad hops(>16), 0 discarded(hops=16)
0 other errors, 0 local destination
0 can not be dealed
Sent: 0 forwarded, 0 generated
0 no route, 0 discarded
RIP: 0 sent, 0 received
0 responses sent, 0 responses received
0 requests received, 0 requests dealed
0 requests sent, 0 periodic updates
SAP: 0 general requests received
0 specific requests received
0 GNS requests received
0 general responses sent
0 specific responses sent
0 GNS responses sent
0 periodic updates, 0 errors
Table 12 Description of display information of the display ipx statistics command

Item Description
Received Statistics for received messages
0 total Total number of received messages
0 packets pitched Total number of messages whose headers are re-pitched
516 CHAPTER 5: NETWORK PROTOCOL

Table 12 Description of display information of the display ipx statistics command

Item Description
0 packets size errors Total number of discarded messages due to packet size errors
0 format errors Total number of discarded messages due to encapsulation format
errors
0 bad hops Total number of messages whose hop field values exceed 16
0 discarded(hop=16) Total number of messages whose hop field values are 16
0 other errors Total number of discarded messages due to other errors
0 local destination Total number of messages which have local destinations
0 can not be dealt Total number of messages that can not be dealt with
Sent: Statistics for sent messages
0 forwarded Number of messages which need to be forwarded
0 generated Number of messages which are sent by router itself
0 no route Number of messages which do not find routes
0 discarded Number of messages discarded during sending
RIP: Statistics for RIP messages
0 sent Number of RIP messages sent by router
0 received Number of RIP messages received
0 responses sent Number of RIP response messages sent by router
0 responses received Number of RIP response messages received
0 requests received Number of RIP request messages received
0 requests dealt Number of RIP request messages dealt
0 requests sent Number of RIP request messages sent by router
0 periodic updates Number of RIP periodic update messages sent by router
SAP: Statistics for SAP messages
0 general requests Number of received SAP general request messages
received
0 specific requests Number of received SAP specific request messages
received
0 GNS requests Number of received SAP GNS request messages
received
0 general responses Number of sent SAP general response messages
sent
0 specific responses Number of sent SAP specific response messages
sent
0 GNS responses sent Number of sent SAP GNS response messages
0 periodic updates Number of SAP periodic update messages sent by router
0 errors Number of error SAP messages

ipx enable Syntax


ipx enable [ node node ]
undo ipx enable

View
System view
IPX Configuration Commands 517

Parameter

node: node value of the router. It is a 48-bit value represented by a triplet of


four-digit hexadecimal numbers separated by “-“. It is neither a broadcasting
address nor a multicast address. If the parameter is not configured, the router will
assign MAC address of the first Ethernet interface as its node value.

If there is no Ethernet interface in the router, the system will assign a random node
value based on the system clock.

Description
Using the ipx enable command, you can activate IPX. Using the undo ipx
enable command, you can deactivate IPX and remove all IPX configurations
simultaneously.
Activating IPX again after executing the undo ipx enable command, you can not
restore any IPX configuration.

Example
Enable IPX.
[3Com] ipx enable
Disable IPX.
[3Com] undo ipx enable

ipx encapsulation Syntax


ipx encapsulation [ dot2 | dot3 | ethernet-2 | snap ]
undo ipx encapsulation

View
Ethernet Interface view

Parameter

dot2: Encapsulation format is Ethernet_802.2.

dot3: Encapsulation format is Ethernet_802.3.

ethernet-2: Encapsulation format is Ethernet_II.

snap: Encapsulation format is Ethernet_SNAP.

Description
Using the ipx encapsulation command, you can set IPX frame encapsulation
format on Ethernet interface. Using the undo ipx encapsulation command, you
can restore the default IPX frame encapsulation format.
By default, IPX frame encapsulation format on Ethernet interface is dot3
(Ethernet_802.3).
In WAN interfaces, IPX frame only supports PPP encapsulation.
518 CHAPTER 5: NETWORK PROTOCOL

Example
Configure IPX frame encapsulation format on the interface Ethernet0/1/0 as
Ethernet_II.
[3Com-Ethernet 0/1/0] ipx encapsulation ethernet-2
Restore the default IPX frame encapsulation format on the interface
Ethernet0/1/0.
[3Com-Ethernet 0/1/0] undo ipx encapsulation

ipx netbios-propagation Syntax


ipx netbios-propagation
undo ipx netbios-propagation

View
Interface view

Parameter
None

Description
Using the ipx netbios-propagation command, you can configure the router to
forward type 20 broadcast packets on the current interface. Using the undo ipx
netbios-propagation command, you can disable the forwarding of type 20
packets.
By default, type 20 broadcast packets will be discarded by the router rather than
forwarded.
IPX type 20 packet is a packet for NetBIOS (Network Basic Input/Output System)
defined by Novell NetWare.

Example
Enable the receipt and forwarding of type 20 broadcast packets.
[3Com-Ethernet 0/1/0] ipx netbios-propagation
Disable the receipt and forwarding of type 20 broadcast packets.
[3Com-Ethernet 0/1/0] undo ipx netbios-propagation

ipx network Syntax


ipx network network-number
undo ipx network

View
Interface view

Parameter

network: Network ID of IPX interface in hex. It ranges from 0x1 to FFFFFFFD.


IPX Configuration Commands 519

Description
Using the ipx network command, you can configure a network ID for an
interface. Using the undo ipx network command, you can delete IPX network ID
of an interface.
By default, IPX is disabled on all interfaces after it is activated. There is no IPX
network ID on the interface.

Example
Configure the interface Ethernet0/1/0 as IPX interface and assign it with a network
ID.
[3Com-Ethernet 0/1/0] ipx network 675
Cancel the configuration of the interface Ethernet0/1/0 as IPX interface.
[3Com-Ethernet 0/1/0] undo ipx network

ipx rip import-route Syntax


ipx rip import-route static
undo ipx rip import-route static

View
System view

Parameter

static: Imported static route.

Description
Using the ipx rip import-route static command, you can import static routes
into RIP. RIP adds them in their route updates. Using the undo ipx rip
import-route static command, you can disable the importation of static routes.

Example
Import a static route to RIP.
[3Com] ipx rip import-route static

ipx rip mtu Syntax


ipx rip mtu bytes
undo ipx rip mtu

View
Interface view

Parameter

bytes: Maximum RIP updating packet size in byte, ranging from 432 to 1500. By
default, it is 432.

Description
Using the ipx rip mtu command, you can configure RIP updating packet size.
Using the undo ipx rip mtu command, you can restore the default configuration.
520 CHAPTER 5: NETWORK PROTOCOL

By default, the maximum size of RIP updating packets is 432 bytes. In RIP updating
packets, the size of each routing information item is 8 bytes and the size of IPX
header and RIP header is 32 bytes. So an updating packet can carry up to 50
routing information items at most.

Example
Configure the maximum size of RIP updating packets on the interface
Ethernet1/0/0 to 500 bytes.
[3Com-Ethernet1/0/0] ipx rip mtu 500

ipx rip multiplier Syntax


ipx rip multiplier multiplier
undo ipx rip multiplier

View
System view

Parameter

multiplier: It is used to calculate the aging period of RIP routing information table
items, ranging from 1 to 1000. By default, the value is 3. The actual aging time is
the value of multiplier multiplied by the RIP updating interval.

Description
Using the ipx rip multiplier command, you can configure the aging period of RIP
routing information table items. Using the undo ipx rip multiplier command,
you can restore the default configuration.
By default, RIP aging period is 3 times of updating interval.
Routers may contain a timer for each item in their routing information table,
which keeps track of elapsed time since the route was received. Every time the
updating packet containing the routing information is received, the timer is reset
to zero. If RIP route is not updated in a period of time, the system will regard the
route is no longer valid and delete it from the routing table.
For the related command, see ipx rip timer update.

Example
Configure RIP aging period of routing information table items is 5 times of
updating interval.
[3Com] ipx rip multiplier 5

ipx rip timer update Syntax


ipx rip timer update seconds
undo ipx rip timer update

View
System view
IPX Configuration Commands 521

Parameter

seconds: RIP updating interval in second, ranging from 10 to 60000.

Description
Using the ipx rip timer update command, you can configure RIP updating
interval. Using the undo ipx rip timer update command, you can restore the
default value of RIP updating interval.
By default, the RIP updating interval is 60 seconds.
On a network, routers need to constantly exchange routing information with each
other to keep routing information consistent with actual network topology. In RIP,
directly connected routers periodically send updating packets to each other.
The changes of RIP updating interval will affect aging period. For the related
command, see ipx rip multiplier.

Example
Configure RIP updating interval to 30 seconds.
[3Com] ipx rip timer update 30

ipx route Syntax


ipx route-static network [ network.node | interface-type interface-num |
interface-name ] [ preference value ] [ tick ticks hop hops ]
undo ipx route-static { network [ network.node | interface-type interface-num |
interface-name ] | all }

View
System view

Parameter

network: Destination network ID of IPX static route. It is an 8-bit hexadecimal


number, ranging from 1 to 0xFFFFFFFE.

network.node: The next hop address of IPX static route. network is the network ID
of the next hop. node is a triplet of four-bit hexadecimal numbers separated by
“-“, each ranging from 1 to 0xFFFF.

interface-type: Outgoing interface type, only supporting the interface with PPP
encapsulation. It can be Serial or POS interface.

interface-num: Outgoing interface number.

interface-name: Outgoing interface name.

preference: Route preference. The preference of directly connected routes is fixed


to 0 and cannot be changed. By default, the preference of active IPX static route is
60 and can be configured. The preference of dynamic IPX routes is fixed to 100
and cannot be changed.

value: Route preference value, ranging from 0 to 255. The less the value, the
higher the preference.
522 CHAPTER 5: NETWORK PROTOCOL

ticks: It indicates the necessary time to destination network (1 tick = 1/18 second).
By default, it is the tick value of outgoing interface. Interfaces of different types
have different default tick values. The tick value of Ethernet interface is 1 and that
of Serial interface is 6. When the tick value of an interface is modified, the tick
value of the corresponding static route will also be changed.

hops: Number of routers which are passed by to destination network. By default,


the value is 1.

all: All IPX static routes.

Description
Using the ipx route-static command, you can configure IPX static route. Using
the undo ipx route-static command, you can delete static route.
The system regards the IPX static route with destination network ID being -2
(0xFFFFFFFE) as the default route.

Example
Configure an IPX static route with destination network ID being 0x5a, the next
hop being 1000.0-0c91-f61f, ticks 10 and hops 2.
[3Com] ipx enable
[3Com] ipx route-static 5a 1000.0-0c91-f61f 10 2

Configure the default IPX route with the next hop being 3.4a-60-7, ticks 10, hops
2 and preference 20.

[3Com] ipx enable


[3Com] ipx route-static -2 3.4a.60.7 tick 10 hop 2 preference 20

Configure an IPX static route with destination network ID being 3a, outgoing
interface being Serial1/0/0, ticks 10, hops 2 and preference 30.

[3Com] ipx enable


[3Com] ipx route-static 3a serial 0/0/0 tick 10 hop 2 preference 30

ipx route Syntax


load-balance-path ipx route load-balance-path paths
undo ipx route load-balance-path

View
System view

Parameter

paths: The maximum equivalent route number to the same destination address,
ranging from 1 to 64. By default, the value is 1.

Description
Using the ipx route load-balance-path command, you can configure the
equivalent route number to the same destination address. Using the undo ipx
route load-balance-path command, you can restore the default configuration.
IPX Configuration Commands 523

The equivalent route number to the same destination address is the maximum
number of active equivalent routes in the current system. If the newly configured
value is less than the current active route number, the system will change the
excessive active routes to inactive status.

Example
Configure the equivalent route number to the same destination address to 30.
[3Com] ipx route load-balance-path 30

ipx route Syntax


max-reserve-path ipx route max-reserve-path paths
undo ipx route max-reserve-path

View
System view

Parameter

paths: The maximum dynamic route number to the same destination address,
ranging from 1 to 255. By default, the value is 4.

Description
Using the ipx route max-reserve-path command, you can configure the
maximum dynamic route number to the same destination address. Using the
undo ipx route max-reserve-path command, you can restore the default
configuration.
When the dynamic route number to the same destination address exceeds the
maximum value configured the newly found dynamic routes will not be added
into the routing table; discarded directly. If the newly configured value is less than
the original one the excessive routes in the current routing table will not be
deleted until they age themselves or are deleted manually.

Example
Configure the maximum dynamic route number to the same destination address
to 200.
[3Com] ipx route max-reserve-path 200

ipx sap disable Syntax


ipx sap disable
undo ipx sap disable

View
Interface view

Parameter
None
524 CHAPTER 5: NETWORK PROTOCOL

Description
Using the ipx sap disable command, you can disable SAP on the current
interface. Using the undo ipx sap disable command, you can enable SAP on the
current interface.
By default, the interface SAP is enabled as soon as IPX is enabled.

Example
Disable SAP on the interface Ethernet0/0/0.
[3Com-Ethernet0/0/0] ipx sap disable

Re-enable SAP on the interface Ethernet0/0/0.

[3Com-Ethernet0/0] undo ipx sap disable

ipx sap gns-disable-reply Syntax


ipx sap gns-disable-reply
undo ipx sap gns-disable-reply

View
Interface view

Parameter
None

Description
Using the ipx sap gns-disable-reply command, you can disable IPX GNS reply on
the current interface. Using the undo ipx sap gns-disable-reply command, you
can enable IPX GNS reply on the current interface.
By default, GNS reply is enabled on an interface.

Example
Disable GNS reply on the interface Ethernet0/0/0.
[Ethernet0/0/0] ipx sap gns-disable-reply
Re-enable GNS reply on the interface Ethernet0/0/0.
[Ethernet0/0/0] undo ipx sap gns-disable-reply

ipx sap gns-load-balance Syntax


ipx sap gns-load-balance
undo ipx sap gns-load-balance

View
System view

Parameter
None
IPX Configuration Commands 525

Description
Using the ipx sap gns-load-balance command, you can configure the router to
respond GNS request in Round-robin method, i.e., all servers respond GNS request
in turn. Using the undo ipx sap gns-load-balance command, you can configure
the nearest server to respond GNS request.
By default, for GNS request, a router will inform all servers it knows to respond in
Round-robin method to avoid overload of one server.
For the related command, see ipx sap gns-disable-reply.

Example
Configure the nearest server to respond GNS request.
[3Com] undo ipx sap gns-load-balance

Configure all servers to respond GNS request in Round-robin method.

[3Com] ipx sap gns-load-balance

ipx sap Syntax


max-reserve-servers ipx sap max-reserve-servers length
undo ipx sap max-reserve-servers

View
System view

Parameter

length: The length of the dynamic service information reserve queue, ranges
from1 to 2048. By default, the value is 2048.

Description
Using the ipx sap max-reserve-servers command, you can configure the length
of the service information reserve queue. Using the undo ipx sap
max-reserve-servers command, you can restore the default configuration.
If the newly configured service information queue length is less than the present
one, the items in SIT will not be deleted. If the service information item number for
the same service type exceeds the maximum value configured, the new service
information will not be added.

Example
Set the maximum length of service information reserve queue to 1024.
[3Com] ipx sap max-reserve-servers 1024

ipx sap mtu Syntax


ipx sap mtu bytes
undo ipx sap mtu

View
Interface view
526 CHAPTER 5: NETWORK PROTOCOL

Parameter

bytes: The maximum SAP packet size in byte, ranging from 480 to 1500. By
default, the value is 480.

Description
Using the ipx sap mtu command, you can configure the maximum size of SAP
updating packet. Using the undo ipx sap mtu command, you can restore the
default configuration.
By default, the maximum size of SAP updating packet is 480 bytes. The size of IPX
header and SAP header is 32 bytes, so a 480-byte SAP updating packet contains 7
service information items (64 bytes each).

Example
Set the maximum size of SAP updating packet on the interface Ethernet1/0/0 to
674 bytes (carrying 10 service information items at most).
[3Com-Ethernet0/0/0] ipx sap mtu 674

ipx sap multiplier Syntax


ipx sap multiplier multiplier
undo ipx sap multiplier

View
System view

Parameter

multiplier: It is used to calculate the aging period of SAP service information table
items, ranging from 1 to 1000. By default, the value is 3. When the updating
interval is 60 seconds, the aging period is 60*3 = 180 seconds.

Description
Using the ipx sap multiplier command, you can configure the aging period of
SAP service information table items. Using the undo ipx sap multiplier
command, you can restore the default value of SAP aging period.
By default, the aging period of SAP service information table items is 3 times of
SAP updating interval.
For the related command, see ipx sap timer update.

Example
Set the aging period of SAP service information table items is 5 times of updating
interval.
[3Com] ipx sap multiplier 5

ipx sap timer update Syntax


ipx sap timer update seconds
undo ipx sap timer update
IPX Configuration Commands 527

View
System view

Parameter

seconds: SAP updating interval, ranging from 10 to 60000 seconds. By default,


the value is 60 seconds.

Description
Using the ipx sap timer update command, you can configure SAP updating
interval. Using the undo ipx sap timer update command, you can restore the
default value of SAP updating interval.
When an interface adopts trigger update method, the command configuration
does not take effect.
For the related commands, see ipx sap multiplier and ipx update-change-only.

Example
Configure SAP updating interval to 300 seconds.
[3Com] ipx sap timer update 300

ipx service Syntax


ipx service service-type name network.node socket hop hopcount preference
preference
undo ipx service { { service-type [ name [ network.node ] ] [ preference preference ] } |
all }

View
System view

Parameter

service-type: Service type is a 4-byte hexadecimal number. 0 indicates all service


types.

name: The server name which provides the service, in character string with the
maximum length being 48 bytes.

network.node: Network ID and node value of a server. Network ID is represented


by an 8-bit hexadecimal number, ranging from 0x1 to 0xFFFFFFFD. The 0s in front
can be omitted when inputting. Node value is used to identify a node in the
network, with the length of 48 bits, represented by a triplet of 4-digit hexadecimal
numbers separated by “-“.

socket: It is represented by a 4-bit hexadecimal number, ranging from 0x1 to


0xFFFF.

hop-count: The number of hops to the server in decimal, ranging from 1 to 15.
Note that hop count more than or equal to 16 implies the service is unreachable.

preference: The preference of service information, ranging from 1 to 255. The


less the value, the higher the preference. By default, the preference of the static
528 CHAPTER 5: NETWORK PROTOCOL

service information table items is 60 and the preference of the dynamic one is
500.

Description
Using the ipx service command, you can add a static service information item to
SIT. Using the undo ipx service command, you can delete a static service
information item from SIT.
The NetWare server uses SAP to advertise service information and stores the
service information to SIT which is dynamically updated by SAP. Adding a service
information item to SIT, users can access the service.

Example
Add a static service information item with service type 4, service name
“FileServer”, server network ID 130, node value 0000-0a0b-abcd, server hops 1
and server preference 60.
[3Com] ipx service 4 FileServer 130.0000-0a0b-abcd 451 hop 1 preference 60
[3Com] ipx service 4 FileServer 130.0000-0a0b-abcd 451 hop 1
[3Com] ipx service 114 MyServer 199.0000-0a0b-abcd 451 hop 10

Service information with server type 114 will not be advertised if there is no active
route to the network 199.

ipx split-horizon Syntax


ipx split-horizon
undo ipx split-horizon

View
Interface view

Parameter
None

Description
Using the ipx split-horizon command, you can enable split horizon on the
current interface. Using the undo ipx split-horizon command, you can disable
split horizon on the current interface.
By default, split horizon is enabled on the interface.
Split horizon is a way to avoid routing loops, i.e., routing information received
from an interface is not permitted to be sent from the interface. The function does
not take effect point-to-point connection links.

Example
Enable split horizon on the interface Ethernet1/1/0.
[3Com-Ethernet1/1/0] ipx split-horizon

Disable split horizon on the interface Ehernet1/1/0.

[3Com-Ethernet1/1/0] undo ipx split-horizon


IPX Configuration Commands 529

ipx tick Syntax


ipx tick ticks
undo ipx tick

View
Interface view

Parameter

ticks: Delay time in tick, ranging from 0 to 30000. One tick is 1/18 second
(approximately 55 ms). By default, the delay of Ethernet interface is 1 tick, that of
the asynchronous serial port is 30 ticks and that of WAN port is 6 ticks.

Description
Using the ipx tick command, you can configure the delay of interface sending IPX
packets. Using the undo ipx tick command, you can restore the default value of
interface delay.
As the IPX RIP delay field, the delay value configured by the ipx tick command is a
basis for the optimal routing selection.

Example
Configure the delay is 5 ticks on the interface Ethernet1/0/0.
[3Com-Ethernet1/0/0] ipx tick 5

ipx update-change-only Syntax


ipx update-change-only
undo ipx update-change-only

View
Interface view

Parameter
None

Description
Using the ipx update-change-only command, you can enable trigger update on
the current interface. Using the undo ipx update-change-only command, you
can disable trigger update on the current interface.
By default, trigger update is disabled on the interface.
IPX RIP and SAP periodically advertise updating broadcast packets. Users can
configure trigger update to avoid broadcast flood.

Example
Enable trigger update on the interface Ethernet1/1/0.
[3Com-Ethernet 1/1/0] ipx update-change-only

Disable trigger update on the interface Ethernet1/1/0.

[3Com-Ethernet 1/1/0] undo ipx update-change-only


530 CHAPTER 5: NETWORK PROTOCOL

ping ipx Syntax


ping ipx network.node [ -c count ] [ -t timeout ] [ -s size ]

View
Any view

Parameter

network.node: Ping destination address. The parameter network can be an


eight-bit hexadecimal number ranging from 0x1 to 0xFFFFFFFD. The 0s in front can
be omitted when inputting. The parameter node is a 48-bit value represented by a
triplet of four-digit hexadecimal numbers separated by “-“.

The 0s in front of node value cannot be omitted.

count: Number of Ping packets that are sent. By default, the value is 5.

timout: The period of time to wait for Ping response. By default, the value is 2
seconds.

size: Ping packet size. By default, the value is 100 bytes.

Description
Using the ping ipx command, you can check host reachability and network
connectivity in IPX network.

Example
Ping system whose destination address is 675.0000-a0b0-fefe with default
parameters.
<3Com> ping ipx 675.0000-a0b0-fefe

reset ipx statistics Syntax


reset ipx statistics

View
User view

Parameter
None

Description
Using the reset ipx statistics command, you can clear IPX statistics by the system.

Example
Clear IPX statistics.
<3Com> reset ipx statistics

reset ipx routing-table Syntax


statistics reset ipx routing-table statistics protocol [all | default | direct | rip | static]
DLSw Configuration Commands 531

View
User view

Parameter

all: Clears statistical information of all types IPX route.

default: Clears the statistical information of the default IPX route type.

direct: Clears the statistical information of the IPX route directly connected.

rip: Clears the statistical information of the IPX RIP route.

static: Clears the statistical information of the static IPX route.

Description
The reset ipx routing-table statistics command is used to clear the statistical
information of a specified type of IPX route. Such information can be shown upon
the terminal using the display ipx routing-table statistics command.

Example
Add 5 IPX static routes to the router, then delete them, and then add anther 9 IPX
static routes. The IPX route statistical information would be as follows:
[3Com]dis ipx routing-table statistics
Routing tables:
Proto/State route active added deleted freed
Direct 1 1 1 0 0
Static 9 9 14 5 5
RIP 0 0 0 0 0
Default 0 0 0 0 0
Total 10 10 15 5 5
[3Com]
Clear the IPX static route.
<3Com>reset ipx routing-table statistics protocol static
This will erase the specific routing counters information.
Are you sure?[Y/N]y
<3Com>

The displayed statistical information shows that all three items (add, delete, freed)
of static route have changed to 0, and the below Total item has also changed
accordingly.

<3Com>dis ipx routing-table statistics

DLSw Configuration
Commands

bridge-set (in Syntax


synchronous serial bridge-set bridge-set-number
interface view)
undo bridge-set bridge-set-number
532 CHAPTER 5: NETWORK PROTOCOL

View
Synchronous serial interface view

Parameter

bridge-set-number: The bridge group number the synchronous serial port is to be


added into, ranging from 1 to 63.

Description
Using the bridge-set (in Synchronous serial interface system view)
command, you can add the synchronous serial interface encapsulated into SDLC
into the bridge group. Using the undo bridge-set (in synchronous serial
interface view) command, you can delete the interface from the DLSw bridge
group.
By default, no synchronous serial port is added into the bridge group.
In order for the SDLC encapsulated synchronous serial port to join the DLSw
forwarding, the SDLC interface is needed to added into a bridge group by using
this command. What is different is that the bridge group on the Ethernet interface
joins the local forwarding, while the bridge group configured on the SDLC only
joins the DLSw forwarding, that is, all the data on it will be forwarded onto the
TCP tunnel. If it is configured in the Ethernet Interface view, the Ethernet interface
of the same group number on the router can forward packets transparently. But
packets cannot be transferred transparently between the serial ports. Each serial
port only exchanges packet with the remote end.

Example
Add the Serial1/0/0 into the DLSw bridge group numbered 20.
[3Com] dlsw bridge-group 20
[3Com] interface Serial1/0/0
[3Com-Serial1/0/0] bridge-set 20

bridge-set (in the Syntax


Ethernet Interface view) bridge-set bridge-set-number
undo bridge-set bridge-set-number

View
Ethernet Interface view

Parameter

bridge-set-number: The bridge group number that the Ethernet interface is added
into, ranging from 1 to 63.

Description
Using the bridge-set (in the Ethernet Interface view) command, you can add
the Ethernet interface into the bridge. Using the undo bridge-set (in the
Ethernet Interface view) command, you can delete the interface from the DLSw
bridge group.
By default, no Ethernet interface is added into the bridge group.
DLSw Configuration Commands 533

After an Ethernet interface is added into the bridge group, the LLC2 packets on
the Ethernet interface can be sent to the remote peer through the related TCP
tunnel.

Example
Add the Ethernet1/0/0 interface into the DLSw bridge group numbered 20.
[3Com] dlsw bridge-group 20
[3Com] interface Ethernet1/0/0
[3Com-Ethernet1/0/0] bridge-set 20

code nrzi Syntax


code nrzi
undo code

View
Synchronous serial interface system view

Parameter
None

Description
Using the code nrzi command, you can configure the NRZI encoding of the
synchronous serial port. Using the undo code nrzi command, you can remove the
NRZI encoding of the synchronous serial port.
By default, the NRZ encoding is configured on the synchronous serial port.
There are two coding schemes, NRZI and NRZ, available on the synchronous serial
port. The NRZ coding scheme is generally used in our router. The serial port coding
scheme of some SNA devices is the NRZI coding scheme. Therefore the coding
scheme of the router needs to be changed according to the encoding of the
connected device.

Example
Configure the NRZI encoding on the Serial1/0/0.
[3Com-Serial1/0/0] code nrzi

debugging dlsw Syntax


debugging dlsw { circuit [ correlator ] | tcp [ ip-address ] }
undo debugging dlsw { circuit [ correlator ] | tcp [ ip-address ] }

View
User view

Parameter

circuit: Enables the DLSw circuit debugging.

correlator: Distinguishes different IDs of the circuits.

tcp: Enables the debugging of the DLSw peers.


534 CHAPTER 5: NETWORK PROTOCOL

ip-address: IP address.

Description
Using the debugging dlsw command, you can enable the DLSw debugging.
Using the undo debugging dlsw command, you can disable the DLSw
debugging.

debugging llc2 Syntax


debugging llc2 circuit [ correlator ]
undo debugging llc2 circuit [ correlator ]

View
User view

Parameter

correlator: Distinguishes different IDs of the circuits.

Description
Using the debugging llc2 command, you can enable the LLC2 debugging. Using
the undo debugging llc2 command, you can disable the LLC2 debugging.

debugging sdlc Syntax


debugging sdlc [ all | event | packet ]
undo debugging sdlc { all | event | packet }

View
User view

Parameter

all: Enables all debuggings of the SDLC.

event: Enables the SDLC event debugging.

packet: Enables the SDLC packet debugging.

Description
Using the debugging sdlc command, you can enable the SDLC debugging. Using
the undo debugging sdlc command, you can disable the SDLC debugging.

display dlsw Syntax


bridge-entry display dlsw bridge-entry [ interface-name | interface-type interface-number ]

View
Any view

Parameter
None
DLSw Configuration Commands 535

Description
Using the display dlsw bridge-entry command, you can view the bridge group
information.

Example
Display the bridge group information.
<3Com> display dlsw bridge-entry
Mac_entry Port group hashIndex
0000.e81c.b6bf Ethernet0/0/0 1 79

display dlsw circuits Syntax


display dlsw circuits [ circuit-id ] [ verbose ]

View
Any view

Parameter

circuit-id: Displays the virtual circuit number of the specified DLSw.

verbose: Displays the detail information of the virtual circuits.

Description
Using the display dlsw circuits command, you can view the DLSw virtual circuits.
The output information of this command helps the user understand the
information regarding DLSw virtual circuits.

Example
Display the general information of the virtual circuits.
<3Com> display dlsw circuits
Correlator Local addr(LSAP) Remote addr(RSAP) State
2ce0005 0020.357b.e065 (4) 0000.1738.6dfd (4) CONNECTED
Syntax description:
Correlator: Distinguish different IDs of the circuits
Local addr(LSAP) Local MAC address, with the “lsap” being the last SAP used by
the local device.
Remote addr(RSAP) Remote MAC address, with the “rsap” being the last SAP
used by the remote device.
State: State of the links.
Display the detail information of the virtual circuits.
<3Com> display dlsw circuits verbose
Correlator Local addr(LSAP) Remote addr(RSAP) State
2ce0005 0020.357b.e065 (4) 0000.1738.6dfd (4) CONNECTED
Port Ethernet 0/0/0
Direction:ORIGIN
Connection Time: 14:19:49
Flow Control: Transmit CW:40 GT:0 Receive CW:40 GT:0
Info-Frame: Transmit:0 Receive:0 Drop:0
536 CHAPTER 5: NETWORK PROTOCOL

display dlsw Syntax


information display dlsw information [ local ] [ ip-address ]

View
Any view

Parameter

local: Displays the local exchange capability information.

ip-address: Displays the exchange capability information of specified IP address.

Description
Using the display dlsw information command, you can view the DLSw
exchange capability information. The output information of the command
facilitates the user to understand the status of the DLSw virtual circuit and perform
fault diagnosis.

Example
Display the general information of exchange capability.
<3Com> display dlsw information
DLSw: Capabilities for peer 10.10.20.1:
Vendor ID (OUI) : '00000c' (3Com)
Version number : 01
Release number : 00
Init Pacing Window : 40
Num of TCP sessions : 01
Mac address exclusive : no
NetBIOS Name exclusive : no
Mac address List : none
NetBIOS Name List : none
Configured IP address : 14.0.0.1
Version string :
Copyright (c) 1997-2002 3Com TECH CO., LTD.
■ Syntax description:
■ Version number: RFC 1795
■ Release number: Release version of RFC 1795
■ Init Pacing Window: Size of the initiated window
■ Num of TCP sessions: Number of TCP sessions
■ Mac address exclusive: Reachable MAC address registered in the router
■ NetBIOS Name exclusive: Reachable NetBIOS address registered in the
router
■ Mac address List: Reachable MAC address list
■ NetBIOS Name List: Reachable NetBIOS address
■ Configured IP address: Local IP address
■ Version string: Version number of 3Com’s router operation system

Display the local exchange capability information.


DLSw Configuration Commands 537

<3Com> display dlsw information local


DLSw: Capabilities for local:
Vendor ID (OUI) : '00e0fc' (3Com)
Version number :1
Release number :0
Init Pacing Window : 40
Num of TCP sessions : 1
Mac address exclusive : no
NetBIOS Name exclusive : no
Mac address List : none
NetBIOS Name List : none
Configured IP address : 12.0.0.1
Version string :
Copyright (c) 1997-2002 3Com TECH CO., LTD.

display dlsw remote Syntax


display dlsw remote [ ip-address ]

View
Any view

Parameter

ip-address: Displays the information of the remote peer with specified IP address
or of all the remote peers.

Description
Using the display dlsw remote command, you can view the information of the
remote peers. The output information helps the user to understand the
connection state between the DLSw and the remote peers.

Example
Display the information of the remote peers.
<3Com> display dlsw remote
Peers: State pkts_rx pkts_tx drops uptime
*TCP 11.0.0.1 DISCONNECT 0 0 0 00:00:00
*TCP 13.0.0.1 DISCONNECT 0 0 0 00:00:00
*TCP 14.0.0.1 CONNECT 1897 1899 0 14:26:22

Syntax description:

*TCP: The * mark indicates the connection can be created on the peer. If there is
no this mark before the TCP, it indicates it is an inactivated backup peer.

■ Peers: The IP address used by PEER.


■ State: The PEER state.
■ pkts_rx: The number of packets received by PEER.
■ pkts_tx: The number of packets sent by PEER.
■ drops: The number of packets dropped by PEER.
■ uptime: The connecting time.
538 CHAPTER 5: NETWORK PROTOCOL

display llc2 Syntax


display llc2 [ circuit correlator ]

View
Any view

Parameter

correlator: ID used to distinguish different circuits.

Description
The display interface command is used to display statistical information of LLC2.

Example

Display the statistical information of LLC2

<3Com> display llc2 circuit 46465025


llc2 circuit index 46465025
Local MAC 0.20.35.7b.e0.65
Remote MAC 0. 0.84.25.1e.e9
Local Sap 4
Remote Sap 4
Role secondary
State : NORMAL

dlsw bridge-set Syntax


dlsw bridge-set bridge-set-number
undo dlsw bridge-set bridge-set-number

View
System view

Parameter

bridge-set-number: ID of bridge group, ranging from 1 to 63, local valid.

Description
Using the dlsw bridge-set command, you can configure the bridge group to
connect DLSw . Using the undo dlsw bridge-set command, you can delete the
bridge.
In order to forward packets of specified bridge group to the remote end through
the TCP connection, a local bridge group needs to be connected with the DLSw by
using this command, that is, packets of the local bridge group can be sent to the
remote end through the TCP tunnel. This command can be used many times to
connect many bridge groups with the DLSw, and make them all capable of joining
the forwarding through the TCP tunnel.

Example
Configure the bridge group connected with the DLSw, with the ID of the bridge
group being 20.
[3Com] dlsw bridge-group 20
DLSw Configuration Commands 539

dlsw enable Syntax


dlsw enable
undo dlsw enable

View
System view

Parameter
None

Description
Using the dlsw enable command, you can enable the DLSw performance. Using
the undo dlsw enable command, you can suspend the DLSw performance.
By default, the DLSw performance is enabled.
After this command is performed, the system will release all dynamic resources,
but retain the original configuration.

Example
Suspend the DLSw performance.
[3Com] undo dlsw enable

Enable the DLSw performance.

[3Com] dlsw enable

dlsw local Syntax


dlsw local ip-address [ init-window init-window-size ] [ keepalive keepalive-interval ] [
max-frame max-frame-size ] [ max-window max-window-size ] [ permit-dynamic ]
undo dlsw local ip-address [ init-window ] [ keepalive ] [ max-frame ] [ max-window ] [
permit-dynamic ]

View
System view

Parameter

ip-address: IP address of the created local peer.

init-window-size: Size of the initialized local response window, ranging from 1 to


2000.

keepalive-interval: Time interval for sending the “keepalive”, ranging from 0 to


1200 seconds.

max-frame-size: Maximum length of the packet, which can be 516, 1470, 1500,
2052, 4472, 8144, 11407, 11454, or 17800 bytes.

max-window-size: Size of the maximum local response window, ranging from 1 to


2000.
540 CHAPTER 5: NETWORK PROTOCOL

permit-dynamic: Permits unpreconfigured remote router to initiate connections


and dynamically create peers. The remote peer is unnecessarily be configured on
the local end using this parameter, and the local peer waits for the connection
initiated by the remote peer.

Description
Using the dlsw local command, you can create the DLSw local peer. Using the
undo dlsw local command, you can delete the local peer or restore the default
values of the parameters.
The default init-window-size is 40. The default keepalive-interval is 30 seconds.
The default max-frame-size is 1500 bytes. The default max-window-size is 50.
To create the TCP tunnel is the first step for establishing the DLSw connection. In
order to create the TCP tunnel, the DLSw local peer is to be first configured to
specify the local IP address that creates the TCP connection before receiving the
TCP connection request initiated by the remote router. A router can only have one
local peer.

Example
Create the DLSw local peer, with the IP address being 1.1.1.1, the size of the local
response window being 50, time interval for sending the “keepalive” being 40
seconds, both the maximum length of the packet max-frame-size and the size of
the maximum local response window being the default value.
[3Com] dlsw local 1.1.1.1 init-window 50 keepalive 40

dlsw remote Syntax


dlsw remote ip-address [ backup backup-address ] [ priority priority] [ keepalive
keepalive-interval ] [ max-frame max-frame-size ] [ max-queue max-queue-length ] [
linger minutes ]
display dlsw remote ip-address

View
System view

Parameter

ip-address: Specifies the IP address of the remote peer.

backup backup-address: the backup IP address of the remote peer.

priority priority: Transmission cost, ranging from 1 to 5.

keepalive keepalive-interval: Time interval for sending the “keepalive” packet,


ranging from 0 to 1200 seconds.

max-frame max-frame-size: Maximum length of the packet, which can be 516,


1470, 1500, 2052, 4472, 8144, 11407, 11454, or 17800 bytes.

max-queue max-queue-length: Size of the TCP sending/receiving queue, ranging


from 50 to 2000.

linger minutes: Linger time of the backup connection after the primary peer being
disconnected, ranging from 0 to 1440 minutes.
DLSw Configuration Commands 541

Description
Using the dlsw remote command, you can create the DLSw remote peer. Using
the undo dlsw remote command, you can delete the remote peer.
The default priority is 3. The default keepalive-interval is 30 seconds. The default
max-frame-size is 1500 bytes. The default max-queue-length is 200. The default
seconds is 90 seconds. The default minutes are 5 minutes.
After the local peer is configured, the remote peer needs to be configured to
create the TCP tunnel. The router will keep attempting to create the TCP
connection with the remote router. A router can be configured with several
remote peers so as to create the TCP tunnel with several remote routers.
The following deserves special attention on creating the remote backup-address:
1 In order to create the remote backup-address, the ip-address should be the IP
address of the backup peer end, and the backup backup-address should be the IP
address of the remote primary peer with the TCP connection already being
created. In other words, before creating the remote backup peer connection, the
user should ensure that the local end has created the TCP connection with a
remote primary peer. If the peer end backup peer is created the same time the
remote peer being first created, the system will prompt the following information:
Primary peer ip address does not exist

This prompt indicates that the user should first create a remote primary peer
before creating the backup peer.

2 If the backup link still exists after the TCP connection of the primary link is
interrupted, the TCP link can be retained (use the display dlsw remote
command and a TCP connection can be found still exist) till the backup link linger
minutes is also timeout.

Example
Create the DLSw remote peer, with the IP address being 2.2.2.2, the transmission
cost being 2, the time interval for sending the “keepalive” being 40 seconds, the
maximum length lf-size of the packet being the default value, and the size of the
TCP sending/receiving queue being 300.
[3Com] dlsw remote 2.2.2.2 priority 2 keepalive 40 max-queue 300

dlsw timer Syntax


dlsw timer [ connect seconds ] [ explorer-wait seconds ] [ local-pending seconds ] [
remote-pending seconds ] [ cache seconds ] [ explorer seconds ]
undo dlsw timer

View
System view

Parameter

connect seconds: The holding time of a connection, ranging from 1 second to


65535 seconds. The default value is 300 seconds.

explorer-wait seconds: The waiting time of local explorer frames, ranging from 1
second to 65535 seconds. The default value is 30 seconds.
542 CHAPTER 5: NETWORK PROTOCOL

local-pending seconds: The local pending time, ranging from 1 second to 65535
seconds. The default value is 30 seconds.

remote-pending seconds: The remote pending time, ranging from 1 second to


65535 seconds. The default value is 30 seconds.

cache seconds: Address saving time in SNA cache, ranging from 1 second to
65535 seconds. The default value is 120 seconds.

explorer seconds: The waiting time of remote explorer frames, ranging from 1
second to 65535 seconds. The default value is 30 seconds.

Description
Using the dlsw timer command, you can configure the DLSw timer parameters.
Using the undo dlsw timer command, you can restore the default value of the
DLSw timer parameters.
By configuring the DLSw timer, the various kinds of timers used for the DLSw to
create the virtual circuit can be revised, but the user is suggested not to revise the
DLSw timer parameters randomly.

Example
Configure the DLSw timer parameters, with the connected timeout being 200
seconds, the waiting timeout of the local explorer frame being 15 seconds, the
local waiting timeout being 15 seconds, the remote peer waiting timeout being 25
seconds, the SNA cache address timeout being the default value and the waiting
timeout of the remote explorer frame being the default value.
[3Com] dlsw timer connect 20 explorer-wait 15 local-pending 15 remote-pending 25

idle-mark Syntax
idle-mark
undo idle-mark

View
Synchronous serial interface view

Parameter
None

Description
Using the idle-mark command, you can configure the idle coding scheme of the
synchronous serial port. Using the undo idle-mark command, you can restore the
default idle coding scheme of the synchronous serial port.
By default, the synchronous serial port adopts the “7E” coding scheme.
3Com series routers encapsulate “7E” in the packets to identify the free time of
the SDLC serial interface, but some SDLC devices adopt full “1” high level instead.
In order to be better compatible to this kind devices, the idle coding scheme of the
router needs to be changed.
Sometimes when connecting with the AS/400, this command needs to be
configured to change the idle coding scheme and accelerate the AS/400 polling
speed.
DLSw Configuration Commands 543

Example
Configure the idle coding scheme of the synchronous serial port on the Serial1/0/0
as idle-mark.
[3Com-Serial1/0/0] idle-mark

link-protocol sdlc Syntax


link-protocol sdlc

View
Synchronous serial interface view

Parameter
None

Description
Using the link-protocol sdlc command, you can change the link layer
encapsulation protocol of the synchronous serial interface into SDLC.
By default, the encapsulated link layer protocol of the synchronous serial interface
is PPP.
The SDLC is a kind of link layer protocol relative to the SNA, with working principal
similar to that of the HDLC. In order for the DLSw to work normally, the link layer
encapsulation protocol of the synchronous serial interface should be changed into
SDLC.
Note all the IP related commands on the interface should be removed before
encapsulating the SDLC, as the SDLC link protocol cannot be used to carry the IP
protocol, for example, to delete the IP address on the interface, etc.

Example
Configure the encapsulation protocol on the Serial1/0/0 as SDLC.
[3Com-Serial1/0/0] link-protocol sdlc

llc2 max-ack Syntax


llc2 max-ack length
llc2 max-ack

View
Ethernet Interface view

Parameter

length: Length of the LLC2 advanced response window, ranging from 1 to 127.

Description
Using the llc2 max-ack command, you can configure the length of the advance
response window before the LLC2 sending the acknowledgement frame. Using
the undo llc2 max-ack command, you can restore the default length of the
advance response window before the LLC2 sending the acknowledgement frame.
By default, the length of the LLC2 advance response window is 3.
544 CHAPTER 5: NETWORK PROTOCOL

The LLC2 advance response window refers to the maximum receivable information
frames before sending the acknowledgement frame, that is, to send the response
packet in advance on receiving the packet n.

Example
Configure the length of the advanced response window before the LLC2 sends
the acknowledgement frame as 5.
[3Com-Ethernet1/0/0] llc2 max-ack 5

llc2 max-send-queue Syntax


llc2 max-send-queue length
undo llc2 max-send-queue

View
Ethernet Interface view

Parameter

length: The queue length sending the LLC2 packet, ranging from 20 to 200.

Description
Using the llc2 max-send-queue command, you can configure the queue length
sending the LLC2 packet. Using the undo llc2 max-send-queue command, you
can restore the default queue length sending the LLC2 packet.
By default, the queue length sending the LLC2 packet is 100. Example

Example
Configure the queue length sending the LLC2 packet as 30.
[3Com-Ethernet1/0/0] llc2 max-send-queue 30

llc2 max-transmission Syntax


llc2 max-transmission retries
undo llc2 max-transmission

View
Ethernet Interface view

Parameter

retries: LLC2 retransmission times, ranging form 1 to 255.

Description
Using the llc2 max-transmission command, you can configure the
retransmission times of the LLC2. Using the undo llc2 max-transmission
command, you can restore the default retransmission times of the LLC2.
By default, the LLC2 retransmission times are 20 times.
The LLC2 retransmission times refers to the times of resending information frames
before the acknowledgement frame is received from the peer end.
DLSw Configuration Commands 545

Example
Configure the LLC2 retransmission times as 10 times.
[3Com-Ethernet1/0/0] llc2 max-transmission 10

llc2 modulo Syntax


llc2 modulo n
undo llc2 modulo

View
Ethernet Interface view

Parameter

n: The modulus of the LLC2, with the available values of 8 or 128.

Description
Using the llc2 modulo command, you can configure the modulus of the LLC2.
Using the undo llc2 modulo command, you can restore the default modulus of
the LLC2.
By default, the modulus of the LLC2 is 128.
LLC2, like X25, adopts modulus mode to number information packets, and the
modulus of LLC2 is 8 or 128. Ethernet generally uses modulus 128.

Example
Restore the default modulus of the LLC2.
[3Com-Ethernet1/0/0] undo llc2 modulo

llc2 receive-window Syntax


llc2 receive-window length
undo llc2 receive-window

View
Ethernet Interface view

Parameter

length: Length of the local response window, ranging from 1 to 127.

Description
Using the llc2 receive-window command, you can configure the maximum
packets that can be sent before the LLC2 receives the acknowledgement frame.
Using the undo llc2 receive-window command, you can restore the default
value of the maximum packets that can be sent before the acknowledgement
frame is received.
By default, the length of the LLC2 local response window is 7.
The LLC2 local response window refers to the maximum packets that can be sent
continuously before the acknowledgement frame is received.
546 CHAPTER 5: NETWORK PROTOCOL

Example
Configure the maximum packets that can be sent before the LLC2 receives the
acknowledgement frame as 10.
[3Com-Ethernet1/0/0] llc2 receive-window 10

llc2 timer ack Syntax


llc2 timer ack mseconds
undo llc2 timer ack

View
Ethernet Interface view

Parameter

mseconds: LLC2 local response time, ranging from 1 to 60000ms.

Description
Using the llc2 timer ack command, you can configure the LLC2 local response
time. Using the undo llc2 timer ack command, you can restore the default value
of the LLC2 local response time.
By default, the LLC2 local response time is 200ms.
The LLC2 local response time refers to the maximum waiting time for the response
from the peer end after an LLC2 data packet is sent.

Example
Configure the LLC2 local response time as 10ms.
[3Com-Ethernet1/0/0] llc2 timer ack 10

llc2 timer ack-delay Syntax


llc2 timer ack-delay mseconds
undo llc2 timer ack-delay

View
Ethernet Interface view

Parameter

mseconds: Local acknowledgement delay time on receiving the information


frames, ranging from 1 to 60000ms.

Description
Using the llc2 timer ack-delay command, you can configure the local
acknowledgement delay time when the LLC2 receives information frames. Using
the undo llc2 timer ack-delay command, you can restore the default value of
the local acknowledgement delay time when the LLC2 receives information frame.
By default, the LLC2 local acknowledgement delay time is 100ms.
The LLC2 local acknowledgement delay time refers to the maximum waiting time
for delayed acknowledgement on receiving an LLC2 data packet.
DLSw Configuration Commands 547

Example
Configure the local acknowledgement delay time for received information frames
as 200 milliseconds.
[3Com-Ethernet1/0/0] llc2 timer ack-delay 200

llc2 timer busy Syntax


llc2 timer busy mseconds
undo llc2 timer busy

View
Ethernet Interface view

Parameter

mseconds: The LLC2 BUSY time, ranging from 1 to 60000ms.

Description
Using the llc2 timer busy command, you can configure the LLC2 BUSY time.
Using the undo llc2 timer busy command, you can restore the default value of
the LLC2 BUSY time.
By default, the LLC2 BUSY time is 300ms.
The LLC2 BUSY time refers to the waiting time before repolling a busy station.

Example
Configure the LLC2 BUSY time as 200ms.
[3Com-Ethernet1/0/0] llc2 timer busy 200

llc2 timer poll Syntax


llc2 timer poll mseconds
undo llc2 timer poll

View
Ethernet Interface view

Parameter
mseconds: LLC2 P/F waiting time, ranging from 1 to 60000ms.

Description
Using the llc2 timer poll command, you can configure the P/F waiting time of the
LLC2. Using the undo llc2 timer poll command, you can restore the default value
of the LLC2 P/F waiting time.
By default, the LLC2 P/F waiting time is 5000ms.
The LLC2 P/F waiting time refers to the time of waiting for the acknowledgement
frame after the frame P is sent.

Example
Configure the LLC2 P/F waiting time as 2000ms.
548 CHAPTER 5: NETWORK PROTOCOL

[3Com-Ethernet1/0/0] llc2 timer poll 2000

llc2 timer reject Syntax


llc2 timer reject mseconds
undo llc2 timer reject

View
Ethernet Interface view

Parameter

mseconds: The LLC2 REJ time, ranging from 1 to 60000ms.

Description
Using the llc2 timer reject command, you can configure the REJ time of the LLC2.
Using the undo llc2 timer reject command, you can restore the default value of
the LLC2 REJ time.
By default, the LLC2 REJ time is 500ms.
The LLC2 REJ time refers to the waiting time for the acknowledgement frame to
come after a deny frame is sent.

Example
Configure the LLC2 REJ time as 2000ms.
[3Com-Ethernet1/0/0] llc2 timer reject 2000

reset dlsw bridge-entry Syntax


reset dlsw bridge-entry

View
User view

Parameter
None

Description
Using the reset dlsw bridge-entry command, you can clear the entry cache
information in the DLSw bridge group.

Example
Clear the entry cache information in the DLSw bridge group.
<3Com> reset dlsw bridge-entry

reset dlsw circuits Syntax


reset dlsw circuits [ circuit-id ]

View
User view
DLSw Configuration Commands 549

Parameter

circuit-id: The virtual circuit ID of DLSw, ranging from 0 to 4294967295.

Description
Using the reset dlsw circuits command, you can clear the DLSw virtual circuit
information.

Example
Clear the virtual circuit information with the virtual circuit number of 100.
<3Com> reset dlsw circuits 100

sdlc controller Syntax


sdlc controller sdlc-address
undo sdlc controller sdlc-address

View
Synchronous serial interface view

Parameter

sdlc-address: The secondary station address of the SDLC.

Description
Using the sdlc controller command, you can configure the secondary station
address of the SDLC. Using the undo sdlc controller command, you can delete
the secondary station address of the SDLC.
By default, the secondary station address of the SDLC is not configured.
The SDLC protocol permits several virtual circuits running on a single SDLC
physical link, with one end connected with the primary station and the other end
connected with the secondary station. In order to distinguish each virtual circuit,
their SDLC addresses need to be designated. Because the SDLC is in unbalanced
mode, a primary device can connect with several secondary devices through the
medium of shared machine or SDLC switches, while the secondary devices cannot
be connected with each other. And there can exist one and only primary device if
any. In this sense, the SDLC devices in the same group can be guaranteed to
communicate with each other normally only if the addresses of the secondary
devices are specified. This command specifies the SDLC address, which is unique
on a physical interface, for the virtual circuit. The configured SDLC address on
synchronous serial interface is virtually the address of the SDLC secondary station.
The SDLC address ranges from 0x01 to 0xFE. The SDLC address of a router is only
valid on one physical interface, that is, the SDLC addresses configured on different
interfaces can be same.

Example
Configure the secondary station address of the SDLC on the Serial1/0/0 as 0x05.
[3Com-Serial1/0/0] sdlc controller 05
550 CHAPTER 5: NETWORK PROTOCOL

sdlc mac-map local Syntax


sdlc mac-map local mac-address
undo sdlc mac-map local

View
Synchronous serial interface view

Parameter

mac-address: The virtual MAC address of the SDLC.

Description
Using the sdlc mac-map local command, you can configure the virtual MAC
address of the SDLC. Using the undo sdlc mac-map local command, you can
delete the virtual MAC address of the SDLC.
By default, the SDLC has no virtual MAC address.

Example
Configure the virtual MAC address of the SDLC.
[3Com-Serial1/0/0] sdlc mac-map local 0000-e81c-b6bf

sdlc mac-map remote Syntax


sdlc mac-map remote mac-addr sdlc-addr
undo sdlc mac-map remote mac-addr sdlc-addr

View
Synchronous serial interface view

Parameter

mac-addr: The MAC address of the SDLC peer.

sdlc-addr: The SDLC address of the SDLC peer.

Description
Using the sdlc mac-map remote command, you can configure the SDLC peer.
Using the undo sdlc mac-map remote command, you can delete the SDLC peer.
By default, the synchronous serial interface has no peer.
This command is used to specify the MAC address of a peer end for an SDLC
virtual circuit so as to provide the destination MAC address on the transformation
from the SDLC to the LLC2. When configuring the DLSw, an SDLC address should
be configured a related partner (peer). The MAC address of the partner (peer)
should be the MAC address of the remote SNA device (physical addresses of such
devices as the Ethernet and the Token-Ring), or the MAC address of the peer end
compounded by the SDLC.

Example
Configure the SDLC peer.
[3Com-Serial1/0/0] sdlc mac-map remote 00E0-FC00-0010 0x05
DLSw Configuration Commands 551

sdlc max-pdu Syntax


sdlc max-pdu n
undo sdlc max-pdu

View
Synchronous serial interface view

Parameter

n: The maximum receivable frame length of the SDLC, ranging from 1 to 17600
bytes.

Description
Using the sdlc max-pdu command, you can configure the maximum receivable
frame length of the SDLC. Using the undo sdlc max-pdu command, you can
restore the default value of the SDLC maximum receivable frame length.
By default, the maximum receivable frame length of the SDLC is of 265 bytes.
The SDLC maximum frame length refers to the bytes of the largest packet that can
be received and sent, excluding the parity bit and the start/stop bit.
The maximum receivable frame length of some PU2.0 devices is of 265 bytes, and
that of IBM AS/400 is generally of 521 bytes. Usually we need to configure it the
same value as the connected SDLC device.

Example
Configure the maximum receivable frame length of the SDLC as 512.
[3Com-Serial1/0/0] sdlc max-pdu 521

sdlc max-send-queue Syntax


sdlc max-send-queue length
undo sdlc max-send-queue

View
Synchronous serial interface view

Parameter

length: The queue length sending the SDLC packet, ranging from 20 to 255.

Description
Using the sdlc max-send-queue command, you can configure the queue length
sending the SDLC packet. Using the undo sdlc max-send-queue command, you
can restore the default value of the queue length sending the SDLC packet.
By default, the queue length sending the SDLC packet is 50.

Example
Configure the queue length sending the SDLC packet on the Serial1/0/0 as 30.
[3Com-Serial1/0/0] sdlc max-send-queue 30
552 CHAPTER 5: NETWORK PROTOCOL

sdlc max-transmission Syntax


sdlc max-transmission retries
undo sdlc max-transmission

View
Synchronous serial interface view

Parameter

retries: The SDLC timeout retransmission times, ranging from 1 to 255 times.

Description
Using the sdlc max-transmission command, you can configure the SDLC
timeout retransmission times. Using the undo sdlc max-transmission command,
you can restore the default value of the SDLC timeout retransmission times.
By default, the SDLC timeout retransmission times are 20.
The SDLC timeout retransmission times (N2) refers to the retransmission times
before receiving the acknowledgement packet from the peer end.

Example
Configure the SDLC timeout retransmission times as 30.
[3Com-Serial1/0/0] sdlc max-transmission 30

sdlc modulo Syntax


sdlc modulo n
undo sdlc modulo

View
Synchronous serial interface view

Parameter

n: SDLC modulus, with available value of 8 or 128.

Description
Using the sdlc modulo command, you can configure the modulus of the SDLC.
Using the undo sdlc modulo command, you can restore the default modulus of
the SDLC.
By default, the SDLC modulus is 8.
SDLC, like X25, adopts modulus mode to number information packets, and the
modulus of SDLC is 8 or 128. Generally modulus 8 is selected.

Example
Restore the default modulus of the SDLC.
[3Com-Serial1/0/0] undo sdlc modulo

sdlc sap-map local Syntax


sdlc sap-map local lsap sdlc-addr
DLSw Configuration Commands 553

undo sdlc sap-map local lsap sdlc-addr

View
Synchronous serial interface view

Parameter

lsap: The virtual SAP address set by the device connected with the local interface.

sdlc-addr: The SDLC address.

Description
Using the sdlc sap-map local command, you can configure the SAP address on
transforming the SDLC into the LLC2. Using the undo sdlc sap-map local
command, you can restore the default value of the LLC2 SAP address.
By default, lsap is 04.
When the SDLC packet is translated into the LLC2 packet, the SAP address is
needed besides the MAC address.
Generally speaking, the SAP address of the SNA protocol is 0x04 or 0x08 or 0x0C.
For related configuration, please see the sdlc sap-map remote command.

Example
Configure the SAP address on translating the SDLC into the LLC2.
[3Com-Serial1/0/0] sdlc sap-map local 08 05

sdlc sap-map remote Syntax


sdlc sap-map remote dsap sdlc-addr
undo sdlc sap-map remote dsap sdlc-addr

View
Synchronous serial interface view

Parameter

dsap: The SAP address of the DLSw peer device. By default, dsap is 04.

sdlc-addr: The SDLC address.

Description
Using the sdlc sap-map remote command, you can configure the remote DLSw
device SAP address when SDLC is translated into LLC2. And using the undo sdlc
sap-map remote command, you can restore the default value.
When the SDLC packet is translated into the LLC2 packet, the SAP address is
needed besides the MAC address.
Generally speaking, the SAP address of the SNA protocol is 0x04 or 0x08 or 0x0C.
For related configuration, please see sdlc sap-map local.
554 CHAPTER 5: NETWORK PROTOCOL

Example
Configure the remote DLSw device SAP address when SDLC is translated into
LLC2.
[3Com-Serial1/0/0] sdlc sap-map remote 0C 05

sdlc simultaneous Syntax


sdlc simultaneous
undo sdlc simultaneous

View
Synchronous serial interface view

Parameter
None

Description
Using the sdlc simultaneous command, you can configure the SDLC data to use
the bidirectional transmission mode. Using the undo sdlc simultaneous
command, you can stop the SDLC data to use the bidirectional transmission mode.
By default, the SDLC data are transmitted in bidirectional mode.
This command configures the synchronous serial interface to work in bidirectional
data simultaneous transmission mode. That is, the SDLC primary station can send
data to the secondary station and receive data at the same time.

Example
Configure the SDLC data to use the bidirectional transmission mode.
[3Com-Serial1/0/0] sdlc simultaneous

sdlc status Syntax


sdlc status { primary | secondary }
undo sdlc status

View
Synchronous serial interface view

Parameter

primary: The primary station of the end, controlling the whole connection
process.

secondary: The secondary station of the end, controlled by the primary station.

Description
Using the sdlc role command, you can configure the SDLC role the device acts.
Using the undo sdlc role command, you can restore the default SDLC role.
By default, the device has no role.
The SDLC is a kind of link layer protocol in unbalanced mode. That is, the statuses
of the devices on the two connected ends are unequal, one is primary and the
DLSw Configuration Commands 555

other is secondary. The primary side, being the primary station, whose role is
primary, plays the dominant role and controls the whole connection process. While
the other side, being the secondary station, whose role is secondary, receives
control passively.
Therefore, the user needs to configure the role for the interface encapsulated with
SDLC protocol. On the SDLC role configuration, the roles should be decided by the
status of the SDLC device connected with the local router. If the SDLC device
connected with the local interface is primary, the local interface is to be set
secondary, and vice versa.
In general, the central IBM mainframe is primary, whereas terminal devices,
including UNIX hosts and ATM, are secondary.

Example
Configure the SDLC device connected with the Serial1/0/0 as primary, and the
local interface as secondary.
[3Com-Serial1/0/0] sdlc role secondary

sdlc timer ack Syntax


sdlc timer ack mseconds
undo sdlc timer ack

View
Synchronous serial interface view

Parameter

mseconds: The SDLC primary station response waiting time, ranging from 1 to
60000ms.

Description
Using the sdlc timer ack command, you can configure the SDLC primary station
response waiting time (mseconds). Using the undo sdlc timer ack command, you
can restore the default value of the SDLC primary station response waiting time.
By default, the configured SDLC primary station response waiting time is 3000ms.
The primary station response waiting time (mseconds) refers to the waiting time
for the response from the secondary station after the primary station sends
information frames.

Example
Configure the SDLC primary station response waiting time (mseconds) as 2000ms.
[3Com-Serial1/0/0] sdlc timer ack 2000

sdlc timer lifetime Syntax


sdlc timer lifetime mseconds
undo sdlc timer lifetime

View
Synchronous serial interface view
556 CHAPTER 5: NETWORK PROTOCOL

Parameter

mseconds: The SDLC secondary station response waiting time, ranging from 1 to
60000ms.

Description
Using the sdlc timer lifetime command, you can configure the SDLC secondary
station response waiting time (mseconds). Using the undo sdlc timer lifetime
command, you can restore the default value of the SDLC secondary station
response waiting time.
By default, the SDLC secondary station response waiting time (mseconds) is
500ms.
The secondary station response waiting time (mseconds) refers to the waiting time
for the response from the primary station after the secondary station sends
information frames.

Example
Configure the SDLC secondary station response waiting time (mseconds) as
1000ms.
[3Com-Serial1/0/0] sdlc timer lifetime 1000

sdlc timer poll Syntax


sdlc timer poll mseconds
undo sdlc timer poll

View
Synchronous serial interface view

Parameter

mseconds: SDLC poll pause timer, ranging from 1 to 10000ms.

Description
Using the sdlc timer poll command, you can configure the SDLC poll pause timer.
Using the undo sdlc timer poll command, you can restore the default value of
the SDLC poll pause timer.
By default, the SDLC poll pause timer is 1000ms.
The SDLC poll pause timer refers to the waiting interval between the two SDLC
nodes polled by the SDLC primary station.

Example
Configure the SDLC poll pause timer as 200ms.
[3Com-Serial1/0/0] sdlc timer poll 200

sdlc window Syntax


sdlc window length
undo sdlc window
DLSw Configuration Commands 557

View
Synchronous serial interface view

Parameter

length: Length of the SDLC local response window, ranging from 1 to 7.

Description
Using the sdlc window command, you can configure the length of the SDLC
local response window. Using the undo sdlc window command, you can restore
the default length of the SDLC local response window.
By default, the default length of the SDLC local response window is 7.
The SDLC local response window refers to the maximum packets number that can
be sent continuously without waiting for the response from the peer end.

Example
Configure the length of the SDLC local response window on the Serial1/0/0 as 5.
[3Com-Serial1/0/0] sdlc window 5

sdlc xid Syntax

sdlc xid sdlc-address xid-number

undo sdlc xid sdlc-address

View
Synchronous serial interface view

Parameter

sdlc-address: The SDLC address of the XID, which should be configured


beforehand.

xid-number: An integer with a length of 4 bytes, ranging from 1 to 0xFFFFFFFF.


The first 12 bits are network numbers, and the last 20 bytes are node numbers.

Description
Using the sdlc xid command, you can configure the XID of the SDLC. Using the
undo sdlc xid command, you can delete the XID of the SDLC.
By default, the synchronous serial interface has no XID of the SDLC.
The XID is the ID of a device in the SNA world. Generally speaking, there are two
kinds of devices: PU2.0 and PU2.1. The XID has been automatically configured on
the PU2.1 devices and they can announce their IDs by exchanging the XID. The
PU2.0 devices did not exchange the ID, so they can not get ID automatically.
Therefore, this command needs not to be configured on PU2.1 typed devices,
whereas it is needed to specify an XID for PU2.0 typed devices.

Example
Configure the XID of the SDLC, in which the xid-number is 0x2000.
[3Com3Com-Serial1/0/0] sdlc xid 05 2000
558 CHAPTER 5: NETWORK PROTOCOL
ROUTING PROTOCOL
6
For the specific examples and parameter explanation of VPN instance, refer to the
“MPLS” module of this manual.

Display Commands of
the Routing Table

display ip routing-table Syntax


display ip routing-table

View
Any view

Parameter
None

Description
Using the display ip routing-table command, you can view the routing table
summary.
This command views routing table information in summary form. Each line
represents one route. The contents include destination address/mask length,
protocol, preference, cost, next hop and output interface.
Only current used route, i.e., best route, is displayed via the display ip
routing-table command.

Example
View the summary of current routing table.
<3Com> display ip routing-table
Routing Table: public net
Destination/Mask Proto Pre Cost Nexthop Interface
1.1.1.0/24 DIRECT 0 0 1.1.1.1 Interface serial1/0/0
1.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
2.2.2.0/24 DIRECT 0 0 2.2.2.1 Interface serial2/0/0
2.2.2.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
3.3.3.0/24 DIRECT 0 0 3.3.3.1 Interface ethernet1/0/0
3.3.3.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
4.4.4.0/24 DIRECT0 0 4.4.4.1 Interface ethernet2/0/0
4.4.4.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
127.0.0.0/8 DIRECT 0 0 127.0.0. 1 InLoopBack0
127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
560 CHAPTER 6: ROUTING PROTOCOL

display ip routing-table Syntax


acl display ip routing-table acl { acl-number | acl-name } [ verbose ]

View
Any view

Parameter

acl_number: Number of basic ACL, ranging from 1 to 99.

acl-name: Name of basic ACL.

verbose: The verbose information of both the active and inactive routes that
passed filtering rules. Without this parameter, this command only displays the
summary of the active routes that passed filtering rules.

Description
Using the display ip routing-table acl command, you can view the route filtered
through specified basic access control list (ACL).
The command is used in tracking route policy to display the route that passed the
filtering rule according to the input basic ACL number or name.
The command is only applicable to view the route that passed basic ACL filtering
rules.

Example
View the summary of active routes that are filtered through basic ACL 1.
<3Com> display ip routing-table acl 1
Routes matched by access-list 1:
Summary count: 4
Destination/MaskProtoPreCost NexthopInterface
127.0.0.0/8Direct00 127.0.0.1InLoopBack0
127.0.0.1/32Direct00 127.0.0.1InLoopBack0
169.0.0.0/8Static60 0 2.1.1.1LoopBack1
169.0.0.0/15Static6002.1.1.1LoopBack1
Display the verbose information of the active and inactive routes that are filtered through basic
ACL1.
<3Com> display ip routing-table acl 1 verbose
Routes matched by access-list 1:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:5
**Destination: 127.0.0.0Mask: 255.0.0.0
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 127.0.0.1Mask: 255. 255. 255. 255
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NotInstall NoAdvise Int ActiveU Retain Gateway Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 179.0.0.0Mask: 255.0.0.0
Display Commands of the Routing Table 561

Protocol: StaticPreference: 60
*NextHop: 4.1.1.1
Vlinkindex: 0
State: <Int Hidden Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.254.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0

display ip routing-table Syntax


ip_address display ip routing-table ip_address [ mask ] [ longer-match ] [ verbose ]

View
Any view

Parameter

ip_address: Destination IP address in dotted decimal format.

mask: IP address mask, which can be in dotted decimal notation or represented by


an integer in the range of 0 to 32.

longer-match: Indicates all route destination addresses are matched in the natural
mask range.

verbose: With the verbose parameter, this command displays the verbose
information of both the active and inactive routes. Without the parameter, this
command only displays the summary of active routes.

Description
Using the display ip routing-table ip_address command, you can view the
routing information of the specified destination address.
With different optional parameters, the output of the command is different. The
following is the output description for different forms of this command:

display ip routing-table ip_address

If destination address, ip_address, has corresponding routes in natural mask range,


this command will display all subnet routes. Or, only the route best matching the
destination address, ip_address, is displayed. And only the active matching route is
displayed.

display ip routing-table ip_address mask,


562 CHAPTER 6: ROUTING PROTOCOL

This command only displays the route fully matching with specified destination
address and mask.

display ip routing-table ip_address longer-match

This command displays all route destination addresses matching with destination
addresses in natural mask range.

Example
There is corresponding route in natural mask range. View the summary.
<3Com> display ip routing-table 169.0.0.0
Routing Tables:
Summary count:1
Destination/MaskProtoPreCost NexthopInterface
169.0.0.0/16Static6002.1.1.1LoopBack1
There is no corresponding route (only the longest matching route is displayed) in natural mask
range and summary is viewed.
<3Com> display ip routing-table 169.253.0.0
Routing Tables:
Summary count:1
Destination/MaskProtoPreCost NexthopInterface
169.0.0.0/8Static60 02.1.1.1LoopBack1
There are corresponding routes in the natural mask range. View the detailed information.
<3Com> display ip routing-table 169.0.0.0 verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:2
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.254.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0
There are no corresponding routes in the natural mask range (only display the longest matching
route). View the detailed information.
<3Com> display ip routing-table 169.253.0.0 verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:1
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: -60
*NextHop: 2.1.1.1
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Metric: 0/0

display ip routing-table Syntax


ip_address1 ip_address2 display ip routing-table ip_address1 mask1 ip_address2 mask2 [ verbose ]
Display Commands of the Routing Table 563

View
Any view

Parameter

ip_address1, ip_address2: Destination IP address in dotted decimal notation.


ip_address1 and ip_address2 determine one address range together to display the
route in this address range.

mask1, mask2: IP address mask, length in dotted decimal notation or integer


form.

verbose: With the verbose parameter, this command displays the verbose
information of both the active and inactive routes. Without the parameter, this
command only displays the summary of active routes.

Description
Using the display ip routing-table ip_address1 ip_address2 command, you
can view the routing information in the specified destination address range.

Example
View the routing information of destination addresses ranging from 1.1.1.0 to
2.2.2.0.
<3Com> display ip routing-table 1.1.1.0 24 2.2.2.0 24
Routing tables:
Summary count: 3
Destination/Mask Proto Pre Cost Nexthop Interface
1.1.1.0/24 DIRECT 0 0 1.1.1.1 Interface serial1/0/0
1.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
2.2.2.0/24 DIRECT 0 0 2.2.2.1 Interface serial2/0/0

display ip routing-table Syntax


ip-prefix display ip routing-table ip-prefix ip-prefix-name [ verbose ]

View
Any view

Parameter

ip-prefix-name: Prefix list name.

verbose: With the parameter, this command displays the verbose information of
both the active and inactive routes that passed filtering rules. Without the
parameter, this command displays the summary of the active routes that passed
filtering rules.

Description
Using the display ip routing-table ip-prefix command, you can view the route
that passed the filtering rule according to the specified ip prefix list.
If there is no specified prefix list, this command will display the verbose
information of all active and inactive routes with the parameter verbose and it will
display the summary of all active routes without the parameter verbose.
564 CHAPTER 6: ROUTING PROTOCOL

Example
Display the summary of the active route that is filtered through ip prefix list abc2.
<3Com> display ip routing-table ip-prefix abc2
Routes matched by ip-prefix abc2:
Summary count: 4
Destination/MaskProtoPreCost NexthopInterface
127.0.0.0/8Direct00 127.0.0.1InLoopBack0
127.0.0.1/32Direct00 127.0.0.1InLoopBack0
169.0.0.0/8Static600 2.1.1.1LoopBack1
169.0.0.0/15Static6002.1.1.1LoopBack1
Display the verbose information of the active and inactive routes that are filtered through ip
prefix list abc2.
<3Com> display ip routing-table ip-prefix abc2 verbose
Routes matched by ip-prefix abc2:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Summary count:4
**Destination: 127.0.0.0Mask: 255.0.0.0
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 127.0.0.1Mask: 255. 255. 255. 255
Protocol: DirectPreference: 0
*NextHop: 127.0.0.1Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NotInstall NoAdvise Int ActiveU Retain Gateway Multicast Unicast>
Age: 3:47Metric: 0/0
**Destination: 179.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference:-60
*NextHop: 4.1.1.1
Vlinkindex: 0
State: <Int Hidden Static Unicast>
Age: 3:47Metric: 0/0
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47 Metric: 0/0
**Destination: 169.0.0.0Mask: 255.254.0.0
Protocol: StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47 Metric: 0/0

display ip routing-table Syntax


protocol display ip routing-table protocol protocol [ inactive | verbose ]

View
Any view
Display Commands of the Routing Table 565

Parameter

protocol: Has multiple selectable values:

■ direct: Displays direct connection route information


■ static: Displays static route information.
■ bgp: Displays BGP route information.
■ isis: Displays IS-IS route information.
■ ospf: Displays OSPF route information.
■ ospf-ase: Displays OSPF ASE route information.
■ ospf-nssa: Displays OSPF NSSA route information.
■ rip: Displays RIP route information.

inactive: With the parameter, this command displays the inactive route
information. Without the parameter, this command displays the active and
inactive route information.

verbose: With the verbose parameter, this command displays the verbose routing
information. Without the parameter, this command displays the route summary.

Description
Using the display ip routing-table protocol command, you can view the routing
information of specified protocol.

Example
Display all direct connection routes summary.
<3Com> display ip routing-table protocol direct
DIRECT Routing tables:
Summary count: 4
DIRECT Routing tables status:<active>:
Summary count: 3
Destination/MaskProto Pre Cost NexthopInterface:
20.1.1.1/32DIRECT 00127.0.0.1InLoopBack0
127.0.0.0/8DIRECT 00127.0.0.1InLoopBack0
127.0.0.1/32DIRECT 00127.0.0.1InLoopBack0
DIRECT Routing tables status:<inactive>:
Summary count: 1
Destination/MaskProto PreCostNexthopInterface
210.0.0.1/32DIRECT 0 0127.0.0.1InLoopBack0
Display the static routing table.
<3Com> display ip routing-table protocol static
STATIC Routing tables:
Summary count: 1
STATIC Routing tables status:<active>:
Summary count: 0
STATIC Routing tables status:<inactive>:
Summary count: 1
Destination/Mask Proto Pre Cost Nexthop Interface
1.2.3.0/24 STATIC 60 0 1.2.4.5 Ethernet 2/0/0
566 CHAPTER 6: ROUTING PROTOCOL

display ip routing-table Syntax


radix display ip routing-table radix

View
Any view

Parameter
None

Description
Using the display ip routing-table radix command, you can view the routing
table information in a tree structure.

Example
View the routing table information in a tree structure.
<3Com> display ip routing-table radix
Radix tree for INET (2) inodes 7 routes 5:
+-32+--{210.0.0.1
+--0+
| | +--8+--{127.0.0.0
| | | +-32+--{127.0.0.1
| +--1+
| +--8+--{20.0.0.0
| +-32+--{20.1.1.1

display ip routing-table Syntax


statistics display ip routing-table statistics

View
Any view

Parameter
None

Description
Using the display ip routing-table statistics command, you can view the
integrated routing information.
The integrated routing information includes total route amount, the route amount
added or deleted by protocol, amount of the routes that are labeled deleted but
not deleted, the active route amount and inactive route amount.

Example
Display the integrated routing information.
<3Com> display ip routing-table statistics
Routing tables:
Protorouteactiveaddeddeletedfreed
BGP 0 0 000
DIRECT5 4 5 00
RIP 0 0 000
STATIC0 0 0 00
IS-IS0 0 0 00
Display Commands of the Routing Table 567

OSPF 0 0 000
O_ASE0 0 0 00
O_NSSA0 0 0 00
Total 5 4 500

display ip routing-table Syntax


verbose display ip routing-table verbose

View
Any view

Parameter
None

Description
Using the display ip routing-table verbose command, you can view the verbose
routing table information.
With the verbose parameter, this command displays the verbose routing table
information. The descriptor describing the route state will be displayed first, then
the statistics of the entire routing table will be output and finally the verbose
description of each route will be output.
All current routes, including inactive routes and invalid routes, can be displayed
using the display ip routing-table verbose command.

Example
Display the verbose routing table information.
<3Com> display ip routing-table verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both* = Next hop in use
Destinations: 4 Routes: 4
Holddown: 0 Delete: 9 Hidden: 0
**Destination: 127.0.0.0 Mask: 255.0.0.0
Protocol: Static Preference: 0
*NextHop: 127.0.0.1 Interface: 127.0.0.1(LO0)
State: <NoAdv Int Active Retain Rej>
Age: 19:31:06 Metric: 0/0
**Destination: 127.0.0.1 Mask: 255.255.255.255
Protocol: Direct Preference: 0
*NextHop: 127.0.0.1 Interface: 127.0.0.1(LO0)
State: <NoAdv Int Active Retain>
Age: 114:03:05 Metric: 0/0
568 CHAPTER 6: ROUTING PROTOCOL

The statistics of the entire routing table is displayed first, then the verbose
description of each route is output. The meanings of route state parameters are
explained in the following table:
Table 1 Description of the output information of the display ip routing-table verbose
command

Main field Description


Holddown Number of currently hold down routes – Holddown refers to a
route advertising policy used by some distance vector (D-V) routing
protocols (such as RIP) in order to avoid expansion of error routes
and improve fast and correct transmission of unreachable routing
information. It usually advertises a route fixedly at an interval no
matter what changes have happened to the routes to the same
destination, which have been learned actually. For details, refer to
the specific routing protocol.
Delete Number of routes that have been deleted currently.
Hidden Number of currently hidden routes -- Some routes are not
available at present for some reason (e.g., the interface is Down)
but are not expected to be deleted. They can be hidden for future
restoration.

display ip routing-table Syntax


vpn-instance display ip routing-table vpn-instance vpn-instance-name [ ip-address ] [ verbose ]

View
Any view

Parameter

vpn-instance-name: VPN instance name.

ip-address: Destination IP address in dotted decimal format.

verbose: With the parameter, the command displays the verbose routing
information. Without the parameter, the command displays the route summary.

Description
Using the display ip routing-table vpn-instance command, you can view RIP
information associated with vpn instance address family.
Given that both ip-address and verbose are configured in the command, you can
view all routes to the specified IP address in the VPN-instance, including the local
routes as well as the routes learned from the remote.

Example
Display details of the routes to 10.1.1.1 in the VPN-instance vpn1.
<3Com> display ip routing-table vpn-instance vpn1 10.1.1.1 verbose
Routing tables:
Generate Default: no
+ = Active Route, - = Last Active, = Both * = Next hop in use
Summary count: 2
**Destination: 10.1.1.1 Mask: 255.255.255.255
Protocol: DIRECT Preference: 0
*NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0)
Static Route Configuration Commands 569

Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 54 Cost: 0/0
**Destination: 10.1.1.0 Mask: 255.255.255.0
Protocol: DIRECT Preference: 0
*NextHop: 10.1.1.1 Interface: 10.1.1.1(LoopBack0)
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 54 Cost: 0/0

Display the summary of the routes to 10.1.1.1 in the VPN-instance vpn1.

<3Com> display ip routing-table vpn-instance vpn1 10.1.1.1


Routing tables: vpn1 Route-Distinguisher: 100:1
Destination/Mask Protocol Pre Cost Nexthop Interface
10.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
10.1.1.0/24 DIRECT 0 0 10.1.1.1 LoopBack0

Static Route
Configuration
Commands

delete static-routes all Syntax


delete static-routes all

View
System view

Parameter
None

Description
Using the delete static-routes all command, you can cancel all the static routes.
When this command is used to cancel static routes, the user should confirm the
settings before all the configured static routes are canceled.
For the related command, see display ip routing-table and ip route-static.

Example
Delete all the static routes configured on router.
[3Com] delete static-routes all
This will erase all unicast static routes and their configurations, you must reconfigure all static
routes
Are you sure to delete all the static routes?[Y/N]y

ip route-static Syntax
■ ip route-static ip-address { mask | mask-length } { interface-name | nexthop-address }
[ preference preference-value ] [ reject | blackhole ]
■ undo ip route-static ip-address { mask | mask-length } [ interface-name |
nexthop-address ] [ preference preference-value ]
570 CHAPTER 6: ROUTING PROTOCOL

■ ip route-static vpn-instance vpn-instance-name1 vpn-instance-name2 … ip-address {


mask | mask-length } { interface-name | [ vpn-instance vpn-nexthop-name
nexthop-address ] } [ public ] [ preference preference-value ] [ reject | blackhole ]
■ undo ip route-static vpn-instance vpn-instance-name1 vpn-instance-name2 …
ip-address { mask | mask-length } { interface-name [ vpn-instance
vpn-nexthop-name | nexthop-address ] } [ public ] [ preference preference-value ]

View
System view

Parameter

ip-address: Destination IP address, in dotted decimal notation.

mask: Mask.

mask-length: Mask length. Since "1" s in the 32-bit mask are required to be
consecutive, the mask in dotted decimal notation can be replaced by mask-length,
which is the number of the consecutive "1" s in the mask.

interface-name: Specifies the outbound interface name of the static route. The
interfaces of the public network or under other vpn-instances can be taken as the
outbound interface of the static route.

vpn-instance-name: Indicates a name of VPN instance. It can take a maximum of 6


values.

vpn-nexthop-name: Specifies the vpn-instance of the static route next hop.

nexthop-address: Specifies the next hop IP address (in dotted decimal notation) of
the static route.

preference-value: Preference level of the static route in the range from 1 to 255.

reject: Indicates an unreachable route.

blackhole: Indicates a blackhole route.

Description
Using the ip route-static command, you can configure a static route. Using the
undo ip route-static command, you can cancel the configured static route.
Using the ip route-static vpn-instance command, you can configure a static route.
In the application of multi-role host, you can configure a static route on a private
network to specify the interface of another private network or public network as
its outbound interface. Using the undo ip route-static vpn-instance command,
you can remove the static route configuration.
By default, the system can obtain the sub-net route directly connected with the
router. When configuring a static route, the default preference is 60 if it is not
specified. If it is not specified as reject or blackhole, the route will be reachable by
default.
Precautions when configuring static route:
■ When the destination IP address and the mask are both 0.0.0.0, it is the
default route. If there are no route entries for a specific destination If it is
RIP Configuration Commands 571

failed to detect the routing table, a packet will be forwarded along the
default route.
■ For different configuration of preference level, flexible routing management
policy can be adopted. For example, configure multiple routes to the same
destination. Load sharing can be fulfilled by specifying the same preference
for the routes. Route backup can be realized by specifying different
preferences.
■ To configure static route, either transmission interface or next hop address
can be specified, which one is adopted in practice depends on actual
condition. For the interfaces supporting the resolution from network
address to link layer address or point-to-point interface, transmission
interface or next hop address can be specified. But for NBMA interfaces,
such as the interface or dialing interface encapsulated with X.25 or
frame-relay, they support point-to-multi-point. Except IP route is configured,
secondary route, i.e. the map from IP address to link layer address should be
established on link layer. In such condition, transmission interface cannot be
specified and the next hop IP address should be configured when
configuring static route.
■ VT interface cannot be configured as outbound interface.

In some conditions (for example, the link layer is encapsulated with PPP),
transmission interface can be specified when opposite address cannot be learned
in router configuration. After specifying transmission interface, the configuration
of this router is unnecessary to be modified as opposite address changes.

For the related command, see display ip routing-table.

Example
Configure the next hop of the default route as 129.102.0.2.
[3Com] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2
Configure the static route, whose destination address is 100.1.1.1 and whose next-hop address
is 1.1.1.2.
[3Com] ip route-static vpn-instance vpn1 100.1.1.1 16 vpn-instance vpn1 1.1.1.2

RIP Configuration For the specific examples and parameter explanation of VPN instance, refer to
Commands “MPLS” module of this manual.

checkzero Syntax
checkzero
undo checkzero

View
RIP view

Parameter
None
572 CHAPTER 6: ROUTING PROTOCOL

Description
Using the checkzero command, you can check the zero field of RIP-1 packet.
Using the undo checkzero command, you can cancel the check of the zero fields.

By default, RIP-1 performs the zero field check.


According to the protocol (RFC1058) specifications, some fields in RIP-1 packets
must be zero, called zero fields. With the checkzero command, the zero check
operation for RIP-1 packet can be enabled or disabled. During the zero check
operation, if the RIP-1 packet in which the zero fields are not zeros is received, it
will be rejected.
This command is ineffective to RIP-2 since RIP-2 packets have no zero fields.

Example
Configure not to perform zero check for RIP-1 packet.
[3Com-rip] undo checkzero
debugging rip

Syntax
debugging rip { packet | receive | send }

View
User view

Parameter

packet: Enables the RIP packets debugging.

receive: Enables the RIP receiving packets debugging.

send: Enables the RIP sending packets debugging.

Description
Using the debugging rip command, you can enable the RIP packet debugging.
Using the undo debugging rip command, you can disable the RIP packet
debugging.
Users can learn the current information of receiving and sending RIP packets on
each interface by using this command.

Example
Enable the RIP packets debugging.
<3Com> debugging rip packet

default cost Syntax


default cost value
undo default cost

View
RIP view
RIP Configuration Commands 573

Parameter

value: Default routing cost to be set, ranging from 1 to 16.The default value is 1.

Description
Using the default cost command, you can configure the default routing cost of
an imported route. Using the undo default cost command, you can restore the
default value.
If no specific routing cost is specified when importing other protocol routes with
the import-route command, the importing will be performed with the default
routing cost specified by the default cost command.
For the related command, see import-route.

Example
Set the default routing cost of importing other route protocol routes as 3.
[3Com-rip] default cost 3

display rip Syntax


display rip

View
Any view

Parameter
None

Description
Using the display rip command, you can view the current RIP running state and
its configuration information.

Example
Display the current running state and configuration information of the RIP
protocol.
<3Com> display rip
RIP is turned on
public net VPN-Instance
Checkzero is on Default cost : 1
Summary is on Preference : 100
Period update timer : 30
Timeout timer : 180
Garbage-collection timer : 120
No peer router
Table 2 Description of the output information of the display rip command

Item Description
RIP is turned on RIP is enabled.
public net VPN-Instance Public networks in the VPN-instance
Checkzero is on Enables checkzero of RIP.
Default cost : 1 The default cost of the imported route is 1.
Summary is on Enables route summary of RIP.
574 CHAPTER 6: ROUTING PROTOCOL

Table 2 Description of the output information of the display rip command

Item Description
Preference : 100 The preference of RIP is 100.
Period update timer : 30 Timeout timer : 180
Garbage-collection timer : 120 Setting on the three timers of RIP
No peer router RIP has no peer router.

display rip vpn-instance Syntax


display rip vpn-instance vpn-instance-name

View
Any view

Parameter

vpn-instance vpn-instance-name: VPN instance name.

Description
Using the display rip vpn-instance command, you can view the related
configuration of VPN instance of RIP.

Example
None

filter-policy export Syntax


filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ]
undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ]

View
RIP view

Parameter

acl-number: Access control list number used for filtering the destination addresses
of the routing information.

ip-prefix-name: Name of address prefix list used for filtering the destination
addresses of the routing information.

routing-protocol: Routing protocol whose routing information is to be filtered,


including direct, isis, bgp, ospf, ospf-ase, ospf-nssa, and static at present.

Description
Using the filter-policy export command, you can configure to filter the
advertised routing information by RIP. Using the undo filter-policy export
command, you can configure not to filter the advertised routing information.
By default, RIP does not filter the advertised routing information.
For the related commands, see acl, filter-policy import, and ip ip-prefix.
RIP Configuration Commands 575

Example
Filter the advertised route information according to acl 3.
[3Com-rip] filter-policy 3 export

filter-policy import Syntax


filter-policy gateway ip-prefix-name import
undo filter-policy gateway ip-prefix-name import
filter-policy { acl-number | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] }
import

View
RIP view

Parameter

ip-prefix-name: Name of address prefix list used for filtering the destination
addresses of the routing information.

acl-number: Access control list number used for filtering the destination addresses
of the routing information.

gateway ip-prefix-name: Name of address prefix list used for filtering the
addresses of the neighboring routers advertising the routing information.

Description
Using the filter-policy gateway command, you can configure to filter the
received routing information distributed from the specified address. Using the
undo filter-policy gateway command, you can configure not to filter the
received routing information distributed from the specified address.
Using the filter-policy import command, you can configure the filtering to the
received global routing information. Using the undo filter-policy import
command, you can disable filtering to the received global routing information
By default, RIP does not filter the received routing information.
The range of the routes received by RIP can be controlled by specifying the access
control list and the address prefix list.
For the related command, see acl, filter-policy export, and ip ip-prefix.

Example
Configure the filtering of the global routing information according to acl 3.
[3Com-rip] filter-policy 3 import

host-route Syntax
host-route
undo host-route

View
RIP view
576 CHAPTER 6: ROUTING PROTOCOL

Parameter
None

Description
Using the host-route command, you can control the RIP to accept the host route.
Using the undo host-route command, you can reject the host route.
By default, router accepts the host route.
In some special cases, RIP receives a great number of host routes in the same
network segment. These routes cannot help the path searching much but occupy
a lot of resources. In this case, the undo host-route command can be used to
reject host routes.

Example
Configure RIP to reject a host route.
[3Com-rip] undo host-route

import-route Syntax
import-route protocol [ cost value ] [ route-policy route-policy-name ]
undo import-route protocol

View
RIP view

Parameter

protocol: Specifies the source routing protocol to be imported by RIP. At present,


RIP can import the following routes: direct, ospf, ospf-ase, ospf-nssa, static, bgp
and isis.

value: Cost value of the route to be imported, ranging from 1 to 16..

route-policy route-policy-name: Configured to import the route matching the


condition of the specified Route-policy only.

Description
Using the import-route command, you can import the routes of other protocols
into RIP. Using the undo import-route command, you can cancel the routes
imported from other protocols.
By default, RIP does not import any other routes.
The import-route command is used to import the route of another protocol by
using a certain value. RIP regards the imported route as its own route and
transmits it with the specified value. This command can greatly enhance the RIP
capability of obtaining routes, thus increasing the RIP performance.
If the cost value is not specified, routes will be imported according to the default
cost. It is in the range of 1 to 16. If it is larger than or equal to 16, it indicates an
unreachable route and the transmission will be stopped in 120 seconds.
For the related command, see default cost.
RIP Configuration Commands 577

Example
Import a static route with cost being 4.
[3Com-rip] import-route static cost 4
Set the default cost and import an OSPF route with the default cost.
[3Com-rip] default cost 3
[3Com-rip] import-route ospf

ipv4-family vpn-instance Syntax


ipv4-family [ unicast ] vpn-instance vpn-instance-name
undo ipv4-family [ unicast ] vpn-instance vpn-instance-name

View
RIP view

Parameter

unicast: Unicast address.

vpn-instance-name: Associates the specified VPN instance with the IPv4 address
family. Enter the MBGP address family view of RIP with this parameter.

Description
Using the ipv4-family command, you can enter MBGP address family view of RIP.
Using the undo ipv4-family command, you can cancel all configurations in
extended address family view.
ipv4-family command is used to enter the MBGP address family view. In this
view, parameters related to address family can be configured for RIP.
undo ipv4-family command is only used in RIP view.
The ipv4-family vpn-instance command is used for BGP/MPLS VPN. For related
description, refer to “MPLS VPN“ section in module “MPLS” chapter of this
manual.
For the related command, see display rip vpn-instance.

Example
None

network Syntax
network network-address
undo network network-address

View
RIP view

Parameter
network-address: Address of the network enabled/disabled. It can be the IP
network address of any interface.
578 CHAPTER 6: ROUTING PROTOCOL

Description
Using the network command, you can enable Routing Information Protocol (RIP)
on the interface. Using the undo network command, you can cancel the RIP on
the interface.
By default, RIP is disabled on any interface.
After enabling a RIP routing process, it is disabled on any interface by default. RIP
at a certain interface must be enabled with the network command.
The undo network command is similar to the interface undo rip work command
in terms of function. But they are not identical. Their similarity is that the interface
using either command will not receive/transmit RIP routes. The difference between
them is that, in the case of undo rip work , other interfaces will still forward the
routes of the interface using the undo rip work command. In the case of undo
network, it is like to perform undo rip work command on the interface, and the
routes of corresponding interfaces cannot be transmitted by RIP. Therefore, the
packets transmitted to this interface cannot be forwarded.
When the network command is used on an address, the effect is that the interface
on the network segment at this address is enabled. For example, the results of
viewing the network 129.102.1.1 with both the display current-configuration
command and the display rip command are shown as the network 129.102.0.0.
For the related command, see rip work.

Example
Enable the RIP on the interface with the network address as 129.102.0.0.
[3Com-rip] network 129.102.0.0

peer Syntax
peer ip-address
undo peer ip-address

View
RIP view

Parameter

ip-address: IP address of the peer router with which information will be exchanged
in unicast mode, represented in the format of dotted decimal.

Description
Using the peer command, you can configure the destination address of the peer
to which information is sent in unicast mode. Using the undo peer command,
you can cancel the set destination address.
By default, do not send RIP packet to any destination.
This command specifies the sending destination address to fit some non-broadcast
networks. Usually, it is not recommended to use this command.

Example
Specify the sending destination address 202.38.165.1.
[3Com-rip] peer 202.38.165.1
RIP Configuration Commands 579

preference Syntax
preference value
undo preference

View
RIP view

Parameter
value: Preference level, ranging from 1 to 255. By default, the value is 100.

Description
Using the preference command, you can configure the route preference of RIP.
Using the undo preference command, you can restore the default preference.
Every routing protocol has its own preference. Its default value is determined by
the specific routing policy. The preference will finally determine the routing
algorithm to obtain the optimal route in the IP routing table. This command can
be used to modify the RIP preference manually.

Example
Specify the RIP preference as 20.
[3Com-rip] preference 20

reset Syntax
reset

View
RIP view

Parameter
None

Description
Using the reset command, you can reset the system parameters of RIP.
When you need to re-configure parameters of RIP, this command can be used to
restore the default setting.

Example
Reset the RIP system.
[3Com-rip] reset

rip Syntax
rip
undo rip

View
system view
580 CHAPTER 6: ROUTING PROTOCOL

Parameter
None

Description
Using the rip command, you can enable the RIP and enter the RIP view. Using the
undo rip command, you can cancel RIP.
By default, the system does not run RIP.
To enter the RIP view to configure various RIP global parameters, RIP should be
enabled first. Whereas the configuration of parameters related to the interfaces is
not restricted by enabling/disabling RIP.

The interface parameters configured previously would be invalid when RIP is


disabled.

Example
Enable the RIP and enter the RIP view.
[3Com] rip
[3Com-rip]

rip authentication-mode Syntax


rip authentication-mode { { simple password } | { md5 { key-string key-string | key-id
key-id } } }
undo rip authentication-mode

View
Interface view

Parameter

simple: Simple text authentication mode.

password: Simple text authentication key, in character string format with 1 to 16


characters in simple text mode or 24 characters in cipher text mode.

md5: MD5 cipher text authentication mode.

key-string: MD5 cipher text authentication key, in character string format with 1 to
16 characters in simple text mode or 24 characters in cipher text mode.

key-id: MD5 cipher text authentication identifier, ranging from 1 to 255.

Description
Using the rip authentication-mode command, you can configure RIP-2
authentication mode and corresponding parameters. Using the undo rip
authentication-mode command, you can cancel the RIP-2 authentication.
RIP-1 does not support authentication. There are two RIP authentication modes:
simple text authentication and MD5 cipher text authentication. When MD5 cipher
text authentication mode is used, there are two types of packet formats. One of
them is described in RFC 1723, which was discussed earlier. The other format is
the one described specially in RFC 2082. The router supports both of the packet
formats and the user can select either of them.
RIP Configuration Commands 581

For the related command, see rip version.

Example
Specify Interface serial1/0/0 to use the simple text authentication with the key as
aaa.
[3Com] interface serial1/0/0
[3Com-Serial1/0/0] rip version 2
[3Com-Serial1/0/0] rip authentication-mode simple aaa

rip authentication-mode Syntax


rip authentication-mode md5 type { usual | nonstandard }

View
Interface view

Parameter

usual: Specifies the MD5 cipher text authentication packet to use the general
packet format (RFC1723 standard format).

nonstandard: Specifies the MD5 cipher text authentication packet to use a


nonstandard packet format described in RFC2082.

Description
Using the rip authentication-mode md5 type command, you can configure
md5 type of RIP-2 authentication
By default, use nonstandard type.
RIP-2 packets can be in the following two formats when MD5 authentication is
adopted: The earlier raised format is described in RFC1723, which is adopted by
Gated. Another format fits into RFC2082 standard, which is adopted by part of
the routers in the industry.
For the related commands, see rip authentication-mode and rip version.

Example
Set MD5 authentication at Serial0, and the packet type is "nonstandard".
[3Com] interface serial1/0/0
[3Com-Serial1/0/0] rip version 2
[3Com-Serial1/0/0] rip authentication-mode md5 type nonstandard

rip input Syntax


rip input
undo rip input

View
Interface view

Parameter
None
582 CHAPTER 6: ROUTING PROTOCOL

Description
Using the rip input command, you can allow an interface to receive RIP packets.
Using the undo rip input command, you can cancel an interface from receiving
RIP packets.
By default, RIP packets at all interfaces (except loopback interface) can be
received..
This command is used in cooperation with the other two commands: rip output
and rip work. Functionally, rip work is equivalent to rip input & rip output. The
latter two control the receipt and the transmission of RIP packets respectively on
an interface. The former command equals the functional combination of the latter
two commands.
For the related command, see rip output and rip work.

Example
Specify the interface serial1/0/0 not to receive RIP packets.
[3Com-serial1/0/0] undo rip input

rip metricin Syntax


rip metricin value
undo rip metricin

View
Interface view

Parameter

value: Additional route metric added when receiving a packet, ranging from 0 to
16. By default, the value is 1.

Description
Using the rip metricin command, you can configure the additional route metric
added to the route when an interface receives RIP packets. Using the undo rip
metricin command, you can restore the default value of this additional route
metric.
This command is valid for the routes distributed by the local network and other
routes imported by other routes. This command is invalid for the routes imported
by the local router.
For the related command, see rip metricout.

Example
Specify the additional route metric to 2 when the interface serial1/0/0 receives RIP
packets.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip metricin 2

rip metricout Syntax


rip metricout value
undo rip metricout
RIP Configuration Commands 583

View
Interface view

Parameter

value: Additional route metric added when transmitting a packet, ranging from 1
to 16. By default, the value is 1.

Description
Using the rip metricout command, you can configure the additional route metric
to the route when an interface transmits RIP packets. Using the undo rip
metricout command, you can restore the default value of this additional route
metric.
This command is valid for the routes distributed by the local network and other
routes imported by other routes. This command is invalid for the routes imported
by the local router.
For the related command, see rip metricin.

Example
Set the additional route metric to 2 when the interface serial1/0/0 transmits RIP
packets.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip metricout 2

rip output Syntax


rip output
undo rip output

View
Interface view

Parameter
None

Description
Using the rip output command, you can configure an interface to transmit RIP
packets. Using the undo rip output command, you can cancel an interface to
transmit RIP packets.
By default, RIP packets at all interfaces (except loopback interface) can be
transmitted.
This command is used in cooperation with the other two commands: rip input and
rip work. Functionally, rip work is equivalent to rip input & rip output. The latter
two control the receipt and the transmission of RIP packets respectively on an
interface. The former command equals the functional combination of the latter
two commands.
For the related command, see rip input and rip work.

Example
Disable the interface serial1/0/0 to transmit RIP packets.
584 CHAPTER 6: ROUTING PROTOCOL

[3Com] interface serial1/0/0


[3Com-serial1/0/0] undo rip output

rip split-horizon Syntax


rip split-horizon
undo rip split-horizon

View
Interface view

Parameter
None

Description
Using the rip split-horizon command, you can configure an interface to use split
horizon when transmitting RIP packets. Using the undo rip split-horizon
command, you can configure an interface not to use split horizon when
transmitting RIP packets.
By default, an interface is enabled to use split horizon when transmitting RIP
packets.
Normally, split horizon is necessary for reducing route loop. Only in some special
cases, split horizon should be disabled to ensure the correct execution of
protocols.

Example
Specify the interface serial1/0/0 not to use split horizon when processing RIP
packets.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] undo rip split-horizon

rip version Syntax


rip version { 1| { 2 [ broadcast | multicast ] } }
undo rip version

View
Interface view

Parameter

1: Interface version is RIP-1.

2: Interface version is RIP-2. By default, multicast is used.

broadcast: Transmission mode of RIP-2 packet is broadcast.

multicast: Transmission mode of RIP-2 packet is multicast.


RIP Configuration Commands 585

Description
Using the rip version command, you can configure the version of RIP packets on
an interface. Using the undo rip version command, you can restore the default
value of RIP packet version on the interface.
By default, the interface RIP version is RIP-1.
RIP-2 has 2 transmission modes: broadcast and multicast. Multicast is the default
mode. The multicast address in RIP-2 is 224.0.0.9. One of the advantages of
multicast mode is that the hosts that do not run RIP in this network will not receive
the broadcast packets. Additionally, hosts running RIP-1 will be prevented from
receiving and processing the RIP-2 routes with subnet masks.
When the interface specifies the use of RIP-1, only RIP-1 and RIP-2 broadcast
packets will be received. In this case, RIP-2 multicast packets will be rejected.
When the interface is specified to use RIP-2 multicast, only RIP-2 multicast packets
and RIP-2 broadcast packets will be received. In this case, RIP-1 packets will be
rejected.

Example
Configure the interface serial1/0/0 as RIP-2 broadcast mode.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip version 2 broadcast

rip work Syntax


rip work
undo rip work

View
Interface view

Parameter
None

Description
Using the rip work command, you can enable RIP on an interface. Using the
undo rip work command, you can disable RIP on an interface.
By default, RIP is enabled on an interface.
This command is used in cooperation with rip input, rip output and network
commands.
For the related commands, see network, rip input, and rip output.

Example
Disable the interface serial1/0/0 to run the RIP.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] undo rip work

summary Syntax
summary
undo summary
586 CHAPTER 6: ROUTING PROTOCOL

View
RIP view

Parameter
None

Description
Using the summary command, you can enable RIP-2 automatic route
summarization. Using the undo summary command, you can disable RIP-2
automatic route summarization.
By default, RIP-2 route summarization is enabled.
Route aggregation can be performed to reduce the routing traffic on the network
as well as to reduce the size of the routing table. If RIP-2 is used, route
summarization function can be disabled with the undo summary command, when
it is necessary to broadcast the subnet route.
RIP-1 does not support subnet mask. Forwarding subnet route may cause
ambiguity. Therefore, RIP-1 uses route summarization all the time. The undo
summary command is invalid for RIP-1.
For the related command, see rip version.

Example
Set RIP version on the interface serial1/0/0 as RIP-2 and disable the route
summarization function.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] rip version 2
[3Com-serial1/0/0] quit
[3Com] rip
[3Com-rip] undo summary

timers Syntax
timers { update update-timer-length | timeout timeout-timer-length } *
undo timers { update | timeout } *

View
RIP view

Parameters

update-timer-length: Period update value, measured in seconds ranging from 1 to


3600. The default value is 30 seconds.

timeout-timer-length: Timeout value, measured in seconds ranging from 1 to


3600. The default value is 180 seconds.

Description
Using the timers command, you can modify value for the three timers, Period
update, Timeout and Garbage-collection, of RIP. Using the undo timers
command, you can restore the default setting.
OSPF Configuration Commands 587

The default values of timer Period update, Timeout and Garbage-collection are
respectively 30s, 180s and 120s.
Usually, the timing length of timer Garbage-collection is 3 times that of timer
Period update. However, in practice, an unreachable route will not be completely
deleted until the fourth update packet sent from the same neighbor is received. So
the actual timing length of timer Garbage-collection is as 3 to 4 times as that of
timer Period update. Additionally, the modification on timer Period update will
affect timer Garbage-collection.
The modified value of RIP timers will take effect immediately.
For the related command, see display rip.

Example
Set timer Period update to 10 seconds and timer Timeout to 30 seconds.
[3Com] rip
[3Com-rip] timers update 10 timeout 30

OSPF Configuration
Commands

abr-summary Syntax
abr-summary ip-address mask [ advertise | not-advertise ]
undo abr-summary ip-address mask

View
OSPF area view

Parameter

ip-address: Network segment address.

mask: Network mask.

Advertise: Advertises only the summarized route.

Notadvertise: Suppresses the advertisement of the routes in the matched range.

Description
Using the abr-summary command, you can configure the route aggregation on
the area border router (ABR). Using the undo abr-summary command, you can
cancel the function of route aggregation on the area border router.
By default, the area border router doesn’t aggregate routes.
This command is applicable only to the ABR and is used for the route aggregation
in an area. The ABR only transmits an aggregated route to other areas. Route
aggregation refers to that the routing information is processed in the ABR and for
each network segment configured with route aggregation, there is only one route
transmitted to other areas. An area can configure multiple aggregation network
segments. Thus OSPF can aggregate various network segments together.
588 CHAPTER 6: ROUTING PROTOCOL

Example
Aggregate the routes in the two network segments, 36.42.10.0 and 36.42.110.0,
of OSPF area 1 into one route 36.42.0.0 and transmit it to other areas.
[3Com-ospf-1] area 1
[3Com-ospf-1-area-0.0.0.1] network 36.42.10.0 0.0.0.255
[3Com-ospf-1-area-0.0.0.1] network 36.42.110.0 0.0.0.255
[3Com-ospf-1-area-0.0.0.1] abr-summary 36.42.0.0 255.255.0.0

area Syntax
area area-id
undo area area-id

View
OSPF view, OSPF area view

Parameter

area-id: ID of the OSPF area, which can be a decimal integer (ranging from 0 to
4294967295) or in IP address format.

Description
Using the area command, you can enter OSPF area view. Using the undo area
command, you can cancel the designated area.

Example
Enter area 0 view.
[3Com-ospf-1] area 0
[3Com-ospf-1-area-0.0.0.0]

asbr-summary Syntax
asbr-summary ip-address mask [ not-advertise | tag value ]
undo asbr-summary ip-address mask [ not-advertise | tag value ]

View
OSPF view

Parameter

ip-address: Matched IP address in dotted decimal notation.

mask: IP address mask in dotted decimal notation.

not-advertise: Not advertises routes matching the specified IP address and mask.
Aggregated route will be advertised without this parameter.

tag-value: Control advertisement of routes via Route-policy. It is in the range from


0 to 4294967295. If it is not specified, it is 1 by default.
OSPF Configuration Commands 589

Description
Using the asbr-summary command, you can configure summarization of
imported routes by OSPF. Using the undo asbr-summary command, you can
cancel the summarization.
By default, summarization of imported routes is disabled.
After the summarization of imported routes is configured, if the local router is an
autonomous system border router (ASBR), this command summarizes the
imported Type-5 LSAs in the summary address range. When NSSA is configured,
this command will also summarize the imported Type-7 LSAs in the summary
address range.
If the local router acts as both an ABR and a switch router in the NSSA, this
command summarizes Type-5 LSAs transformed from Type-7 LSAs. If the router is
not the router in the NSSA, the summarization is disabled.
For the related command, see display ospf asbr-summary.

Example
Set summarization of 3Com imported routes.
[3Com-ospf-1] asbr-summary 10.2.0.0 255.255.0.0 not-advertise

authentication-mode Syntax
authentication-mode [ simple | md5 ]
undo authentication-mode

View
OSPF area view

Parameter

simple: Simple text authentication mode.

md5: MD5 cipher text authentication mode.

Description
Using the authentication-mode command, you can configure one area of OSPF
to support the authentication attribute. Using the undo authentication-mode
command, you can cancel the authentication attribute of this area.
By default, an area does not support authentication attribute.
All the routers in one area must use the same authentication mode (no
authentication, supporting simple text authentication or MD5 cipher text
authentication). If the mode of supporting authentication is configured, all routers
on the same segment must use the same authentication key. To configure a simple
text authentication key, use the ospf authentication-mode simple command.
And, use the ospf authentication-mode md5 command to configure the MD5
cipher text authentication key if the area is configured to support MD5 cipher text
authentication mode.
For the related command, see ospf authentication-mode.
590 CHAPTER 6: ROUTING PROTOCOL

Example
Enter area 0 view.
[3Com-ospf-1] area 0
Specify the OSPF area 0 to support MD5 cipher text authentication.
[3Com-ospf-1-area-0.0.0.0] authentication-mode md5

debugging ospf Syntax


debugging ospf [ process-id ] { event | { packet [ ack | dd | hello | request | update ] } |
lsa-generate | spf | te }
undo debugging ospf [ process-id ] { event | { packet [ ack | dd | hello | request | update ]
} | lsa-generate | spf | te }

View
User view

Parameter

process-id: OSPF process number. If no process number is specified, all the process
debugging is enabled or disabled.

event: Enables OSPF event information debugging.

packet: Enables OSPF packet information debugging. There are five sorts of
packets in OSPF as follows:

ack: LSAck packet.

dd: Database Description packet.

hello: Hello message.

request: Link State Request packet.

update: Link State Update packet.

Lsa-generate: Enables OSPF LSA packet information debugging.

spf: Enables the debugging of the calculation of the OSPF shortest-path tree.

te: Enables the debugging of OSPF TE.

Description
Using the debugging ospf command, you can enable OSPF debugging. Using
the undo debugging ospf command, you can disable the function.
In OSPF multi-process, using debugging command, you can enable the
debugging of all the process simultaneously or one of the processes only.
If no process number is specified in the debugging command, the command is
valid to all the processes. And it keeps the state during the router running period
no matter OSPF process exits or not. In this way, the execution of this command
will enable/disable each enabled OSPF debugging. At the same time, the
debugging specified by this command will be enabled automatically when new
OSPF is enabled.
OSPF Configuration Commands 591

If there is a specified process number in the debugging command, only the


specified process is debugged. The configuration command is invalid if OSPF is not
enabled. And the debugging state will not be kept after exiting the process, either.
For the related command, see display debugging ospf.

Example
Enable the information debugging of OSPF packets.
<3Com> debugging ospf packet

default cost Syntax


default cost value
undo default cost

View
OSPF view

Parameter

value: Default routing cost of external route imported by OSPF, ranging from 0 to
16777214. By default, its value is 1.

Description
Using the default cost command, you can configure the default cost for OSPF to
import external routes. Using the undo default cost command, you can restore
the default value of the default routing cost configured for OSPF to import
external routes.
Since OSPF can import external routing information and propagate it to the entire
autonomous system, it is necessary to specify the default routing cost for the
protocol to import external routes.
If multiple OSPFs are enabled, the command is valid to this process only.

Example
Specify the default routing cost for OSPF to import external routes as 10.
[3Com-ospf-1] default cost 10

default interval Syntax


default interval seconds
undo default interval

View
OSPF view

Parameter

seconds: Default interval for importing external routes. Its unit is second and the
value ranges from 1 to 2147483647. By default, the interval for OSPF to import
external routes is 1 second.
592 CHAPTER 6: ROUTING PROTOCOL

Description
Using the default interval command, you can configure the default interval for
OSPF to import external routes. Using the undo default interval command, you
can restore the default value of the default interval of importing external routes.
Because OSPF can import the external routing information and broadcast it to the
entire autonomous system, it is necessary to specify the default interval for the
protocol to import external routes.

Example
Specify the default interval for OSPF to import external routes as 10 seconds.
[3Com-ospf-1] default interval 10

default limit Syntax


default limit routes
undo default limit

View
OSPF view

Parameter

routes: Default value to the imported external routes in a unit time, ranging from
200 to 2147483647. By default, the value is 1000.

Description
Using the default limit command, you can configure default value of maximum
number of imported routes. Using the undo default limit command, you can
restore the default value.
OSPF can import external route information and broadcast them to the whole
autonomous system, so it is necessary to regulate the default value of external
route information imported in one process.
For the related command, see default interval.

Example
Specify the default value of OSPF importing external routes as 200.
[3Com-ospf-1] default limit 200

default tag Syntax


default tag tag
undo default tag

View
OSPF view

Parameter

tag: Default tag, ranging from 0 to 4294967295.


OSPF Configuration Commands 593

Description
Using the default tag command, you can configure the default tag of OSPF when
it redistributes an external route. Using the undo default tag command, you can
restore the default tag of OSPF when it redistributes the external route.
When OSPF redistributes a route found by other routing protocols in the router
and uses it as the external routing information of its own autonomous system,
some additional parameters are required, including the default cost and the
default tag of the route.
For the related command, see default type.

Example
Set the default tag of OSPF imported external route of the autonomous system as
10.
[3Com-ospf-1] default tag 10

default type Syntax


default type { 1 | 2 }
undo default type

View
OSPF view

Parameter

type 1: External routes of type 1.

type 2: External routes of type 2.

Description
Using the default type command, you can configure the default type when OSPF
redistributes external routes. Using the undo default type command, you can
restore the default type when OSPF redistributes external routes.
By default, the external routes of type 2 are imported.
OSPF specifies the two types of external routing information. The command
described in this section can be used to specify the default type when external
routes are imported.
For the related command, see default tag.

Example
Specify the default type as type 1 when OSPF imports an external route.
[3Com-ospf-1] default type 1

default-cost Syntax
default-cost value
undo default-cost

View
OSPF area view
594 CHAPTER 6: ROUTING PROTOCOL

Parameter

value: Specifies the cost value of the default route transmitted by OSPF to the
STUB or NSSA area, ranging from 0 to 16777214. The default value is 1.

Description
Using the default-cost command, you can configure the cost of the default route
transmitted by OSPF to the STUB or NSSA area. Using the undo default-cost
command, you can restore the cost of the default route transmitted by OSPF to
the STUB or NSSA area to the default value.
This command is applicable for the border routers connected to STUB or NSSA
area.
The stub and default-cost commands are necessary in configuring STUB area. All
the routers connected to STUB area must use stub command to configure the
stub attribute to this area. Using the default-cost command, you can specify the
cost of the default route transmitted by ABR to STUB or NSSA area.
This command is only valid for this process if multiple OSPF processes are enabled.
For the related commands, see stub and nssa.

Example
Set the area 1 as the STUB area and the cost of the default route transmitted to
this STUB area to 60.
[3Com-ospf-1] area 1
[3Com-ospf-1-area-0.0.0.1] network 20.0.0.0 0.255.255.255
[3Com-ospf-1-area-0.0.0.1] stub
[3Com-ospf-1-area-0.0.0.1] default-cost 60

default-route-advertise Syntax
default-route-advertise [ always ] [ cost cost-value ] [ type type-value ] [ route-policy
route-policy-name ]
undo default-route-advertise [ always ] [ cost ] [ type ] [ route-policy ]

View
OSPF view

Parameter

always: Only available for the ASBR. If the parameter is selected, a default route
which is advertised via LSAs will be generated no matter whether there is a default
route in the routing table. For the ASBR in an general area, the default route is
advertised via Type-5 LSA, while in NSSA, the default route is advertised via Type-7
LSA.

cost-value: Cost value of this LSA. The cost-value ranges from 0 to 16777214. The
default value is 1.

type-value: Cost type of this LSA. It ranges from 1 to 2. The default value is 2.

route-policy-name: If the default route matches the route-policy specified by


route-policy-name, route-policy will affect the value in LSA. The length of
route-policy-name parameter ranges from 1 to 19 character.
OSPF Configuration Commands 595

Description
Using the default-route-advertise command, you can make the system
generate a default route to OSPF area. Using the undo default-route-advertise
command, you can cancel generation of a default route.
By default, OSPF does not generate default route.
Using the default-route-advertise command at ABR, you can generate a default
route which is advertised via the Type-5 LSA or Type-7 LSA no matter whether
there is a default route in the routing table.
An OSPF router after the default-route-advertise command is executed will
become an ASBR, as is similar to executing the import-route command on an OSPF
router. But you cannot import the default route into the OSPF area with the
import-route command.
In addition, the default-route-advertise command is not available for the Stub
area. For the ABR or ASBR in NSSA, the default-route-advertise command is
equivalent to the nssa default-route-advertise command in terms of effect.
This command is valid for the current process only if multiple OSPF processes are
enabled.
For the related commands, see import-route and nssa.

Example
If local route has default route, the LSA of default route will be generated,
otherwise it won’t be generated.
[3Com-ospf-1] default-route-advertise

The LSA of default route will be generated and advertised to OSPF route area
even the local router has no default route.

[3Com-ospf-1] default-route-advertise always

display debugging ospf Syntax


display debugging ospf

View
Any view

Description
Using the display debugging ospf command, you can view the global OSPF
debugging state and each process debugging state.
For the related command, see debugging ospf.

Example
View the global OSPF debugging state and each process debugging state.
<3Com> display debugging ospf
OSPF global debugging state:
OSPF SPF debugging is on
OSPF LSA debugging is on
OSPF process 100 debugging state:
OSPF SPF debugging is on
OSPF process 200 debugging state:
596 CHAPTER 6: ROUTING PROTOCOL

OSPF SPF debugging is on


OSPF LSA debugging is on

display ospf abr-asbr Syntax


display ospf abr-asbr

View
Any view

Parameter
None

Description
Using the display ospf abr-asbr command, you can view the information about
the Area Border Router (ABR) and Autonomous System Border Router (ASBR) of
OSPF.

Example
Display the information of the OSPF ABR and ASBR.
<3Com> display ospf abr-asbr
Routing Table to ABR and ASBR
Destination Area Cost Type Nexthop Interface
Intra 1.2.3.9 0.0.0.0 1 ASBR 1.2.3.9 Ethernet2/0/0

display ospf Syntax


asbr-summary display ospf asbr-summary [ ip-address mask ]

View
Any view

Parameter

ip-address: Matched IP address, in dotted decimal notation.

mask: IP address mask in dotted decimal notation.

Description
Using the display ospf asbr-summary command, you can view the summary
information of OSPF imported routes.
If the parameters are not configured, the summary information of all imported
routes will be viewed.
For the related command, see asbr-summary.

Example
Display the summary information of all OSPF imported routes.
<3Com> display ospf asbr-summary
Total summary address count: 2
Summary Address
net : 168.10.0.0
mask : 255.254.0.0
OSPF Configuration Commands 597

tag :1
status : Advertise
The Count of Route is 0
Summary Address
net : 1.1.0.0
mask : 255.255.0.0
tag : 100
status : DoNotAdvertise
The Count of Route is 0

display ospf brief Syntax


display ospf [ process-id ] brief

View
Any view

Parameter

process-id: Process number of OSPF. If no process number is specified, this


command displays the main information of all OSPF processes in configuration
sequence.

Description
Using the display ospf brief command, you can view the summary of OSPF.

Example
Display the OSPF summary.
<3Com> display ospf brief
RouterID: 3.3.3.3 Border Router: Area
spf-schedule-interval: 5
Routing preference: Inter/Intra: 10 External: 150
Default ASE parameters: Metric: 1 Tag: 0.0.0.1 Type: 2
SPF computation count: 13
Area Count: 2 Nssa Area Count: 0
Area 0.0.0.0:
Authtype: none Flags: <>
SPF scheduled: <>
Interface: 20.0.0.2 (Ethernet1/0/0)
Cost: 1 State: BackupDR Type: Broadcast
Priority: 1
Designated Router: 20.0.0.1
Backup Designated Router: 20.0.0.2
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
Interface: 30.0.0.1 (Ethernet2/0/0)
Cost: 1 State: DR Type: Broadcast
Priority: 1
Designated Router: 30.0.0.1
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
Area 0.0.0.1:
Authtype: none Flags: <Transit>
SPF scheduled: <>
Interface: 40.0.0.1 (LoopBack0) --> 40.0.0.1
Cost: 1562 State: P To P Type: PointToPoint
Priority: 1
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
598 CHAPTER 6: ROUTING PROTOCOL

Display the routing information of OSPF 100.


<3Com> display ospf 100

OSPF Process 100 with Router ID 1.2.3.4

OSPF Protocol Information

RouterID: 1.2.3.4
Spf-schedule-interval: 5
Routing preference: Inter/Intra: 10 External: 150
Default ASE parameters: Metric: 1 Tag: 0.0.0.1 Type: 2
SPF computation count: 0
Area Count: 0 Nssa Area Count: 0

display ospf cumulative Syntax


display ospf cumulative

View
Any view

Parameter
None

Description
Using the display ospf cumulative command, you can view the OSPF cumulative
information.

Example
Display the OSPF cumulative information.
<3Com> display ospf cumulative
IO Statistics
Type InputOutput
Hello 225 437
DB Description78 86
Link-State Req18 18
Link-State Update 4853
Link-State Ack25 21
ASE: 1 Checksum Sum: FCAF
LSAs originated by this router
Router: 50SumNet: 40SumASB: 2
LSAs Originated: 92 LSAs Received: 33
Area 0.0.00.0:
Neighbors: 1 Interfaces: 1
Spf: 54 Checksum Sum F020
rtr: 2 net: 0 sumasb: 0 sumnet: 1
Area 0.0.0.1:
Neighbors: 0 Interfaces: 1
Spf: 19 Checksum Sum 14EAD
rtr: 1 net: 0sumasb: 1sumnet: 1
Routing Table:
Intra Area: 2 Inter Area: 0ASE: 1

display ospf error Syntax


display ospf error
OSPF Configuration Commands 599

View
Any view

Parameter
None

Description
Using the display ospf error command, you can view the statistics of error
information which OSPF received.

Example
Display the statistics of error information which OSPF received .
<3Com> display ospf error
OSPF packet error statistics:
0: IP: received my own packet0: OSPF: bad packet type
0: OSPF: bad version0: OSPF: bad checksum
0: OSPF: bad area id0: OSPF: area mismatch
0: OSPF: bad virtual link0: OSPF: bad authentication type
0: OSPF: bad authentication key 0: OSPF: packet too small
0: OSPF: packet size > ip length 0: OSPF: transmit error
0: OSPF: interface down0: OSPF: unknown neighbor
0: HELLO: netmask mismatch0: HELLO: hello timer mismatch
0: HELLO: dead timer mismatch0: HELLO: extern option mismatch
0: HELLO: router id confusion0: HELLO: virtual neighbor unknown
0: HELLO: NBMA neighbor unknown 0: DD: neighbor state low
0: DD: router id confusion0: DD: extern option mismatch
0: DD: unknown LSA type 0: LS ACK: neighbor state low
0: LS ACK: bad ack0: LS ACK: duplicate ack
0: LS ACK: unknown LSA type 0: LS REQ: neighbor state low
0: LS REQ: empty request0: LS REQ: bad request
0: LS UPD: neighbor state low0: LS UPD: newer self-generate LSA
0: LS UPD: LSA checksum bad0: LS UPD:received less recent LSA
0: LS UPD: unknown LSA type 0: OSPF routing: next hop not exist
0: DD: MTU option mismatch

display ospf interface Syntax


display ospf interface [ interface-type port-number ]

View
Any view

Parameter

interface-type: Interface type

port-number: Interface number.

Description
Using the display ospf interface command, you can view the OSPF interface
information.

Example
Display the OSPF ethernet2/0/0 interface information.
600 CHAPTER 6: ROUTING PROTOCOL

<3Com> display ospf interface ethernet2/0/0


Interface: 10.110.0.2 (Ethernet2/0/0)
Cost: 1 State: BackupDR Type: Broadcast
Priority: 1
Designated Router: 10.110.0.1
Backup Designated Router: 10.110.0.2
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1

display ospf lsdb Syntax


display ospf [ area-id ] lsdb [ brief ] [ asbr | ase | network | nssa | opaque | router |
summary ] [ ip-address ] [ originate-router ip-address ] [ self-originate ]

View
Any view

Parameter

area-id: ID of the OSPF area, represented by decimal integer ranging from 0 to


4294967295 or in IP address format.

brief: Brief database information.

asbr: Database information of Type-4 LSA (summary-Asbr-LSA).

ase: Database information of Type-5 LSA (AS-external-LSA).

network: Database information of Type-2 LSA (Network-LSA).

nssa: Database information of Type-7 LSA (NSSA-external-LSA)

opaque: Database information of Opaque LSA.

router: Database information of Type-1 LSA (Router-LSA)

summary: Database information of Type-3 LSA (Summary-Net-LSA)

ip-address: Link state ID in IP address format.

originate-router ip-address: IP address of the router advertising LSA packet.

self-originate: Database information of self-originated LSA generated by local


router..

Description

Using the display ospf lsdb command, you can view the database information
about OSPF connecting state.

Example
Display the database information about OSPF connecting state.
<3Com> display ospf lsdb

OSPF Process 1 with Router ID 123.1.1.1

Link State Database


OSPF Configuration Commands 601

Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric Where
Rtr 1.1.1.1 1.1.1.1 563 36 80000008 0 SpfTree
Net 1.1.1.2 123.1.1.1 595 32 80000001 0 SpfTree
AS External Database:
Type LinkState ID AdvRouter Age Len Sequence Metric Where
ASE 1.1.0.0 1.1.1.1 561 36 80000001 1 Uninitialized
ASE 123.1.1.1 1.1.1.1 561 36 80000001 1 Uninitialized

Display the brief database information about OSPF connecting state.

<3Com> display ospf lsdb brief


OSPF Process 1 with Router ID 1.1.1.1
LS Database Statistics:
Area ID Stub Router Network S-Net S-ASBR Type-7 Subtotal??
0.0.0.0 0 2 1 1 0 0 4
0.0.0.1 0 2 1 1 0 4 8
AS External 4
Total 0 4 2 2 0 4 16

Display the database information of Type-7 LSA.

<3Com> display ospf lsdb nssa


OSPF Process 1 with Router ID 1.1.1.1
Link State Database
Area: 0.0.0.1
type : NSSA
ls id : 1.1.0.0
adv rtr : 1.1.1.1
ls age : 93
len : 36
seq : 80000002
chksum : 0x3c66
options : (No Type 7/5 translation, DC)
Net mask : 255.255.0.0
Tos 0 metric: 1
E type : 2
Forwarding Address :2.2.2.1
Tag: 1

Display database information of summary route.

<3Com> display ospf lsdb summary


OSPF Process 1 with Router ID 1.1.1.1
Link State Database
Area: 0.0.0.0
Type : SumNet
Ls id : 2.2.0.0
Adv rtr : 1.1.1.1
Ls age : 304
Len : 28
seq : 80000001
chksum : 0x61d4
Options : (DC)
Net mask : 255.255.0.0
Tos 0 metric: 1

Display database information of Type-1 LSA.


602 CHAPTER 6: ROUTING PROTOCOL

<3Com> display ospf lsdb router


Link State Data Base
Area: 0.0.0.0
Type : Router
Ls id : 20.0.0.1
Adv rtr : 20.0.0.1
Ls age : 988
Len : 36
seq : 80000006
chksum : 0x428c
Options : (DC) ASBR
Link count: 1
Link ID: 20.0.0.1
Data : 20.0.0.1
Type : TransNet
Metric : 10

Display database information of Type-2 LSA.

<3Com> display ospf lsdb network


OSPF Process 1 with Router ID 1.1.1.1
Link State Database
Area: 0.0.0.0
Type : Net
Ls id : 1.1.1.2
Adv rtr : 123.1.1.1
Ls age : 515
Len : 32
seq : 80000002
chksum : 0xc470
Options : (DC)
Net mask : 255.255.0.0
Attached Router 123.1.1.1
Attached Router 1.1.1.1

Display database information of Type-4 LSA.

<3Com> display ospf lsdb asbr


OSPF Process 1 with Router ID 2.2.2.2
Link State Database
Area: 0.0.0.1
Type : SumASB
Ls id : 123.1.1.1
Adv rtr : 1.1.1.1
Ls age : 20
Len : 28
seq : 80000001
chksum : 0x1f9b
Options : (DC)
Tos 0 metric: 1

Display database information of Type-5 LSA.

<3Com> display ospf lsdb ase


OSPF Process 1 with Router ID 1.1.1.1
Link State Database
type : ASE
ls id : 1.1.0.0
OSPF Configuration Commands 603

adv rtr : 1.1.1.1


ls age : 15
len : 36
seq : 80000001
chksum : 0x4a8
options : (DC)
Net mask : 255.255.0.0
Tos 0 metric: 1
E type : 2
Forwarding Address :0.0.0.0
Tag: 1

Display the LSA packets advertised from the router at 3.3.3.3.

<3Com> display ospf lsdb originate-router 3.3.3.3


Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric Where
Stub 30.0.0.0 3.3.3.3 -1 24 0 0 SpfTree
SNet 40.0.0.0 3.3.3.3 1524 28 80000006 1562 Inter List
Area: 0.0.0.1
Type LinkState ID AdvRouter Age Len Sequence Metric Where
Stub 40.0.0.0 3.3.3.3 -1 24 0 0 SpfTree
ASB 20.0.0.1 3.3.3.3 1524 28 80000003 1 SumAsb List

Display database information of the LSA packets generated by local router.

<3Com> display ospf lsdb self-originate


OSPF Process 1 with Router ID 1.1.1.1
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric Where
Rtr 1.1.1.1 1.1.1.1 539 36 80000016 0 SpfTree
SNet 2.2.0.0 1.1.1.1 445 28 80000008 1 Inter List
Area: 0.0.0.1
Type LinkState ID AdvRouter Age Len Sequence Metric Where
Rtr 1.1.1.1 1.1.1.1 539 36 8000000e 0 SpfTree
SNet 1.1.0.0 1.1.1.1 445 28 8000000a 1 Inter List
ASB 123.1.1.1 1.1.1.1 445 28 80000007 1 SumAsb List
AS External Database:
Type LinkState ID AdvRouter Age Len Sequence Metric Where
ASE 100.0.0.0 1.1.1.1 849 36 8000000a 2 Ase List
ASE 1.1.0.0 1.1.1.1 737 36 8000000e 1 Ase List

display ospf nexthop Syntax


display ospf nexthop

View
Any view

Parameter
None
604 CHAPTER 6: ROUTING PROTOCOL

Description
Using the display ospf nexthop command, you can view the information about
the next-hop

Example
Display the OSPF next-hop information.
<3Com> display ospf nexthop
Address Type Refcount Intf Addr Intf Name
---------------------------------------------------------------------
202.38.160.1Direct 3202.38.160.1 Interface serial2/0/0
202.38.160.2Neighbor 1202.38.160.1 Interface serial2/0/0

display ospf peer Syntax


display ospf peer [ brief ]

View
Any view

Parameter
brief: Brief information of neighbors in areas.

Description
Using the display ospf peer command, you can view the information about the
neighbors in OSPF areas.
Using the display ospf peer brief command, you can view the brief information
of neighbors in OSPF, mainly the neighbor number at all states in every area.
The display format of OSPF neighbor valid time is different according to the length
of time. Description is as follows:
■ XXYXXMXXD: More than a year, namely year: month: day
■ XXXdXXhXXm: More than a day but less than a year, that is, day: hour:
minute
■ XX: XX: XX: Less than a day, namely hour: minute: second

Example
View the information of OSPF peer.
<3Com> display ospf peer
Area 0.0.0.0 interface 1.1.1.1(Serial2/0/0)'s neighbor(s)
RouterID: 1.1.1.3 Address: 1.1.1.3
State: Full Mode: Nbr is Master Priority: 1
DR: 1.1.1.3 BDR: 1.1.1.1
Dead timer expires in 31s
Neighbor is comes for 00:08:24

View the brief information of neighbors in areas.

<3Com> display ospf peer brief


OSPF Process 1 with Router ID 1.1.1.1
Neighbor Statistics
Area ID Down Attempt Init 2-Way ExStart Exchange Loading Full Total
0.0.0.0 0 0 0 0 0 0 0 1 1
OSPF Configuration Commands 605

0.0.0.1 0 0 0 0 0 0 0 1 1
Total 0 0 0 0 0 0 0 2 2

display ospf Syntax


request-queue display ospf request-queue

View
Any view

Parameter
None

Description
Using the display ospf request-queue command, you can view the information
about the OSPF request-queue.

Example
View the information about the OSPF request-queue.
<3Com> display ospf request-queue
The Router's Neighbors is
RouterID: 103.160.1.1 Address: 103.169.2.5
Interface: 103.169.2.2 Area: 0.0.0.1
LSID:129.11.25.0 AdvRouter:103.160.1.1 Sequence:80000001 Age:201
LSID:129.11.25.0 AdvRouter:103.160.1.1 Sequence:80000001 Age:201
LSID:129.11.25.0 AdvRouter:103.160.1.1 Sequence:80000001 Age:201

display ospf Syntax


retrans-queue display ospf retrans-queue

View
Any view

Parameter
None

Description
Using the display ospf retrans-queue command, you can view the information
about the OSPF retransmission queue.

Example
View the information about the OSPF retransmission queue.
<3Com> display ospf retrans-queue
OSPF Process 200 with Router ID 103.160.1.1
Retransmit List
The Router's Neighbors is
RouterID: 162.162.162.162 Address: 103.169.2.2
Interface: 103.169.2.5 Area: 0.0.0.1
Retrans list:
Type: ASE LSID:129.11.77.0 AdvRouter:103.160.1.1
Type: ASE LSID:129.11.108.0 AdvRouter:103.160.1.1
606 CHAPTER 6: ROUTING PROTOCOL

display ospf routing Syntax


display ospf routing

View
Any view

Parameter
None

Description
Using the display ospf routing command, you can view the information about
OSPF routing table.

Example
View the routing table information related to OSPF.
<3Com> display ospf routing
Routing for Network
Destination Cost Type NextHop AdvRouter Area
10.110.0.0/16 1 Net 10.110.0.1 10.110.0.1 0
30.110.0.0/16 1 Stub 30.110.0.1 3.3.3.3 0
Total Nets: 2
Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0

display ospf vlink Syntax


display ospf vlink

View
Any view

Parameter
None

Description
Using the display ospf vlink command, you can view the information about
OSPF virtual links.

Example
View OSPF virtual links information.
<3Com> display ospf vlink
Virtual-link Neighbor-id -> 1.1.1.1, State: Down
Cost: 0 State: Down Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1

filter-policy export Syntax


filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ]
undo filter-policy {acl-number | ip-prefix ip-prefix-name} export [ routing-protocol ]

View
OSPF view
OSPF Configuration Commands 607

Parameter

acl-number: Access control list number.

ip-prefix-name Name of the address prefix list.

routing-protocol: Protocol advertising the routing information, including direct,


isis, bgp, rip and static at present.

Description
Using the filter-policy export command, you can configure rules for OSPF
filtering to advertised routing information. Using the undo filter-policy export
command, you can cancel the filtering rules that have been set.
By default, no filtering of the distributed routing information is performed.
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. Then, the filter-policy command can be used to
configure the filtering conditions for the routing information to be advertised.
Only the routing information passing the filtration can be advertised.
For the related commands, see acl and ip ip-prefix

Example
Configure OSPF that only advertises the routing information permitted by acl 1.
[3Com] acl number 1
[3Com-acl-basic-1] rule permit source 11.0.0.0 0.255.255.255
[3Com-acl-basic-1] rule deny source any
[3Com-ospf] filter-policy 1 export

filter-policy import Syntax


filter-policy { acl-number | ip-prefix ip-prefix-name | gateway prefix-list-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name | gateway ip-prefix-name }
import

View
OSPF view

Parameter

acl-number: Access control list number used for filtering the destination addresses
of the routing information.

ip-prefix-name: Name of address prefix list used for filtering the destination
addresses of the routing information.

gateway ip-prefix-name: Name of address prefix list used for filtering the
addresses of the neighboring routers advertising the routing information.

Description
Using the filter-policy import command, you can configure the OSPF rules of
filtering the routing information received. Using the undo filter-policy import
command, you can cancel the filtering of the routing information received.
By default, no filtering of the received routing information is performed.
608 CHAPTER 6: ROUTING PROTOCOL

In some cases, it may be required that only the routing information meeting some
conditions can be received. Then, the filter-policy command can be used to set
the filtering conditions for the routing information to be advertised. Only the
routing information passed the filtration can be received.
Using the filter-policy import command, you can filter the routes calculated by
OSPF. Only the filtered routes can be added to the routing table. The filtering can
be performed according to the next hop and destination of the route.
Since OSPF is a dynamic routing protocol based on link state, its routing
information hides in the link state, this command cannot filter the
advertised/received routing information in link state. There is more limitation when
using this command in OSPF than using it in distance vector routing protocol.
This command is valid for this process only if multiple OSPF processes are enabled.

Example
Filter the received routing information according to the rule defined by the access
control list 2.
[3Com] acl number 2
[3Com-acl-basic-2] rule permit source 20.0.0.0 0.255.255.255
[3Com-acl-basic-2] rule deny source any
[3Com-ospf-1] filter-policy 2 import

import-route Syntax
import-route protocol [ cost value ] [ type value ] [ tag value ] [ route-policy
route-policy-name ]
undo import-route protocol

View
OSPF view

Parameter

protocol: Specifies the source routing protocol that can be imported. At present,
it includes direct, rip, bgp, isis, static, ospf, ospf-ase, and ospf-nssa.

ospf process-id: Imports only the internal routes found by OSPF process-id as
external routing information. If no process number is specified, the OSPF default
process number 1 is used.

ospf-ase process-id: Imports only the ASE external routes found by OSPF
process-id as external routing information. If no process number is specified, the
OSPF default process number 1 is used.

ospf-nssa process-id: Imports only the NSSA external routes found by OSPF
process-id as external routing information. If no process number is specified, the
OSPF default process number 1 is used.

route-policy route-policy-name: Imports only the routes matching the specified


Route-policy.
OSPF Configuration Commands 609

Description
Using the import-route command, you can import the information of another
routing protocol. Using the undo import-route command, you can cancel the
imported external routing information.
By default, the routing information of other protocols is not imported.

Example
Specify an imported RIP route as the route of type 2, with the route tag as 33 and
the route cost as 50.
[3Com-ospf-1] import-route rip type 2 tag 33 cost 50
Specify OSPF process 100 to import the route found by OSPF 160.
[3Com-ospf-160] import-route ospf 160

network Syntax
network ip-address wildcard
undo network ip-address wildcard

View
OSPF area view

Parameter

ip-address: Address of the network segment where the interface locates.

wildcard: IP address wildcard mask, which is similar to the reversed form of the
mask of IP address. But when configure this parameter, you can type it as mask of
IP address, it could be translated as wildcard mask by VRP system.

Description
Using the network command, you can configure the interface running OSPF.
Using the undo network command, you can cancel the interface running OSPF.
By default, the interface does not belong to any area.
To run the OSPF protocol on one interface, the master IP address of this interface
must be in the range of the network segment specified by this command. If only
the slave IP address of the interface is in the range of the network segment
specified by this command, this interface will not run OSPF protocol.
After OSPF multi-instance is configured, different OSPF processes are bound with
different VPN instances. The network addresses between different processes can
be the same or inclusive. But for the same VPN instance, the network addresses
between different OSPF processes cannot be the same or inclusive. Otherwise, the
later configured command cannot be valid and the following will be displayed:
Network already set in OSPF process xx, that is, if network 10.1.0.0 0.0.255.255 is
enabled in process 100, network 10.1.0.0 0.0.255.255, network 10.1.1.0
0.0.0.255 or network 10.0.0.0 0.255.255.255 will fail to be enabled in other
OSPF processes.

CAUTION: OSPF configuration can only enable the interfaces that belong to the
same VPN instance.
610 CHAPTER 6: ROUTING PROTOCOL

After OSPF is configured multi-instance, if different VPN instances are bound in


the OSPF process, the network addresses between different processes can be the
same or included. But for the same VPN instance, the network addresses between
different OSPF processes cannot be the same or included.

For the related command, see ospf.

Example
Specify the interfaces whose master IP addresses are in the segment range of
10.110.36.0 to run the OSPF protocol and specify the number of the OSPF area
(where these interfaces are located) as 6.
[3Com-ospf] area 6
[3Com-ospf-1-area-0.0.0.6] network 10.110.36.0.0 0.0.0.255

Enable OSPF process 100 on the router and specify the number of the area where
the interface is located as 2.

[3Com] router id 10.110.1.9


[3Com] ospf 100
[3Com-ospf-100] area 2
[3Com-ospf-100-area-0.0.0.2] network 131.108.20.0 0.0.0.255

Enable OSPF process 200 on the router and specify the number of the area where
the interface is located as 1.

[3Com] ospf 200 vpn-instance vpn1


[3Com-ospf-200] area 1
[3Com-ospf-200-area-0.0.0.1] network 131.108.20.0 0.0.0.255

Enable OSPF process 300 on the router and specify the number of the area where
the interface is located as 2.

[3Com] ospf 300 vpn-instance vpn1


[3Com-ospf-300] area 2
[3Com-ospf-300-area-0.0.0.2] network 131.108.20.0 0.0.0.255
Network already set in OSPF process 200

nssa Syntax
nssa [ default-route-advertise ] [ no-import-route ] [ no-summary ]
undo nssa

View
OSPF area view

Parameter

default-route-advertise: Only available for the NSSA ABR or ASBR. When using the
parameter at NSSA ABR, you can generate Type-7 LSAs for the default route no
matter whether there exists the default route 0.0.0.0 in the routing table. When
using the parameter at NSSA ASBR, you can generate Type-7 LSAs for the default
route only if there exists the default route 0.0.0.0 in the routing table.
OSPF Configuration Commands 611

no-import-route: Forbids AS external routes to be imported in to the NSSA as


Type-7 LSAs. This parameters is available for the NSSA ABR and for the ASBR in
OSPF AS, to ensure all external route information is imported into the OSPF areas.

no-summary: Only available for the NSSA ABR. When the parameter is selected,
the NSSA ABR advertises a default route via the Summary-LSAs (Type-3) in the
area, but no other Summary-LSAs to other areas.

Description
Using the nssa command, you can configure an area as NSSA area. Using the
undo nssa command, you can cancel the function.
By default, NSSA area is not configured.
For all the routers in the NSSA area, the command nssa must be used to configure
the area as NSSA .

Example
Configure area 1 as NSSA.
[3Com-ospf-1] area 1
[3Com-ospf-1-area-0.0.0.1] network 10.110.0.0 0.255.255.255
[3Com-ospf-1-area-0.0.0.1] nssa

opaque-capability Syntax
opaque-capability enable
undo opaque-capability

View
OSPF view

Parameter
None

Description
Using the opaque-capability enable command, you can enable the Opaque
capability of OSPF. Using the undo opaque-capability command, you can disable
the Opaque capability of OSPF.

CAUTION: By default, Opaque capability of OSPF is enabled.

If the application based on Opaque LSA is enabled, for example, the area TE
capability is enabled, the Opaque capability cannot be disabled.

Example
Enable Opaque capability.
[3Com-ospf-100] opaque-capability enable

ospf Syntax
ospf [ process-id ]
undo ospf [ process-id ]
612 CHAPTER 6: ROUTING PROTOCOL

View
System view

Parameter

process-id: Number of OSPF. If no process number is specified, the default number


1 is used.

Description
Using the ospf command, you can enable the OSPF protocol. Using the undo
ospf command, you can disable the OSPF protocol.
After enabling OSPF protocol, the user can make the corresponding configuration
in OSPF view.
By default, the system does not run the OSPF protocol.
VRP supports OSPF multi-process. Multiple OSPF processes can be enabled by
specifying different process numbers on a router.
It is suggested that user should specify router-id with parameter router-id when
enabling OSPF. Different router-ids should be specified for different processes if
multiple processes are enabled on the router.
For the related command, see network.

Example
Enable the running of the OSPF protocol.
[3Com] router id 10.110.1.8
[3Com] ospf

Enable OSPF process 120 to run OSPF.

[3Com] router id 10.110.1.8


[3Com] ospf 120
[3Com-ospf-120]

ospf Syntax
authentication-mode ospf authentication-mode { simple password | md5 key-id key }
undo ospf authentication-mode { simple | md5 }

View
Interface view

Parameter

simple password: Character string not exceeding 8 characters using simple text
authentication.

key-id: ID of the authentication key in MD5 cipher text authentication mode in the
range from 1 to 255.

key: MD5 authentication key. If it is input in a simple form, MD5 key is a character
string of 1 to 16 characters. And it will be displayed in a cipher text form in a
OSPF Configuration Commands 613

length of 24 characters when display current-configuration command is executed.


Inputting the 24-character MD5 key in a cipher text form is also supported.

Description
Using the ospf authentication-mode command, you can configure the
authentication mode and key between adjacent routers. Using the undo ospf
authentication-mode command, you can cancel the authentication key that has
been set.
By default, the interface does not authenticate the OSPF packets.
The passwords for authentication keys of the routers on the same network
segment must be identical. In addition, using authentication-mode command, you
can set the authentication type of the area authentication key so as to validate the
configuration.
For the related command, see authentication-mode.

Example
Set the area 1 where the network segment 131.119.0.0 of Interface serial1/0/0 is
located to support MD5 cipher text authentication. The authentication key
identifier is set to 15 and the authentication key is 3Com.
[3Com-ospf-1] area 1
[3Com-ospf-1-area-0.0.0.1] network 131.119.0.0 0.0.255.255
[3Com-ospf-1-area-0.0.0.1] authentication-mode md5
[3Com-ospf-1-area-0.0.0.1] interface serial 1/0/0
[3Com-Serial1/0/0] ospf authentication-mode md5 15 3Com

ospf cost Syntax


ospf cost value
undo ospf cost

View
Interface view

Parameter

value: Cost for running OSPF protocol, ranging from 1 to 65535.

Description
Using the ospf cost command, you can configure different packet sending costs
so as to send packets from different interfaces. Using the undo ospf cost
command, you can restore the default costs.
By default, the interface automatically calculates the costs required for running
OSPF protocol according to the current Baud rate.

Example
Specify the cost spent when an interface runs OSPF as 33.
[3Com] interface serial1/0/0
[3Com-Serial1/0/0] ospf cost 33
614 CHAPTER 6: ROUTING PROTOCOL

ospf dr-priority Syntax


ospf dr-priority value
undo ospf dr-priority

View
Interface view

Parameter

value: Interface priority for electing the "designated router", ranging from 0 to
255. By default, the value is 1.

Description
Using the ospf dr-priority command, you can configure the priority for electing
the "designated router" on an interface. Using the undo ospf dr-priority
command, you can restore the default value.
Interface priority determines the interface qualification when electing the
“designated router”. The interface with high priority is considered first when there
is collision in election.

Example
Set the priority of the interface Ethernet1/0/0 to 8, when electing the DR.
[3Com] interface Ethernet1/0/0
[3Com-Ethernet1/0/0] ospf dr-priority 8

ospf mib-binding Syntax


ospf mib-binding process-id
undo ospf mib-binding

View
System view

Parameter

process-id: Number of OSPF process.

Description
Using the ospf mib-binding command, MIB operation can be bound on the
specified OSPF process. Using the undo ospf mib-binding command, you can
restore the default configuration.
MIB operation is always bound on the first process enabled by OSPF protocol.
Using the this command, MIB operation can be bound on other OSPF processes.
Using the undo ospf mib-binding command, you can cancel the binding
configuration. MIB operation is rebound automatically by OSPF protocol on the
first enabled process.
By default, MIB operation is bound on the first enabled OSPF process.

Example
Bind MIB operation on OSPF process 100.
OSPF Configuration Commands 615

[3Com] ospf mib-binding 100


Cancel MIB operation binding
[3Com] undo ospf mib-binding

ospf mtu-enable Syntax


ospf mtu-enable
undo ospf mtu-enable

View
Interface view

Parameter
None

Description
Using the ospf mtu-enable command, you can enable the interface to write MTU
value when sending DD packets. Using the undo ospf mtu-enable command,
you can restore the default settings.
By default, the MTU value is 0 when sending DD packets, i.e. the actual MTU value
of the interface is not written.
Database Description Packets (DD packets) are used to describe its own LSDB
when the router running OSPF protocol is synchronizing the database.
The default MTU value of DD packet is 0. With this command, the specified
interface can be set manually to write the MTU value area in DD packets when
sending DD packets, i.e. the actual MTU value of the interface is written in.

Example
Set interface Ethernet1/0/0 to write MTU value area when sending DD packets.
[3Com] interface Ethernet1/0/0
[3Com-Ethernet1/0/0] ospf mtu-enable

ospf network-type Syntax


ospf network-type { broadcast | nbma | p2mp | p2p }
undo ospf network-type

View
Interface view

Parameter

broadcast: Changes the interface network type to broadcast.

nbma: Changes the interface network type to Non-Broadcast Multicast Access.

p2mp: Changes the interface network type to point-to-multipoint.

p2p: Changes the interface network type to point-to-point.


616 CHAPTER 6: ROUTING PROTOCOL

Description
Using the ospf network-type command, you can configure the network type of
OSPF interface. Using the undo ospf network-type command, you can restore
the default network type of the OSPF interface.
OSPF divides networks into four types by link layer protocol:
■ Broadcast: If Ethernet is adopted, OSFP defaults the network type to
broadcast.
■ Non-Broadcast Multi-access (nbma): If Frame Relay, ATM, HDLC or X.25 is
adopted, OSPF defaults the network type to NBMA.
■ Point-to-Multipoint (p2mp): OSPF will not default the network type of any
link layer protocol to p2mp. The general undertaking is to change a partially
connected NBMA network to p2mp network if the NBMA network is not
fully-meshed.
■ Point-to-point (p2p): If PPP or LAPB is adopted, OSPF defaults the network
type to p2p.

If there is a router not supporting multicast address on the broadcast network, the
interface network type can be changed to NBMA. The interface network type can
also be changed from NBMA to broadcast.

A network that can be called an NBMA network or can be changed to a broadcast


network should satisfy the following condition: there is a virtual circuit directly
connects any two routers on the network. In other words, the network is
full-meshed. If the network cannot satisfy this condition, the interface network
type must be changed to point-to-multipoint. In this way, these two routers can
exchange routing information via a router directly connected with the two routers.

If there are only two routers running OSPF protocol on the same network
segment, the interface network type can be changed to point-to-point.

Note: When the network type of an interface is NBMA or it is changed to NBMA


manually, the peer command must be used to configure the neighboring point.

For the related command, see ospf dr-priority.

Example
Set the interface serial1/0/0 to NBMA type.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf network-type nbma

ospf timer dead Syntax


ospf timer dead seconds
undo ospf timer dead

View
Interface view
OSPF Configuration Commands 617

Parameter

seconds: Dead interval of the OSPF neighbor. It is in second and ranges from 1 to
65535.

Description
Using the ospf timer dead command, you can configure the dead interval of the
OSPF neighbor. Using the undo ospf timer dead command, you can restore the
default value of the dead interval of the neighbor.
By default, the dead interval for the OSPF neighbors of p2p and broadcast
interfaces is 40 seconds, and for those of p2mp and nbma interfaces is 120
seconds.
The dead interval of OSPF neighbors means that within this interval, if no Hello
message is received from the neighbor, the neighbor will be considered to be
invalid. The value of dead seconds should be at least 4 times of that of the Hello
seconds. The dead seconds for the routers on the same network segment must be
identical.
For the related command, see ospf timer hello.

Example
Set the neighbor dead interval on the interface serial1/0/0 to 80 seconds.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf timer dead 80

ospf timer hello Syntax


ospf timer hello seconds
undo ospf timer hello

View
Interface view

Parameter

seconds: Interval in seconds for an interface to transmit hello message. It ranges


from 1 to 255.

Description
Using the ospf timer hello command, you can configure the interval for
transmitting Hello messages on an interface. Using the undo ospf timer hello
command, you can restore the default value.
By default, the interval is 10 seconds for an interface of p2p or broadcast type to
transmit Hello messages, and 30 seconds for an interface of nbma or p2mp type.
For the related command, see ospf timer dead.

Example
Configure the interval of transmitting Hello packets on the interface serial1/0/0 to
20 seconds.
[3Com] interface serial1/0/0
618 CHAPTER 6: ROUTING PROTOCOL

[3Com-serial1/0/0] ospf timer hello 20

ospf timer poll Syntax


ospf timer poll seconds
undo ospf timer poll

View
Interface view

Parameter

seconds: Specifies the poll Hello messages interval, ranging from 1 to 65535 and
measured in seconds. By default, the value is 120 seconds.

Description
Using the ospf timer poll command, you can configure the poll Hello message
interval on nbma and p2mp network. Using the undo ospf timer poll command,
you can restore the default value.
On the nbma and p2mp network, if a neighbor is invalid, the Hello message will
be transmitted regularly according to the poll seconds. You can configure the poll
seconds to specify how often the interface transmits Hello message before it
establishes adjacency with the adjacent router. The value of poll seconds should be
no less than 3 times of that of Hello seconds.

Example
Configure to transmit poll Hello message from interface serial2/0/0 every 130
seconds.
[3Com-serial2/0/0] ospf timer poll 130

ospf timer retransmit Syntax


ospf timer retransmit interval
undo ospf timer retransmit

View
Interface view

Parameter

interval: Interval in seconds for re-transmitting LSA on an interface. It ranges from


1 to 65535.The default value is 5 seconds.

Description
Using the ospf timer retransmit command, you can configure the interval for
LSA re-transmitting on an interface. Using the undo ospf timer retransmit
command, you can restore the default interval value for LSA re-transmitting on the
interface.
If a router running OSPF transmits a "link state advertisement"(LSA) to the peer, it
needs to wait for the acknowledgement packet from the peer. If no
acknowledgement is received from the peer within the LSA retransmission, this
LSA will be re-transmitted. According to RFC2328, the LSA retransmission
OSPF Configuration Commands 619

between adjacent routers should not be set too short. Otherwise, unexpected
retransmission will be caused.

Example
Specify the retransmission for LSA transmitting between the interface serial1/0/0
and the adjacent routers to 12 seconds.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf timer retransmit 12

ospf trans-delay Syntax


ospf trans-delay seconds
undo ospf trans-delay

View
Interface view

Parameter

seconds: Transmitting delay of LSA on an interface. It is in seconds and ranges


from 1 to 3600. By default, the value is 1 second.

Description
Using the ospf trans-delay command, you can configure the LSA transmitting
delay on an interface. Using the undo ospf trans-delay command, you can
restore the default value of the LSA transmitting delay on an interface.
LSA will age in the "link state database" (LSDB) of the router as time goes by (add
1 for every second), but it will not age during network transmission. Therefore, it is
necessary to add a period of time set by this command to the aging time of LSA
before transmitting it.

Example
Specify the trans-delay of transmitting LSA on the interface serial1/0/0 as 3
seconds.
[3Com] interface serial1/0/0
[3Com-serial1/0/0] ospf trans-delay 3

peer Syntax
peer ip-address [ dr-priority dr-priority-number ]
undo peer ip-address

View
OSPF view

Parameter

ip-address: IP address of the neighboring point.

dr-priority-number: Represents the corresponding value of the network neighbor


priority, being an integer ranging from 0 to 255. The default value is 1.
620 CHAPTER 6: ROUTING PROTOCOL

Description
Using the peer command, you can configure the IP address of adjacent routers
and specify a DR priority on an NBMA network. Using the undo peer command,
you can cancel the configuration.
On the frame relay network, a full-meshed network (i.e. there is a VC directly
connecting any two routers on the network) can be implemented by configuring
map. Thus OSPF can perform in the same way in the frame relay network as in the
broadcast network (such as electing DR and BDR). However, the IP address of
adjacent routers and their election rights must be configured manually for the
interface because adjacent routers cannot be found dynamically by advertising
Hello messages.

Example
Configure the IP address of peer router as 10.1.1.1.
[3Com-ospf-1] peer 10.1.1.1

preference Syntax
preference [ ase ] value
undo preference [ ase ]

View
OSPF view

Parameter

value: OSPF protocol route preference, ranging from 1 to 255.

ase: Preference of an imported external route of the AS.

Description
Using the preference command, you can configure the preference of an OSPF
protocol route. Using the undo preference command, you can restore the
default value of the OSPF protocol route.
By default, the preference of an OSPF protocol internal route is 10 and the
preference of an external route is 150.
Because multiple dynamic routing protocols could be running on a router, there is
the problem of routing information sharing among routing protocols and
selection. Therefore, a default preference is specified for each routing protocol.
When multiple routes to the same destination are found by different routing
protocols, the route found by high preference routing protocol will be selected to
forward IP packets.

Example
Specify the preference of an external imported route of the AS as 160.
[3Com-ospf-1] preference ase 160

reset ospf Syntax


reset ospf [ statistics ] { all | process-id }
OSPF Configuration Commands 621

View
User view

Parameter

statistics: Resets statistics of the OSPF process.

process-id: OSPF process number. If no OSPF process number is specified, all the
OSPF processes should be reset.

all: Resets all the OSPF processes.

Description
Using the reset ospf all command, you can reset all the OSPF processes. Using
the parameter of statistics to reset statistics about OSPF.
The reset ospf process-id command can be used to reset the specified process
and clear statistics data. Using the parameter of statistics to reset statistics about
OSPF.
Using the reset ospf command to reset the OSPF process, the following results
are expected:
■ Clear invalid LSA immediately without waiting for LSA timeout.
■ If the Router ID changes, a new Router ID will take effect by executing the
command.
■ Re-elect DR and BDR conveniently.
■ OSPF configuration will not be lost if the system is restarted.
■ Delete the original OSPF routes.
■ After OSPF process is restarted, new routes and LSA will be generated
correspondingly and LSA will be advertised.

The system will require the user to confirm whether to re-enable the OSPF
protocol after execution of the command.

Example
Reset all the OSPF processes
<3Com> reset ospf all

Reset the OSPF process 200

<3Com> reset ospf 200

router id Syntax
router id router-id
undo router id

View
System view
622 CHAPTER 6: ROUTING PROTOCOL

Parameter

router-id: Router ID that is a 32-bit unsigned integer.

Description
Using the router id command, you can configure the ID of a router running the
OSPF protocol. Using the undo router id command, you can cancel the router ID
that has been configured.
By default, no router ID is configured.
Router ID is a 32-bit unsigned integer that uniquely identifies a router in an OSPF
autonomous system. If the router ID specified, the configurations of OSPF can not
be set.
When the router ID is configured manually, the IDs of any two routers cannot be
identical in the autonomous system. So, the IP address of certain interface might
as well be selected as the ID of this router.

The modified router ID will not be valid unless OSPF is re-enabled.

For the related command, see ospf.

Example
Set the router ID to 10.1.1.3.
[3Com] router id 10.1.1.3

silent-interface Syntax
silent-interface interface-type interface-number
undo silent-interface interface-type interface-number

View
OSPF view

Parameter

interface-type: Specifies the interface type

interface-number: Specifies the interface number.

Description
Using the silent-interface command, you can disable an interface to transmit
OSPF packet. Using the undo silent-interface command, you can restore the
default setting.
By default, the interface is enabled to transmit OSPF packet.
You can use this command to disable an interface to transmit OSPF packet, so as
to prevent the router on some network from receiving the OSPF routing
information.
Different processes can disable the same interface to transmit OSPF packet. While
silent-interface command only takes effect on the interface enabled with OSPF
by this process, being invalid for the interface enabled by other processes.
OSPF Configuration Commands 623

Example
Disable interface serial2/0/0 to transmit OSPF packet.
[3Com-ospf-1] silent-interface serial2/0/0

Disable interface Ethernet2/0/0 to transmit OSPF packet in both OSPF process 100
and OSPF process 200.

[3Com] router id 10.110.1.9


[3Com] ospf 100
[3Com-ospf-100] silent-interface ethernet 2/0/0
[3Com-ospf-100] quit
[3Com] router id 20.18.0.7
[3Com] ospf 200
[3Com-ospf-200] silent-interface ethernet 2/0/0

snmp-agent trap enable Syntax


ospf snmp-agent trap enable ospf [ process-id ] [ trap-type ]
undo snmp-agent trap enable ospf [ trap-type ]

View
System view

Parameter

process-id: OSPF process number. If no OSPF process number is specified, this


command is valid for all the current OSPF processes.

trap-type: Type of SNMP TRAP packet transmitted by OSPF. It can be the keyword
in the following table.
Table 3 SNMP TRAP type keywords

keyword description
ifauthfail Enables the InterfaceAuthenticationFailure trap packets
ifcfgerror Enables the InterfaceConfigError trap packets
ifrxbadpkt Enables the InterfaceRecieveBadPacket trap packets
ifstatechange Enables the InterfaceStateChange trap packets
iftxretransmit Enables the InterfaceTxRetransmitPacket trap packets
lsdbapproachoverflow Enables the LsdbApproachOverflow trap packets
lsdboverflow Enables the LsdbOverflow trap packets
maxagelsa Enables the MaxAgeLsa trap packets
nbrstatechange Enables the NeighborStateChange trap packets
originatelsa Enables the OriginateLsa trap packets
virifauthfail Enables the VirtualInterfaceAuthenticationFailure trap
packets
virifcfgerror Enables the VirtualInterfaceConfigError trap packets
virifrxbadpkt Enables the VirtualInterfaceRecieveBadPacket trap packets
virifstatechange Enables the VirtualInterfaceStateChange trap packets
viriftxretransmit Enables the VirtualInterfaceTxRetransmitPacket trap packets
virnbrstatechange Enables the VirtualNeighborStateChange trap packets
624 CHAPTER 6: ROUTING PROTOCOL

Description
Using the snmp-agent trap enable ospf command, you can enable the TRAP
function of OSPF. Using the undo snmp-agent trap enable ospf command, you
can disable the TRAP function.
This command takes no effect on the OSPF process enabled after its execution.
By default, no OSPF process is enabled to transmit TRAP packets.
For detailed configuration of SNMP TRAP, refer to “system management” section
in this manual.

Example
Enable TRAP function of OSPF process 100.
<3Com> snmp-agent trap enable ospf 100

spf-schedule-interval Syntax
spf-schedule-interval interval
undo spf-schedule-interval

View
OSPF view

Parameter

Interval: SPF calculation interval of OSPF, which is in seconds in the range of 1 to


10. The default value is 5 seconds.

Description
Using the spf-schedule-interval command, you can configure the route
calculation interval of OSPF. Using the undo spf-schedule-interval command,
you can restore the default setting.
According to the Link State Database (LSDB), the router running OSPF can
calculate the shortest path tree taking itself as the root and determine the next
hop to the destination network according to the shortest path tree. By adjusting
SPF calculation interval, network frequently changing can be restrained, which
may lead to that too many bandwidth resources and router resources will be used.

Example
Set the OSPF route calculation interval of 3Com to 6 seconds.
[3Com-ospf-1] spf-schedule-interval 6

stub Syntax
stub [ no-summary ]
undo stub

View
OSPF area view
OSPF Configuration Commands 625

Parameter

no-summary: Only available for the ABR in Stub area. When this parameter is
selected, the ABR only advertises the Summary-LSA for the default route, but no
other Summary-LSAs. The area is also called totally stub area.

Description
Using the stub command, you can configure the type of an OSPF area as the STUB
area. Using the undo stub command, you can cancel the settings.
By default, no area is set to be the STUB area.
All the routers in a Stub area must be configured with the corresponding attribute.
For the related command, see default-cost.

Example
Set the type of OSPF area 1 to the STUB area.
[3Com-ospf] area 1
[3Com-ospf-area-0.0.0.1] stub

vlink-peer Syntax
vlink-peer router-id [ hello seconds] [ retransmit seconds ] [ trans-delay seconds ] [ dead
seconds ] [ simple password | md5 keyid key ]
undo vlink-peer router-id

View
OSPF area view

Parameter

router-id: Router ID of virtual link neighbor.

hello seconds: Interval that router transmits hello message. It ranges from 1 to
8192 seconds. This value must equal the hello seconds value of the router virtually
linked to the interface. By default, the value is 10 seconds,

retransmit seconds: Specifes the interval for re-transmitting the LSA packets on an
interface. It ranges from 1 to 8192 seconds. By default, the value is 5 seconds.

trans-delay seconds: Specifes the interval for delaying transmitting LSA packets on
an interface. It ranges from 1 to 8192 seconds. By default, the value is 1 second.

dead seconds: Specifies the interval of death timer. It ranges from 1 to 8192
seconds. This value must equal the dead seconds of the router virtually linked to it
and must be at least 4 times of the hello seconds. By default, the value is 40
seconds.

simple password: Specifies the simple text authentication key, not exceeding 8
characters, of the interface. This value must equal the authentication key of the
virtually linked neighbor.

keyid: Specifies the MD5 authentication key ID. Its value ranges from 1 to 255. It
must be equal to the authentication key ID of the virtually linked neighbor.
626 CHAPTER 6: ROUTING PROTOCOL

key: Specifies the authentication key on an interface. It is a character string not


exceeding 16 characters. This value must equal the authentication key of the
virtually linked neighbor. And the key will be displayed in a cipher text form in a
length of 24 characters when display current-configuration command is executed.
Inputting the key in a cipher text form with 24 characters long is also supported.

Description
Using the vlink-peer command, you can create and configure a virtual link. Using
the undo vlink-peer command, you can cancel an existing virtual link.
According to RFC2328, the OSPF area should be connected with the backbone
network. You can use vlink-peer command to keep the connectivity. Virtual link
somewhat can be regarded as a common ospf enabled interface so that you can
easily understand how to configure the parameters such as hello, retransmit, and
trans-delay on it.
One thing should be mentioned. When configuring virtual link authentication,
authentication-mode command is used to set the authentication mode as MD5
cipher text or simple text on the backbone network.
For the related command, see authentication-mode, and display ospf.

Example
Create a virtual link to 10.110.0.3 and use the MD5 cipher text authentication
mode.
[3Com-ospf] area 10.0.0.0
[3Com-ospf-area-10.0.0.0] vlink-peer 10.110.0.3 md5 3 345

BGP Configuration For the commands defining routing policies in BGP, refer to the "IP Routing Policy
Commands Configuration Commands" of the next chapter.

For the configuration examples and parameter explanation of VPNv4 and VPN
instance in BGP, refer to the "Multicast" module and "MPLS" module of this
manual.

aggregate Syntax
aggregate address mask [ as-set ] [ detail-suppressed ] [ suppress-policy
route-policy-name ] [ origin-policy route-policy-name ] [ attribute-policy
route-policy-name ]
undo aggregate address mask [ as-set ] [ detail-suppressed ] [ suppress-policy
route-policy-name ] [ origin-policy route-policy-name ] [ attribute-policy
route-policy-name ]

View
BGP view

Parameter

address: Address of the aggregated route, in dotted decimal notation.

mask: Network mask of the aggregated route, in dotted decimal notation.

as-set: Creates a route with AS segment.


BGP Configuration Commands 627

detail-suppressed: Only advertise the aggregated route.

suppress-policy route-policy-name: Suppresses the specific route selected, some of


which are not advertised.

origin-policy route-policy-name: Selects the originating routes used for


aggregation.

attribute-policy route-policy-name: Sets the attributes of the aggregated route.

Description
Using the aggregate command, you can establish an aggregated record in the
BGP routing table. Using the undo aggregate command, you can cancel the
function.
By default, there is no route aggregation.
The keywords are explained as follows:
Table 4 Functions of the keywords

Keywords Function
as-set Used to create an aggregated route, whose AS path information
includes detailed routes. Use this keyword carefully when many
AS paths need to be aggregated, for the frequent change of
routes may lead to route vibration.
detail-suppressed This keyword does not establish any aggregated route, but it
restrains the advertisement of all the specific routes. If only some
specific routes are to be restrained, use the peer filter-policy
command carefully.
suppress-policy Create an aggregated route with this keyword, at the same
time, the advertisement of the specified route is restrained. If
you want to restrain some specific routes selectively and leaves
other routes still being advertised, use the if-match clause of the
route-policy command.
origin-policy Select only the specific routes that are in accordance with
route-policy to create an aggregated route.
attribute-policy Set aggregated route attributes. The same work can be done by
using peer route-policy, etc.

Example
Establish an aggregated record in the BGP routing table.
[3Com-bgp] aggregate 192.213.0.0 255.255.0.0

balance Syntax
balance num
undo balance

View
BGP view

Parameter

num: Number of BGP load sharing routes. Their ranges are defined according to
the router types. You can get prompt information by inputting “?” at its location
628 CHAPTER 6: ROUTING PROTOCOL

to confirm the current product range.When num is 1, it indicates there is no route


to perform load sharing.

Description
Using the balance command, you can configure the number of routes performing
BGP load sharing. Using the undo balance command, you can restore the default
value.
By default, no load sharing is performed.
Different from IGP protocol, there is no specific indication for BGP to perform load
sharing. The load sharing of BGP is implemented by changing its routing rules.
For the related command, see display ip routing-table.

Example
Configure 2 routes to perform load sharing.
[3Com] bgp 100
[3Com-bgp] balance 2

bgp Syntax
bgp as-number
undo bgp [ as-number ]

View
System view

Parameter
as-number: Specifies local AS number, ranging from 1 to 65535.

Description
Using the bgp command, you can enable BGP and enter the BGP view. Using the
undo bgp command, you can disable BGP.
By default, BGP is not enabled.
This command is used to enable and disable BGP as well as to specify the local AS
number of BGP.

Example
Enable BGP.
[3Com] bgp 100
[3Com-bgp]

compare-different-as-me Syntax
d compare-different-as-med
undo compare-different-as-med

View
BGP unicast view, BGP multicast view, VPNv4 view
BGP Configuration Commands 629

Parameter
None

Description
Using the compare-different-as-med command, you can enable comparison of
MED values from different AS neighboring routes when determining the best
route. Using the undo compare-different-as-med command, you can disable
the comparison.
By default, it is disabled to compare the MED attribute values from the routing
paths of different AS peers.
If there are several routes available to one destination address, the route with
smaller MED parameter can be selected as the final route item.
You are not recommended to use this command unless you can make sure that
the ASs adopt the same IGP and routing method.

Example
Enable the comparison of the MED attribute values from different AS neighboring
route paths.
[3Com-bgp] compare-different-as-med

confederation id Syntax
confederation id as-number
undo confederation id

View
BGP view

Parameter

as-number: Number of the AS which contains multiple sub-ASs. The range is from
1 to 65535.

Description
Using the confederation id command, you can configure confederation
identifier. Using the undo confederation id command, you can cancel the BGP
confederation specified by parameter as-number.
By default, the confederation ID is not configured.
Confederation can be adopted to solve the problem of too many IBGP full
connections in a large AS domain. The solution is, first dividing the AS domain into
several smaller sub-ASs, and each sub-ASs remains full-connected. These sub-ASs
form a confederation. Key IGP attributes of the route, such as next hop, MED,
local preference, are not discarded across each sub-ASs. The sub-ASs still look like
a whole from the point of view of a confederation although these sub-ASs have
EBGP relations. This can assure the integrality of the former AS domain, and ease
the problem of too many connections in the domain
For the related commands, see confederation nonstandard and
confederation peer-as.
630 CHAPTER 6: ROUTING PROTOCOL

Example
Confederation 9 consists of four sub-ASs, namely, 38, 39, 40 and 41. Here, the
peer 10.1.1.1 is an internal member of the AS confederation while the peer
200.1.1.1 is an external member of the AS confederation. For external members,
Confederation 9 is a unified AS domain.
[3Com] bgp 41
[3Com-bgp] confederation id 9
[3Com-bgp] confederation peer-as 38 39 40
[3Com-bgp] peer 10.1.1.1 as-number 38
[3Com-bgp] peer 200.1.1.1 as-number 98

confederation Syntax
nonstandard confederation nonstandard
undo confederation nonstandard

View
BGP view

Parameter
None

Description
Using the confederation nonstandard command, the router can be compatible
with the AS confederation not adopting RFC1965. Using the undo
confederation nonstandard command, you can cancel this function.
By default, the configured confederation is consistent with RFC1965.
All the 3Com routers in the confederation should be configured with this
command for interworking with those nonstandard devices.
For the related commands, see confederation id and confederation peer-as.

Example
AS100 contains routers following nonstandard, which is composed of two
sub-ASs, 64000 and 65000.
[3Com] bgp 64000
[3Com-bgp] confederation id 100
[3Com-bgp] confederation peer-as 65000
[3Com-bgp] confederation nonstandard

confederation peer-as Syntax


confederation peer-as as-number-1 [ ......as-number-n ]
undo confederation peer-as [ as-number-1 ] [......as-number-n ]

View
BGP view
BGP Configuration Commands 631

Parameter

as-number-1...as-number-n: Sub-AS number, ranging from 1 to 65535. This


command can configure a maximum of 32 sub-Ass belonging to the
confederation.

Description
Using the confederation peer-as command, you can configure a confederation
consisting of which sub-ASs. Using the undo confederation peer-as command,
you can cancel the specified sub-AS in the confederation.
By default, no autonomous system is configured as a member of the
confederation.
The configured sub-ASs in this command is inside a confederation and each
sub-AS uses fully meshed network. The confederation id command is used to
specify the confederation to which each sub-AS belongs. This configuration is
invalid before this command is performed.
For the related commands, see confederation nonstandard and
confederation id.

Example
Configure the confederation that contains AS 2000 and 2001.
[3Com-bgp] confederation peer-as 2000 2001

dampening Syntax
dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling ] [
route-policy policy-name ]
undo dampening

View
BGP view

Parameter

half-life-reachable: Specifies the half-life when the route is reachable. The range is
1 to 45 minutes. By default, the value is 15 minutes.

half-life-unreachable: Specifies the half-life when the route is unreachable. The


range is 1 to 45 minutes. By default, the value is 15 minutes.

reuse: Penalty value of a route when it starts to be reused. The range is 1 to


20000. By default, its value is 750 .

suppress: Penalty threshold of a route when it starts to be suppressed. The range


is 1 to 20000. By default, its value is 2000.

ceiling: Upper threshold of the penalty. The range is 1001 to 20000. By default,
its value is 16000.

policy-name: Route policy name.


632 CHAPTER 6: ROUTING PROTOCOL

Description
Using the dampening command, you can make BGP route attenuation valid or
modify various BGP route attenuation parameters. Using the undo dampening
command, you can make the characteristics invalid.
By default, no route attenuation is configured.
If the parameters are not set, the BGP route attenuation is valid and each
parameter is taken as the default value. half-life-reachable, half-life-unreachable
,reuse, suppress and ceiling are mutually dependent. Once any parameter is
configured, all other parameters should also be specified.
For the related command, see reset dampening, reset bgp flap-info, display
bgp routing-table dampened, and display bgp routing-table flap-info.

Example
Modify various BGP route attenuation parameters.
[3Com-bgp] dampening 15 15 1000 2000 10000

debugging bgp Syntax


debugging bgp { all | event | keepalive | open | packet | route-refresh | update } [ receive
| send ] [ verbose ]

View
User view

Parameter

all: Enables all BGP information debugging.

event: Enables BGP event information debugging.

keepalive: Enables BGP Keepalive packet information debugging.

open: Enables BGP Open packet information debugging.

packet: Enables BGP packet information debugging.

route-refresh: Enables BGP route-refresh packet information debugging.

update: Enables BGP Update packet information debugging.

Description
Using the debugging bgp all command, you can enable all the information
debugging of BGP packets and events.
Using the debugging bgp event command, you can enable the information
debugging of BGP events.
Using the debugging bgp keepalive command, you can enable the information
debugging of BGP Keepalive packets.
Using the debugging bgp packet command, you can enable the information
debugging of BGP packets.
BGP Configuration Commands 633

System performance is influenced when information debugging is enabled.


Therefore, this command should be used cautiously. You should disable it after
debugging.

Example
Enable the information debugging of BGP packets.
<3Com> debugging bgp packet

default local-preference Syntax


default local-preference value
undo default local-preference

View
BGP unicast view, BGP multicast view, VPNv4 view

Parameter

value: Default local preference to be configured. The range is 0 to 4294967295,


the larger the value is, the higher the preference is. By default, its value is 100.

Description
Using the default local-preference command, you can configure the default
local preference. Using the undo default local-preference command, you can
restore the default value.
Configuring different local preferences will affect BGP routing selection.

Example
The two routers RTA and RTB in the same autonomous area use X.25 and Frame
Relay protocols separately to connect with external autonomous areas. The
command can be used to configure the default local preference of RTB as 180 so
that the route via RTB is selected first when the same route goes through RTA and
RTB at the same time.
[3Com-bgp] default local-preference 180

default med Syntax


default med med-value
undo default med

View
BGP unicast view, BGP multicast view, VPNv4 view, VPN instance view

Parameter

med-value: MED value to be specified. The range is 0 to 4294967295. By default,


the med-value is 0.

Description
Using the default med command, you can configure the system MED value.
Using the undo default med command, you can restore the default value of
metric.
634 CHAPTER 6: ROUTING PROTOCOL

Multi-Exit Distinguish (MED) is the external metric of a route. Different from local
preference, MED is exchanged between ASs and will stay in the AS. MED indicates
the attribute of a route. The smaller an MED is, the better a route is. So the route
with a low MED is preferred.When a router running BGP obtains several routes
with identical destination address and different next-hops from various external
peers, it will select the best route depending on the MED value. In the case that all
other conditions are the same, the system first selects the route with the smaller
MED value as the external route of the autonomous system.

Example
Routers RTA and RTB belong to AS100 and router RTC belongs to AS200. RTC is
the peer of RTA and RTB. The network between RTA and RTC is X.25 network and
the network between RTB and RTC is Ethernet. So the MED of RTA can be
configured as 25 to allow RTC to select the route transmitted by RTB first.
[3Com-bgp] default med 25

display bgp group Syntax


display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] ] group [ group-name ]

View
Any view

Parameter

group-name: A specified peer group.

vpn-instance vpn-instance-name: Name of vpn instance.

Description
Using the display bgp group command, you can view the information of peer
groups.

Example
View the information of the peer group "aaa".
<3Com> display bgp group aaa
group : aaa no as-number still
members in this group :
Description : aaa
route-policy specified in export policy : aaa
filter-policy specified in export policy : list no.30304410
acl specified in export policy : list no.30304410
ip-prefix specified in export policy : aaa
route-policy specified in import policy : aaa
filter-policy specified in import policy : list no.30304410
acl specified in import policy : list no.30304410
ip-prefix specified in import policy : aaa
with Route-policy aaa

display bgp network Syntax


display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] ] network
BGP Configuration Commands 635

View
Any view

Parameter
vpn-instance vpn-instance-name: Name of VPN instance.
route-distinguisher route-distinguisher: Name of route-distinguisher.

Description
Using the display bgp network command, you can view the routing information
that has been configured.

Example
View the routing information that has been configured.
<3Com> display bgp network
NetworkMask Route-policy
133.1.1.0255.255.255.0None
112.1.0.0255.255.0.0None

display bgp paths Syntax


display bgp paths as-regular-expression

View
Any view

Parameter

as-regular-expression: Matched AS path regular expression.

Description
Using the display bgp paths command, you can view the information about AS
paths

Example
Display the information about the AS paths.
<3Com> display bgp paths ^600$
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Id Hash-Index References Aggregator Origin As-Path
--------------------------------------------------------------------
6 90 15 <null> IGP 600

display bgp peer Syntax


display bgp [ multicast ] peer peer-address verbose
display bgp [ multicast ] peer [ verbose ]
display bgp vpnv4 { all | route-distinguisher route-distinguisher | vpn-instance
vpn-instance-name } peer

View
Any view
636 CHAPTER 6: ROUTING PROTOCOL

Parameter

peer-address: Specifies the peer to be displayed.

vpn-instance vpn-instance-name: Name of VPN instance.

route-distinguisher route-distinguisher: Name of route-distinguisher.

verbose: Displays the detailed information of the peer.

Description
Using the display bgp peer command, you can view the information of peer.
Using the display bgp multicast peer command, you can view the information
of MBGP peer.
Using the display bgp vpnv4 peer command, you can view the information of
VPN peer.

Example
Display the information of the peer 10.110.25.20.
<3Com> display bgp peer 10.110.25.20
Peer AS-number Version Queued-Tx Msg-Rx Msg-Tx Up/Down State
--------------------------------------------------------------------
10.110.25.20 100 4 0 0 0 00:33:43 Active
View the details of peer 133.1.1.2.
<3Com> display bgp peer 133.1.1.2 verbose
Peer: 133.1.1.2 Local: Unspecified
Type: External
State: Idle Flags: <Idled>
Last State: NoState Last Event: NoEvent
Last Error: None
Options: <>
Configuration within the peer :
no export policy route-policy
no export policy ip-prefix
no export policy filter-policy
no export policy acl
no import policy route-policy
no import policy ip-prefix
no import policy filter-policy
no import policy acl
no default route produce

display bgp Syntax


routing-table display bgp [ multicast | vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] routing-table [ ip-address mask ]

View
Any view

Parameter

multicast: Displays the MBGP routing information in BGP routing table.


BGP Configuration Commands 637

all: Displays all VPNv4 routing information.

route-distinguisher route-distinguisher: Displays Network Layer Reachable


Information (NLRI) matching Routing Distinguisher (RD).

vpn-instance vpn-instance-name: Displays NLRI associated with the specified VPN


instance.

ip-address: Displays the destination network address.

mask: Network mask.

Description
Using the display bgp multicast routing-table command, you can view the BGP
routing information of the specified IP address in the BGP routing table.
Using the display bgp multicast routing-table command, you can view the
MBGP routing information of the specified IP address in the BGP routing table.
Using the display bgp vpnv4 routing-table command, you can view the VPN
routing information of the specified IP address in the BGP routing table.

Example
View all the BGP routing information.
<3Com> display bgp routing-table
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Pref Next-Hop Med Local-Pref Origin As-Path
--------------------------------------------------------------------
*> 1.1.1.0/24 10.10.10.1 IGP 200
*> 1.1.2.0/24 10.10.10.1 IGP 200
*> 1.1.3.0/24 10.10.10.1 IGP 200
*> 2.2.3.0/24 10.10.10.1 INC 200
*> 4.4.4.0/24 10.10.10.1 IGP 200
*> 9.9.9.0/24 10.10.10.1 INC 200
*> 10.10.10.0/24 0.0.0.0 IGP
* 10.10.10.1 IGP 200

View one BGP routing information.

<3Com> display bgp routing-table 22.1.0.0


BGP route 22.1.0.0/16
Nexthop : 200.1.7.2
Origin : Incompelte,
As-path: 200
Local-pref: 100,
Status: valid, internal, best
From : 200.1.7.2(200.1.7.2)

display bgp Syntax


routing-table as-path-acl display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] ] routing-table as-path-acl acl-number
638 CHAPTER 6: ROUTING PROTOCOL

View
Any view

Parameter

acl-number: Number of the specified AS path to be matched, ranging 1 to 199.

Description
Using the display bgp routing-table as-path-acl command, you can view
routes that match an as-path acl

Example
Display routes that match filtering list.
<3Com> display bgp routing-table as-path-acl 1
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Pref Next-Hop Med Local-pref Origin As-path
--------------------------------------------------------------------
^ 1.1.1.0/24 170 10.10.10.1 0 IGP 200
^ 1.1.2.0/24 170 10.10.10.1 0 IGP 200
^ 1.1.3.0/24 170 10.10.10.1 0 IGP 200
^ 2.2.3.0/24 256 10.10.10.1 0 INC 200
^ 4.4.4.0/24 256 10.10.10.1 0 INC 200
^ 9.9.9.0/24 256 10.10.10.1 0 INC 200
^ 10.10.10.0/24 256 10.10.10.1 0 IGP 200
^ 22.1.0.0/16 256 200.1.7.2 100 INC 200
88.1.0.0/16 60 0.0.0.0 IGP

display bgp Syntax


routing-table cidr display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
vpn-instance vpn-instance-name } ] ] routing-table cidr

View
Any view

Parameter
None

Description
Using the display bgp routing-table cidr command, you can view the routing
information about the non-natural mask (namely the classless inter-domain
routing, CIDR).

Example
<3Com> display bgp routing-table cidr
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Pref Next-Hop Med Local-pref Origin As-path
--------------------------------------------------------------------
^ 22.1.0.0/16 256 200.1.7.2 100 INC 200
88.1.0.0/16 60 0.0.0.0 IGP
BGP Configuration Commands 639

display bgp Syntax


routing-table display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
community vpn-instance vpn-instance-name } ] ] routing-table community [ aa:nn |
no-export-subconfed | no-advertise | no-export ] [ whole-match ]

View
Any view

Parameter

aa:nn: Specifies a community number.

no-export-subconfed: Not sends the matched routes outside the AS.

no-advertise: Not sends the matched routes to any peer.

no-export: Not exports routes outside the AS but advertise to other sub Ass.

whole-match: Displays the exactly matched routes.

Description
Using the display bgp routing-table community command, you can view the
routing information related to the specified BGP community number in the routing
table.

Example
Display the routing information matching the specified BGP community number.
<3Com> display bgp routing-table community 11:22
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Pref Next-Hop Med Local-pref Origin As-path
--------------------------------------------------------------------
^ 1.0.0.0/8 170 172.10.0.2 100 IGP
^ 2.0.0.0/8 256 172.10.0.2 100 IGP

display bgp Syntax


routing-table display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
community-list vpn-instance vpn-instance-name } ] ] routing-table community-list
community-list-number [ whole-match ]

View
Any view

Parameter

community-list-number: Specifies a community-list number.

whole-match: Displays the exactly matched routes.

Description
Using the display bgp routing-table community-list command, you can view
the routing information matching the specified BGP community list.
640 CHAPTER 6: ROUTING PROTOCOL

Example
View the routing information matching BGP community list 1.
[3Com] display bgp routing-table community-list 1
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Destination/Mask Pref Next-hop Med Local-Pref Origin As-Path
--------------------------------------------------------------------
1.1.1.0/24 170 10.10.10.1 0 IGP 200
1.1.2.0/24 256 10.10.10.1 0 IGP 200
1.1.3.0/24 170 10.10.10.1 0 IGP 200
2.2.3.0/24 256 10.10.10.1 0 INC 200
4.4.4.0/24 170 10.10.10.1 0 INC 200
9.9.9.0/24 256 10.10.10.1 0 INC 200
10.10.10.0/24 0 10.10.10.2 0 IGP
10.10.10.0/24 256 10.10.10.1 0 IGP 200

display bgp Syntax


routing-table dampened display bgp routing-table dampened

View
Any view

Parameter
None

Description
Using the display bgp routing-table dampened command, you can view BGP
dampened routes.

Example
View BGP dampened routes.
<3Com> display bgp routing-table dampened
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Source Damping-limit Origin As-path
-----------------------------------------------------------------
D 11.1.0.0 133.1.1.2 1:20:00 IGP 200

display bgp Syntax


routing-table display bgp [ multicast ] routing-table different-origin-as
different-origin-as
View
Any view

Parameter
None
BGP Configuration Commands 641

Description
Using the display bgp routing-table different-origin-as command, you can
view routes that have different source autonomous systems

Example
View the routes that have different source ASs.
<3Com> display bgp routing-table different-origin-as
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Destination/Mask Pref Next-hop Med Local-Pref Origin As-Path
------------------------------------------------------------------
10.10.10.0/24 0 10.10.10.2 0 IGP
10.10.10.0/24 256 10.10.10.1 0 IGP 200

display bgp Syntax


routing-table flap-info display bgp routing-table flap-info [ { regular-expression as-regular-expression } | {
as-path-acl acl-number } | { network-address [ mask [ longer-match ] ] } ]

View
Any view

Parameter

as-regular-expression: Displays the route flap-info matching AS path regular


expression.

acl-number: Number of the specified AS path to be matched, ranging from 1 to


199.

network-address: Network IP address related to the flag information to be


displayed

mask: Network mask.

longer-match: Displays the route flap information that is more specific than
<network-address, mask>.

Description
Using the display bgp routing-table flap-info command, you can view BGP flap
information. When <network-address mask> is <0.0.0.0.0.0.0.0>, this command
will view the flap information of all BGP routes.

Example
Display BGP flap information.
<3Com> display bgp routing-table flap-info
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Source Keepup-time Damping-limit Flap-times Origin As-path
--------------------------------------------------------------------
D 11.1.0.0/16 133.1.1.2 48 1:20:30 4 IGP 200
642 CHAPTER 6: ROUTING PROTOCOL

display bgp Syntax


routing-table peer display bgp routing-table peer peer-address { advertised | received }

View
Any view

Parameter

peer-address: Specifies the peer to be displayed.

advertised: Routing information advertised by the specified peer.

received: Routing information the specified peer received.

Description
Using the display bgp routing-table peer command, you can view the routing
information the specified BGP peer advertised or received.
For the related command, see display bgp peer.

Example
View the routing information advertised by BGP peer 10.10.10.1.
<3Com> display bgp routing table peer 10.10.10.1 advertised
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/mask Next -Hop Med Local-pref Origin As-path
-----------------------------------------------------------------
*> 10.10.10.0/24 0.0.0.0 INC

display bgp Syntax


routing-table display bgp [ multicast | [ vpnv4 { all | route-distinguisher route-distinguisher |
regular-expression vpn-instance vpn-instance-name } ] ] routing-table regular-expression
as-regular-expression

View
Any view

Parameter

as-regular-expression: Matched AS regular expression.

Description
Using the display bgp routing-table regular-expression command, you can
view the routing information matching the specified AS regular expression

Example
Display the routing information matching with AS regular expression ^600$.
<3Com> display bgp routing-table regular-expression ^600$
Flags: - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Destination/Mask Pref Next-hop Med Local-Pref Origin As-Path
BGP Configuration Commands 643

--------------------------------------------------------------------
1.1.1.0/24 256 10.10.10.1 0 IGP 200
1.1.2.0/24 256 10.10.10.1 0 IGP 200
1.1.3.0/24 256 10.10.10.1 0 IGP 200
2.2.3.0/24 256 10.10.10.1 0 INC 200
4.4.4.0/24 256 10.10.10.1 0 IGP 200
9.9.9.0/24 256 10.10.10.1 0 INC 200
10.10.10.0/24 256 10.10.10.1 0 IGP 200

filter-policy export Syntax


filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]

View
BGP unicast view, multicast view, VPNv4 view, VPN instance view

Parameter

acl-number: Specifies the number of access control list matching the destination
address field of routing information, ranging from 1 to 199.

ip-prefix-name: Specifies the name of the address prefix list matching the
destination address field of routing information, ranging from 1 to 19.

protocol: Routing information of which kind of route protocol to be filtered. It


includes direct, ospf, ospf-ase, ospf-nssa, isis, rip, and static at present.

Description
Using the filter-policy export command, you can filter the advertised routes and
only the routes passing the filter can be advertised by BGP. Using the undo
filter-policy export command, you can cancel the filtering to the advertised
routes.
By default, the advertised routing information is not filtered.
If the parameter protocol is specified, only the imported route generated by the
specified protocol is filtered and the imported routes generated by other protocols
are not affected. If the parameter protocol is not specified, the imported route
generated by any protocol will be filtered.

Example
Use acl 3 to filter the routing information advertised by all BGPs.
[3Com-bgp] filter-policy 3 export

filter-policy import Syntax


filter-policy gateway ip-prefix-name import
undo filter-policy gateway ip-prefix-name import
filter-policy { acl-number | ip-prefix ip-prefix-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name } import

View
BGP unicast view, BGP multicast view, VPNv4 view, VPN instance view
644 CHAPTER 6: ROUTING PROTOCOL

Parameter

acl-number: Specifies the number of access control list matching the destination
address field of routing information, ranging from 1 to 199.

ip-prefix ip-prefix-name: Address prefix list name. The matched object is the
destination address domain of the routing information, ranging from 1 to 19.

gateway ip-prefix-name: Address prefix list name of the neighboring router. The
matched object is the routing information distributed by the specified neighboring
router, ranging from 1 to 19.

Description
Using the filter-policy gateway import command, you can filter the learned
routing information advertised by the specified address. Using the undo
filter-policy gateway import command, you can remove the filtering to the
routing information advertised by the specified address.
Using the filter-policy import command, you can filter the received global
routing information. Using the undo filter-policy import command, you can
remove the filtering to the received global routing information.
By default, the received routing information is not filtered.
This command can be used to filter the routes received by BGP and determines
whether to add the routes to the BGP routing table.

Example
Display how to use acl 3 to filter the routing information received by BGP.
[3Com-bgp] filter-policy 3 import

group Syntax
group group-name { [ internal ] | external }
undo group group-name

View
BGP view

Parameter

group-name: Specifies the name of peer group. It can be described in character


and numeral with the length being 1 to 47.

internal: Creates an internal peer group.

external: Creates an external peer group, including other sub AS groups in the
confederation.

Description
Using the group command, you can establish a peer group. Using the undo
group command, you can delete the configured peer group.
The use of BGP peer group is for the convenience of the user’s configuration.
When the user starts several peers with the same configuration, a peer group can
BGP Configuration Commands 645

be established first and be configured. Then add all the peers to the peer group so
that they have the same configuration as this peer group.
The default IBGP peer will be added to the default peer group without any
configuration. The configuration of the route update policy for any IBGP peer is
valid for the other IBGP peers in its group. To be specific, if the router is not a
route reflector, all the IBGP peers are in the same group. If the router is a route
reflector, all the route reflection clients are in a group, while non-clients are in
another group.
The external peer group members must be in the same network segment.
Otherwise, some EBGP peers may discard the transmitted route update.
The peer group members cannot be configured with the route update policy
which is different from that of the peer group, but can be configured with
different ingress policies.

Example
Establish a peer group "test".
[3Com-bgp] group test

import-route Syntax
import-route protocol [ med med-value ] [ route-policy route-policy-name ]
undo import-route protocol

View
BGP view

Parameter

protocol: Specifies source routing protocols which can be imported, which


includes direct, ospf, ospf-nssa , ospf-ase, rip, bgp, and static at present.

med med-value: Specifies the MED value loaded by a redistributed route, ranging
from 0 to 4294967295.

route-policy route-policy-name: Specifies a route-policy to filter the redistributed


protocol route. It can be described in character and numeral with the length being
1 to 19.

Description
Using the import-route command, you can import routes of other protocols.
Using the undo import-route command, you can remove importing routes of
other protocols.
By default, BGP does not import the routes of other protocols.

Example
Import routes of RIP.
[3Com-bgp] import-route rip

ip as-path acl Syntax


ip as-path acl acl-number { permit | deny } as-regular-expression
646 CHAPTER 6: ROUTING PROTOCOL

undo ip as-path acl acl-number

View
System view

Parameter

acl-number: Number of AS path list ranging from 1 to 199.

as-regular-expression: AS path regular expression.

Description
Using the ip as-path acl command, you can configure an AS path regular
expression. Using the undo ip as-path acl command, you can disable the defined
regular expression.
The configured AS path list can be used in BGP policy.
For the related command, see peer as-path-acl, and display bgp routing-table
as-path-acl.

Example
Configure an AS path list.
[3Com] ip as-path acl 10 permit 200,300

ip community-list Syntax
ip community-list stand-comm-list-number { permit | deny } { aa:nn | internet |
no-export-subconfed | no-advertise | no-export }
ip community-list ext-comm-list-number { permit | deny } as-regular-expression
undo ip community-list { stand-comm-list-number | ext-comm-list-number }

View
System view

Parameter

stand-comm-list-number: Number of the standard community list ranging from 1


to 99.

ext-comm-list-number: Number of the extended community list ranging from 100


to 199.

permit: Permits those that match conditions to access.

deny: Denies those that match conditions to access.

aa:nn: Community number.

internet: Advertises all routes.

no-export-subconfed: Used not to advertise the matched route beyond the


confederation.

no-advertise: Used not to send the matched route to any peer.


BGP Configuration Commands 647

no-export: Used not to pass routes outside the AS but advertise to other sub ASs.

as-regular-expression: Community attribute of the regular expression.

Description
Using the ip community-list command, you can configure a BGP community list.
Using the undo ip community-list command, you can delete the configured BGP
community list.
The configured community list can be used in BGP policy.
For the related command, see apply community, and display bgp
routing-table community-list.

Example
Define a community attribute list which does not advertise routes with the
community attribute beyond the confederation.
[3Com] ip community-list 6 permit no-export-subconfed

network Syntax
network ip-address [ address-mask ] [ route-policy route-policy-name ]
undo network ip-address [ address-mask ] [ route-policy route-policy-name ]

View
BGP view

Parameter

ip-address: Network address that BGP advertises.

address-mask: Mask of the network address.

route-policy-name: Route-policy applied to advertised routes.

Description
Using the network command, you can configure the network routes advertised
by the local BGP. Using the undo network command, you can delete the existing
configuration.
By default, there is no network sent through BGP.

Example
Advertise routes to network segment 10.0.0.0/16.
[3Com-bgp] network 10.0.0.1 255.255.0.0

peer Syntax
advertise-community peer { group-name } advertise-community
undo peer { group-name } advertise-community

View
BGP view, VPNv4 view, VPN instance view
648 CHAPTER 6: ROUTING PROTOCOL

Parameter

group-name: Specifies the name of peer group.

Description
Using the peer advertise-community command, you can enable the
transmission of the community attribute to a peer/peer group. Using the undo
peer advertise-community command, you can cancel the existing configuration.
By default, the community attribute is not transmitted to any peer/peer group.
For the related commands, see if-match community-list and apply
community.

Example
Enable the transmission of the community attribute to a peer group "test".
[3Com-bgp] peer test advertise-community

peer allow-as-loop Syntax


peer { group-name | peer-address } allow-as-loop [ number ]
undo peer { group-name | peer-address } allow-as-loop

View
BGP view, VPNv4 view, VPN instance view

Parameter

group-name: Specifies the name of peer group.

peer-address: Specifies the IP address of the peer.

number: Specifies the repeating times of local AS number. The range is 1 to 10.

Description
Using the peer allow-as-loop command, you can configure the repeating time of
local AS. Using the undo peer allow-as-loop command, you can remove the
repeating time of local AS.
For the related command, see display current-configuration, display bgp
routing-table peer, and display bgp routing-table group.

Example
Specify to configure the repeating times of local AS to 2.
[3Com-bgp] peer 1.1.1.1 allow-as-loop 2

peer as-number Syntax


peer { group-name } as-number as-number
undo peer { group-name } as-number as-number

View
BGP view
BGP Configuration Commands 649

Parameter

group-name: Specifies the name of peer group.

peer-address: Specifies the IP address of the peer.

as-number: Peer AS number of the peer/peer group. The range is 1 to 65535.

Description
Using the peer as-number command, you can specify the peer AS number of
peer group. Using the undo peer as-number command, you can delete the AS
number of peer group.
By default, no AS number is configured.

Example
Specify the peer AS number for the peer test as 100.
[3Com-bgp] peer test as-number 100

peer as-path-acl Syntax


peer { group-name | peer-address } as-path-acl acl-number { import | export }
undo peer { group-name | peer-address } as-path-acl acl-number { import | export }

View
BGP view, VPNv4 view, VPN instance view

Parameter

group-name: Specifies the name of peer group.

peer-address: Specifies the IP address of the peer.

acl-number: Specifies the filter list number of an AS regular expression. The range
is 1 to 199.

import: Import distribution list.

export: Export distribution list.

Description
Using the peer as-path-acl command, you can specify BGP route filtering policy
based on AS path list. Using the undo peer as-path-acl command, you can
cancel the existing configuration.
By default, the peer group has no AS path list.

Example
Set the AS path ACL of the peer group test.
[3Com-bgp] peer test as-number 100
[3Com-bgp] peer test as-path-acl 3 export
650 CHAPTER 6: ROUTING PROTOCOL

peer connect-interface Syntax


peer { group-name | peer-address } connect-interface interface-name
undo peer { group-name | peer-address } connect-interface interface-name

View
BGP view

Parameter

group-name: Specifies the name of the peer group.

peer-address: Specifies the IP address of the peer.

interface-name: Specifies interface name.

Description
Using the peer connect-interface command, you can specify the source interface
of a route update packet. Using the undo peer connect-interface command,
you can restore the best source interface.
By default, BGP uses the best source interface.
Usually, BGP uses the optimal route to update the source interface of the packets.
However, you can set the mode of the interface to Loopback in order to send
route updates even if the interface does not work normally.

Example
None

peer Syntax
default-route-advertise peer { group-name } default-route-advertise
undo peer { group-name } default-route-advertise

View
BGP view

Parameter

group-name: Specifies the name of peer group.

Description
Using the peer default-route-advertise command, you can configure a
peer/peer group to import a default route for a peer. Using the undo peer
default-route-advertise command, you can cancel the existing configuration.
By default, a peer/peer group does not import the default route.
For this command, no default route is required in the routing table. A default
route is sent unconditionally to a peer with the next hop as itself.

Example
Specify a peer group "test" to import the default route.
[3Com-bgp] peer test as-number 100
BGP Configuration Commands 651

[3Com-bgp] peer test default-route-advertise

peer description Syntax


peer { group-name | peer-address } description description-line
undo peer { group-name | peer-address } description

View
BGP view

Parameter

group-name: Specifies the name of peer group.

peer-address: Specifies the IP address of the peer.

description-line: Description information configured, which can be described in


characters or numerals with the length not exceeding 79.

Description

Using the peer description command, you can configure the description
information of the peer/peer group. Using the undo peer description command,
you can remove the description information of the peer/peer group.

By default, description information of peers/peer group is not configured.

For the related command, see display current-configuration, display bgp


peer, and display bgp routing-table group.

Example
Configure the description information of the peer named group1 as beijing1.
[3Com-bgp] peer group1 description beijing1

peer ebgp-max-hop Syntax


peer group-name ebgp-max-hop [ ttl ]
undo peer group-name ebgp-max-hop

View
BGP view

Parameter

group-name: Specifies the name of peer group.

ttl: Specifies the maximum hop value. The range is 1 to 255. By default, the value
is 64.

Description
Using the peer ebgp-max-hop command, you can allow establishing EBGP
connection with the peer on indirectly connected network. Using the undo peer
ebgp-max-hop command, you can cancel the existing configuration.
By default, this feature is disabled.
652 CHAPTER 6: ROUTING PROTOCOL

Example
Establish EBGP connection with the peer group "test" on the indirectly connected
network.
[3Com-bgp] peer test ebgp-max-hop

peer enable Syntax


peer { group-name | peer-address } enable
undo peer { group-name | peer-address } enable

View
BGP unicast address family view, IPv4 multicast address family view, VPNv4 address
family view, L2VPN address family view

Parameter

group-name: Specifies the name of the peer group, which specifies the entire peer
group.

peer-address: IP address of the peer, which specifies a certain peer.

Description
Using the peer enable command, you can enable the specified peer (group) and
can exchange information with a peer. Using the undo peer enable command,
you can disable the specified peer (group).
Here,
The peer peer-address enable command can be configured in unicast address
family only. Using this command, you can disable the unicast function of the peer.
You can delete the peer from the group in the corresponding address to disable its
multicast function or VPNv4 function.
By default, BGP peer (group) is enabled in unicast address family, but disabled in
VPN and MBP address families.
If the specified peer/peer group is disabled, the router will not exchange routing
information with the specified peer (group).

Example
Deactivate the specified peer.
[3Com] bgp 180
[3Com-bgp] peer 18.10.0.9 as-number 180
[3Com-bgp] undo peer 18.10.0.9 enable

peer filter-policy Syntax


peer { group-name | peer-address } filter-policy list-number { import | export }
undo peer { group-name | peer-address } filter-policy list-number { import | export }

View
BGP view, IPv4 multicast sub-address family view
BGP Configuration Commands 653

Parameter

group-name: Specifies the name of peer group.

peer-address: IP address of the peer.

list-number: Specifies the IP acl number.

import: Peer filter-policy used for imported routes

export: Peer filter-policy used for exported routes

Description
Using the peer filter-policy command, you can set the filter-policy list of a peer
group. Using the undo peer filter-policy command, you can cancel the existing
configuration.
By default, a peer group has no access control list (acl).
For the related commands, see ip as-path acl and peer as-path-acl.

Example
Set the filter-policy list of a peer group test.
[3Com-bgp] peer test as-number 100
[3Com-bgp] peer test filter-policy 3 import

peer group Syntax


For multicast address family or VPNv4 address family:
■ peer peer-address group group-name
■ undo peer peer-address group
■ For unicast address family or VPN-INSTANCE address family:
■ peer peer-address group group-name [ as-number as-number ]
■ undo peer peer-address group

View
BGP view

Parameter

group-name: Specifies the name of peer group. It can be described in character


and numeral with the length being 1 to 47.

peer-address: Specifies the IP address of the peer.

as-number: Specifies AS number for the peer.

Description
Using the peer group command, you can add a peer to the peer group. Using the
undo peer group command, you can delete the specified peer in the peer group.
In the unicast/VPN-INSTANCE address family view, when adding a peer to an
external peer group without specified AS number, you should specify the peer AS
654 CHAPTER 6: ROUTING PROTOCOL

number at the same time. While it is unnecessary when adding the peer to an
internal peer group or an external peer group with specified AS number.
In the multicast/VPNv4 address family view, it is required that the peer to be added
should exist and has been added to a peer group in the unicast address family
view (The peer can be disabled).
In different address family views, a peer can be added to different peer groups and
a peer group can have different members.

Example
Add the peer with IP address being 10.1.1.1 to the peer group TEST.
[3Com-bgp] group TEST
[3Com-bgp] peer 10.1.1.1 group TEST

peer ip-prefix Syntax


peer { group-name | peer-address } ip-prefix prefixname { import | export }
undo peer { group-name | peer-address } ip-prefix prefixname { import | export }

View
BGP view, VPNv4 view, VPN instance view

Parameter

group-name: Name of peer group.

peer-address: Specifies the IP address of the peer.

prefixname: Name of the specified ip-prefix.

import: Applies the filtering policy on the route received by the specified
peer/peer group.

export: Applies the filtering policy on the route transmitted to the specified
peer/peer group.

Description
Using the peer ip-prefix command, you can configure the route filtering policy of
the peer/peer group based on the ip-prefix. Using the undo peer ip-prefix
command, you can cancel the route filtering policy of the peer/peer group based
on the ip-prefix.
By default, the route filtering policy of the peer/peer group is not specified.
For the related command, see ip ip-prefix.

Example
Configure the route filtering policy of the peer group based on the ip-prefix 1.
[3Com-bgp] peer group1 ip-prefix list1 import

peer next-hop-local Syntax


peer { group-name } next-hop-local
undo peer { group-name } next-hop-local
BGP Configuration Commands 655

View
BGP view

Parameter

group-name: Specifies the name of peer group.

Description
Using the peer next-hop-local command, you can perform the process of the
next hop in the route to be advertised to the peer/peer group and take the address
of itself as the next hop. Using the undo peer next-hop-local command, you can
cancel the existing configuration.

Example
When BGP distributes the route to the peer group "test", it will take its own
address as the next hop.
[3Com-bgp] peer test next-hop-local

peer password Syntax


peer { group-name | peer-address } password { cipher | simple } password
undo peer { group-name | peer-address } password

View
BGP view, MBGP VPN-instance address family view

Parameter

group-name: Name of the peer group.

peer-address: IP address of the peer, in dotted decimal format.

cipher: Displays the configured password in cipher text mode.

simple: Displays the configured password in simple text mode.

password: Password in character string form with 1 to 16 characters when


parameter simple is configured in the command or in the event of inputting the
password in simple text mode but parameter cipher is configured in the
command; with 24 characters in the event of inputting the password in cipher text
mode when parameter cipher is configured in the command.

Description
Using the peer password command, you can configure MD5 authentication for
BGP during TCP connection setup. Using the undo peer password command,
you can cancel the configuration.
By default, BGP does not perform MD5 authentication when TCP connection is set
up.
Once MD5 authentication is enabled, both parties involved in the authentication
must be configured with identical authentication modes and passwords.
Otherwise, TCP connection will not be set up because of the failed authentication.
656 CHAPTER 6: ROUTING PROTOCOL

This command is used to configure MD5 authentication for the specific peer only
when the peer group to which the peer belongs is not configured with MD5
authentication. Otherwise, the peer should be consistent with the peer group.

Example
Adopt MD5 authentication on the TCP connection set up between the local
router at 10.1.100.1 and the peer router at 10.1.100.2.
[3Com-bgp] peer 10.1.100.2 password simple 3Com

Perform the similar configuration on the peer.

[3Com-bgp] peer 10.1.100.2 password simple 3Com

peer public-as-only Syntax


peer { group-name } public-as-only
undo peer { group-name } public-as-only

View
BGP view

Parameter

group-name: Specifies the name of a peer group.

peer-address: Specifies IP address of a peer.

Description
Using the peer public-as-only command, you can configure not to carry the AS
number when transmitting BGP update packets. Using the undo peer
public-as-only command, you can configure to carry the AS number when
transmitting BGP update packets.
By default, private AS number is carried when transmitting BGP update packets.
Generally, BGP transmits BGP update packets with the AS number (either public
AS number or private AS number). To enable some outbound routers to ignore the
AS number when transmitting update packets, you can configure not to carry the
AS number when transmitting BGP update packets.

Example
Configure not to carry the private AS number when transmitting BGP update
packets to the peer named test.
[3Com-bgp] peer test public-as-only

peer reflect-client Syntax


peer { group-name } reflect-client
undo peer { group-name } reflect-client

View
BGP view or VPNv4 view
BGP Configuration Commands 657

Parameter

group-name: Specifies the name of peer group.

Description
Using the peer reflect-client command, you can configure a peer/peer group as
the route reflector client. Using the undo peer reflect-client command, you can
cancel the existing configuration.
By default, no route reflector is in AS.
Generally speaking, it is not necessary to configure this command for the peer
group, because IBGP peers are in its default group. A single peer peer-address
reflect-client command should be used to configure the route reflector clients.
For the related commands, see reflect between-clients and reflect cluster-id.

Example
Configure the peer group "test" as the route reflector client.
[3Com-bgp] peer test reflect-client

peer route-policy Syntax


peer { group-name | peer-address } route-policy route-policy-name { import | export }
undo peer { group-name | peer-address } route-policy route-policy-name { import |
export }

View
BGP view, VPNv4 view, VPN instance view

Parameter

group-name: Specifies the name of peer group.

peer-address: Specifies IP address of a peer.

route-policy-name: Specifies route-policy.

import: Applies the route-policy to the routes coming from the peer (group).

export: Applies the route-policy to the routes advertised to the peer (group).

Description
Using the peer route-policy command, you can assign the route-policy to the
route coming from the peer (group) or the route advertised to the peer (group).
Using the undo peer route-policy command, you can delete the specified
route-policy.
By default, the peer (group) has no route-policy association.

Example
Apply the route-policy named test-policy to the route coming from the peer
group "test".
[3Com-bgp] peer test route-policy test-policy import
658 CHAPTER 6: ROUTING PROTOCOL

peer Syntax
route-update-interval peer { group-name } route-update-interval seconds
undo peer { group-name } route-update-interval

View
BGP view, VPNv4 view, VPN instance view

Parameter

group-name: Specifies the name of peer group.

seconds: The minimum interval of sending UPDATE message. The range is 0 to


600. By default, the advertisement interval is: 5 seconds for internal peer (group),
and 30 seconds for external peer (group).

Description
Using the peer route-update-interval command, you can configure the interval
for the transmission route of a peer (group). Using the undo peer
route-update-interval command, you can restore the default value.

Example
Configure the interval of the BGP peer 172.168.10.1 sending the route update
packet as 10 seconds.
[3Com-bgp] peer 172.168.10.1 as-number 100
[3Com-bgp] peer 172.168.10.1 route-update-interval 10

peer timer Syntax


peer { group-name | peer-address } timer keep-alive keepalive-interval hold
holdtime-interval
undo peer { group-name | peer-address } timer

View
BGP view

Parameter

group-name: Specifies the name of peer group.

peer-address: Specifies the IP address of the peer.

keepalive-interval: Keepalive interval to be specified. The range is 1 to


4294967295 seconds. By default, its value is 60 seconds.

holdtime-interval: Holdtime interval to be specified. The range is 3 to 4294967295


seconds. By default, its value is 180 seconds.

Description
Using the peer timer command, you can configure Keepalive and Keepalive
interval for a peer (group). Using the undo peer timer command, you can restore
the interval default value.
BGP Configuration Commands 659

The timer configured by using this command has a higher priority than the one
configured by using the timer command.

Example
Configure Keepalive and Holdtime intervals of the peer group "test".
[3Com-bgp] peer test timer keep-alive 60 hold 180

policy vpn-target Syntax


policy vpn-target
undo policy vpn-target

View
VPN instance view

Parameter
None

Description
Using the policy vpn-target command, you can configure whether to perform
the filtering on the vpn-target extended community of the received routing
information. Using the undo policy vpn-target command, you can cancel the
filter function.
By default, the system performs the filtering on the vpn-target extended
community of the received routing information.

Example
Perform the filtering on the vpn-target extended community of the received
routing information.
[3Com-bgp] policy vpn-target

preference Syntax
preference value
undo preference

View
BGP protocol view, BGP multicast address family view

Parameter

value: Specifies the preference, ranging from 1 to 256. By default, the value is
170.

Description
Using the preference command, you can configure the preference of BGP
protocol. Using the undo preference command, you can restore the default
preference.
Each kind of routing protocol has its own preference, by which the routing policy
will select the optimal one from the routes of different protocols. The greater the
preference value is, the lower the preference is. BGP defines two kinds of routes:
660 CHAPTER 6: ROUTING PROTOCOL

One is learned from external peer. The other is learned from internal peer. The
preferences of the two routes can be different, which can be set manually.
The system supports to configure different preferences for different sub-address
families, including unicast address family and multicast address family at present.

Example
Configure the preference of BGP protocol to 150.
[3Com-bgp] preference 150

reflect between-clients Syntax


reflect between-clients
undo reflect between-clients

View
BGP view, VPNv4 view, VPN instance view

Parameter
None

Description
Using the reflect between-clients command, you can set the between-client
reflection of a route. Using the undo reflect between-clients command, you
can disable this function.
By default, the reflection between clients is disabled.
After route reflector is configured, it reflects the routes of a client to other clients.
For the related commands, see reflector cluster-id and peer reflect-client.

Example
Disable the reflection between clients.
[3Com-bgp] undo reflect between-clients

reflector cluster-id Syntax


reflector cluster-id { cluster-id | address }
undo reflector cluster-id

View
BGP unicast view, BGP multicast view, VPNv4 view

Parameter

cluster-id: Specifies the cluster ID of the route reflector, in integer or IP address


format, with the range from 1 to 4294967295.

address: Interface address of the route reflector’s cluster ID.


BGP Configuration Commands 661

Description
Using the reflector cluster-id command, you can configure the cluster ID of the
route reflector. Using the undo reflector cluster-id command, you can remove
the cluster ID of the route reflector.
By default, each route reflector uses its Router ID as the cluster ID.
Usually, there is only one route reflector in a cluster. It is the router ID of the
reflector to identify the cluster. You can configure multiple route reflectors to
improve the stability of the network. If a cluster is configured multiple route
reflectors, you can use this command to configure identical cluster ID for all the
reflectors.
For the related commands, see reflect between-clients and peer reflect-client.

Example
Set cluster ID for local router to identify the cluster.
[3Com-bgp] reflector cluster-id 80
[3Com-bgp] peer 11.128.160.10 reflect-client

refresh bgp Syntax


refresh bgp { all | peer-address | { group group-name } } [ multicast | vpnv4 |
vpn-instance vpn-instance-name ] { import | export }

View
User view

Parameter

all: Refreshes all the peers.

peer-address: Refreshes the peer specified address.

group-name: Refreshes all the members in the specified peer group.

vpnv4: Refreshes routes of VPNv4 address family for the peer.

multicast: Refreshes routes of multicast address family for the peer.

vpn-instance vpn-instance-name: Refreshes VPN routes for the peer in the


specified VPN-INSTANCE.

import: Sends ROUTE-REFRESH packet to the peer to require retransmission of all


the routes.

export: Retransmits all the routes to the peer.

Description
Using the refresh bgp command, you can request the peer for route
retransmission or retransmit routes to the peer.
After BGP connection is created, only incremental routes are transmitted. But in
some cases, for example, when routing policy is changed, retransmission of routes
is required on both ends. And the routes should be filtered again according to the
new policy.
662 CHAPTER 6: ROUTING PROTOCOL

Example
Request all the peers to retransmit multicast routes.
<3Com> refresh bgp all multicast import
Retransmit all the routes to the CE peer 10.1.1.1 in VPN-INSTANCE vpn1.
<3Com> refresh bgp 10.1.1.1 vpn-instance vpn1 export

reset bgp Syntax


reset bgp { all | peer-address } [ vpn-instance vpn-instance-name ]

View
User view

Parameter

all: Resets all the connections with BGP.

peer-address: Resets connection with a specified BGP peer.

vpn-instance vpn-instance-name: Name of specified VPN-INSTANCE. The range is


1 to 19.

Description
Using the reset bgp peer-address command, you can reset the connection of
BGP with a specified BGP peer.
Using the reset bgp all command, you can reset all the connections with BGP.
After changing the BGP policy or protocol configuration, resetting BGP connection
can make the newly configured policy in effect immediately.

Example
Reset all the BGP connections to enable the new configuration (after configuring
the new Keepalive interval and Holdtime interval using the timer command).
<3Com> reset bgp all

reset bgp flap-info Syntax


reset bgp flap-info [ regular-expression as-regular-expression | as-path-acl acl-number |
network-address [ mask ] } ]
reset bgp network-address [ flap-info ]

View
User view

Parameter

regular-expression as-regular-expression: Clears the flap information matching the


AS path regular expression.

as-path-acl acl-number: Clears the flap information in consistency with a specified


filter list. The range of the parameter acl-number is 1 to 199.
BGP Configuration Commands 663

network-address: Clears the flap information of a record at this IP address. If this


parameter is put before flap-info, the router clears the flap information of all the
routes from this address.

mask: Network mask.

Description
Using the reset bgp flap-info command, you can reset the flap information of a
route.
For the related command, see dampening.

Example
Clear the flap information of all the routes that go through filter list 10.
<3Com> reset bgp flap-info as-path-acl 10

reset bgp group Syntax


reset bgp group group-name [ vpn-instance vpn-instance-name ]

View
User view

Parameter

group-name: Specifies the name of the peer group, in characters ranging from 1
to 47.

vpn-instance vpn-instance-name: Name of specified VPN-INSTANCE.The range is 1


to 19.

Description
Using the reset bgp group command, you can reset the connections between
the BGP and all the members of a group.
For the related command, see peer group.

Example
Reset BGP connections of all members from group1.
<3Com> reset bgp group group1

reset dampening Syntax


reset dampening [ network-address [ mask ] ]

View
User view

Parameter

network-address: Network IP address related to the clearing attenuation


information.

mask: Network mask.


664 CHAPTER 6: ROUTING PROTOCOL

Description
Using the reset dampening command, you can clear the attenuation information
of a route and release the suppression of a suppressed route.
For the related commands, see dampening and display bgp routing-table
dampened.

Example
Clear the attenuation information of the route to the network 20.1.0.0, and
release the suppression of a suppressed route.
<3Com> reset dampening 20.1.0.0 255.255.0.0

summary automatic Syntax


summary automatic
undo summary automatic

View
BGP unicast view, BGP multicast view, VPN instance view

Parameter
None

Description
Using the summary automatic command, you can make automatic aggregation
of sub-network routes and disable it by using undo summary automatic
command.
By default, no automatic aggregation of sub-network routes is executed.
After the summary automatic is configured, BGP cannot receive the sub-network
routes imported from the IGP, so the amount of the routing information can be
reduced.

Example
Make the automatic aggregation of the sub-network routes.
[3Com-bgp] summary automatic

timer keep-alive hold Syntax


timer keep-alive keepalive-interval hold holdtime-interval
undo timer

View
BGP unicast view, BGP multicast view, VPNv4 view, VPN instance view

Parameter

keepalive-interval: Interval for sending Keepalive, ranging from 1 to 4294967295.


By default, its value is 60 seconds.

holdtime-interval: Keepalive time of BGP, ranging from 3 to 4294967295. By


default, its value is 180 seconds.
MBGP Configuration Commands 665

Description
Using the timer keep-alive hold command, you can configure the Keepalive and
Holdtime timer of BGP. Using the undo timer keep-alive hold command, you
can restore the default value of the Keepalive and Holdtime timer.

Example
Configure the Keep-alive and Hold-time timer as 30 seconds and 60 seconds.
[3Com-bgp] timer keep-alive 30 hold 60

undo synchronization Syntax


undo synchronization

View
BGP view, VPN instance view

Parameter
None

Description
Using the undo synchronization command, you can remove the synchronization
between BGP and IBGP.

Example
[3Com-bgp] undo synchronization

MBGP Configuration In the following command description, BGP unicast view indicates the common
Commands BGP view.

For the specific configuration of MBGP multicast extension, refer to the


"Multicast" module of this manual.

For the specific configuration of VPN instance and VPNv4, refer to "MPLS" module
in this manual.

ipv4-family Syntax
ipv4-family { multicast | vpn-instance vpn-instance-name }
undo ipv4-family [ multicast | vpn-instance vpn-instance-name ]

View
BGP view, VPN instance view

Parameter

multicast: Enters the BGP multicast extended address family view with the
parameter.

vpn-instance vpn-instance-name: Associates the specified VPN instance with the


IPv4 address family. Enter the MBGP address family view of BGP with this
parameter.
666 CHAPTER 6: ROUTING PROTOCOL

Description
Using the ipv4-family command, you can enter IPv4 extended address family
view of BGP. Using the undo ipv4-family command, you can remove all
configurations in extended address family view and return to IPv4 unicast address
view of BGP.
This command is used to enter the IPv4 extended address family view. In this view,
parameters related to the address family can be configured for BGP.
The undo ipv4-family multicast command can exit the multicast extended
address family view, remove all configurations in the address family view and
return to BGP unicast view.
The undo ipv4-family vpn-instance vpn-instance-name command is used to
remove the association between the specified VPN instance and IPv4 address
family and delete all configurations in the address family and return to BGP unicast
view.
The ipv4-family multicast command is used for multicast. For relevant contents,
refer to "MBGP Multicast Extended" chapter in module "Multicast" of this
manual.
The ipv4-family vpn-instance command is used for BGP/MPLS VPN. For related
description, refer to "MPLS VPN" chapter in module "MPLS" module of this
manual.
For the related commands, see ipv4-family vpnv4 and peer enable.

Example
None

ipv4-family vpnv4 Syntax


ipv4-family vpnv4 [ unicast ]
undo ipv4-family vpnv4 [ unicast ]

View
BGP view

Parameter

unicast: Enters VPN-IPv4 unicast address family view with this parameter.

Description
Using the ipv4-family vpnv4 command, you can enter VPNv4 address family
view of BGP. Using the undo ipv4-family vpnv4 command, you can delete all
configurations in VPNv4 address family view and return to IPv4 unicast address
family view of BGP.
The ipv4-family vpnv4 command is used for BGP/MPLS VPN. For related
description, refer to "MPLS VPN" chapter in module "MPLS" of this manual.
The present VRP software platform only supports IPv4 unicast address of VPN.
Execution of the ipv4-family vpnv4 command will enter VPN-IPv4 unicast
address family view even if the unicast parameter is not specified.
For the related commands, see ipv4-family and peer enable.
MBGP Configuration Commands 667

Example
None

peer enable Syntax


peer { group-name | peer-address } enable
undo peer { group-name | peer-address } enable

View
BGP view, VPNv4 view, VPN instance view

Parameter

group-name: Specifies the name of the peer group, which specifies the entire peer
group.

peer-address: IP address of the peer, which specifies a certain peer.

Description
Using the peer enable command, you can enable the specified peer/peer group
and disable it by using undo peer enable command.
By default, the unicast peer/peer group of IPv4 address family is enabled and other
peers/peer groups are disabled.
Using this command, you can enable/disable the routing exchange between the
peers (peer groups).
By default, the peer (group) of IPv4 unicast is enabled. The undo command is used
to disable them. When a connection is used in both unicast and multicast, you can
configure to disable unicast peer to delete unicast connection only.
By default, the peer (group) in other address families is disabled. It cannot
exchange routing information normally until it is enabled.

Example
Configure and enable the specified peer of VPNv4 unicast address family.
[3Com] bgp 100
[3Com-bgp] peer 10.15.0.15 as-number 100
[3Com-bgp] ipv4-family vpnv4 unicast
[3Com-bgp-af-vpn] peer 10.15.0.15 enable

Configure and enable the specified peer of IPv4 multicast address family.

[3Com] bgp 200


[3Com-bgp] peer 20.10.0.1 as-number 200
[3Com-bgp] ipv4-family multicast
[3Com-bgp-af-mul] peer 20.10.0.1 enable
668 CHAPTER 6: ROUTING PROTOCOL

IP Routing Policy
Configuration
Commands

apply as-path Syntax


apply as-path as-number-1 [ as-number-2 [ as-number-3 ... ] ]
undo apply as-path

View
Routing policy view

Parameter

as-number-1... as-number-n: AS number to be added.

Description
Using the apply as-path command, you can specify AS number to be added in
front of the original AS path in route-policy. Using the undo apply as-path
command, you can cancel the AS sequence number added in front of the original
AS path.
By default, no AS number is set.
If the match condition of route-policy is matched, the AS attribute of the
transmitting route will be changed. At least 10 AS numbers can be added.

Example
Add AS 200 in front of the original AS path in route-policy.
[3Com-route-policy] apply as-path 200

apply community Syntax


apply community { { {aa:nn | no-export-sunconfed | no-export | no-advertise} … [
additive ] } | additive | none }
undo apply community

View
Routing policy view

Parameter

aa:nn: Community number.

no-export-subconfed: Not sends the matched route outside AS.

no-advertise: Not sends the matched route to any peer.

no-export: Not passes route through AS but advertise to other sub Ass.

additive: Community attributes of additional routes.

none: Community attributes of deleted routes.


IP Routing Policy Configuration Commands 669

Description
Using the apply community command, you can specify the set BGP community
attribute of route-policy. Using the undo apply community command, you can
cancel the set BGP community attribute.
By default, BGP community attribute is not set.
Configure BGP community attribute after matching the route-policy conditions.
For the related command, see ip community-list, if-match community-list,
route-policy, and display bgp routing-table community.

Example
Display how to configure one route-policy named setcommunity, whose node
serial number is 16 and match mode is permit, and enter route policy view to set
match conditions and attribute modification actions to be executed.
[3Com] route-policy setcommunity permit node 16
[3Com-route-policy] if-match as-path 8
[3Com-route-policy] apply community no-export

apply cost Syntax


apply cost value
undo apply cost

View
Routing policy view

Parameter

value: Specifies the route cost value of route information.

Description
Using the apply cost command, you can set the route cost value of route
information. Using the undo apply cost command, you can cancel the apply
clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply origin, and apply tag.

Example
Display how to define one apply clause. When it is used for setting route
information attribute, it sets the route cost value of route information as 120.
[3Com-route-policy] apply cost 120

apply cost-type Syntax


apply cost-type [ internal | external ]
undo apply cost-type

View
Routing policy view
670 CHAPTER 6: ROUTING PROTOCOL

Parameter

internal: Uses the cost type of IGP as MED value of BGP to advertise route to
EBGP peer.

external: External cost type value of IS-IS.

Description
Using the apply cost-type command, you can set the route cost type of route
information. Using the undo apply cost-type command, you can cancel the
apply clause.
By default, route cost type is not set.

Example
Set the cost type of IGP as MED value of BGP
[3Com-route-policy] apply cost-type internal

apply ip-address Syntax


apply ip-address { ip-address [ ip-address ] | acl acl-number }
undo apply ip-address [ ip-address [ ip-address ] | acl acl-number ]

View
Routing policy view

Parameter

ip-address: Next-hop address. Two next-hop addresses can be specified at most.

acl-number: Specifies the number of the access control list used for filtering,
ranging from 1 to 99

Description
Using the apply ip-address command, you can set the next hop address of route
information. Using the undo apply ip-address command, you can cancel the
apply clause.
By default, no apply clause is defined.
One of the apply clauses of the route-policy: When this command is used for
setting routing information attribute, it sets the next hop address of the packets
passed filtering.
If multiple next hop addresses are set through apply ip-address command, other
next hop addresses will be tried by turn when the first next hop address is invalid.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply local-preference, apply cost, apply origin, and apply tag.

Example
Define an apply clause to set the next hop address of routing information as
193.1.1.8 when it is used for setting routing information attribute.
[3Com-route-policy] apply ip-address 193.1.1.8
IP Routing Policy Configuration Commands 671

apply local-preference Syntax


apply local-preference local-preference
undo apply local-preference

View
Routing policy view

Parameter

local-preference: Newly set local preference.

Description
Using the apply local-preference command, you can apply the local preference
of route information. Using the undo apply local-preference command, you can
cancel the apply clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply origin, and apply tag.

Example
Apply the local preference level of route information as 130 when this apply
clause is used for setting route information attribute.
[3Com-route-policy] apply local-preference 130

apply origin Syntax


apply origin { igp | egp as-number | incomplete }
undo apply origin

View
Routing policy view

Parameter

igp: Sets the BGP route information source as internal route

egp: Sets the BGP route information source as external route

as-number: Specifies AS number of external route.

incomplete: Sets the BGP route information source as unknown source.

Description
Using the apply origin command, you can set the routing source of BGP routing
information. Using the undo apply origin command, you can cancel the apply
clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply cost, and apply tag.
672 CHAPTER 6: ROUTING PROTOCOL

Example
Display how to define one apply clause. When it is used for setting routing
information attribute, it sets the routing source of the routing information as igp.
[3Com-route-policy] apply origin igp

apply tag Syntax


apply tag value
undo apply tag

View
Routing policy view

Parameter

value: Specifies the tag value of route information.

Description
Using the apply tag command, you can set the tag area of OSPF route
information. Using the undo apply tag command, you can cancel the apply
clause.
For the related commands, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy,
apply ip-address, apply local-preference, apply cost, and apply origin.

Example
Display how to define one apply clause. When it is used for setting route
information attribute, it sets the tag area of route information as 100.
[3Com-route-policy] apply tag 100

display ip ip-prefix Syntax


display ip ip-prefix [ ip-prefix-name ]

View
Any view

Parameter

ip-prefix-name: Specifies displayed address prefix list name.

Description
Using the display ip ip-prefix command, you can view the address prefix list.
Display all the configured address prefix lists when no ip-prefix-name is specified.
For the related command, see ip ip-prefix.

Example
Display the information of the address prefix list named p1.
<3Com> display ip ip-prefix p1
ip-prefix p1
index 10: permit 192.168.10.10/16 greater-equal 17 less-equel 18
IP Routing Policy Configuration Commands 673

display route-policy Syntax


display route-policy [ route-policy-name ]

View
Any view

Parameter

route-policy-name: Specifies displayed route-policy name.

Description
Using the display route-policy command, you can view the configured
route-policy
Display all the configured route-policy when no route-policy-name is specified.
For the related command, see route-policy.

Example
Display the information of route-policy named policy1.
<3Com> display route-policy policy1
Route-policy : policy1
Permit 10 : if-match (prefixlist) p1
apply cost 100
matched : 0 denied : 0

filter-policy export Syntax


filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]

View
Routing protocol view

Parameter

acl-number: Number of the access control list used for matching the destination
address field of the routing information.

ip-prefix-name: Address prefix list used for matching the routing information
destination address field.

protocol: Routing information of which kind of route protocol to be filtered.

Description
Using the filter-policy export command, you can configure the filtering
conditions of the routing information advertised by a certain type of routing
protocols. Using the undo filter-policy export command, you can cancel the
filtering conditions set.
By default, the advertised routing information is not filtered.
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. Then, the filter-policy command can be used to set
674 CHAPTER 6: ROUTING PROTOCOL

the filtering conditions for the routing information to be advertised. Only the
routing information passing the filtering can be advertised.
For the related command, see filter-policy import.

Example
Define the filtering rules for advertising the routing information of RIP. Only the
routing information passing the filtering of address prefix list p1 will be advertised
by RIP.
[3Com-rip] filter-policy ip-prefix p1 export

filter-policy import Syntax


filter-policy gateway ip-prefix-name import
undo filter-policy gateway ip-prefix-name import
filter-policy { acl-number | ip-prefix ip-prefix-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name } import

View
Routing protocol view

Parameter

acl-number: Access control list number used for matching the destination address
field of the routing information.

ip-prefix ip-prefix-name: Prefix address list name. Its matching object is the
destination address field of the routing information.

gateway ip-prefix-name: Prefix address list name of the neighbor router address.
Its matching object is the routing information advertised by the specified neighbor
router.

Description
Using the filter-policy gateway import command, you can filter the routing
information advertised by a specified router. Using the undo filter-policy
gateway import command, you can cancel the setting of the filtering condition.
Using the filter-policy import command, you can configure the condition for
filtering the routing information. Using the undo filter-policy import command,
you can cancel the setting of filter condition.
By default, the received routing information is not filtered.
In some cases, it may be required that only the routing information meeting some
conditions can be received. Then, the filter-policy command can be used to set
the filtering conditions. acl-number is the access control list number used for
filtering the destination addresses of the routing information and ip-prefix
parameter is used to filter the routing information specified destination address.
For the related command, see filter-policy export.

Example
Define the filtering rule for receiving routing information of RIP. Only the routing
information filtered through the address prefix list p1 can be received by RIP.
IP Routing Policy Configuration Commands 675

[3Com-rip] filter-policy ip-prefix p1 import

if-match acl Syntax


if-match acl acl-number
undo if-match acl acl-number

View
Routing policy view

Parameter

acl-number: Specifies the number of the access control list used for filtering.

ip-prefix-name: Specifies the name of the prefix address list used for filtering.

Description
Using the if-match acl command, you can configure the IP address range to
match the route-policy. Using the undo if-match acl command, you can cancel
the setting of the match rule.
Filtering is performed by quoting an ACL.
For the related command, see if-match ip-prefix, if-match interface, if-match
ip next-hop, if-match cost, if-match tag, route-policy, apply ip-address,
apply cost, apply local-preference, apply origin, and apply tag.

Example
Display how to define one if-match clause. When the clause is used for filtering
route information, the route information filtered by route destination address
through address ACL 10 is enabled to pass the if-match clause.
[3Com-route-policy] if-match acl 10

if-match as-path Syntax


if-match as-path acl-number
undo if-match as-path

View
Routing policy view

Parameter

acl-number: AS path list number. The range is 1 to 199.

Description
Using the if-match as-path command, you can configure the matched AS path
list number of route-policy. Using the undo if-match as-path command, you can
cancel the matched path list number.
By default, AS path list number is not matched.
This if-match clause of route-policy is used to filter BGP routing information. The
match condition is specified according to the AS path attributes of the routing
information.
676 CHAPTER 6: ROUTING PROTOCOL

Example
Define an as-path numbered as 2 and allow the autonomous system number to
contain the routing information of 200 and 300. Then, define a route-policy
named test. The node No.10 of this route-policy defines a if-match clause, which
quotes the definition of as-path.
[3Com] ip as-path acl 2 permit 200:300
[3Com] route-policy test permit node 10
[3Com-route-policy] if-match as-path 2

if-match community Syntax


if-match community { standard-community-list-number [ whole-match ] |
extended-community-list-number }
undo if-match community

View
Routing policy view

Parameter

standard-community-list-number: Standard community list number, ranging from


1 to 99.

extended-community-list-number: Extended community list number, ranging from


100 to 199.

whole-match: Fully matching, i.e., all the communities must appear.

Description
Using the if-match community command, you can configure the community list
number to be matched in route-policy. Using the undo if-match community
command, you can cancel the configuration of the matched community list
number.
By default, community list is not matched.
The if-match clause of route-policy is used to filter BGP routing information. The
match condition is specified according to the community attributes of the routing
information.
For the related commands, see route-policy and ip community-list.

Example
Define a community-list numbered as 1, and allow the autonomous system
number to contain the routing information of 100 and 200. Then, the
route-policy named test is defined. The node No.10 of the route-policy defines a
if-match clause, which quotes the definition of the community-list.
[3Com] ip community-list 1 permit 100:200
[3Com] route-policy test permit node 10
[3Com-route-policy] if-match community 1

if-match cost Syntax


if-match cost value
undo if-match cost
IP Routing Policy Configuration Commands 677

View
Routing policy view

Parameter

value: Specifies the required route cost value, ranging from 0 to 4294967295.

Description
Using the if-match cost command, you can configure one of the matching rules
of route-policy to match the cost of the routing information. Using the undo
if-match cost command, you can cancel the configuration of the matching rule.
By default, no if-match clause is defined.
This if-match clause of route-policy is used to specify the route cost value of the
matched routing information.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match tag, route-policy, apply ip-address,
apply local-preference, apply cost, apply origin, and apply tag.

Example
Define an if-match clause, which allows the routing information with routing cost
8 to pass this if-match clause.
[3Com-route-policy] if-match cost 8

if-match interface Syntax


if-match interface { interface-name | interface-type interface-number }
undo if-match interface

View
Routing policy view

Parameter

interface-type: Specifies interface type.

interface-number: Specifies interface number.

interface-name: Specifies interface name.

Description
Using the if-match interface command, you can match the route whose next
hop is designated interface. Using the undo if-match interface command, you
can cancel the setting of match condition.
By default, no if-match clause is defined.
This if-match clause of the route-policy is used to match the corresponding
interface of the route next hop when it filters the route.
For the related command, see if-match acl, if-match ip-prefix, if-match ip
next-hop, if-match cost, if-match tag, route-policy, apply ip-address, apply
cost, apply local-preference, apply origin, and apply tag.
678 CHAPTER 6: ROUTING PROTOCOL

Example
Display how to define one if-match clause to match the route whose next hop
interface is ethernet 1/0/2.
[3Com-route-policy] if-match interface Ethernet1/0/2

if-match ip next-hop Syntax


if-match ip next-hop { acl acl-number | ip-prefix ip-prefix-name }
undo if-match ip next-hop [ ip-prefix ]

View
Routing policy view

Parameter

acl-number: Specifies the number of the access control list used for filtering. The
range is 1 to 99.

ip-prefix-name: Specifies the name of the prefix address list used for filtering. The
range is 1 to 19.

Description
Using the if-match ip next-hop command, you can configure one of the match
rules of route-policy on the next hop address of the routing information. Using the
undo if-match ip next-hop command, you can cancel the setting of match
condition.
By default, no if-match clause is defined.
This if-match clause of the route-policy is used to specify the next hop address
field matching the routing information when it filters the routing information and
implement its filtering function by referring to an ACL or address prefix list.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match cost, if-match tag, route-policy, apply ip-address, apply
cost, apply local-preference, apply origin, and apply tag.

Example
Define an if-match clause. It permits the routing information, whose route next
hop address passes the filtering of the prefix address list p1, to pass this if-match
clause.
[3Com-route-policy] if-match ip next-hop ip-prefix p1

if-match ip-prefix Syntax


if-match ip-prefix ip-prefix-name
undo if-match [ ip-prefix ip-prefix-name ]

View
Routing policy view

Parameter

ip-prefix-name: Specifies the name of the prefix address list used for filtering.
IP Routing Policy Configuration Commands 679

Description
Using the if-match ip-prefix command, you can configure one of the match rules
of route-policy on the IP address range of the routing information. Using the undo
if-match ip next-hop command, you can cancel the setting of match condition.
The filtering is achieved through importing an IP address prefix name.
For the related command, see if-match acl, if-match interface, if-match ip
next-hop, if-match cost, if-match tag, route-policy, apply ip-address, apply
cost, apply local-preference, apply origin, and apply tag.

Example
Define an if-match sub-statement in which the IP address prefix list p1 is used in
routing information filtering.
[3Com-route-policy] if-match ip-prefix p1

if-match tag Syntax


if-match tag value
undo if-match tag

View
Routing policy view

Parameter

value: Specifies the required tag value.

Description
Using the if-match tag command, you can match the tag field of OSPF route
information. Using the undo if-match tag command, you can cancel the existing
matching rules.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, route-policy, apply
ip-address, apply cost, apply local-preference, apply origin, and apply tag.

Example
Display how to define one if-match clause and enable the OSPF route information
whose tag field is 8 to pass the if-match clause.
[3Com-route-policy] if-match tag 8

ip ip-prefix Syntax
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } network len [
greater-equal greater-equal | less-equal less-equal ]
undo ip ip-prefix ip-prefix-name [ index index-number | permit | deny ]

View
System view
680 CHAPTER 6: ROUTING PROTOCOL

Parameter

ip-prefix-name: Specifies an address prefix list name. It identifies one address


prefix list uniquely.

index-number: Identifies an item in the prefix address list. The item with smaller
index-number will be tested first.

permit: Specifies the match mode of the defined address prefix list items as
permit mode. In the permit mode, if the IP address to be filtered is in the defined
range, it will not be tested by the next node. Otherwise, it has to go on with the
test.

deny: Specifies the match mode of the defined address prefix list items as deny
mode. In the deny mode, the IP address in the defined range cannot pass the
filtering and is refused to go on with the next test. Otherwise, it will have the next
test.

network: IP address prefix range (IP address). If it is 0.0.0.0 0, all the IP addresses
are matched.

len: IP address prefix range (mask length). If it is 0.0.0.0 0, all the IP addresses are
matched.

greater-equal, less-equal: Specifies the address prefix range [greater-equal,


less-equal] to be matched after the address prefix network len has been matched.
The meaning of greater-equal is "greater than or equal to" , and the meaning of
less-equal is "less than or equal to". The range is len <= greater-equal <=
less-equal <= 32. When only greater-equal is used, it indicates the prefix range
[greater-equal, 32]. When only less-equal is used, it indicates the prefix range [len,
less-equal].

Description
Using the ip ip-prefix command, you can configure an address prefix list or one
of its items. Using the undo ip ip-prefix command, you can delete an address
prefix list or one of its items.
The address prefix list is used for IP address filtering. An address prefix list may
contain several items, and each item specifies one address prefix range. The
inter-item filtering relation is "OR", i.e. passing an item means passing the filtering
of this address prefix list. Not passing the filtering of all items means not passing
the filtering of this prefix address list.
The address prefix range may contain two parts, which are determined by len and
[greater-equal, less-equal] respectively. If the prefix ranges of these two parts are
both specified, the IP to be filtered must match the prefix ranges of these two
parts.
If you specify network len as 0.0.0.0 0, it only matches the default route.
Specify network len as 0.0.0.0 0 less-equal 32 to match all the routes.

Example
Configure an address prefix list named p1. It permits the routes with the mask of
17 or 18 bits long and in network segment 10.0.192.0.8 to pass.
IP Routing Policy Configuration Commands 681

[3Com] ip ip-prefix p1 permit 10.0.192.0 8 greater-equal 17 less-equal 18

route-policy Syntax
route-policy route-policy-name { permit | deny } node { node-number }
undo route-policy route-policy-name [ permit | deny | node node-number ]

View
System view

Parameter

route-policy-name: Specifies the route-policy name to identify one route-policy


uniquely.

permit: Specifies the match mode of the defined route-policy node as permit
mode. If a route matches all the if-match clauses, it is permitted to pass the
filtering and execute the apply clauses of this node. If not, it will take the test of
next node of this route-policy.

deny: Specifies the match mode of the defined route-policy node as deny mode.
When a route matches all the if-match clauses of this node, it will be refused to
pass the filtering and will not take the next test.

node: Node of the route policy.

node-number: Index of the node in the route-policy. When this route-policy is used
for routing information filtering, the node with smaller node-number will be
tested first.

Description
Using the route-policy command, you can create and enter route-policy view.
Using the undo route-policy command, you can cancel the established
route-policy.
By default, no route-policy is defined.
Route-policy is used for route information filtering or route policy. One
route-policy comprises of some nodes and each node comprises of some if-match
and apply clauses. The if-match clause defines the match rules of this node and
the apply clause defines the actions after passing the filtering of this node. The
filtering relationship between the if-match clauses of the node is "and", i.e., all
if-match clauses that meet the node. The filtering relation between route-policy
nodes is "OR", i.e. passing the filtering of one node means passing the filtering of
this route-policy. If the information does not pass the filtering of any nodes, it
cannot pass the filtering of this route-policy.
For the related command, see if-match interface, if-match acl, if-match
ip-prefix, if-match ip next-hop, if-match cost, if-match tag, apply
ip-address, apply local-preference, apply cost, apply origin, and apply tag.

Example
Display how to configure one route-policy policy1, whose node number is 10 and
the match mode is permit, and enter route policy view.
[3Com] route-policy policy1 permit node 10
682 CHAPTER 6: ROUTING PROTOCOL

[3Com-route-policy]

Route Capacity
Configuration
Commands

display memory limit Syntax


dispaly memory limit

View
Any view

Parameter
None

Description
Using the display memory limit command, you can view the memory setting
and state information related to the router capacity.
It includes available memory and state information about connections such as
times for disconnecting connections, times for reestablishing connections and
whether the current system is in the emergent state or not.

Example
Display the current memory setting and state information.
<3Com> display memory limit
Current memory limit configuration information:
memory safety: 30
memory limit: 20
memory auto-establish enabled
Free Memory: 73855332 (Byte)
The state information about connection:
The times of disconnect: 0
The times of reconnect: 0
The current state: Normal
The information displayed by this command includes the router memory limit, the
size of the idle memory, the times of connection disconnecting, the times of
connection reestablishment and the current state.
The displayed information is described specifically in the following table:
Table 5 Description of the information displayed by the display memory limit command

Item Description
memory safety: 30 The safety value of the router memory is 30Mbytes.
memory limit: 20 The lower limit of the router memory is 20Mbytes.
memory auto-establish The system allows recovering the connection automatically. (If the
enabled automatic recover is disabled, the "auto-establish disabled" will
be displayed.)
Free Memory: The size of the current idle memory is 73855332 bytes, that is,
73855332 (Byte) 73.855M.
Route Capacity Configuration Commands 683

Table 5 Description of the information displayed by the display memory limit command

Item Description
The times of The times of the connection disconnecting of the router is 0.
disconnect: 0
The times of The times of the connection re-establishment of the router is 0.
reconnect: 0
The current state: The current state is normal. (If entering the emergent state, the
Normal system will display "Exigency" .)

memory auto-establish Syntax


disable memory auto-establish disable

View
System view

Parameter
None

Description
Using the memory auto-establish disable command, you can disable the
function of restoring the connections of all the routing protocols (even if the idle
memory reduces to a safety value).
By default, when the idle memory of the router recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory
of the router reduces to a lower limit, the connection will be disconnected
forcibly).
Using the memory auto-establish disable command, you can disable the above
function. Thus, connections of all the routing protocols will not recover when the
idle memory of the router recovers to a safety value. In this case, you need to
restart the routing protocol to recover the connections.
You shall use the command cautiously.
For the related commands, see memory auto-establish enable, memory {
safety | limit }, and display memory limit.

Example
Disable to recover the connections of all the protocols automatically when the
current router memory resumes.
[3Com] memory auto-establish disable
[3Com]
%3/13/2003 15:47:2-RM-5-S1-RTLOG:You have changed the model of connection

memory auto-establish Syntax


enable memory auto-establish enable

View
System view
684 CHAPTER 6: ROUTING PROTOCOL

Parameter
None

Description

Using the memory auto-establish enable command, you can resume


connections of all the routing protocols when the idle memory of the router
recovers to a safety value.

By default, when the idle memory of the router recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory
of the router reduces to a lower limit, the connection will be disconnected
forcibly).

Using the memory auto-establish disable command, you can disable the above
function. Using the memory auto-establish enable command, you can enable
the above function again. By default, the function is always enabled.

For the related command, see memory auto-establish disable, memory {


safety | limit }, and display memory limit.

Example
Enable memory resume of the current router and recover connections of all the
protocols automatically.
[3Com] memory auto-establish enable
[3Com]
%3/13/2003 15:48:2-RM-5-S1-RTLOG:You have changed the model of connection

memory limit Syntax


memory limit limit-value
undo memory limit

View
System view

Parameter

limit-value: Lower limit of the router idle memory, in the unit of Mbytes. Its value
range depends on the idle memory of the current router. The default value is
20Mbytes.

Description
Using the memory limit command, you can configure the lower limit of the
router idle memory. When the idle memory of the router is less than this limit, all
the routing protocol connections will be disconnected forcibly. Using the undo
memory limit command, you can configure the safety value and the lower limit
of the router idle memory to the default configuration.
The limit-value in the command must be less than the current idle memory safety
value, and otherwise the configuration will fail.
Route Capacity Configuration Commands 685

This command can be used with memory safety command to change the safety
value and lower limit of the router idle memory. The safety-value must be more
than the limit-value in the command, and otherwise the configuration will fail.
For the related commands, see memory auto-establish disable, memory
auto-establish enable, memory safety, and display memory limit.

Example
Set the lower limit of the router idle memory to 25Mbytes.
[3Com] memory limit 25
[3Com]
%8/19/2002 16:35:41-RM-5-RTLOG:You have changed the memory limit/safety value

Set the lower limit of the router idle memory to 25Mbytes and the safety value to
30Mbytes.

[3Com] memory safety 35 limit 25


[3Com]
%8/19/1995 15:45:58-RM-5-RTLOG:Changed the system memory limit(20->25)/ safety(30->35)
successfully

memory safety Syntax


memory safety safety-value
undo memory safety

View
System view

Parameter

safety-value: Safety value of the router idle memory, in the unit of Mbytes. Its
value range depends on the idle memory of the active router. The default value is
30Mbytes.

Description
Using the memory safety command, you can configure the safety value of the
router idle memory. Using the undo memory safety command, you can
configure the safety value and the lower limit of the router idle memory to the
default configuration.
The safety-value in the command must be more than the current idle memory
lower limit, and otherwise the configuration will fail.
This command can be used with memory limit command to change the safety
value and lower limit of the router idle memory. The safety-value must be more
than the limit-value in the command, and otherwise the configuration will fail.
For the related commands, see memory auto-establish disable, memory
auto-establish enable, memory limit, and display memory limit.

Example
Set the safety value of the router to 35Mbytes.
[3Com] memory safety 35
[3Com]
686 CHAPTER 6: ROUTING PROTOCOL

%8/19/2002 16:35:41-RM-5-RTLOG:You have changed the memory limit/safety value

Set the lower limit of the router idle memory to 25Mbytes and the safety value to
30Mbytes.

[3Com] memory safety 35 limit 25


[3Com3Com]
%8/19/1995 15:45:58-RM-5-RTLOG:Changed the system memory limit(20->25)/ safety(30->35)
successfully
Multicast Common Configuration
7 Commands

This chapter covers the following commands:


■ Multicast Common Configuration Commands
■ IGMP Configuration Commands
■ PIM Configuration Commands
■ MSDP Configuration Commands
■ MBGP Multicast Extension Configuration Commands
■ Multicast Static Route Configuration Commands

Multicast Common
Configuration
Commands

debugging multicast Syntax


forwarding debugging multicast forwarding

undo debugging multicast forwarding

View
User view

Parameter
None

Description
Using the debugging multicast forwarding command, you can enable
multicast packet forwarding debugging functions. Using the undo debugging
multicast forwarding command, you can disable the debugging functions.

By default, the debugging function is disabled.

Example
Enable multicast packet forwarding debugging functions.
<3Com> debugging multicast forwarding

debugging multicast Syntax


kernel-routing debugging multicast kernel-routing

undo debugging multicast kernel-routing


688 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

View
User view

Parameter
None

Description
Using the debugging multicast kernel-routing command, you can enable
multicast kernel routing debugging functions. Using the undo debugging
multicast kernel-routing command, you can disable the debugging functions.

By default, the multicast kernel routing debugging function is disabled.

Example
Enable multicast kernel routing debugging functions.
<3Com> debugging multicast kernel-routing

debugging multicast Syntax


status-forwarding
debugging multicast status-forwarding

undo debugging multicast status-forwarding

View
User view

Parameter
None

Description
Using the debugging multicast status-forwarding command, you can enable
multicast forwarding status debugging functions. Using the undo debugging
multicast status-forwarding command, you can disable the debugging
functions.

By default, the multicast status debugging function is disabled.

Example
Enable multicast forwarding status debugging functions.
<3Com> debugging multicast status-forwarding

display multicast Syntax


forwarding-table
display multicast forwarding-table [ group-address [ mask { mask | mask-length } ] |
source-address [ mask { mask | mask-length } ] | incoming-interface { interface-type
interface-number | register } ] *

View
Any view
Multicast Common Configuration Commands 689

Parameter
group-address: Multicast group address, used to specify a multicast group,
ranging from 224.0.0.0 to 239.255.255.255.

mask: Mask.

mask-length: Length of mask. Because “1”s in 32-bit mask are required to be


continuous, the mask in dotted decimal notation format can be replaced by
mask-length (mask-length is the number of continuous “1”s in the mask).

source-address: Unicast IP address of the multicast source.

incoming-interface: Incoming interface of the multicast forwarding entry.

register: Register interface of PIM-SM.

Description
Using the display multicast forwarding-table command, you can view the
information of multicast forwarding table.

Source-address and group-address of multicast forwarding table are displayed in


hexadecimal notation format and its incoming and outgoing port numbers are
displayed by virtual port number. This information can be viewed via display pim
interface command.

For the related command, see display multicast routing-table.

Example
Display the multicast forwarding table information.
<3Com> display multicast forwarding-table

display multicast Syntax


routing-table
display multicast routing-table [ group-address [ mask { mask | mask-length } ] |
source-address [ mask { mask | mask-length } ] | incoming-interface { interface-type
interface-number | register } ]*

View
Any view

Parameter
group-address: Multicast group address, used to specify a multicast group and
display the corresponding routing table information of the group. The value
ranges from 224.0.0.0 to 239.255.255.255.
source-address: Unicast IP address of the multicast source.
mask: Mask.
mask-length: Length of mask. Because “1” in 32-bit mask is required to be
continuous, the mask in dotted decimal notation format can be replaced by
mask-length (mask-length is the number of continuous “1”s in the mask).
incoming-interface: Incoming interface of the multicast route entry.
register: Register interface of PIM-SM.
690 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

Description
Using the display multicast routing-table command, you can view the
information of an IP multicast routing table.

This command displays the multicast routing table information, while the display
multicast forwarding-table command displays the multicast forwarding table
information.

The entry (S, G) in the multicast routing table, i.e., (multicast source, multicast
group) acts as the independent entry in the table. Each entry has an unique
Upstream, indicating the interface through which RPF goes to the multicast
source. Each entry also has a Downstream List indicating which interfaces need
multicast forwarding. The related information about (S, G) includes:
■ proto - The multicast protocol number which possesses the (S, G) (in
hexadecimal notation format).
■ Flags - All kinds of flags, such as RPT 0x1, WC 0x2, SPT 0x4, NEG CACHE
0x8 and JOIN SUPP 0x10. All the flags are marked by binary “bit”. In which,
RPT indicates the (S, G) is in the shared tree status. WC is the abbreviation
of wildcard. SPT indicates the shortest path tree. NEG CACHE indicates the
cache record that the downstream interface list is null. JOIN SUPP indicates
the prune suppression status.

Example
Display the corresponding route entry information of multicast group in the
multicast routing table.
<3Com> display multicast routing-table
Multicast Routing Table
Total 1 entry
(10.10.1.2, 225.1.1.1)
UpTime: 00:01:28, Timeout in 278 sec
Upstream interface: Ethernet0/0/0(10.10.1.20)
Downstream interface list:
LoopBack0(20.20.20.30), Protocol 0x1: IGMP

display multicast Syntax


routing-table static
display multicast routing-table static [ config ] [ source-address [ mask | mask-length ] ]

View
Any view

Parameter
config: When this parameter is chosen, all the routing information configured will
be displayed. If this parameter is not chosen, only effective routing information is
displayed.

source-address: IP address of the multicast source.

mask: Mask.
Multicast Common Configuration Commands 691

mask-length: Length of mask. Because “1”s in 32-bit mask are required to be


continuous, the mask in dotted decimal notation format can be replaced by
mask-length (mask-length is the number of continuous “1”s in the mask).

Description
Using the display multicast routing-table static command, you can view the
configuration information of a static multicast route.

Example
Display the configuration information of static multicast route.
<3Com>display multicast routing-table static
100.10.0.0/16
RPF interface = 10.10.1.20(Ethernet0/0/0), RPF neighbor = 10.10.1.20
Matched routing protocol = <none>, route-policy = <none>, preference = 1
Running config = ip rpf-route-static 100.10.0.0 16 Ethernet0/0/0 preference 1

display multicast Syntax


rpf-info display multicast rpf-info source-address

View
Any view

Parameter
source-address: IP address of the multicast source.

Description
Using the display multicast rpf-info command, you can view the Reverse Path
Forwarding (RPF) routing information for specified a multicast source.

Example
Display all the RPF routing information.
<3Com> display multicast rpf-info 192.193.194.192
Multicast source's RPF route information about 192.193.194.192
RPF interface: InLoopBack0, RPF neighbor: 127.0.0.1
Referenced route/mask: 192.193.194.192/32
Referenced route type: unicast (DIRECT)
RPF-route selecting rule: preference-preferred

mtracert Syntax
mtracert { source-address } [ last-hop-address ] [ group-address ]

View
Any view

Parameter
source-address: Address of the multicast source.

last-hop-address: Unicast address, which is the starting address of path tracing.


This address must be an interface address of a hop router. By default, it is a
physical interface address of the local router.
692 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

group-address: Address of multicast group. By default, the value is 0.0.0.0.

Description
Using the mtracert command, you can trace the network path from the multicast
source to the destination receiver along the Multicast Distribution Tree according
to either the multicast kernel routing table or the RPF rule to the source. This
command can help to locate the faults, such as information loss and configuration
error.

The trace mode to the group address of 0.0.0.0 is called weak trace mode.

Example
Trace the path reversely from the local hop router 18.110.0.1 to the multicast source 10.10.1.2
in weak trace mode.
<3Com> mtracert 10.10.1.2
Type Ctrl+C to abort
Mtrace from 10.10.1.2 to 18.110.0.1 via RPF
Querying full reverse path...
-1 18.110.0.1
Incoming Interface Address: 18.110.0.1
Previous-Hop Router Address: 18.110.0.2
Input packet count on incoming interface: 0
Output packet count on outgoing interface: 0
Total number of packets for this source-group pair: 0
Protocol: PIM
Forwarding TTL: 0
Forwarding Code: No error
-2 18.110.0.2
Incoming Interface Address: 11.110.0.2
Previous-Hop Router Address: 11.110.0.4
Input packet count on incoming interface: 0
Output packet count on outgoing interface: 0
Total number of packets for this source-group pair: 0
Protocol: PIM
Forwarding TTL: 0
Forwarding Code: No error
-3 11.110.0.4
Incoming Interface Address: 10.10.1.3
Previous-Hop Router Address: 0.0.0.0
Input packet count on incoming interface: 0
Output packet count on outgoing interface: 0
Total number of packets for this source-group pair: 0
Protocol: PIM
Forwarding TTL: 0
Forwarding Code: No error

Trace reversely the path information of multicast group 225.1.1.1 from the
multicast source 10.10.1.3 to the destination address 12.110.0.2.

<3Com>mtracert 10.10.1.3 12.110.0.2 225.1.1.1


Type Ctrl+C to abort
Mtrace from 10.10.1.3 to 12.110.0.2 via group 225.1.1.1
Querying full reverse path...
-1 12.110.0.2
Incoming Interface Address: 11.110.0.2
Previous-Hop Router Address: 11.110.0.4
Multicast Common Configuration Commands 693

Input packet count on incoming interface: 316


Output packet count on outgoing interface: 135
Total number of packets for this source-group pair: 4
Protocol: PIM
Forwarding TTL: 0
Forwarding Code: No error
-2 11.110.0.4
Incoming Interface Address: 127.0.0.5
Previous-Hop Router Address: 0.0.0.0
Input packet count on incoming interface: 0
Output packet count on outgoing interface: 0
Total number of packets for this source-group pair: 4
Protocol: Unknown
Forwarding TTL: 0
Forwarding Code: No error

multicast minimum-ttl Syntax


multicast minimum-ttl ttl-value

undo multicast minimum-ttl

View
Interface view

Parameter
ttl-value: The minimum TTL value, ranging from 0 to 255.

Description
Using the multicast minimum-ttl command, you can configure the minimum TTL
value for multicast forwarding. Using the undo multicast minimum-ttl
command, you can remove the minimum TTL value configured.

By default, no minimum TTL value for multicast forwarding is configured.

Example
Configure the minimum TTL value for multicast forwarding to 8.
<3Com-Ethernet1/0/1] multicast minimum-ttl 8

multicast Syntax
packet-boundary multicast packet-boundary acl-number

undo multicast packet-boundary

View
Interface view

Parameter
acl-number: Number of basic or advanced ACL, ranging from 1 to 199.
694 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

Description
Using the multicast packet-boundary command, you can configure a multicast
forwarding boundary. Using the undo multicast packet-boundary command,
you can remove the multicast forwarding boundary configured.

By default, no multicast forwarding boundary is configured.

You can set boundary conditions for multicast packets on an interface via basic or
advanced Access Control List (ACL). Packets denied by the ACL will be discarded.
The source address of a multicast packet can be filtered through the basic ACL.
Both the source address and the destination address (source group address) of a
multicast packet can be filtered through the advanced ACL.

Example
Set boundary conditions for multicast packets through the basic ACL 1.
<3Com-Ethernet1/0/1] multicast packet-boundary 1

multicast route-limit Syntax


multicast route-limit limit

View
System view

Parameter
limit: Limit of multicast routing table capacity, ranging from 0 to
MAX_MROUTE_LIMIT. In which, MAX_MROUTE_LIMIT differs with the different
router types.

Description
Using the multicast route-limit command, you can limit the multicast routing
table capacity. If the capacity exceeds the limit, the router will discard protocols
and data packets of the newly-added (S, G).

By default, the limit of multicast routing table capacity is MAX_MROUTE_LIMIT.

If the number of route entries in the routing table has exceeded the configured
number when configuring the command, the previous route entry in the routing
table will not be deleted. The system will prompt “The number of current route
entries is more than that configured.”

If this command is executed repeatedly, the new configuration will overwrite the
previous one.

Example
Limit the multicast routing table capacity to 1000.
<3Com] multicast route-limit 1000

multicast routing-enable Syntax


multicast routing-enable

undo multicast routing-enable


Multicast Common Configuration Commands 695

View
System view

Parameter
None

Description
Using the multicast routing-enable command, you can enable IP multicast
routing. Using the undo multicast routing-enable command, you can disable IP
multicast routing.

By default, IP multicast routing is disabled.

The system will not forward any multicast packet when IP multicast routing is
disabled.

For the related commands, see pim dm and pim sm.

Example
Enable IP multicast routing.
<3Com> system-view
<3Com] multicast routing-enable

reset multicast Syntax


forwarding-table reset multicast forwarding-table [ statistics ] { all | { group-address [ mask { group-mask
| group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ] |
{ incoming-interface interface-type interface-number } | { slot slot-number } } * }

View
User view

Parameter
statistics: If this parameter is used, the statistics of MFC forwarding entries will be
cleared. Otherwise, the MFC forwarding entries will be cleared.

all: All the MFC forwarding entries.

group-address: Address of the specified group.

group-mask: Address mask of the specified group.

group-mask-length: Address mask length of the specified group.

source-address: Address of the specified source.

source-mask: Address mask of the specified source.

source-mask-length: Address mask length of the specified source.

incoming-interface: Incoming interface of the specified forwarding entry.

interface-type interface-number: Interface type and interface number.


696 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

slot-number: Number of the slot where the interface board resides. This parameter
is only present in the distributed router.

Description
Using the reset multicast forwarding-table command, you can clear MFC
forwarding entries or the statistics of MFC forwarding entries.

The sequence of group-address and source-address can be reversed, but the input
group-address and source-address must be valid. Otherwise, the system will
prompt input error.

For the related commands, see reset pim routing-table, reset multicast
routing-table, and display multicast forwarding-table.

Example
Clear the forwarding entry whose group address is 225.5.4.3 from the MFC
forwarding table.
<3Com> reset multicast forwarding-table 225.5.4.3

Clear the statistics of the forwarding entry whose group address is 225.5.4.3 from
MFC forwarding table.

<3Com> reset multicast forwarding-table statistics 225.5.4.3

reset multicast Syntax


routing-table reset multicast routing-table { all | { group-address [ mask { group-mask |
group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ] | {
incoming-interface interface-type interface-number } } * }

View
User view

Parameter
all: All the route entries in multicast kernel routing table.

group-address: Address of the specified group.

group-mask: Address mask of the specified group.

group-mask-length: Address mask length of the specified group.

source-address: Address of the specified source.

source-mask: Address mask of the specified source.

source-mask-length: Address mask length of multicast source.

incoming-interface: Incoming interface of the specified route entry.

interface-type interface-number: Interface type and interface number.


IGMP Configuration Commands 697

Description
Using the reset multicast routing-table command, you can clear the route entry
in the multicast kernel routing table and remove the corresponding forwarding
entry in MFC.

The sequence of group-address and source-address can be reversed, but the input
group-address and source-address must be valid. Otherwise, the system will
prompt input error.

For the related commands, see reset pim routing-table, reset multicast
forwarding-table. and display multicast forwarding-table.

Example
Clear the route entry whose group address is 225.5.4.3 from the multicast kernel
routing table.
<3Com> reset multicast routing-table 225.5.4.3

IGMP Configuration
Commands

debugging igmp Syntax


debugging igmp { all | event | host | packet | timer }

undo debugging igmp { all | event | host | packet | timer }

View
User view

Parameter
all: All the debugging information of IGMP.

event: Debugging information of IGMP event.

host: Debugging information of IGMP host.

packet: Debugging information of IGMP packets.

timer: Debugging information of IGMP timers.

Description
Using the debugging igmp command, you can enable IGMP debugging
functions. Using the undo debugging igmp command, you can disable the
debugging functions.

By default, IGMP debugging functions are disabled.

Example
Enable all IGMP debugging functions
<3Com> debugging igmp all
698 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

display igmp group Syntax


display igmp group [ group-address | interface interface-type interface-number | local ]

View
Any view

Parameter
group-address: Multicast group address.

interface-type interface-number: Interface type and interface number of the


router, used to specify the interface.

local: Information of the local interface which receives and sends multicast data.

Description
Using the display igmp group command, you can view the member information
of the IGMP multicast group.

You can view the information of a group, or the member information of the
multicast group, on an interface. The information displayed includes the multicast
groups joined through IGMP, and those joined statically through command lines by
the downstream host.

For the related command, see igmp host-join.

Example
Display the member information of the directly connected sub-network.
<3Com> display igmp group
LoopBack0 (20.20.20.20): Total 3 IGMP Groups reported:
Group Address Last Reporter Uptime Expires
225.1.1.1 20.20.20.20 00:02:04 00:01:15
225.1.1.3 20.20.20.20 00:02:04 00:01:15
225.1.1.2 20.20.20.20 00:02:04 00:01:17
Table 1 Description of Output Information of Display IP IGRMP Group Command

Item Description
Group address Multicast group address
Last Reporter Report the last host which becomes the multicast group member
Uptime The time since the multicast group is found (hour, minute, second)
Expires The predicted time when the record will be removed from the
IGMP group table (hour, minute, second)

display igmp interface Syntax


display igmp interface [ interface-type interface-number ]

View
Any view
IGMP Configuration Commands 699

Parameter
interface-type interface-number: Interface type and interface number of the
router, used to specify the interface. If the parameters are not specified,
information about all the interfaces running IGMP will be displayed.

Description
Using the display igmp interface command, you can view the IGMP
configuration, and running information on an interface.

The information displayed through display igmp interface will be different


according to the configuration of IGMP proxy on an interface.

■ If the interface is neither a proxy nor a client, the configuration of IGMP


Proxy will not be displayed.
■ If the interface is a proxy, all the clients will be displayed.
■ If the interface is a client, the proxy will be displayed.

Example
Display the IGMP configuration and running information on an interface.
<3Com> display igmp interface
Ethernet0/0/0 (10.10.1.20):
IGMP is enabled
Current IGMP version is 2
Value of query interval for IGMP(in seconds): 60
Value of other querier time out for IGMP(in seconds): 120
Value of maximum query response time for IGMP(in seconds): 10
Policy to accept IGMP reports: none
Querier for IGMP: 10.10.1.10
Total 2 IGMP groups reported
LoopBack0 (20.20.20.30):
IGMP is enabled
Current IGMP version is 2
Value of query interval for IGMP(in seconds): 60
Value of other querier time out for IGMP(in seconds): 120
Value of maximum query response time for IGMP(in seconds): 10
Policy to accept IGMP reports: none
Querier for IGMP: 20.20.20.30 (this router)
No IGMP group reported

display igmp local Syntax


display igmp local

View
Any view

Parameter
local: Information of the local interface which receives and sends multicast data.

Description
Using the display igmp local command, you can view the IGMP configuration
and running information of the local interface, which receives and sends multicast
data.
700 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

Example
Display the IGMP configuration and running information of the local interface
which receives and sends multicast data.
<3Com> display igmp local
Mcast_Out_IF (127.0.0.6):
IGMP is enabled on interface
Current IGMP version is 2
No IGMP group reported
Mcast_In_IF (127.0.0.5):
IGMP is disabled on interface

igmp enable Syntax


igmp enable

undo igmp enable

View
Interface view

Parameter
None

Description
Using the igmp enable command, you can enable IGMP on an interface. Using
the undo igmp enable command, you can disable IGMP on an interface.

By default, IGMP is disabled on an interface.

Only after multicast is enabled can this command take effect. After this command
is configured, the configuration of other attributes of IGMP can be performed.

For the related command, see multicast routing-enable.

Example
Enable IGMP on the interface Ethernet0/0/0.
<3Com-Ethernet0/0/0] igmp enable

igmp group-limit Syntax


igmp group-limit limit

undo igmp group-limit

View
Interface view

Parameter
limit: Number of IGMP groups, ranging from 0 to MAX_IF_IGMP_GROUP_LIMIT.
The value of MAX_IF_IGMP_GROUP_LIMIT on routers is MAX_MROUTE_LIMIT,
which differs with the different router types.
IGMP Configuration Commands 701

Description
Using the igmp group-limit command, you can limit the number of IGMP groups
joined on the interface. If the number exceeds the limit, the router will not process
the joined IGMP packet any more. Using the undo igmp group-limit command,
you can restore the default configuration.

By default, the maximum number of IGMP groups joined on the interface is 1024.

If the number of IGMP groups joined on the interface has exceeded the
configuration value during configuration, the previously joined IGMP groups will
not be deleted.

If this command is executed repeatedly, the new configuration will overwrite the
previous one.

Example
Limit the maximum number of IGMP groups joined on the interface Ethernet1/0/0
to 100.
<3Com-Ethernet1/0/0] igmp group-limit 100

igmp group-policy Syntax


igmp group-policy acl-number [ 1 | 2 ]

undo igmp group-policy

View
Interface view

Parameter
acl-number: Number of basic IP ACL, defining the range of a multicast group. The
value ranges from 1 to 99.

1: IGMP Version 1.

2: IGMP Version 2. If IGMP version is not specified, IGMP Version 2 is used by


default.

Description
Using the igmp group-policy command, you can set the filter of multicast groups
on an interface to control the accessing to the IP multicast groups. Using the undo
igmp group-policy command, you can remove the filter configured.

By default, no filter is configured, that is, a host can join any multicast group.

If you do not want the hosts on the network, that the interface is on, to join some
multicast groups and receive the packets from the multicast groups, you can use
this command to limit the range of the multicast groups served by the interface.

For the related command, see igmp host-join.


702 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

Example
Permit the hosts on the interface Ethernet1/0/0 to join multicast group 225.1.1.1
only.
<3Com] acl number 5
<3Com-acl-basci-5] rule permit source 225.1.1.1 0
<3Com-acl-basci-5] quit
<3Com] interface ethernet 1/0/0
<3Com-Ethernet1/0/0] igmp group-policy 5

igmp host-join Syntax


igmp host-join group-address

undo igmp host-join group-address

View
Interface view

Parameter
group-address: Multicast address of the multicast group that an interface will join.

Description
Using the igmp host-join command, you can enable an interface of a router to
join a multicast group. Using the undo igmp host-join command, you can
disable the configuration.

By default, an interface does not join any multicast group.

On one router, up to 1024 interfaces can be configured with igmp host-join


command at best.

For the related command, see igmp group-policy.

Example
Configure Ethernet1/0/0 to join the multicast group 255.0.0.1.
<3Com-Ethernet1/0/0] igmp host-join 225.0.0.1

igmp Syntax
lastmember-queryinterv igmp lastmember-queryinterval seconds
al
undo igmp lastmember-queryinterval

View
Interface view

Parameter
seconds: Interval at which IGMP querier sends the IGMP specified group query
packet when it receives IGMP Leave packet from the host, in second. The value
ranges from 1 to 5 seconds. By default, the value is 1 second.
IGMP Configuration Commands 703

Description
Using the igmp lastmember-queryinterval command, you can set the interval
at which IGMP querier sends the IGMP specified group query packet when it
receives IGMP Leave packet from the host. Using the undo igmp
lastmember-queryinterval command, you can restore the default value.

On a shared network, that is, when there are multiple hosts and multicast routers
on a network segment, the query router (querier for short) takes charge of
maintaining IGMP group membership on an interface. When the host in IGMP
Version 2 leaves a group, the host should send IGMP Leave packet. If IGMP querier
receives the packet, it must send the IGMP specified group query packet for
robust-value times according to the interval seconds configured via igmp
lastmember-queryinterval command (if the command is not configured, seconds is
1) and the robust coefficient robust-value configured via igmp robust-count (if the
command is not configured, robust-value is 2). If another host receives the IGMP
specified group query packet from IGMP querier and is interested in the group, it
will send IGMP Membership Report packet within the maximum response time
regulated by the packet. If IGMP querier receives IGMP Membership Report packet
from another host within the time robust-value x seconds, it will go on
maintaining the group membership. If not, it will regard the group is timeout and
stop maintaining the group membership.

The command is only valid when IGMP query router is running in IGMP Version 2.
If the host runs in IGMP Version 1, it may not send IGMP Leave packet when it
leaves a group. At that time, the command is invalid to the host.

For the related commands, see igmp robust-count and display igmp interface.

Example
Configure the query interval of the querier for the last group member on the
interface Ethernet1/0/0 to 3 seconds.
<3Com-Ethernet1/0/0] igmp lastmember-queryinterval 3

igmp max-response-time Syntax


igmp max-response-time seconds

undo igmp max-response-time

View
Interface view

Parameter
seconds: The maximum response time in the IGMP query packet in second,
ranging from 1 to 25. By default, the value is 10 seconds.

Description
Using the igmp max-response-time command, you can configure the maximum
response time contained in the IGMP query packet. Using the undo igmp
max-response-time command, you can restore the default value.

The maximum query response time determines the period for a router to quickly
detect that there are no more directly connected group members in a LAN.
704 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

For the related command, see display igmp group.

Example
Configure the maximum response time to 8 seconds.
<3Com-Ethernet1/0/0] igmp max-response-time 8

igmp proxy Syntax


igmp proxy interface-type interface-number

undo igmp proxy

View
Interface view

Parameter
interface-type: Proxy interface type.

interface-number: Proxy interface number.

Description
Using the igmp proxy command, you can specify an interface of a leaf network
router as the IGMP proxy of another interface. Using the undo igmp proxy
command, you can remove the configuration.

By default, IGMP proxy function is disabled.

An interface cannot act as the IGMP proxy of two or more other interfaces at the
same time.

If an interface is configured with IGMP proxy multiple times, the last one overrides
all the previous configurations.

For the related command, see pim neighbor-policy.

Example
Configure the IGMP proxy of router Ethernet0/0/0 to Ethernet1/0/0.
<3Com-Ethernet0/0/0] igmp proxy ethernet 1/0/0

igmp robust-count Syntax


igmp robust-count robust-value

undo igmp robust-count

View
Interface view

Parameter
robust-value: IGMP robust coefficient, indicating the times IGMP querier sends the
IGMP specified group query packet when it receives IGMP Leave packet from the
host. The value ranges from 2 to 5. By default, the value is 2.
IGMP Configuration Commands 705

Description
Using the igmp robust-count command, you can set the times IGMP querier
sends the IGMP specified group query packet when it receives IGMP Leave packet
from the host. Using the undo igmp robust-count command, you can restore
the default value.

On a shared network, with multiple hosts and multicast routers on a network


segment, the query router (querier for short) takes charge of maintaining IGMP
group membership on an interface. When the host in IGMP Version 2 leaves a
group, the host should send an IGMP Leave packet. If IGMP querier receives the
packet, it must send the IGMP specified group query packet for robust-value times
according to the interval seconds configured via igmp
lastmember-queryinterval command (if the command is not configured,
seconds is 1) and the robust coefficient robust-value configured via igmp
robust-count (if the command is not configured, robust-value is 2).

If another host receives the IGMP specified group query packet from IGMP querier
and is interested in the group, it will send IGMP Membership Report packet within
the maximum response time regulated by the packet. If IGMP querier receives
IGMP Membership Report packet from another host within the time robust-value x
seconds, it will go on maintaining the group membership. If not, it will regard the
group as overtime and stop maintaining the group membership.

The command is only valid when IGMP query router is running in IGMP Version 2.
If the host runs in IGMP Version 1, it may not send IGMP Leave packet when it
leaves a group. At that time, the command is invalid to the host.

For the related commands, see igmp lastmember-queryinterval and display


igmp interface.

Example
Configure the robust-value of querier on the interface Ethernet1/0/0 to 3.
<3Com-Ethernet1/0/0] igmp robust-count 3

igmp timer Syntax


other-querier-present igmp timer other-querier-present seconds

undo igmp timer other-querier-present

View
Interface view

Parameter
seconds: IGMP querier present time, in second. The value ranges from 60 to 300
seconds. By default, the value is twice of IGMP query messages interval. It is 120
seconds in general.

Description
Using the igmp timer other-querier-present command, you can configure the
overtime value of the presence of an IGMP querier. Using the undo igmp timer
other-querier-present command, you can restore the default value.
706 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

On a shared network, i.e., there are multiple multicast routers on the same
network segment, the query router (querier for short) takes charge of sending
query messages periodically on the interface. If other non-queriers receive no
query messages within the valid period, the router will consider the previous query
to be invalid and the router itself becomes a querier.

In IGMP Version 1, the selection of a querier is determined by the multicast routing


protocol. In IGMP Version 2, the router with the lowest IP address on the shared
network segment acts as the querier.

For the related commands, see igmp timer query and display igmp interface.

CAUTION: If the querier present time configured is less than the twice of query
interval, it may lead to the repeated changes of queriers in the network.

Example
Configure the querier present time on the interface Ethernet1/0/0 to 200 seconds.
<3Com-Ethernet1/0/0] igmp timer other-querier-present 200

igmp timer query Syntax


igmp timer query seconds

undo igmp timer query

View
Interface view

Parameter
seconds: Interval at which the router sends the IGMP query messages, in second. It
ranges from 1 to 18000. By default, the value is 60 seconds.

Description
Using the igmp timer query command, you can configure the interval at which a
router interface sends IGMP query messages. Using the undo igmp timer query
command, you can restore the default value.

A multicast router sends IGMP query messages at intervals to find out whether
there are multicast group members on the network. The query interval can be
modified according to the practical conditions of the network.

For the related command, see igmp timer other-querier-present.

Example
Configure the interval at which multicast router Ethernet1/0/0 sends IGMP query
packet to 125 seconds.
<3Com-Ethernet1/0/0] igmp timer query 125

igmp version Syntax


igmp version { 1 | 2 }

undo igmp version


IGMP Configuration Commands 707

View
Interface view

Parameter
1: IGMP Version 1.

2: IGMP Version 2. By default, IGMP Version 2 is used.

Description
Using the igmp version command, you can specify the version of IGMP that a
router uses. Using the undo igmp version command, you can restore the default
value.

All systems running in the same sub-network must support the same version of
IGMP. When a router finds the system of Version 1, it cannot switch to Version 1
by itself.

Example
Specify Ethernet1/0/0 to use IGMP Version 1.
<3Com-Ethernet1/0/0] igmp version 1

reset igmp group Syntax


reset igmp group { all | interface interface-type interface-number { all | group-address [
group-mask ] } }

View
User view

Parameter
all: All IGMP groups.

interface interface-type interface-number: Interface type and interface number.

group-address: IGMP group address.

group-mask: Network segment mask of group address.

Description
Using the reset igmp group command, you can delete the IGMP group joined on
the interface. The deletion of the group does not affect its joining again.

Example
Delete all the IGMP groups on all interfaces.
<3Com> reset igmp group all

Delete all the IGMP groups on the interface Ethernet0/0/0.

<3Com> reset igmp group interface ethernet0/0/0 all

Delete the group 225.0.0.1 on the interface Ethernet0/0/0.


708 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

<3Com> reset igmp group interface ethernet0/0/0 225.0.0.1

Delete the IGMP groups ranging between the network segment 225.1.1.0 and
225.1.1.255 on the interface Ethernet0/0/0.

<3Com> reset igmp group interface ethernet0/0/0 225.1.1.0 255.255.255.0

PIM Configuration
Commands

bsr-policy Syntax
bsr-policy acl-number

undo bsr-policy

View
PIM view

Parameter
acl-number: ACL number used by BSR filter policy , ranging from 1 to 99.

Description
Using the bsr-policy command, you can restrict the range for valid BSR so as to
prevent BSR spoofing. Using the undo bsr-policy command, you can restore the
normal state without any range restriction, and all the messages received will be
considered valid.

In PIM SM network which uses BSR mechanism, any router can set itself as C-BSR
and will take charge of advertising BP information in the network, if it succeeds in
competition. To prevent the valid BSR in the network from being replaced, the
following two measures should be taken:
■ Change RP mapping relationship to prevent the host from spoofing the
router by counterfeiting valid BSR packet. BSR packet is multicast packet
with TTL of 1, so this kind of attack usually takes place on the edge router.
BSR is in the internal network and the host is in the external network,
therefore, performing neighbor check and RPF check to BSR packet can
prevent this kind of attack.
■ If a router in the network is controlled by an attacker or an illegal router
accesses the network, the attacker can set the router to C-BSR and make it
succeed in competition and control the authority of advertising RP
information in the network. The router, after being configured as C-BSR,
will automatically advertise BSR information to the whole network. BSR
packet is the multicast packet which is forwarded hop by hop with TTL of 1.
The whole network will not be affected if the neighbor router does not
receive the BSR information. The solution is to configure bsr-policy on each
router in the whole network to restrict the range for legal BSR. For example,
if only 1.1.1.1/32 and 1.1.1.2/32 are permitted as BSR, the router will not
receive and forward other BSR information and legal BSR will not compete
with it.
PIM Configuration Commands 709

The above two points can partially protect the security of BSR in the network.
However, if a legal BSR router is controlled by an attacker, it will lead to the above
problem.

The source parameter in the related rule command is translated as BSR address in
bsr-policy command.

For the related commands, see acl and rule.

Example

Configure BSR filter policy on a router. Only permit 1.1.1.1/32 to act as BSR and
regard others are invalid.

<3Com-pim] bsr-policy 1
<3Com-pim] quit
<3Com] acl number 1
<3Com-acl-basic-1] rule 0 permit source 1.1.1.1 0

c-bsr Syntax
c-bsr interface-type interface-number hash-mask-len [ priority ]

undo c-bsr

View
PIM view

Parameter
interface-type interface-number: Interface type and interface number of a router.
A candidate BSR is configured on this interface. PIM-SM must be enabled on this
interface, the configuration can take effect.

hash-mask-len: Mask length. The mask performs “And” operation with multicast
address at first and then performs the operation of searching for RP. The value
ranges from 0 to 32.

priority: Priority of the candidate BSR. The larger the value is, the higher the
priority of candidate BSR is. The value ranges from 0 to 255. By default, the
priority is 0.

Description
Using the c-bsr command, you can configure a candidate BSR. Using the undo
c-bsr command, you can remove the candidate BSR configuration.

By default, no candidate BSR is set.

Since BSR and other devices in PIM domain need to exchange a great deal of
information during candidate BSR configuration, a relatively large bandwidth must
be guaranteed.

For the related command, see pim sm.


710 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

Example
Configure the IP address of the router on Ethernet1/0/0 as a candidate BSR with
the priority 2.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] c-bsr ethernet1/0/0 30 2

c-rp Syntax
c-rp interface-type interface-number [ group-policy acl-number ] [ priority
priority-value ]

undo c-rp interface-type interface-number

View
PIM view

Parameter
interface-type interface-number: Specified interface with the IP address
advertised as a candidate RP address.

acl-number: Number of basic ACL that defines a group range, which is the service
range of the advertised RP. The value ranges from 1 to 99.

priority-value: Priority of a candidate RP. The larger the value is, the lower the
priority is. The value ranges from 0 to 255. By default, the value is 0.

Description
Using the c-rp command, you can configure the router to advertise itself as a
candidate RP to BSR. Using the undo c-rp command, you can remove the
configuration.

By default, no candidate RP is configured.

When configuring a candidate RP a relatively large bandwidth should be reserved


for the router and other devices in PIM domain.

For the related command, see c-bsr.

Example
Configure the interface Ethernet1/0/0 as the candidate RP for all groups.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] c-rp ethernet 1/0/0

crp-policy Syntax
crp-policy acl-number

undo crp-policy
PIM Configuration Commands 711

View
PIM view

Parameter
acl-number: ACL number used by C-RP filter policy, ranging from 100 to 199.

Description
Using the crp-policy command, you can restrict the range for valid C-RP, and the
group range served by each C-RP so as to prevent C-RP cheating. Using the undo
crp-policy command, you can restore the normal state without any range
restriction and regard all the messages received as valid.

In PIM SM network which uses BSR mechanism, any router can set itself as a C-RP
serving the specific group range. If it is elected in RP election, it will become an RP
serving in the group range.

In BSR mechanism C-RP router unicasts C-RP information to BSR router which is
responsible for advertising all C-RP information to the whole network by using BRP
information.

To prevent C-RP cheating, crp-policy needs to be configured on a BSR router to


restrict the range for valid C-RP and the group address range it serves. Each C-BSR
may become a BSR, so the same filter policy should be configured on each C-BSR.

This command uses the ACL numbered from 100 to 199. The parameter source in
the related rule command indicates C-RP address, and the destination indicates
the group range the C-RP serves. Upon matching the received C-RP message, only
when the C-RP address in the packet matches source address and the group
address range is the subset of that in ACL can this configuration be regarded
successful.

For the related commands, see acl and rule.

Example
Configure C-RP policy on C-BSR router. Only permit 1.1.1.1/32 to act as C-RP
which only serves the group range 225.1.0.0/16.
<3Com-pim] crp-policy 100
<3Com-pim] quit
<3Com] acl number 100
<3Com-acl-adv-100] rule 0 permit ip source 1.1.1.1 0 destination 225.1.0.0 0.0.255.255

debugging pim common Syntax


debugging pim common { all | event | packet | timer }

undo debugging pim common { all | event | packet | timer }

View
User view

Parameter
all: All the common debugging information of PIM.
712 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

event: Debugging information of common PIM event.

packet: Debugging information of PIM Hello message.

timer: Debugging information of common PIM timer.

Description
Using the debugging pim common command, you can enable common PIM
debugging functions. Using the undo debugging pim common command, you
can disable the debugging functions.

By default, common PIM debugging functions are disabled.

Example
Enable all common PIM debugging functions.
<3Com> debugging pim common all

debugging pim dm Syntax


debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all | assert | graft |
graft-ack | join | prune } }

undo debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all | assert |
graft | graft-ack | join | prune } }

View
User view

Parameter
all: All the debugging information of PIM-DM.

alert: Debugging information of PIM-DM interoperation event.

mrt: Debugging information of PIM-DM multicast routing table.

timer: Debugging information of PIM-DM timer.

warning: Debugging information of PIM-DM warning message.

recv: Debugging information of PIM-DM receiving packets.

send: Debugging information of PIM-DM sending packets.

all: All packet types.

assert: Packet type, assert packet.

graft: Packet type, graft packet.

graft-ack: Packet type, graft acknowledgment packet.

join: Packet type, join packet.

prune: Packet type, prune packet.


PIM Configuration Commands 713

Description
Using the debugging pim dm command, you can enable PIM-DM debugging
functions. Using the undo debugging pim dm command, you can disable the
debugging functions.

By default, PIM-DM debugging functions are disabled.

Example
Enable all PIM-DM debugging functions
<3Com> debugging pim dm all

debugging pim sm Syntax


debugging pim sm { all | mbr | mrt | timer | msdp | verbose | warning | { recv | send } {
assert | bootstrap | crpadv | jp | reg | regstop } }

undo debugging pim sm { all | mbr | mrt | msdp | timer | verbose | warning | { recv | send
} { assert | bootstrap | crpadv | jp | reg | regstop } }

View
User view

Parameter
mbr: Debugging information of PIM-SM multicast boundary router event.

mrt: Debugging information of PIM-SM multicast routing table.

msdp: Functions between PIM-SM and MSDP.

timer: Debugging information of PIM-SM timer.

warning: Debugging information of PIM-SM warning message.

recv: Debugging information of PIM-SM receiving packets.

send: Debugging information of PIM-SM sending packets.

assert | bootstrap | crpadv | jp | reg | regstop: Packet type.

Description
Using the debugging pim sm command, you can enable PIM-SM debugging
functions. Using the undo debugging pim sm command, you can disable the
debugging functions.

By default, PIM-SM debugging functions are disabled.

The command debugging pim sm register-proxy, is only suitable for the


distributed router. This command can enable the debugging when an interface
board acts as a proxy of a main control board, to send register packets.

Example
Enable all PIM-SM debugging functions
<3Com> debugging pim sm all
714 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

display pim bsr-info Syntax


display pim bsr-info

View
Any view

Parameter
None

Description
Using the display pim bsr-info command, you can view Bootstrap Router (BSR)
information.

For the related commands, see c-bsr and c-rp.

Example
Execute this command on a router running PIM-SM and display the current BSR
information.
<3Com> display pim bsr-info
Current BSR Address: 20.20.20.30
Priority: 0
Mask Length: 30
Expires: 00:01:55
Local host is BSR

display pim interface Syntax


display pim interface [ interface-type interface-number ]

View
Any view

Parameter
interface-type interface-number: Interface type and interface number.

Description
Using the display pim interface command, you can view the PIM interface
information.

Example
Display the PIM information about the interface Ethernet1/0/0.
<3Com> display pim interface ethernet 1/0/0
PIM information of interface Ethernet1/0/0:
IP address of the interface is 10.10.1.20
PIM is enabled on interface
PIM version is 2
PIM mode is Sparse
PIM query interval is 30 seconds
Total 1 PIM neighbor on interface
PIM Configuration Commands 715

PIM DR(designated router) is 10.10.1.20


Table 2 Description of output information of display pim interface command

Item Description
PIM is enabled on interface PIM SM is enabled on the interface Ethernet1/0/0.
PIM query interval is 30 seconds The sending interval of Hello message is 30 seconds.
PIM DR (designated router) is IP address of DR is 10.10.1.20.
10.10.1.20

display pim neighbor Syntax


display pim neighbor [ interface interface-type interface-number ]

View
Any view

Parameter
interface-type interface-number: Interface type and interface number.

Description
Using the display pim neighbor command, you can view the PIM neighbor
information.

Example
Display the PIM neighbor information of the interface Ethernet1/0/0 on the router.
<3Com> display pim neighbor ethernet 1/0/0
Neighbor's Address Interface Name Uptime Expires
10.10.1.10 Ethernet1/0/0 00:41:59 00:01:16

display pim Syntax


routing-table display pim routing-table [ *g [ group-address [ mask { mask-length | mask } ] ] [
incoming-interface { interface-name | null } ] [ dense-mode | sparse-mode ]

display pim routing-table [ **rp [ rp-address [ mask { mask-length | mask } ] ] [


incoming-interface { interface-name | null } ] [ dense-mode | sparse-mode]

display pim routing-table [ source-address [ mask { mask-length | mask } ] [


group-address [ mask { mask-length | mask } ] ] [ incoming-interface { interface-name |
null } ] [ dense-mode | sparse-mode ]

View
Any view

Parameter
**rp: (*, *, RP) route entry.

*g: (*, G) route entry.

group-address: Address of the multicast group.

source-address: IP address of the multicast source.

incoming-address: Route entry of the specified incoming interface.


716 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

Description
Using the display pim routing-table command, you can view the contents of
the PIM multicast routing table.

For the related command, see display multicast routing-table.

Example
Display the contents of the PIM multicast routing table on the router.
<3Com> display pim routing-table
PIM-SM Routing Table
Total 0 (S,G) entry, 2 (*,G) entries, 0 (*,*,RP) entry
(*, 224.0.1.40), RP 20.20.20.30
Protocol 0x20: PIMSM, Flag 0x2003: RPT WC NULL_IIF
UpTime: 00:17:25, never timeout
Upstream interface: Null, RPF neighbor: 0.0.0.0
Downstream interface list:
Ethernet0/0/0, Protocol 0x1: IGMP, never timeout
(*, 225.1.1.1), RP 20.20.20.30
Protocol 0x20: PIMSM, Flag 0x2003: RPT WC NULL_IIF
UpTime: 00:08:45, never timeout
Upstream interface: Null, RPF neighbor: 0.0.0.0
Downstream interface list:
Ethernet0/0/0, Protocol 0x1: IGMP, never timeout
Matched 0 (S,G) entry, 2 (*,G) entries, 0 (*,*,RP) entry

display pim rp-info Syntax


display pim rp-info [ group-address ]

View
Any view

Parameter
group-address: Group address.

Description
Using the display pim rp-info command, you can view the corresponding RP
information of a multicast group; BSR and static RP information.

If no group address is specified in this command, the corresponding RP


information of all groups will be displayed.

Example
Display the currently corresponding RP of 224.0.0.0.
<3Com> display pim rp-info 224.0.0.0
PIM-SM RP-SET information:
BSR is: 20.20.20.20
Group/MaskLen: 224.0.0.0/4
RP 20.20.20.20
Version: 2
Priority: 0
Uptime: 00:00:05
Expires: 00:02:25
PIM Configuration Commands 717

pim Syntax
pim

undo pim

View
System view

Parameter
None

Description
Using the pim command, you can enter PIM view. Using the undo pim
command, you can clear the configuration in PIM view.

The global parameter which is related with the PIM must be configured in PIM
view.

Example
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim]

pim bsr-boundary Syntax


pim bsr-boundary

undo pim bsr-boundary

View
Interface view

Parameter
None

Description
Using the pim bsr-boundary command, you can configure an interface to
become the PIM domain boundary. Using the undo pim bsr-boundary
command, you can remove the boundary.

By default, no domain boundary is set.

After this command is configured on an interface, Bootstrap messages cannot


pass the boundary, whereas other PIM packets can. This command can effectively
divide the network into domains which use different BSRs.

For the related command, see c-bsr.

Example
Configure a domain boundary on the interface Pos1/0/0.
<3Com-Pos1/0/0] pim bsr-boundary
718 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

pim dm Syntax
pim dm

undo pim dm

View
Interface view

Parameter
None

Description
Using the pim dm command, you can enable PIM-DM. Using the undo pim dm
command, you can disable PIM-DM.

By default, PIM-DM is disabled.

Once PIM-DM is enabled on an interface PIM-SM cannot be enabled on the same


interface and vice versa.

Example
Enable PIM-DM on the interface Ethernet1/0/0.
<3Com] multicast routing-enable
<3Com] interface ethernet1/0/0
<3Com-Ethernet1/0/0] pim dm

pim neighbor-limit Syntax


pim neighbor-limit limit

undo pim neighbor-limit

View
Interface view

Parameter
limit: Upper limit of PIM neighbor number on an interface, ranging from 0 to 128.

Description
Using the pim neighbor-limit command, you can limit PIM neighbor number on
a router interface. If the number exceeds the limit configured, no new neighbor
can be added to the router. Using the undo pim neighbor-limit command, you
can restore the default configuration.

By default, the upper limit of PIM neighbor number on an interface is 128.

If the PIM neighbor number on an interface has exceeded the value configured
during configuration, the previous PIM neighbor will not be deleted.

Example
Limit the upper limit of PIM neighbor number on the interface Ethernet1/0/0/ to
50.
PIM Configuration Commands 719

<3Com-Ethernet1/0/0] pim neighbor-limit 50

pim neighbor-policy Syntax


pim neighbor-policy acl-number

undo pim neighbor-policy

View
Interface view

Parameter
acl-number: Number of basic ACL. The value ranges from 1 to 99.

Description
Using the pim neighbor-policy command, you can configure a router to filter the
PIM neighbor of the current interface. Using the undo pim neighbor-policy
command, you can cancel the filtering.

Only the router, which is permitted by ACL, can act as PIM neighbor of the current
interface, while other routers cannot.

If this command is configured repeatedly the new configuration will overwrite the
previous one.

Example
Configure 10.10.1.2 rather than 10.10.1.1 as the PIM neighbor of Ethernet1/0/0.
<3Com-Ethernet1/0/0] pim neighbor-policy 1
<3Com-Ethernet1/0/0] quit
<3Com] acl number 1
<3Com-acl-basic-1] rule permit source 10.10.1.2 0
<3Com-acl-basic-1] rule deny source 10.10.1.1 0

pim sm Syntax
pim sm

undo pim sm

View
Interface view

Parameter
None

Description
Using the pim sm command, you can enable PIM-SM protocol on an interface.
Using the undo pim sm command, you can disable PIM-SM protocol.

By default, PIM-SM is disabled.

Once PIM-SM is enabled on an interface, PIM-DM cannot be enabled on the same


interface and vice versa.
720 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

Example
Enable PIM-SM on the interface Ethernet1/0/0.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] interface ethernet 1/0/0
<3Com-Ethernet1/0/0] pim sm

pim timer hello Syntax


pim timer hello seconds

undo pim timer hello

View
Interface view

Parameter
seconds: Interval of sending Hello message in second, ranging from 1 to 18000.
By default, the value is 30 seconds.

Description
Using the pim timer hello command, you can configure the interval of sending a
PIM router Hello message. Using the undo pim timer hello command, you can
restore the default value.

Example
Configure the interval of sending Hello message on the interface Ethernet1/0/0 on
the PIM router to 40 seconds.
<3Com-Ethernet1/0/0] pim sm
<3Com-Ethernet1/0/0] pim timer hello 40

register-policy Syntax
register-policy acl-number

undo register-policy

View
PIM view

Parameter
acl-number: Number of advanced IP ACL, defining the rule of filtering the source
and group addresses. The value ranges from 100 to 199.

Description
Using the register-policy command, you can configure a RP to filter the register
packet sent by the DR in the PIM-SM network, and to accept a specific packet
only. Using the undo register-policy command, you can remove the configured
packet filtering.
PIM Configuration Commands 721

Example
If the local device is the RP in the network, using the following command can only
accept the multicast data register packets sent by the source on the network
segment 10.10.0.0/16 to the multicast address in the range of 225.1.0.0/16.
<3Com> system-view
<3Com] acl number 110
<3Com-acl-adv-110] rule permit ip source 10.10.0.0 255.255.0.0 destination 225.1.0.0
255.255.0.0
<3Com-acl-adv-110] quit
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] register-policy 110

reset pim neighbor Syntax


reset pim neighbor { all | { neighbor-address | interface interface-type interface-number
}*}

View
User view

Parameter
all: All PIM neighbors.

neighbor-address: Specifies neighbor address.

interface: Specifies the interface.

interface-type interface-number: Interface type and interface number.

Description

Using the reset pim neighbor command, you can clear PIM neighbor.

For the related command, see display pim neighbor.

Example
Clear the PIM neighbor of the interface addressed with 25.5.4.3.
<3Com> reset pim neighbor 25.5.4.3

reset pim routing-table Syntax


reset pim routing-table all

reset pim routing-table { group-address [ mask group-mask | group-mask-length ] [


source-address [ mask source-mask | source-mask-length ] [ incoming-interface {
interface-type interface-number | null } ] } *

View
User view

Parameter
all: All PIM route entries.
722 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

group-address: Multicast group address.

mask group-mask: Address mask of multicast group.

group-mask-length: Address mask length of multicast group.

source-address: Multicast source address.

mask source-mask: Address mask of multicast source.

source-mask-length: Address mask length of multicast source.

null: Route entry with null incoming interface.

incoming-interface: Incoming interface of the route entry in PIM routing table.

interface-type interface-number: Interface type and interface number.

Description
Using the reset pim routing-table command, you can clear PIM route entry.

The sequence of the group-address and source-address can be reversed, but the
input group-address and source-address must be valid. Otherwise, the system will
prompt input error.

If group-address is configured to 244.0.0.0/24 and source-address to RP address


(in which, group address may have a mask but the calculation result of the two
must be 224.0.0.0, while source address has no mask), it indicates only (*, *, RP)
entry is deleted.

If group-address is configured to a group address and source-address of 0 (in


which, group address may have a mask while source address has no mask), it
indicates only (*, G) entry is deleted.

After this command is executed, not only the multicast route entry is deleted from
PIM, but also the corresponding route entry or forwarding entry in the multicast
kernel routing table and the MFC.

For the related commands, see reset multicast routing-table, reset multicast
forwarding-table, and display pim routing-table.

Example
Clear the route entry with group address of 225.5.4.3 in PIM routing table.
<3Com> reset pim routing-table 225.5.4.3

source-policy Syntax
source-policy acl-number

undo source-policy

View
PIM view
PIM Configuration Commands 723

Parameter
acl-number: Number of basic or advanced ACL. The value ranges from 1 to 199.

Description
Using the source-policy command, you can configure a router to filter the
multicast data packet received according to source (group) address. Using the
undo source-policy command, you can remove the configuration.

If source address filtering and basic ACL are configured all the multicast data
packets received will be matched with source addresses. The packet that does not
pass the matching will be discarded.

If source address filtering and advanced ACL are configured, all the multicast data
packets received will be matched with source and group addresses. The packet
that does not pass the matching will be discarded.

This command filters not only multicast data, but also the multicast data
encapsulated in a register packet.

If this command is executed repeatedly, the new configuration will overwrite the
previous one.

Example
Configure to accept the multicast data packets with source address of 10.10.1.2
and discard the multicast data packets with source address of 10.10.1.1.
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] source-policy 1
<3Com-pim] quit
<3Com] acl number 1
<3Com-acl-basic-1] rule permit source 10.10.1.2 0
<3Com-acl-basic-1] rule deny source 10.10.1.1 0

spt-switch-threshold Syntax
spt-switch-threshold { traffic-rate | infinity } [ group-policy acl-number ]

undo spt-switch-threshold { traffic-rate | infinity } [ group-policy acl-number ]

View
PIM view

Parameter
traffic-rate: Switch rate threshold from the RPT to the SPT in Kbps, ranging from 0
to 65535. By default, the switch threshold value is 0, i.e., switching starts when
the RPT receives the first data packet.

infinity: Indicates never to switch to SPT.

acl-number: Number of basic IP ACL, defining the range of a multicast group. The
value ranges from 1 to 99.
724 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

Description
Using the spt-switch-threshold command, you can set the packet rate threshold
when the PIM leaf router switches from the RPT to the SPT. Using the undo
spt-switch-threshold command, you can restore the default setting.

Example
Set the threshold value to 4Kbps. If the transmission rate from the source to the
multicast group is higher than it, the router will switch to the SPT toward the
source.
<3Com> system-view
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] spt-switch-threshold 4

static-rp Syntax
static-rp rp-address [ acl-number ]

undo static-rp

View
PIM view

Parameter
rp-address: Static RP address. This address must be valid unicast IP address and
cannot be configured as the address in 127 network segment.

acl-number: Number of basic ACL, used in controlling the multicast group range
that static RP serves. The value ranges from 1 to 99.

Description
Using the static-rp command, you can configure static RP. Using the undo
static-rp command, you can remove the configuration.

RP is the kernel router in multicast routing. If the dynamic RP elected through BSR
mechanism is invalid for some reason, static RP can be configured as a backup of
the dynamic RP to improve the robustness of the network and operation
management capability of the multicast network.

All routers in the PIM domain should be configured with this command, and be
configured with the same RP address. If the configured static RP address is the
address of an UP interface on the local device, the local device will act as static RP.
PIM is not necessarily enabled on the interface which acts as static RP.

If this command is configured, but ACL is not specified, the static RP configured
will serve all the multicast groups. If ACL is specified, the static RP configured will
only serve the multicast group permitted by the ACL.

In the case that the RP elected through BSR mechanism is valid, static RP does not
take effect.

If this command is executed repeatedly, the new configuration will overwrite the
previous one.
MSDP Configuration Commands 725

For the related command, see display pim rp-info.

Example
Configure 10.110.0.6 as a static RP.
<3Com] multicast routing-enable
<3Com] pim
<3Com-pim] static-rp 10.110.0.6

MSDP Configuration
Commands

cache-sa-enable Syntax
cache-sa-enable

undo cache-sa-enable

View
MSDP view

Parameter
None

Description
Using the cache-sa-enable command, you can enable the router to cache SA
state. Using the undo cache-sa-enable command, you can remove the cache
from the router.

By default, the router caches the SA state, i.e., (S, G) entry after it receives SA
messages.

If the router is in cache state, it will not send SA request message to the specified
MSDP peer when it receives a new group join message.

Example
Configure the router to cache all the SA states.
<3Com> system-view
<3Com] msdp
<3Com-msdp] cache-sa-enable

debugging msdp Syntax


debugging msdp { all | connect | event | packet | source-active }

undo debugging msdp { all | connect | event | packet | source-active }

View
User view

Parameter
all: All the debugging information of MSDP.
726 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

connect: Debugging information of MSDP peer connection reset.

event: Debugging information of MSDP event.

packet: Debugging information of MSDP packet.

source-active: Debugging information of active MSDP source.

Description
Using the debugging msdp command, you can enable MSDP debugging
functions. Using the undo debugging msdp command, you can disable MSDP
debugging functions.

By default, MSDP debugging functions are disabled.

Example
Enable all common MSDP debugging functions.
<3Com> debugging msdp all

display msdp brief Syntax


display msdp brief

View
Any view

Parameter
None

Description
Using the display msdp brief command, you can view the state of MSDP peer.

Example
Display the state of MSDP peer.
<3Com> display msdp brief
MSDP Peer Brief Information
Peer's Address State Up/Down time AS SA Count Reset Count
20.20.20.20 Up 00:00:13 100 0 0

display msdp peer-status Syntax


display msdp peer-status [ peer-address ]

View
Any view

Parameter
peer-address: Address of MSDP peer.

Description
Using the display msdp peer-status command, you can view the detailed
information of MSDP peer.
MSDP Configuration Commands 727

For the related command, see peer.

Example
Display the detailed information of the MSDP peer 10.110.11.11.
<3Com> display msdp peer-status 10.110.11.11
MSDP Peer 20.20.20.20, AS 100
Description:
Information about connection status:
State: Up
Up/down time: 14:41:08
Resets: 0
Connection interface: LoopBack0 (20.20.20.30)
Number of sent/received messages: 867/947
Number of discarded output messages: 0
Elapsed time since last connection or counters clear: 14:42:40
Information about (Source, Group)-based SA filtering policy:
Import policy: none
Export policy: none
Information about SA-Requests:
Policy to accept SA-Request messages: none
Sending SA-Requests status: disable
Minimum TTL to forward SA with encapsulated data: 0
SAs learned from this peer: 0, SA-cache maximum for the peer: none
Input queue size: 0, Output queue size: 0
Counters for MSDP message:
Count of RPF check failure: 0
Incoming/outgoing SA messages: 0/0
Incoming/outgoing SA requests: 0/0
Incoming/outgoing SA responses: 0/0
Incoming/outgoing data packets: 0/0

display msdp sa-cache Syntax


display msdp sa-cache [ group-address ] [ source-address ] [
autonomous-system-number ]

View
Any view

Parameter
group-address: Group address of (S, G) entry.

source-address: Source address of (S, G) entry. With no source address specified,


all the source information of the specified group will be displayed.

If neither group address nor source address is determined, all SA caches will be
displayed.

autonomous-system-number: Displays (S, G) entries from specified autonomous


system.

Description
Using the display msdp sa-cache command, you can view (S, G) state learnt
from MSDP peer.
728 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

Only cache-sa-enable command is configured, can cache state be displayed.

Example
<3Com> display msdp sa-cache
MSDP Total Source-Active Cache - 5 entries
(Source, Group) Origin RP Pro AS Uptime Expires
(10.10.1.2, 225.1.1.1) 10.10.10.10 BGP 100 00:00:10 00:05:50
(10.10.1.3, 225.1.1.1) 10.10.10.10 BGP 100 00:00:11 00:05:49
(10.10.1.2, 225.1.1.2) 10.10.10.10 BGP 100 00:00:11 00:05:49
(10.10.2.1, 225.1.1.2) 10.10.10.10 BGP 100 00:00:11 00:05:49
(10.10.1.2, 225.1.2.2) 10.10.10.10 BGP 100 00:00:11 00:05:49
MSDP matched 5 entries

display msdp sa-count Syntax


display msdp sa-count [ autonomous-system-number ]

View
Any view

Parameter
autonomous-system-number: Number of sources and groups from the specified
autonomous system.

Description
Using the display msdp sa-count command, you can view the number of
sources and groups in MSDP cache.

The cache-sa-enable command must be configured before the configuration of


this command.

Example
<3Com> display msdp sa-count
Number of cached Source-Active entries, counted by Peer
Peer's Address Number of SA
10.10.10.10 5
Number of source and group, counted by AS
AS Number of source Number of group
? 3 3
Total Source-Active entries: 5

import-source Syntax
import-source [ acl acl-number ]

undo import-source

View
MSDP view

Parameter
acl-number: Number of basic or advanced IP ACL, ranging from 1 to 199,
controlling which sources SA messages will advertise and to which groups it will
be sent in the domain. Basic ACL performs filtering to source and advanced ACL
MSDP Configuration Commands 729

performs filtering to source/group. If no ACL is specified, no multicast source will


be advertised.

Description
Using the import-source command, you can configure which (S, G) entries in the
domain need to be advertised when a MSDP originates a SA message. Using the
undo import-source command, you can remove the configuration.

By default, all the (S, G) entries in the domain are advertised by the SA message.

Besides controlling the SA messages creation, you can filter the forwarded SA
messages by the commands peer sa-policy import and peer sa-policy export.

Example
Configure which (S, G) entries from the multicast routing table will be advertised
in SA messages originated by the MSDP peer.
<3Com> system-view
<3Com] acl number 101
<3Com-acl-adv-101] rule permit ip source 10.10.0.0 0.0.255.255 destination 225.1.0.0
0.0.255.255
<3Com-acl-adv-101] quit
<3Com] msdp
<3Com-msdp] import-source acl 101

msdp Syntax
msdp

undo msdp

View
System view

Parameter
None

Description
Using the msdp command, you can enable MSDP and enter the MSDP view. Using
the undo msdp command, you can clear all configurations of MSDP, release all
resources that MSDP occupies, and restore the initial state.

For the related command, see peer.

Example
Clear all configurations of MSDP.
<3Com> system-view
<3Com] undo msdp

msdp-tracert Syntax
msdp-tracert source-address group-address rp-address [ max-hops max-hops ] [
next-hop-info ] [ sa-info ] [ peer-info ] [ skip-hops skip-hops ]
730 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

View
Any view

Parameter
source-address: Multicast address address.

group-address: Multicast group address.

rp-address: IP address of RP.

max-hops: The maximum number of hops that are traced, ranging from 1 to 255.
By default, the value is 16.

next-hop-info: Flag bit for collecting the next hop information.

sa-info: Flag bit for collecting SA entity information.

peer-info: Flag bit for collecting MSDP peer information.

skip-hops: Number of hops that are skipped before collecting detailed


information, ranging from 0 to 255. By default, the value is 0.

Description
Using the msdp-tracert command, you can trace the transmission path of SA
messages in the network, which helps to locate the faults, such as information loss
and configuration error. After the transmission path of the SA messages is
determined, the correct configuration can avoid the overflow of SA messages.

Example
Trace (10.10.1.1, 225.2.2.2, 20.20.20.20) path information.
<3Com> msdp-tracert 10.10.1.1 225.2.2.2 20.20.20.20

Specify the maximum number of hops that are traced and collect detailed
information of SA and MSDP peer.

<3Com> msdp-tracert 10.10.1.1 225.2.2.2 20.20.20.20 max-hops 10 sa-info peer-info


MSDP tracert: press CTRL_C to break
D-bit: set if have this (S,G) in cache but with a different RP
RP-bit: set if this router is an RP
NC-bit: set if this router is not caching SA's
C-bit: set if this (S,G,RP) tuple is in the cache
MSDP Traceroute path information:
Router Address: 20.20.1.1
Fixed-length response info:
Peer Uptime: 10 minutes, Cache Entry Uptime: 30 minutes
D-bit: 0, RP-bit: 1, NC-bit: 0, C-bit: 1
Return Code: Reached-max-hops
Next Hop info:
Next-Hop Router Address: 0.0.0.0
SA info:
Count of SA messages received for this (S,G,RP): 0
Count of encapsulated data packets received for this (S,G,RP):0
SA cache entry uptime: 00:30:00 , SA cache entry expiry time: 00:03:32
Peering info:
MSDP Configuration Commands 731

Peering Uptime: 10 minutes, Count of Peering Resets: 3


Table 3 Description of msdp-tracert Command Domain

Item Description
Router Address Address where the local router creates Peering session with
Peer-RPF neighbor.
Peer Uptime Time for which the local router performs Peering session with
Peer-RPF neighbor in minute, with the maximum value of 255.
Cache Entry Uptime Present time of (S, G, RP) entry in SA cache of the local router, in
minute, with the maximum value of 255.
D-bit: 1 (S, G, RP) entry existing in SA cache of the local router.
But the RP is different RP-bit: 1
from the RP specified
in the request
message.
The local router is an NC-bit: 0
RP, but it is not
necessarily the source
RP in (S, G, RP) entry.
The local router C-bit: 1
enables SA cache.
(S, G, RP) entry exists in Return Code: Reached-max-hops
SA cache of the local
router.
Return reason is the Hit-src-RP: The local hop router is the source RP in (S, G, RP) entry.
reached maximum
hops and other
possible value includes:
Next-Hop Router If the parameter next-hop-info is used, Peer-RPF neighbor address
Address: 0.0.0.0 will be displayed.
Count of SA messages Number of SA messages received for tracing this (S, G, RP) entry.
received for this
(S,G,RP)
Count of encapsulated Number of encapsulated data packets received for tracing this (S,
data packets received G, RP) entry.
for this (S,G,RP)
SA cache entry uptime Present time of SA cache entry.
SA cache entry expiry Expiry time of SA cache entry.
time
Peering Uptime: 10 Time for which the local router performs Peering session with
minutes Peer-RPF neighbor.
Count of Peering Number of Peering session resets.
Resets

originating-rp Syntax
originating-rp interface-type interface-number

undo originating-rp

View
MSDP view

Parameter
interface-type: Interface type.
732 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

interface-number: Interface number.

Description
Using the originating-rp command, you can allow a MSDP to use the IP address
of a specified interface as the RP address in the SA message that was originated.
Using the undo originating-rp command, you can remove the configuration.

By default, the RP address in the SA message is the RP address configured by PIM.

Configure logical RP by using this command.

Example
Configure IP address of the interface Ethernet1/0/0 as the RP address in the SA
message originated.
<3Com> system-view
<3Com] msdp
<3Com-msdp] originating-rp ethernet 1/0/0

peer Syntax
peer peer-address connect-interface interface-type interface-number

undo peer peer-address

View
MSDP view

Parameter
peer-address: Address of MSDP peer.

connect-interface interface-type interface-number: Interface type and number


whose primary address is used by the local router as the source IP address to
establish TCP connection with remote MSDP peers.

Description
Using the peer command, you can configure an MSDP peer. Using the undo peer
command, you can remove the MSDP peer configured.

If the local router is also in BGP peer relation with a MSDP peer, the MSDP peer
and the BGP peer should use the same IP address.

For the related command, see static-rpf-peer.

Example
Configure the router using IP address 125.10.7.6 as an MSDP peer of the local
router.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 connect-interface ethernet 0/1/0

peer description Syntax


peer peer-address description text
MSDP Configuration Commands 733

undo peer peer-address description

View
MSDP view

Parameter
peer-address: Address of MSDP peer.

text: Descriptive text, being case sensitive. The maximum length is 80 characters.

Description
Using the peer description command, you can configure descriptive text to
MSDP peer. Using the undo peer description command, you can remove the
descriptive text configured.

By default, an MSDP peer has no descriptive text.

Administrator can conveniently differentiate MSDP peers by configuring


descriptive text.

For the related command, see display msdp peer-status.

Example
Add descriptive text CstmrA to router 125.10.7.6 to specify that the router is
Client A.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 description router CstmrA

peer mesh-group Syntax


peer peer-address mesh-group name

undo peer peer-address mesh-group name

View
MSDP view

Parameter
name: Name of an Mesh Group, being case sensitive. The maximum length is 32
characters.

peer-address: Address of an MSDP peer to be a member of the Mesh Group.

Description
Using the peer mesh-group command, you can configure an MSDP peer to join a
Mesh Group. Using the undo peer mesh-group command, you can remove the
configuration.

By default, an MSDP peer is not a member of any Mesh Group.


734 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

Example
Configure the MSDP peer with address 125.10.7.6 to be a member of the Mesh
Group Grp1.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 mesh-group Grp1

peer minimum-ttl Syntax


peer peer-address minimum-ttl ttl

undo peer peer-address minimum-ttl

View
MSDP view

Parameter
peer-address: Address of the MSDP peer to which the TTL limitation applies.

ttl: TTL threshold, ranging from 0 to 255.

Description
Using the peer minimum-ttl command, you can configure the minimum TTL
(Time-to-Live) value of the multicast data packets encapsulated in SA messages to
be sent to specified MSDP peer. Using the undo peer minimum-ttl command,
you can restore the default TTL threshold.

By default, the value of TTL threshold is 0.

For the related command, see peer.

Example
Configure the TTL threshold value to 10, i.e., only those multicast data packets
with a TTL value greater than or equal to 10 can be forwarded to the MSDP peer
110.10.10.1.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 110.10.10.1 minimum-ttl 10

peer request-sa-enable Syntax


peer peer-address request-sa-enable

undo peer peer-address request-sa-enable

View
MSDP view

Parameter
peer-address: Address of MSDP peer.
MSDP Configuration Commands 735

Description
Using the peer request-sa-enable command, you can enable the router to send
a SA request message to the specified MSDP peer when receiving a new group
join message. Using the undo peer request-sa-enable command, you can
remove the configuration.

By default, when receiving a new group join message, the router sends no SA
request messages to MSDP peers but waits to receive the next SA message.

For the related command, see cache-sa-enable.

Example
Configure to send SA request message to the MSDP peer 125.10.7.6.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 request-sa-enable

peer sa-cache-maximum Syntax


peer peer-address sa-cache-maximum sa-limit

undo peer peer-address sa-cache-maximum

View
MSDP view

Parameter
peer-address: Address of MSDP peer.

sa-limit: Maximum value that the SA cache allows, ranging from 1 to 2048.

Description
Using the peer sa-cache-maximum command, you can limit the number of
caches originated when the router receives SA messages from an MSDP peer.
Using the undo peer sa-cache-maximum command, you can restore the default
configuration.

By default, the maximum number of SA caches is 2048.

This configuration is recommended for all MSDP peers in the networks possibly
attacked by DoS.

For the related commands, see display msdp, sa-count, display msdp
peer-status and display msdp brief.

Example
Limit the number of caches originated to 100 when the router receives SA
messages from the MSDP peer 125.10.7.6.
<3Com> system-view
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 sa-cache-maximum 100
736 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

peer sa-policy Syntax


peer peer-address sa-policy { import | export } [ acl acl-number ]

undo peer peer-address sa-policy { import | export }

View
MSDP view

Parameter
import: Receives SA messages from the specified MSDP peer.

export: Forwards SA messages from the specified MSDP peer.

peer-address: Address of the MSDP peer whose SA messages need to be filtered.

acl acl-number: Number of advanced IP ACL, ranging from 100 to 199. If no ACL
is specified, all (S, G) entries are filtered.

Description
Using the peer sa-policy command, you can configure a filter list for SA
messages received or forwarded from the specified MSDP peer. Using the undo
peer sa-policy command, you can remove the configuration.

By default, messages received or forwarded will not be filtered. All SA messages


are received or forwarded from an MSDP peer.

For the related command, see peer.

Example
Forward only those SA messages that passed the advanced IP ACL.
<3Com> system-view
<3Com] acl number 100
<3Com-acl-adv-100] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0
0.0.255.255
<3Com-acl-adv-100] quit
<3Com] msdp
<3Com-msdp] peer 125.10.7.6 connect-interface ethernet 0/0/0
<3Com-msdp] peer 125.10.7.6 sa-policy export acl 100

peer sa-request-policy Syntax


peer peer-address sa-request-policy [ acl acl-number ]

undo peer peer-address sa-request-policy

View
MSDP view

Parameter
peer-address: Address from which the local router receives SA request messages
sent by the specified MSDP peer.
MSDP Configuration Commands 737

acl acl-number: Number of basic IP ACL, describing multicast group address,


ranging from 1 to 99. If no ACL is specified, all SA request messages will be
ignored.

Description
Using the peer sa-request-policy command, you can limit SA request messages
that the router receives from MSDP peers. Using the undo peer
sa-request-policy command, you can remove the limitation.

By default, the router receives all SA request messages from the MSDP peer.

If no ACL is specified, all SA requests will be ignored. If ACL is specified, only those
SA request messages from the groups permitted by the ACL will be processed and
all the others will be ignored.

For the related command, see peer.

Example
Configure the ACL for filtering SA request messages from the MSDP peer
175.58.6.5. The SA request messages from group address range 225.1.1.0/8 will
be received and all the others will be ignored.
<3Com> system-view
<3Com] acl number 1
<3Com-acl-basic-1] rule permit source 225.1.1.0 0.0.0.255
<3Com-acl-basic-1] quit
<3Com] msdp
<3Com-msdp] peer 175.58.6.5 sa-request-policy acl 1

reset msdp peer Syntax


reset msdp peer peer-address

View
User view

Parameter
peer-address: Address of MSDP peer.

Description
Using the reset msdp peer command, you can reset TCP connection with the
specified MSDP peer, and clear all the statistics of the specified MSDP peer.

For the related command, see peer.

Example

Clear TCP connection and statistics of the MSDP peer 125.10.7.6.

<3Com> reset msdp peer 125.10.7.6

reset msdp sa-cache Syntax


reset msdp sa-cache [ group-address ]
738 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

View
User view

Parameter
group-address: Address of the group, (S, G) entries matching which are cleared
from the SA cache. If no multicast group address is specified, all SA cache entries
will be cleared.

Description

Using the reset msdp sa-cache command, you can clear SMDP SA cache entries.

For the related commands, see cache-sa-enable and display msdp sa-cache.

Example
Clear the cache entries with group address 225.5.4.3 from the SA cache.
<3Com> reset msdp sa-cache 225.5.4.3

reset msdp statistics Syntax


reset msdp statistics [ peer-address ]

View
User view

Parameter
peer-address: Address of the MSDP peer whose statistics, resetting information
and input/output information will be cleared. If no MSDP peer address is specified,
all MSDP peers statistics will be cleared.

Description
Using the reset msdp statistics command, you can clear statistics of one or more
MSDP peers without resetting the MSDP peer.

Example
Clear the statistics of the MSDP peer 25.10.7.6.
<3Com> reset msdp statistics 125.10.7.6

shutdown Syntax
shutdown peer-address

undo shutdown peer-address

View
MSDP view

Parameter
peer-address: IP address of MSDP peer.
MSDP Configuration Commands 739

Description
Using the shutdown command, you can disable the MSDP peer specified. Using
the undo shutdown command, you can remove the configuration.

By default, no MSDP peer is disabled.

For the related command, see peer.

Example
Disable the MSDP peer 125.10.7.6.
<3Com> system-view
<3Com] msdp
<3Com-msdp] shutdown 125.10.7.6

static-rpf-peer Syntax
static-rpf-peer peer-address [ rp-policy list ]

undo static-rpf-peer peer-address

View
MSDP view

Parameter
peer-address: Address of the static RPF peer to receive SA messages.

rp-policy list: Filter policy based on RP address, which filters the RP in SA messages.
If the parameter is not specified, all SA messages from static RPF peer will be
accepted. If the parameter rp-policy list is specified and filter policy is configured,
the router will only accept SA messages from the RP which passes filtering. If no
filter policy is configured, the router will still accept all SA messages from the static
RPF peer.

Description
Using the static-rpf-peer command, you can configure static RPF peer.. Using the
undo static-rpf-peer command, you can remove the static RPF peer.

By default, no static RPF peer is configured.

You must configure the peer command before using the static-rpf-peer
command.

If you do not want to perform RPF check to SA messages from a same MSDP peer.
If only an MSDP peer is configured on a router, this MSDP peer will be regarded as
static RPF peer.

For the related commands, see peer and ip prefix-list.

Example
Configure two static RPF peers.
<3Com> system-view
<3Com] ip ip-prefix list1 permit 130.10.0.0 16
<3Com] ip ip-prefix list2 permit 130.10.0.0 16
740 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

<3Com] msdp
<3Com-msdp] peer 130.10.7.6 connect-interface ethernet 1/0/0
<3Com-msdp] peer 130.10.7.5 connect-interface ethernet 1/0/0
<3Com-msdp] static-rpf-peer 130.10.7.6 rp-policy list1
<3Com-msdp] static-rpf-peer 130.10.7.5 rp-policy list2

timer retry Syntax


timer retry seconds

undo timer retry

View
MSDP view

Parameter
seconds: Value of connection request re-try period in second, ranging from 1 to
60.

Description
Using the timer retry command, you can configure the value of connection
request re-try period. Using the undo timer retry command, you can restore the
default value.

By default, the value of connection request re-try period is 30 seconds.

For the related command, see peer.

Example
Configure the connection request re-try period to 60 seconds.
<3Com> system-view
<3Com] msdp
<3Com-msdp] timer retry 60

MBGP Multicast
Extension
Configuration
Commands

aggregate Syntax
aggregate address mask [ as-set ] [ attribute-policy route-policy-name ] [
detail-suppressed ] [ origin-policy route-policy-name ] [ suppress-policy
route-policy-name ]

undo aggregate address mask [ as-set ] [ attribute-policy route-policy-name ] [


detail-suppressed ] [ origin-policy route-policy-name ] [ suppress-policy
route-policy-name ]

View
IPv4 multicast sub-address family view
MBGP Multicast Extension Configuration Commands 741

Parameter
address: Address of the aggregated route.

mask: Network mask of the aggregated route.

as-set: Generates a route with AS_SET segment. This parameter is not


recommended to use when many AS paths are aggregated.

attribute-policy: Attributes of the aggregated route.

detail-suppressed: No detailed route but the aggregated route is advertised.

origin-policy: Filters the detailed route involved in aggregation.

suppress-policy: Detailed route determined is not advertised.

Description
Using the aggregate command, you can create a multicast aggregated record in
the BGP routing table. Using the undo aggregate command, you can remove the
aggregation.

By default, no route is aggregated.

Using the aggregate command without parameters, you can create one local
aggregated route and set atomic aggregation attributes.

Example
Create a multicast aggregated record in the BGP routing table and set the address
of aggregated route is 192.213.0.0.
<3Com-bgp-af-mul] aggregate 192.213.0.0 255.255.0.0

debugging bgp Syntax


mp-update debugging bgp mp-update

undo debugging bgp mp-update

View
User view

Parameter
updates: Debug information of MBGP update packets.

Description
Using the debugging bgp mp-update command, you can enable the MBGP
packet debugging functions. Using the undo debugging bgp mp-update
command, you can disable the functions.

Example
Enable MBGP packet information debugging function.
<3Com> debugging bgp mp-update
742 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

display bgp multicast Syntax


group display bgp multicast group [ group-name ]

View
Any view

Parameter
group-name: Name of peer group. If no peer group is specified, the information
about all peer groups will be displayed.

Description
Using the display bgp multicast group command, you can view the information
about peer groups.

Example
Display the information about the peer group named my_peer.
<3Com> display bgp multicast group my_peer

display bgp multicast Syntax


network display bgp multicast network

View
Any view

Parameter
None

Description
Using the display bgp multicast network command, you can view the routing
information that MBGP advertises.

Example
Display the network segment routing information that MBGP advertises.
<3Com> display bgp multicast network

display bgp multicast Syntax


routing-table display bgp multicast routing-table ip-address [ mask ]

View
Any view

Parameter
ip-address: MBGP routing information whose IP address is specified in the BGP
routing table.

Description
Using the display bgp multicast routing-table command, you can view the
MBGP routing information whose IP address is specified in the BGP routing table.
MBGP Multicast Extension Configuration Commands 743

Example
Display the MBGP routing information with destination network segment
14.1.0.0.
<3Com> display bgp multicast routing-table 14.1.0.0

display bgp multicast Syntax


routing-table cidr display bgp multicast routing-table cidr

View
Any view

Parameter
None

Description
Using the display bgp multicast routing-table cidr command, you can view the
routing information with non-natural network mask (i.e., classless inter-domain
routing, CIDR).

Example
Display CIDR routing information.
<3Com> display bgp multicast routing-table cidr

display bgp multicast Syntax


routing-table display bgp multicast routing-table community [ community-number |
community no-export-subconfed | no-advertise | no-export | whole-match ]

View
Any view

Parameter
community-number: Specifies community number.

no-export-subconfed: Not advertises matched routes outside the local


autonomous system.

no-advertise: Not advertises matched routes to any peer.

no-export: Not advertises routes outside the local autonomous system but
advertise routes to other sub-autonomous systems.

whole-match: Exact match.

Description
Using the display bgp multicast routing-table community command, you can
view the routing information that belongs to the specified MBGP community.

Example
Display the routing information that belongs to the specified MBGP community.
<3Com> display bgp multicast routing-table community 600:1
744 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

<3Com> display bgp multicast routing-table community no-export

display bgp multicast Syntax


routing-table display bgp multicast routing-table community-list list-number [ whole-match ]
community-list
View
Any view

Parameter
list-number: Number of community list.

whole-match: Exact match.

Description
Using the display bgp multicast routing-table community-list command, you
can view the routing information that is permitted by the MBGP community list.

Example
Display the routing information that is permitted by the MBGP community list.
<3Com> display bgp multicast routing-table community-list

display bgp multicast Syntax


routing-table display bgp multicast routing-table different-origin-as
different-origin-as
View
Any view

Parameter
None

Description
Using the display bgp multicast routing-table different-origin-as command,
you can view AS routes with different origins.

Example
Display AS routes with different origins.
<3Com> display bgp multicast routing-table different-origin-as

display bgp multicast Syntax


routing-table peer display bgp multicast routing-table peer peer-address { received | advertised }

View
Any view

Parameter
peer-address: Address of multicast neighbor, in dotted decimal notation format.

received: Routing information received from the specified neighbor.


MBGP Multicast Extension Configuration Commands 745

advertised: Routing information sent to the specified neighbor.

Description
Using the display multicast routing-table peer command, you can view the
route received from or sent to the specified multicast neighbor.

Example
Display the routing information sent to the multicast neighbor 10.10.1.11.
<3Com> display multicast routing-table peer 10.10.1.11 advertised

display bgp multicast Syntax


routing-table display bgp multicast routing-table [ regular-expression as-regular-expression ]
regular-expression
View
Any view

Parameter
as-regular-expression: AS regular expression matched.

Description
Using the display bgp multicast routing-table regular-expression command,
you can view the routing information matching the specified AS regular
expression.

Example
Display the MBGP routing information matching the regular expression ^600$.
<3Com> display bgp multicast routing-table regular-expression ^600$

display bgp multicast Syntax


routing-table statistic display bgp multicast routing-table statistic

View
Any view

Parameter
None

Description
Using the display bgp multicast routing-table statistic command, you can
view statistics of MBGP route information.

Example
Display statistics of MBGP route information.
<3Com> display bgp multicast routing-table statistic

import-route Syntax
import-route protocol [ route-policy policy-name ] [ med metric ]

undo import-route protocol


746 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

View
IPv4 multicast sub-address family view

Parameter
protocol: Source routing protocols that can be imported, which can be direct,
ospf, ospf-ase, ospf-nssa, rip, isis and static at present.

metric: Metric value loaded by an imported route.

policy-name: Route policy used by an imported route.

Description
Using the import-route command, you can import routing information from
other protocols to BGP. Using the undo import-route command, you can cancel
the import of routing information from other protocols.

By default, BGP will not import routing information from other protocols.

Example
Configure to import a static route.
<3Com-bgp-af-mul] import-route static

ipv4-family multicast Syntax


ipv4-family multicast

undo ipv4-family multicast

View
BGP view

Parameter
None

Description
Using the ipv4-family multicast command, you can enter the IPv4 multicast
sub-address family view. Using the undo ipv4-family multicast command, you
can remove all the configurations in the IPv4 multicast sub-address family view.

Example
Enter the IPv4 multicast sub-address family view.
<3Com> system-view
<3Com] bgp 100
<3Com-bgp] ipv4-family multicast
<3Com-bgp-af-mul]

network Syntax
network ip-address [ address-mask ] [ route-policy policy-name ]

undo network ip-address [ address-mask ] [ route-policy policy-name ]


MBGP Multicast Extension Configuration Commands 747

View
IPv4 multicast sub-address family view

Parameter
ip-address: Network address that BGP advertises.

address-mask: Mask of the network address.

route-policy policy-name: Route policy applied to the routes advertised.

Description
Using the network command, you can configure the network addresses to be
sent by the local BGP. Using the undo network command, you can remove the
existing configuration.

By default, the local BGP does not advertise any route.

Example
Advertise routes to the network segment 10.0.0.0/16.
<3Com-bgp-af-mul] network 10.0.0.1 255.255.0.0

peer Syntax
advertise-community peer { group-name | peer-address } advertise-community

undo peer { group-name | peer-address } advertise-community

View
IPv4 multicast sub-address family view

Parameter
group-name: Name of the peer group.

peer-address: IP address of the peer.

Description
Using the peer advertise-community command, you can advertise community
attributes to a peer (group). Using the undo peer advertise-community
command, you can remove the existing configuration.

By default, no community attribute is advertised to any peer (group).

Example
Advertise community attributes to the peer group named test.
<3Com-bgp-af-mul] peer test advertise-community

peer allow-as-loop Syntax


peer { group-name | peer-address } allow-as-loop asn_limit

undo peer ip-address allow-as-loop asn_limit


748 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

View
IPv4 multicast sub-address family view

Parameter
group-name: Peer group name

peer-address: Peer IP address

asn_limit: Acceptable maximum of local AS number in the route update


messages received.

Description
Using the peer allow-as-loop command, you can choose to contain the local AS
number in the AS-PATH attributes recieved. Using the undo peer allow-as-loop
command, you can decide not to contain the local AS number in the AS-PATH
attributes received. The routing loop should be removed in the route update
messages received in Hub&Spoke networking mode.

By default, the local AS number is unacceptable in the route update messages


received.

For the standard BGP routing loop test is based on AS numbers but in Hub&Spoke
networking mode, if EBGP runs between a PE and a CE, the local AS number is
contained in the PE's advertising routing information to the CE, then the PE will
not be able to receive the updated messages for this route.

The peer allow-as-loop command can solve this problem, for it allows the
containment of the local AS number in the route update messages received from
the CE. The acceptable maximum of the local AS number is defined via the
asn_limit parameter.

Example
Specify to contain the local AS number in the AS_PATH attributes received.
<3Com-bgp] ipv4-family multicast
<3Com-bgp-af-vpn] peer 1.1.1.1 allow-as-loop 1

peer as-path-acl Syntax


peer { group-name | peer-address } as-path-acl number { import | export }

undo peer { group-name | peer-address } as-path-acl number { import | export }

View
IPv4 multicast sub-address family view

Parameter
group-name: Name of the peer group.

peer-address: IP address of the peer.

as-path-acl number: Number of AS path list matched, ranging from 1 to 199.

import: Filter list applied to incoming routes.


MBGP Multicast Extension Configuration Commands 749

export: Filter list applied to outgoing routes.

Description
Using the peer as-path-acl command, you can configure BGP filter policy based
on AS path list for the peer (group). Using the undo peer as-path-acl command,
you can remove the configuration.

By default, the peer (group) has no filter policy based on AS path list.

Example
Set BGP filter policy based on AS path list for the peer (group).
<3Com-bgp] peer test as-number 100
<3Com-bgp] ipv4-family multicast
<3Com-bgp-af-mul] peer test enable
<3Com-bgp-af-mul] peer test as-path-acl 3 export

peer enable Syntax


peer { group-name | peer-address} enable

undo peer { group-name | peer-address} enable

View
IPv4 multicast sub-address family view

Parameter
peer-address: IP address of the multicast peer.

group-name: Name of the multicast peer group.

Description
Using the peer enable command, you can enable the multicast peer or peer
group. Using the undo peer enable command, you can disable the multicast
peer or peer group.

By default, the multicast peer (or peer group) is disabled.

Only after the peer (peer group) is enabled, can it establish connection with the
multicast peer.

Example
Enable the multicast peer 1.1.11.1.
<3Com-bgp-af-mul] peer 1.1.11.1 enable

<3Com-bgp] peer test enable

peer filter-policy Syntax


peer { group-name | peer-address } filter-policy acl-number { import | export }

undo peer { group-name | peer-address } filter-policy acl-number { import | export }


750 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

View
IPv4 multicast sub-address family view

Parameter
group-name: Name of the peer group.

peer-address: IP address of the peer.

acl-number: IP ACL number, ranging from 1 to 199.

import: Specifies an import policy.

export: Specifies an export policy.

Description
Using the peer filter-policy command, you can set the filter policy list for a peer
(group). Using the undo peer filter-policy command, you can remove the
existing setting.

By default, the peer (group) has no ACL.

For the related command, see peer as-path-acl.

Example
Set the filter policy list for a peer.
<3Com-bgp] peer test as-number 100
<3Com-bgp] ipv4-family multicast
<3Com-bgp-af-mul] peer test enable
<3Com-bgp-af-mul] peer test filter-policy 3 import

peer ip-prefix Syntax


peer { group-name | peer-address } ip-prefix prefixname { import | export }

undo peer { group-name | peer-address } ip-prefix prefixname { import | export }

View
IPv4 multicast sub-address family view

Parameter
group-name: Name of the peer group.

peer-address: IP address of the peer.

ip-prefix prefixname: Specifies ip-prefix name, ranging from 1 to 19 characters.

import: Applies the filter policy to routes accepted by the specified peer (group).

export: Applies the filter policy to routes sent by the specified peer (group).
MBGP Multicast Extension Configuration Commands 751

Description
Using the peer ip-prefix command, you can configure the route filter policy
based on the address prefix-list for the peer (group). Using the undo peer
ip-prefix command, you can remove the configuration.

By default, no route filter policy is configured for the peer (group).

Example
Configure the route filter policy based on the address prefix-list for the peer.
<3Com-bgp-af-mul] peer group1 ip-prefix list1 import

peer next-hop-local Syntax


peer { group-name | peer-address } next-hop-local

undo peer { group-name | peer-address } next-hop-local

View
IPv4 multicast sub-address family view

Parameter
group-name: Name of the peer group.

peer-address: IP address of the peer.

Description
Using the peer next-hop-local command, you can remove the processing of the
next hop in routes which BGP will advertise to the peer (group), and set the local
address as the next hop. Using the undo peer next-hop-local command, you
can remove the existing setting.

Example
Set the local address as the next hop when advertising routes to peer group
named test.
<3Com-bgp-af-mul] peer test next-hop-local

peer public-as-only Syntax


peer { group-name | peer-address } public-as-only

undo peer { group-name | peer-address } public-as-only

View
IPv4 multicast sub-address family view

Parameter
group-name: Name of the peer group.

peer-address: IP address of the peer.


752 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

Description
Using the peer public-as-only command, you can configure only to carry public
AS number rather than private AS number when BGP sends update packets. Using
the undo peer public-as-only command, you can choose to carry a private AS
number when BGP sends update packets.

By default, the private AS number is carried when BGP sends update packets.

Generally, BGP sends update packets with the AS number (which can be either the
public AS number or private AS number). To enable some external routers to
ignore the private AS number when sending update packets, you can configure
not to carry the private AS number when BGP sends update packets.

Example
Configure not to carry private AS number when BGP sends update packets to peer
group named test.
<3Com-bgp-af-mul] peer test public-as-only

peer reflect-client Syntax


peer { group-name | peer-address } reflect-client

undo peer { group-name | peer-address } reflect-client

View
IPv4 multicast sub-address family view

Parameter
group-name: Name of the peer group.

peer-address: IP address of the peer.

Description
Using the peer reflect-client command, you can configure a peer (group) as a
client of the route reflector. Using the undo peer reflect-client command, you
can remove the existing configuration.

By default, there is no route reflector in the autonomous system.

Example
Configure peer group named test to be client of the route reflector.
<3Com-bgp-af-mul] peer test reflect-client

peer route-policy Syntax


peer { group-name | peer-address } route-policy policy-name { import | export }

undo peer { group-name | peer-address } route-policy policy-name { import | export }

View
IPv4 multicast sub-address family view
Multicast Static Route Configuration Commands 753

Parameter
group-name: Name of the peer group.

peer-address: IP address of the peer.

route-policy policy-name: Route policy specified.

import: Applies route policy to the routes received from the peer (group).

export: Applies route policy to the routes advertised to the peer (group).

Description
Using the peer route-policy command, you can configure route policy for the
specified peer (group). Using the undo peer route-policy command, you can
remove the route policy of the peer (group).

By default, no route policy is specified for the peer (group).

Example
Apply route policy policy 1 to the routes received from the peer group named test.
<3Com-bgp-af-mul] peer test route-policy policy1 import

Multicast Static Route


Configuration
Commands

delete rpf-route-static all Syntax


delete rpf-route-static all

View
System view

Parameter
None

Description
Using the delete rpf-route-static all command, you can delete all the static
multicast routes.

When using this command, the system will prompt you to acknowledge. All static
multicast routes will be deleted after your acknowledgement.

For the related command, see ip rpf-route-static and display multicast


routing-table static.

Example
Delete all the static multicast routes.
<3Com] delete rpf-route-static all
754 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

display multicast Syntax


routing-table static display multicast routing-table static [ source mask ]

View
Any view

Parameter
source: IP address of multicast source (unicast address).

mask: IP address mask of multicast source.

Description
Using the display multicast routing-table static command, you can view the
active multicast static routes.

If no multicast source address is specified, all active multicast static routes will be
displayed.

For the related command, see display multicast routing-table static config.

Example
Display all active multicast static routes.
<3Com> display multicast routing-table static
22.22.0.0/16 [inactive]
RPF interface = serial0/0/0, RPF neighbor = 66.55.99.88
Matched routing protocol = = <none>, route-policy = <none>, preference = 1
Running config = ip mroute 22.22.0.0 16 66.55.99.88 preference 1

Display the multicast static routes that exactly match the address 10.10.0.0/16.

<3Com> display multicast routing-table static 10.10.0.0 255.255.0.0

display multicast Syntax


routing-table static display multicast routing-table static config [ source mask ]
config
View
Any view

Parameter
source: IP address of multicast source (unicast address).

mask: IP address mask of multicast source.

Description
Using the display multicast routing-table static config command, you can
view multicast static routes configured.

If no multicast source address is specified, all configured multicast static routes will
be displayed.

For the related command, see display multicast routing-table static.


Multicast Static Route Configuration Commands 755

Example
Display all the configured multicast static routes.
<3Com> display multicast routing-table static config

Display the multicast static routes that exactly match the address 1.0.0.0/8.

<3Com> display multicast routing-table static config 1.0.0.0 255.0.0.0

ip rpf-longest-match Syntax
ip rpf-longest-match

undo ip rpf-longest-match

View
System view

Parameter
None

Description
Using the ip rpf-longest-match command, you can configure the longest-match
rule to be the multicast RPF route selecting policy. Using the undo ip
rpf-longest-match command, you can restore the default configuration.

By default, routes are selected according to the preference-preferred rule.

Example
Set the longest-match rule to be the multicast RPF route selecting policy.
<3Com] ip rpf-longest-match

ip rpf-route-static Syntax
ip rpf-route-static source { mask | mask-length } [ protocol ] [ route-policy policyname ] {
rpf-nbr | interface-name } [ order order-num | preference preference ]

undo ip rpf-route-static source { mask | mask-length } [ protocol ] [ route-policy


policyname ]

View
System view

Parameter
source: IP address of multicast source (unicast address).

mask: IP address mask of multicast source.

mask-length: IP address mask length of multicast source.

protocol: Indicates that matched routes must appear in the specified unicast
routing protocol. Protocol can be such unicast routing protocols as bgp, isis, ospf,
rip and static.

route-policy: Match rule for static multicast routes.


756 CHAPTER 7: MULTICAST COMMON CONFIGURATION COMMANDS

rpf-nbr: IP address of RPF neighbor router.

interface-name Interface name which is connect to the RPF neighbor router,


including interface type and interface number.

order-num: Changes the configuration location of routes on the same network


segment. The value ranges from 1 to 100.

preference: Route preference, ranging from 1 to 255. By default, the value is 1.

Description
Using the ip rpf-route-static command, you can configure multicast static routes.
Using the undo ip rpf-route-static command, you can remove the multicast
static routes from the multicast static routing table.

For the related commands, see display multicast routing-table static config
and display multicast routing-table static.

Example
Configure a multicast static route.
<3Com> system-view
<3Com] ip rpf-route-static 1.0.0.0 255.0.0.0 rip route-policy map1 11.0.0.1

Display the multicast static route configured.


<3Com] display multicast routing-table static config

Continue to configure the multicast static route.


<3Com] ip rpf-route-static 1.0.0.0 255.0.0.0 rip route-policy map1 13.1.1.2

Display the multicast static route configured.


<3Com] display multicast routing-table static config

Continue to configure the multicast static route.


<3Com] ip rpf-route-static 1.0.0.0 255.0.0.0 null0

Display the multicast static route configured.


<3Com] display multicast routing-table static config
MPLS Basic Configuration Commands
8
This chapter describes the following types of commands:
■ Basic Configuration Commands
■ LDP Configuration Commands
■ BGP/MPLS VPN Configuration Commands
■ MPLS L2VPN CCC Configuration Commands
■ SVC MPLS L2VPN Configuration Commands
■ Martini MPLS L2VPN Configuration Commands
■ Kompella MPLS L2VPN Configuration Commands

Basic Configuration
Commands

debugging mpls lspm Syntax


debugging mpls lspm { all | packet | event | ftn | process | agent | interface | policy | vpn }

undo debugging mpls lspm { all | packet | event | ftn | process | agent | interface | policy
| vpn }

View
User view

Parameter
agent: Enables all MPLS Agent information debugging.

all: Enables all MPLS-related information debugging.

event: Enables information debugging of various MPLS events.

ftn: Enables MPLS ftn debugging.

interface: Enables the MPLS information debugging on the message


sending/receiving interface.

packet: Enables MPLS packet debugging.

policy: Enables MPLS information debugging.

process: Enables internal processing of MPLS information debugging.

vpn: Enables all MPLS VPN information debugging.


758 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Description
Using the debugging mpls lspm command, you can enable various LSP
information debugging. Using the undo debugging mpls lspm command, you
can disable corresponding debugging.

By default, all debugging is disabled.

This command is used for the debugging of the problem that occurred while using
MPLS LSPM. Enabling the debugging will affect the performance of the router, so
it is recommended that the command be used with caution.

Example
Enable all relevant debugging of MPLS VPN.
<3Com> debugging mpls lspm vpn

display mpls interface Syntax


display mpls interface

View
Any view

Parameter
None

Description
Using the display mpls interface command, you can view all MPLS-enabled
interfaces.

For the related commands, see display mpls lsp, display mpls statistics,
display static-lsp.

Example
Display all MPLS-enabled interfaces.
[3Com] display mpls interface

display mpls lsp Syntax


display mpls lsp { verbose | include text }

View
Any view

Parameter
include text: Displays the information with the specified string included.

verbose: Displays detailed information.

Description
Using the display mpls lsp command, you can view LSP information.
Basic Configuration Commands 759

By default, the display mpls lsp command displays all LSP information.

For the related commands, see display mpls interface, display mpls statistics,
and display static-lsp.

Example
Display all LSPs whose incoming interfaces are Serial 3/0/0.
[3Com] display mpls lsp include incoming-interface serial3/0/0

display mpls static-lsp

Syntax
display mpls static-lsp { verbose | include text }

View
Any view

Parameter
include text: Displays the information with the specified string included.

verbose: Displays detailed information.

Description
Using the display mpls static-lsp command, you can display the information of
all or single static LSP(s).

For the related commands, see display mpls interface, display mpls lsp, and
display mpls statistics.

Example
Display information of the static LSP named “marlborough”.
[3Com] display mpls static-lsp include marlborough

display mpls statistics Syntax


display mpls statistics { interface { all | interface-type interface-num } } | { lsp [ lsp-Index
| all | name ] } }

View
Any view

Parameter
interface-type: Type of network interface.

Interface-num: Number of network interface.

lsp-Index: LSP index

all: All LSPs

name lsp-name: LSP name


760 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Description
Using the display mpls statistics command, you can display statistics of all or
single LSP(s) and LSP statistics on all or single interface(s).

Specifically, the displayed information includes the bytes, packets, errors and
discarded packets processed on each LSP ingress and each LSP egress, and those
received and transmitted on each MPLS-enabled interface.

For the related commands, see display mpls interface and display mpls lsp.

Example
Display MPLS statistics.
[3Com] display mpls statistics lsp all
Building the information...
LSP Index/LSP Name : 1/lsp1
InSegment Octets of LSP is: 0 Bytes processed on each LSP ingress
InSegment Packets of LSP is: 0 Packets processed on each LSP ingress
InSegment Errors of LSP is: 0 Errors processed on each LSP ingress
InSegment Discard Packets of LSP is: 0 Discarded packets processed on each LSP ingress
LSP Index/LSP Name : 1/lsp1
OutSegment Octets of LSP is: 0 Bytes processed on each LSP egress
OutSegment Packets of LSP is: 0 Packets processed on each LSP egress
OutSegment Errors of LSP is: 0 Errors processed on each LSP egress
OutSegment Discard Packets of LSP is: 0 Discarded packets processed on each LSP egress
LSP Index/LSP Name : 17416/dynamic-lsp
InSegment Octets of LSP is: 0
InSegment Packets of LSP is: 0
InSegment Errors of LSP is: 0
InSegment Discard Packets of LSP is: 0
LSP Index/LSP Name : 17416/dynamic-lsp
OutSegment Octets of LSP is: 0
OutSegment Packets of LSP is: 0
OutSegment Errors of LSP is: 0
OutSegment Discard Packets of LSP is: 0

Display MPLS statistics on all interfaces.


[3Com] display mpls statistics interface all
Showing statistics about all MPLS interface:
The statistics of interface : Serial6/0/0
The statistics of interface in :
In Octets of Mpls interface is: 0
In Packets of Mpls interface is: 0
In Errors of Mpls interface is: 0
In Discard Packets of Mpls interface is: 0
The statistics of interface out :
Out Octets of Mpls interface is: 0
Out Packets of Mpls interface is: 0
Out Errors of Mpls interface is: 0
Out Discard Packets of Mpls interface is: 0
The statistics of interface : Serial6/0/1
The statistics of interface in :
In Octets of Mpls interface is: 0
In Packets of Mpls interface is: 0
In Errors of Mpls interface is: 0
In Discard Packets of Mpls interface is: 0
Basic Configuration Commands 761

The statistics of interface out :


Out Octets of Mpls interface is: 0
Out Packets of Mpls interface is: 0
Out Errors of Mpls interface is: 0
Out Discard Packets of Mpls interface is: 0
Table 1 Description of the Output Information of the Display mpls statistics interface all
Command

Field Description
In Octets of Mpls interface is: 0 Bytes coming from the interface
In Packets of Mpls interface is: 0 Packets coming from the interface
In Errors of Mpls interface is: 0 Packet processing errors coming from the
interface
In Discard Packets of Mpls interface is: 0 Discarded packets coming from the interface
Out Octets of Mpls interface is: 0 Bytes sent from the interface
Out Packets of Mpls interface is: 0 Packets sent from the interface
Out Errors of Mpls interface is: 0 Packet processing errors sent from the
interface
Out Discard Packets of Mpls interface is: 0 Discarded packets sent from the interface

lsp-trigger Syntax
lsp-trigger { all | ip-prefix ip-prefix }

undo lsp-trigger { all | ip-prefix ip-prefix }

View
MPLS view

Parameter
all: Sets up LSPs at any routes.

ip-prefix: Sets up LSPs only at those routes with the specified IP prefix.

ip-prefix: IP address prefix list, in the range of 1~19.

Description
Using the lsp-trigger command, you can configure topology-triggered LSP
creation policy. Using the undo lsp-trigger command, you can remove the
filtering conditions specified by parameters and enable no route to trigger LSP
creation.

By default, all kinds of routing protocols are filtered out.

If no topology-triggered policy is configured, LSPs can be established at all host


routes with 32-bit masks.

If you import an IP-prefix rule without contents, LSPs can be established at all host
routes according to the IP-prefix usage convention in VRP.

For the related command, see ip ip-prefix.

Example
Allow to set up LSPs at all routes.
762 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

[3Com-mpls] lsp-trigger all

mpls Syntax
mpls

View
System view, routing protocol view, interface view, virtual interface view

Parameter
None

Description
Using the mpls command in system view, you can enter MPLS view.

Using the mpls command in interface view, you can enable MPLS on the interface.

By default, MPLS view is not to be entered.

After executing the command, the user can enter MPLS view. Only after entering
MPLS view, can the user configure other MPLS commands.

To enter MPLS view, the user should configure the mpls lsr-id command first.

For the related command, see mpls enable | disable.

Example
Enter MPLS view in system view.
[3Com] mpls
[3Com-mpls]

Execute MPLS in interface view.

[3Com-Ethernet6/0/0] mpls
Mpls starting, please wait... OK!

mpls lsr-id Syntax


mpls lsr-id ip-address

undo mpls lsr-id

View
System view

Parameter
ip-address: LSR ID, with a form like IP address, used to identify an LSR.

Description
Using the mpls lsr-id command, you can configure an LSR ID. Using the undo
mpls lsr-id command, you can delete an LSR ID.

By default, an LSR has no ID.


Basic Configuration Commands 763

As a premise for configuring other MPLS commands, using this command you can
configure an LSR ID.

The form of an LSR ID resembles that of an IP address. It is recommended to use a


loopback address of LSR.

For the related command, see display mpls interface.

Example
Configure the ID of the LSR as 202.17.41.246.
[3Com] mpls lsr-id 202.17.41.246

% Mpls lsr-id changed.

reset mpls statistics Syntax


reset mpls statistics { { interface { all | interface-type interface-num } } | { lsp lsp-index |
all | name lsp-name } }

View
MPLS view

Parameter
all: All interfaces or all LSPs

interface-type: Type of a network interface.

Interface-num: Number of a network interface.

lsp-Index: LSP index

name lsp-name: Name of LSP.

Description
Using the reset mpls statistics command, you can clear MPLS statistics.

This command clears statistics on all or single interface(s) or on all or single LSP(s).

For the related command, see display mpls statistics.

Example
Clear statistics on the LSP named “Marlborough”.
[3Com] reset mpls statistics lsp name marlborough

snmp-agent trap enable Syntax


ldp snmp-agent trap enable ldp

undo snmp-agent trap enable ldp

View
System view
764 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Parameter
None

Description
Using the snmp-agent trap enable ldp command, you can enable Trap function
in MPLS LDP creation. Using the snmp-agent trap enable ldp command, you
can disable Trap function in MPLS LDP creation.

By default, TRAP function is not enabled during MPLS LDP creation.

Example
Enable TRAP function during MPLS LDP creation.
[3Com] snmp-agent trap enable lDp

snmp-agent trap enable Syntax


lsp snmp-agent trap enable lsp

undo snmp-agent trap enable lsp

View
System view

Parameter
None

Description
Using the snmp-agent trap enable lsp command, you can enable Trap function
in MPLS LSP creation. Using the snmp-agent trap enable lsp command, you
can disable Trap function in MPLS LSP creation.

By default, TRAP function is not enabled during MPLS LSP creation.

Example
Enable TRAP function during MPLS LSP creation.
[3Com] snmp-agent trap enable lsp

static-lsp egress Syntax


static-lsp egress lsp-name incoming-interface { interface-type interface-num in-label
in-label-value

undo static-lsp egress lsp-name

View
MPLS view

Parameter
lsp-name: Name of LSP.

interface-type: Type of network interface.

Interface-num: Number of network interface.


Basic Configuration Commands 765

in-label-value: Value of inbound label, ranging from 16 to 1024.

Description
Using the static-lsp egress command, you can configure a static LSP for an egress
LSR. Using the undo static-lsp egress command, you can delete an LSP for an
egress LSR.

By default, this command can be used to configure a static LSP for an egress LSR.

For the related commands, see static-lsp ingress and debugging mpls.

Example
Configure a static LSP named “bj-sh” on the egress LSR.
[3Com-mpls] static-lsp egress bj-sh incoming-interface serial8/0/0 in-label 233

static-lsp ingress Syntax


static-lsp ingress lsp-name destination dest-addr { addr-mask | mask-length } { {
nexthop next-hop-addr } | { outgoing-interface interface-type interface-num } } }
out-label out-label-value

undo static-lsp ingress lsp-name

View
MPLS view

Parameter
lsp-name: Name of LSP.

dest-addr: Destination IP address.

addr-mask: Destination IP address mask.

mask-length: Mask length of destination IP address

next-hop-addr: Next-hop address.

interface-type: Type of network interface.

Interface-num: Number of network interface.

out-label-value: Value of outbound label, ranging from 16 to 1024.

Description
Using the static-lsp ingress command, you can configure a static LSP for an
ingress LSR. Using the undo static-lsp ingress command, you can delete an LSP
for an ingress LSR.

This command can be used to configure a static LSP for ingress LSR and
simultaneously set precedence value and metric value for the LSP.

For the related commands, see static-lsp egress, static-lsp transit, and
debugging mpls.
766 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Example
Configure a static LSP for the ingress LSR heading for the destination address
202.25.38.1.
[3Com-mpls] static-lsp ingress bj-sh destination 202.25.38.1 24 nexthop 202.55.25.33
out-label 237

static-lsp transit Syntax


static-lsp transit lsp-name incoming-interface interface-type interface-num in-label
in-label-value { nexthop next-hop-addr | outgoing-interface interface-type
interface-num } out-label out-label-value

undo static-lsp transit lsp-name

View
MPLS view

Parameter
lsp-name: Name of LSP.

interface-type: Type of an incoming or outgoing interface.

Interface-num: Number of an incoming or outgoing interface.

next-hop-addr: Next-hop address.

in-label-value: Value of inbound label, ranging from 16 to 1024.

out-label-value: Value of outbound label, ranging from 16 to 1024.

Description
Using the static-lsp transit command, you can configure a static LSP for transit
LSR. Using the undo static-lsp transit command, you can delete an LSP for
transit LSR.

This command can be used to configure a static LSP for transmit LSR.

For the related commands, see static-lsp egress and static-lsp ingress.

Example
Configure a static LSP for the serial interface Serial3/0/0 on transit LSR, with an
inbound label of 123 and an outbound label of 253.
[3Com-mpls] static-lsp transit bj-sh incoming-interface serial3/0/0 in-label 123 nexthop
202.34.114.7 out-label 253

statistic interval Syntax


statistics interval interval-time

undo statistics interval

View
MPLS view
LDP Configuration Commands 767

Parameter
interval-time: Time interval in seconds. It ranges from 30 to 65535.

Description
Using the statistic interval command, you can configure the time interval for
reporting statistics. Using the undo statistic interval command, you can restore
the default value.

By default, the interval is 0 seconds, that is, not to report statistics.

Example
Configure the time interval as 30 seconds, that is, to report statistics every 30
seconds.
[3Com-mpls] statistics interval 30

LDP Configuration
Commands

debugging mpls ldp Syntax


debugging mpls ldp { all | main | advertisement | session | pdu | notification | remote } [
interface interface-type interface-num ]

undo debugging mpls ldp { all | main | advertisement | session | pdu | notification |
remote } [ interface interface-type interface-num ]

View
User view

Parameter
all: displays all debugging information related to LDP.

main: displays the debugging information of main LDP task.

advertisement: Displays the debugging information during processing LDP


advertisement.

session: Displays debugging information during processing LDP session.

pdu: Displays the debugging information during processing PDU data packets.

notification: displays the debugging information while handling notification


messages.

remote: Displays debugging information of all remote peers.

interface interface-type interface-num: Displays all the debugging information of


a specified interface.
768 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Description
Using the debugging ldp command, you can enable the debugging of various
LDP messages. Using the undo debugging ldp command, you can disable the
debugging of various LDP messages.

This command displays various LDP debugging information. You are


recommended to use the command cautiously.

Example
Enable LDP debugging.
<3Com> debugging mpls ldp all

display mpls ldp Syntax


display mpls ldp

View
Any view

Parameter
None

Description
Using the display mpls ldp command, you can view LDP and LSR information.

By default, the command displays LDP and LSR information.

For the related command, see mpls ldp.

Example
Display LDP and LSR information.
[3Com] display mpls ldp

display mpls ldp Syntax


buffer-info display mpls ldp buffer-info

View
Any view

Parameter
None

Description
Using the display mpls ldp buffer-info command, you can view the buffer
information of LDP.

Example
Display LDP buffer information.
[3Com] display mpls ldp buffer-info
-----------------------------------------------------------------
LDP Configuration Commands 769

Buffer-Name Buffer-ID Buffer-Size Total-Count Free-Count


-----------------------------------------------------------------
ENTITY 0 292 199 195
LOCAL-IF 1 36 200 196
PEER-IF 2 40 201 195
PDU 3 204 249 249
ADJACENCY 4 56 201 198
PEER-INF 5 116 201 198
SESSION 6 176 201 198
US-BLK 7 264 1052 1028
DS-BLK 8 240 1052 1042
FEC 9 40 1042 1032
US-LIST 10 16 1052 1028
TRIG-BLK 11 56 2076 2071
LABEL-RANGE 12 20 198 198
CR-TUNNEL 13 124 128 128
ER-HOP 14 40 4096 4096
IF-MSG 15 24 9999 9999
-----------------------------------------------------------------
Buffer no error.

display mpls ldp Syntax


interface display mpls ldp interface

View
Any view

Parameter
None

Description
Using the display mpls ldp interface command, you can view the information of
an LDP-enabled interface.

For the related commands, see mpls ldp enable and display mpls ldp session.

Example
Display the information of an LDP-enabled interface.
[3Com-Ethernet3/0/0] display mpls ldp interface

display mpls ldp lsp Syntax


display mpls ldp lsp

View
Any view

Parameter
None

Description
Using the display mpls ldp lsp command, you can view relevant LSP information
created via LDP.
770 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

For the related command, see display mpls lsp.

Example
Display LSP.
[3Com-Ethernet3/0/0] display mpls ldp lsp

display mpls ldp peer Syntax


display mpls ldp peer

View
Any view

Parameter
None

Description
Using the display mpls ldp peer command, you can display peer information.

By default, all peer information is displayed.

Example
Display peer information.
[3Com] display mpls ldp peer

display mpls ldp remote Syntax


display mpls ldp remote

View
Any view

Parameter
None

Description
Using the display mpls ldp remote command, you can display the configured
remote peer information.

By default, all configured remote-peer information is displayed.

For the related commands, see mpls ldp remote and remote-peer.

Example
Display the configured remote-peer information.
[3Com] display mpls ldp remote

display mpls ldp session Syntax


display mpls ldp session
LDP Configuration Commands 771

View
Any view

Parameter
None

Description
Using the display mpls ldp session command, you can display the session
between peers.

By default, the session between peers is displayed.

For the related command, see mpls ldp enable.

Example
Display the session between peers.
[3Com] display mpls ldp session

mpls ldp Syntax


mpls ldp

undo mpls ldp

View
System view

Parameter
None

Description
Using the mpls ldp command, you can enable LDP. Using the undo mpls ldp
command, you can disable LDP.

By default, LDP is disabled.

Before enabling LDP, you must enable MPLS and configure LSR ID first.

For the related command, see mpls lsr-id.

Example
Enable LDP.
[3Com] mpls ldp

mpls ldp advertise Syntax


mpls ldp advertise { implicit-null | explicit-null | non-null }

undo mpls ldp advertise { implicit-null | explicit-null | non-null }

View
System view
772 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Parameter
explicit-null: Specifies to assign explicit null label to the penultimate hop at egress.

implicit-null: Specifies to assign implicit null label to the penultimate hop at egress.

non-nul: Specifies to assign normal label to the penultimate hop at egress.

■ Label value 0 stands for IPv4 Explicit NULL Label, which is valid only at the
bottom of label stack. That is, the label stack must be popped and
forwarded as IPv4 header.
■ Label value 1 stands for Router Alert Label, which is valid except at the
bottom of label stack. When receiving messages with label value 1 at the
top of the label stack, the system forwards them into local software module
for further processing. If a lower-layer label is to be forwarded, it must be
put with Router Alert Label.
■ Label value 2 stands for IPv6 Explicit NULL Label, which is valid only at the
bottom of label stack. That is, the label stack must be popped and
forwarded as IPv4 header.
■ Label value 3 stands for Implicit NULL Label, which can be distributed and
forwarded, but cannot be placed in encapsulation. When LSR switches
top-layer labels, it only need to pop the labels, but cannot replace them
when using label 3 to replace the original label.
■ Labels 4~15 are reserved.

Description
Using the mpls label advertise command, you can specify what label is to be
assigned to the penultimate hop at egress node. Using the undo mpls label
advertise command, you can restore the default value.

When the keyword explicit-null is selected, the m-layer label of a packet with
m-layer label parameter will be popped at the penultimate LSR of the LSP, but not
the egress LSR. This can lower operation restriction at egress node and mitigate
the traffic at the egress node to a degree.

By default, implicit label is assigned to the penultimate hop at egress node.

If explicit null label is assigned to the penultimate hop, it can only reside at the
bottom of the label stack.

Example
Specify at the egress to allocate general labels to the penultimate hop.
[3Com-mpls] mpls label advertise non-null

mpls ldp enable Syntax


mpls ldp enable

mpls ldp disable

View
Interface view
LDP Configuration Commands 773

Parameter
None

Description
Using the mpls ldp enable command, you can enable LDP on an interface. Using
the undo mpls ldp enable command, you can disable LDP on an interface.

By default, LDP is not enabled on an interface.

To enable an interface, you must enable LDP first. After LDP is enabled on an
interface, peer discovery and session creation proceed.

Example
Enable LDP on the interface.
[3Com-Ethernet3/0/0] mpls ldp disable

mpls ldp hops-count Syntax


mpls ldp hops-count hop-number

undo mpls ldp hops-count

View
System view

Parameter
hop-number: The maximum hops of loop detection, ranging from 1 to 32.

Description
Using the mpls ldp hops-count command, you can set the maximum hops of
loop detection. Using the undo mpls ldp hops-count command, you can restore
the default value.

By default, the maximum hops of loop detection is 32.

This command should be configured before enabling LDP on all interfaces. Its
value, which depends on actual networking situation, decides the loop detection
speed during LSP creation

For the related commands, see mpls ldp loop-detection and mpls ldp
path-vector.

Example
Set the maximum hops of loop detection to be 22.
[3Com] mpls ldp hops-count 22
Set the maximum hops of loop detection as 32, the default value.
[3Com] undo mpls ldp hops-count

mpls ldp loop-detect Syntax


mpls ldp loop-detect
774 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

undo mpls ldp loop-detect

View
System view

Parameter
None

Description
Using the mpls ldp loop-detect command, you can enable loop detection. Using
the undo mpls ldp loop-detect command, you can disable loop detection.

By default, loop detection is disabled in the system.

This command should be configured before enabling LDP on all interfaces.

For the related commands, see mpls ldp hops-count, mpls ldp path-vectors.

Example
Enable loop detection.
[3Com] mpls ldp loop-detect

Disable loop detection.


[3Com] undo mpls ldp loop-detect

mpls ldp password Syntax


mpls ldp password [cipher | simple ] password

undo mpls ldp password

View
Interface view, remote-peer view

Parameter
simple: Transmitted in plain text.

cipher:Transmitted in encrypted text.

password: User password.

Description
Using the mpls ldp password command, you can configure LDP authentication
mode. Using the undo mpls ldp password command, you can remove the
configuration.

Example
Configure the LDP authentication mode to be in plain text, with a password of
123.
[3Com-Ethernet0/0/0.1] mpls ldp password simple 123
LDP Configuration Commands 775

mpls ldp path-vectors Syntax


mpls ldp path-vectors pv-number

undo mpls ldp path-vectors

View
System view

Parameter
pv-number: The configured maximum value of path vector, ranging from 1 to 32.

Description
Using the mpls ldp path-vectors command, you can set the maximum value of
path vector. Using the undo mpls ldp path-vectors command, you can restore
the maximum value of path vector.

By default, pv-number is 32.

This command should be configured before enabling LDP on all interface. Its
value, which depends on actual networking situation, decides the loop detection
speed in LSP creation.

For the related commands, see mpls ldp loop-detection and mps ldp
hops-count.

Example
Set the maximum value of path vector to be 23
[3Com] mpls ldp path-vectors 23

Restore the maximum value of path vector.


[3Com] undo mpls ldp path-vectors

mpls ldp remote-peer Syntax


mpls ldp remote-peer Index

undo mpls ldp remote-peer Index

View
System view or remote-peer view

Parameter
Index: Index of remote peer, used to identify an entity. It ranges from 0 to 99.

Description
Using the mpls ldp remote-peer command, you can create a remote-peer entity
and enter remote-peer view. Using the undo mpls ldp remote-peer command,
you can delete a remote-peer entity.

This command can create/delete a remote-peer so as to create remote session.

For the related command, see remote-peer.


776 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Example
Create a remote-peer.
[3Com] mpls ldp remote-peer 22
[3Com-mpls-remote22]

Delete a remote-peer.
[3Com-mpls-remote22] undo mpls ldp remote-peer 12
[3Com]

mpls ldp reset-session Syntax


mpls ldp reset-session peer-address

View
Interface view

Parameter
peer-address: Corresponding LDP Peer address (in IP address format).

Description
Using the mpls ldp reset-session command, you can reset a specified session on
an interface.

After LDP is configured on an interface and LDP session is created, this command
can be used to reset a specified session on the interface only by specifying the
address of the peer corresponding to the session to be reset.

For the related commands, see mpls ldp and mpls ldp enable.

Example
Reset the sessions at the interface Ethernet0/0/0.
[3Com-Ethernet0/0/0] mpls ldp reset-session 10.1.1.1

mpls ldp timer Syntax


mpls ldp timer { session-hold session-holdtime | hello hello-holdtime }

undo mpls ldp timer { session-hold | hello }

View
Interface view, remote-peer view

Parameter
hello hello-holdtime: Specifies hold time of hello timer, in seconds and the range
of 6 seconds to 65535 seconds.

session-hold session-holdtime: Specifies hold time of session timer, in the range


of 1 second to 65535 seconds.

By default,hello secs is 15 seconds, session-hold secs is 5 seconds.


LDP Configuration Commands 777

Description
Using the mpls ldp timer command, you can set the duration of a Hello timer.
Using the undo mpls ldp timer command, you can restore the default value.

Timeout of Hello timer means that the adjacency relation with the peer is down,
while timeout of hold timer means that the session relation with the peer is down.

Generally speaking, the default value can be directly adopted. In special cases, it
needs to be modified according to requirements. It should be noted that the
modification of hello parameter may cause the original session to be recreated and
the LSP created on the basis of this session will also be deleted and needs to be
recreated.

In general, the transmission interval of hello/keepalive packets is one-third of the


hold time of hello/session timer.

For the related commands, see mpls ldp and mpls ldp enable.

Example
Modify the duration of a Hello timer.
[3Com-Ethernet3/0/0] mpls ldp timer hello 30

mpls ldp transport-ip Syntax


mpls ldp transport-ip { interface | ip-address }

undo mpls ldp transport-ip

View
Interface view

Parameter
interface: Takes the IP address of the interface as the transport address.

ip-address: Takes the IP address as the transport address.

Description
Using the mpls ldp transport-ip command, you can configure an LDP transport
address. Using the undo mpls ldp transport-ip command, you can restore the
default LDP transport address.

By default, the transport address is the LSR ID of an LSR.

For a remote-peer, the configuration of transport address is not supported and its
transport address is fixed as an LSR ID.

By default, LSR ID is required to be an address of a certain loopback interface and


its peer should have route to the address of the loopback interface. Only in this
way, can the session be successfully created. In the case of local peer, the address
of the local interface or the Router ID of LSR can be adopted as its transport
address.
778 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Example
Take the address of the local interface as a transport address.
[Quidwa-Ethernet3/0/0] mpls ldp transport-ip interface

Take the address of another interface as the transport address.


[3Com-Ethernet3/0/0] mpls ldp transport-ip 10.1.11.2

remote-ip Syntax
remote-ip remoteip

View
Remote-peer view

Parameter
remote-ip: IP address of a remote peer.

Description
Using the remote-ip command, you can configure a remote IP address. The
address should be the LSR ID of the remote LSR. For remote peers, as they adopt
LSR ID as their transport address, two remote peers take their LSR ID as their
transport addresses for creating TCP connection.

For the related command, see mpls ldp remote-peer.

Example
Configure the address of remote-peer.
[3Com] mpls ldp remote-peer 12
[3Com-remote-peer12] remote-ip 192.168.1.

BGP/MPLS VPN
Configuration
Commands

apply access-vpn Syntax


vpn-instance apply access-vpn vpn-instance { vpn-name1 vpn-name2 … }

undo apply access-vpn vpn-instance { vpn-name1 vpn-name2 … }

View
Route-policy view

Parameter
vpn-name: Name of the configured VPN instance. At most, 6 VPN names can be
configured.

Description
Using the apply access-vpn vpn-instance command, you can specify packet to
search private network forwarding route in vpn-name1, vpn-name2, vpn-name3,
vpn-name4, vpn-name5, vpn-name6(if they all exist) and perform the
BGP/MPLS VPN Configuration Commands 779

corresponding forwarding after policy route to be enabled. Using the undo apply
access-vpn vpn-instance command, you can remove this function.

Example
Specify the configured VPN instance.
[3Com-route-policy] apply access-vpn vpn-instance vpn1

debugging bgp Syntax


debugging bgp [ { { keepalive | open | packet | update | route-refresh } [ receive | send |
verbose ] } { all | event | normal }

undo debugging bgp [ { { keepalive | open | packet | update | route-refresh } [ receive |


send | verbose ] } { all | event | normal }

View
User view

Parameter
keepalive: Displays BGP keepalives.

open: Displays BGP OPEN packet information.

packet: Displays BGP packets.

update: Displays BGP updates.

route-refresh: Displays BGP route refreshing packets.

receive: Displays received information.

send: Displays sent information.

verbose: Displays detailed information

all: Displays debugging of all levels.

event: Displays BGP event.

normal: Displays BGP normal debugging function.

Description
The debugging bgp command you can display the information concerning BGP
processing. The undo debugging bgp command you can disable debugging
function.

Example
<3Com> debugging bgp vpnv4

description Syntax
description vpn-instance-description

undo description
780 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

View
Vpn-instance view

Parameter
vpn-instance-description: Specify the description information of VPN instance.

Description
Using the description command, you can configure description information for
specified VPN instance. Using the undo description command, you can remove
the description of VPN instance.

Example
Display description information of VPN.
[3Com-vpn-vpna] description 3com

display bgp vpnv4 Syntax


display bgp vpnv4 { all | route-distinguisher rd-value | vpn-instance vpn-instance-name
} { group | network | peer | routing-table }

View
Any view

Parameter
all: Displays all VPNv4 database.

route-distinguisher: rd-value: Displays matching route distinguisher(RD) and


network layer reachable information(NLRI).

vpn-instance: vpn-instance-name: Displays network layer reachable


information(NLRI) associated with the specified vpn-instance.

group: Displays the information related to peer groups.

network: Displays the networks advertised through BGP.

peer: Displays the information of the connections.

routing-table: Displays BGP routes.

Description
Using the display bgp vpnv4 command, you can display VPNv4 information in
BGP database.

Example
Display the information about all BGP VPNV4 peers.
[3Com] display bgp vpnv4 all
BGP local router ID is 1.1.248.23
Status codes: s suppressed, d damped, h history, * valid, > best, i internal
Origin codes: i – IGP, e – EGP, ? - incomplete
Network Next Hop Label Metric LocPrf Path
Route Distinguisher:100:9 (default for vpn-instance vpn-instance_1)
BGP/MPLS VPN Configuration Commands 781

*> 192.5.1.0 0.0.0.0 16/0

display ip routing-table Syntax


vpn-instance display ip routing-table vpn-instance vpn-instance-name [ ip-address ] [ verbose ]

View
Any view

Parameter
vpn-instance-name: Name assigned to vpn-instance.

ip-address: Displays information of the specified address.

verbose: Displays the detailed information.

Description
Using the display ip routing-table vpn-instance command, you can view the
specified information in the IP routing table of vpn-instance.

Example
Display the IP routing table associated with the vpn-instance.
[3Com] display ip routing-table vpn-instance vpn-instance1
Routing Table: vpn-instance1 RD: 1233:11
Destination/Mask ProtoPreMetric Nexthop Interface
192.1.1.0/24 Direct0 0192.1.1.1 GigabitEthernet1/0/0
192.1.1.1/32 Direct0 0127.0.0.1 InLoopBack0
192.1.1.255/32 Direct0 0127.0.0.1 InLoopBack0

display ip vpn-instance Syntax


display ip vpn-instance [ vpn-instance-name | verbose ]

View
Any view

Parameter
vpn-instance-name: Name assigned to vpn-instance.

verbose: Displays the detailed information.

Description
Using the display ip vpn-instance command, you can view such information
associated with vpn-instance as the VPN instance RD, description and associated
interface.

Example
Display the information about vpn-instance 3Com.
[3Com] display ip vpn-instance 3com
VPN-Instance : vpn1
No description
Route-Distinguisher : 100:6
Interfaces :
782 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Ethernet0/0/0.101

display ospf sham-link Syntax


display ospf sham-link

View
Any view

Parameter
None

Description
Using the display ospf sham-link command, you can view the information of
sham links.

For the related command, see sham-link.

Example
Display the information of sham links.
<3Com>display ospf sham-link
OSPF Process 1 with Router ID 1.1.1.1
Sham Links
Sham-link 3.3.3.3 -> 5.5.5.5, State: Down
Area: 0.0.0.1
Cost: 1 State: Down Type: Sham
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1

display mpls l3vpn-lsp Syntax


display mpls l3vpn-lsp [ verbose] [ include text ]

View
Any view

Parameter
include text: Displays the MPLS L3VPN LSPs with the specified FEC string.

verbose: Displays detailed information.

Description
Using the display mpls l3vpn-lsp include command, you can view the
information of MPLS L3VPN LSPs.

Example
Display the label swith path vpn-instance relative information of mpls l3vpn.
<3Com> display mpls l3vpn-lsp transit
--------------------------------------------------------------------LSP Information: L3vpn Transit Lsp
--------------------------------------------------------------------
TOTAL: 0 Record(s) Found.

Display the label swith path relative information of mpls l3vpn.


BGP/MPLS VPN Configuration Commands 783

[3Com] display mpls l3vpn-lsp include 3com

display mpls l3vpn-lsp Syntax


vpn-instance display mpls l3vpn-lsp [ vpn-instance vpn-instance-name ] [ transit | egress | ingress ]
[include ip-address length-prefix | verbose ]

View
Any view

Parameter
transit: LSP of ASBR VPN

egress: LSP of egress VPN

ingress: LSP of ingress VPN

vpn-instance: VPN Routing/Forwarding instance name.

include text: Displays the MPLS L3VPN LSPs with the specified FEC string.

verbose: Displays detailed information.

Description
Using the display ip routing-table vpn-instance command, you can view the
vpn-instance information of MPLS L3VPN LSPs.

Example
Display the vpn-instance information of MPLS L3VPN LSPs.
<3Com> display mpls l3vpn-lsp transit
--------------------------------------------------------------------LSP Information: L3vpn Transit Lsp
--------------------------------------------------------------------
TOTAL: 0 Record(s) Found.

domain-id Syntax
domain-id { id-number | id-addr }

undo domain-id

View
OSPF protocol view

Parameter
id-number: Domain ID for a VPN instance, in range of 0~4294967295. By default,
it is 0.

id-addr: IP address format of the domain ID in VPN instance. By default, it is


0.0.0.0.

Description
Using the domain-id command, you can specify domain ID for a VPN instance.
Using the undo domain-id command, you can restore the default domain ID.
784 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

For standard BGP/OSPF interoperability, when importing routes to OSPF are


configured at the PE, their original OSPF attributes cannot be restored. If these
BGP VPN IP routes are issued to CE as ASE LSA (type-5 LAS), they cannot be
distinguished from other routes imported from other route domains. In order to
distinguish external routes imported form OSPF internal routes, it is required to
restore their OSPF attributes in importing BGP routes to OSPF, so an OSPF domain
can be configured with a domain ID. The domain-id is attached to the
corresponding BGP/VPN route in importing OSPF route into BGP/VPN for
transmission over BGP/VPN route. Then in importing BGP route into the peer PE,
LAS values are filled in accordance to the extended community attributes. If the
domain IDs are the same for the BGP VPN IP routes received, they are from the
same VPN instance.

By default, the domain ID is 0.

The specified domain ID will not take effect until the reset ospf command is
executed.

Example
Configure domain ID 100 for OSPF procedure 100.
[3Com-ospf-100]domain-id 100
[3Com-ospf-100]domain-id 0.0.0.100

import-route Syntax
import-route { ospf | ospf-ase | ospf-nssa } [ process-id ] [ med value | route-policy
route-policyname ]

undo import-route { ospf | ospf-ase | ospf-nssa } [ process-id ]

View
BGP unicast/multicast VPN-instance address family view, MBGP Interface
VPN-instance address family view

Parameter
process-id: OSPF procedure ID. By default, it is 1.

ospf: When only OSPF procedure ID is imported, ASE internal route is taken as
external route information.

ospf-ase: When only OSPF procedure ID is imported, OSPF-ASE route is taken as


external route information.

ospf-nssa: When only OSPF procedure ID is imported, OSPF-NSSA route is taken as


external route information.

med value: Route cost value

route-policyname: Route policy name

Description
Using the ip binding vpn-instance command, you can enable to import OSPF
route. Using the undo ip binding vpn-instance command, you can disable to
import OSPF route.
BGP/MPLS VPN Configuration Commands 785

CAUTION: By default, the procedure ID IS 1.

Example
Enable to import an OSPF route with procedure ID 100.
[3Com] ip vpn-instance sphinx
[3Com-vpn-sphinx] route-distinuisher 168.168.55.1:85
[3Com-vpn-sphinx] quit
[3Com] bgp 352
[3Com-bgp] ip vpn-instance sphinx
[3Com-bgp-af-vpn-instance] import-route ospf 100

ip binding vpn-instance Syntax


ip binding vpn-instance vpn-instance-name

undo ip binding vpn-instance vpn-instance-name

View
Interface view

Parameter
vpn-instance-name: Name assigned to vpn-instance.

Description
Using the ip binding vpn-instance command, you can connect an interface or
sububterface with a vpn-instance. Using the undo ip binding vpn-instance
command, you can remove the connection.

By default, global routing table is configured.

The IP address of the interface will be removed if executing this command on it, so
the IP address of the interface needs to be reconfigured.

Example
Bind VPN instance vpn1 to the interface atm0/0/0.
[3Com] interface atm1/0/0
[3Com-Atm1/0/0] ip binding vpn-instance vpn1

ip route-static Syntax
vpn-instance ip route-static vpn-instance { vpn--name1 vpn-name2 …| ip-address1 } { mask |
mask-length } { interface-name | [ vpn-instance vpn-name-nexthop ip-address2 ] } [
public ] [ preference preference-value ] [ reject | blackhole ]

undo ip route-static vpn-instance { vpn-name1 vpn-name2 …| ip-address1 } { mask |


mask-length } { interface-name | [ vpn-instance vpn-name-nexthop ip-address2 ] } [
preference preference-value ] [ reject | blackhole ]

View
System view

Parameter
vpn-name: Name of VPN instance can be configured 6 names at most.
786 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

ip-address: Destination address of the static route.

mask: Address mask.

mask-length: Length of the mask. As "1" in the 32 bit-mask is required to be


consecutive, the mask in dotted decimal format can be substituted by
mask-length. (mask-length is represented by the number of consecutive "1"s in
the mask.)

interface-name: Out-interface name of static route. It can specify the interface of


public network or other vpn-instances as the out-interface of the static route.

vpn-nexthop-name: Next hop vpn-instance of the static route.

ip-address2: Next hop IP address of the static route.

reject: Configures a route as unreachable.

blackhole: Configures a route as blackhole.

Description
Using the ip route-static vpn-instance command, you can configure static route,
specifying a private network interface as the out-interface of this static route. In
the application background of multi-role host, you can configure a static route in a
private network with an interface of another private network or public network as
its out-interface. Using the undo ip route-static vpn-instance command, you
can remove the configuration of this static route.

Example
Configure static route with destination address 100.1.1.1, next hop address
1.1.1.2.
[3Com] ip route-static vpn-instance vpn1 100.1.1.1 16 vpn-instance vpn1 1.1.1.2

ip vpn-instance Syntax
ip vpn-instance vpn-name

undo ip vpn-instance vpn-name

View
System view, routing protocol view

Parameter
vpn-name: Name assigned to vpn-instance.

Description
Using the ip vpn-instance command, you can create and configure a
vpn-instance. Using the undo ip vpn-instance command, you can delete the
specified vpn-instance.

By default, vpn-instance is not defined. Neither input nor output list is associated
with vpn-instance. No route-map is associated with vpn-instance.
BGP/MPLS VPN Configuration Commands 787

Use the ip vpn-instance command to create a vpn-instance named vpn-name.

Example
Create VPN instance vpn1.
[3Com] ip vpn-instance vpn1
[3Com-vpn-vpn1]

ipv4-family Syntax
ipv4-family [ vpnv4 [ unicast ] | multicast | vpn-instance vpn-instance-name ]

undo ipv4-family [ vpnv4 [ unicast ] | multicast | vpn-instance vpn-instance-name ]

View
BGP view

Parameter
multicast: IPv4 multicast address used by the address family. This parameter is
used to enter MBGP multicast address family view.

vpn-instance vpn-instance-name: Associates the specified vpn-instance example


with the IPv4 address family. This parameter is used to enter MBGP vpn-instance
address family view.

unicast: IPv4 unicast address used by the address family.

Description
Using the ipv4-family command, you can enter BGP IPv4 address family view or
MBGP VPNv4 address family view. Using the undo ipv4-family command, you
can delete the configuration of specified address family view or MBGP VPNv4
address family view.

By default, unicast address is used when configuring VPNv4 address family.

By default, unicast address is used when configuring IPv4 address family.

Use this command to enter address family view and configure parameters
associated with address family for BGP in this view.

The ipv4-family vpn-instance command you can enter MBGP vpn-instance


address family view.

The undo ipv4-family vpn-instance vpn-instance-name command you can


remove the association of the specified vpn-instance example with IPv4 address
family to exit to BGP unicast view.

For the related command, see peer enable.

Example
Associate the specified vpn-instance example with IPv4 address family to enter
MBGP vpn-instance address family view, which can be configured only after
vpn-instance has been configured.
[3Com] bgp 100
788 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

[3Com–bgp] ipv4 family vpn-instance abc


[3Com-bgp-af-vpn-instance]

Enter VPNv4 address family view.


[3Com] bgp 100
[3Com-bgp] ipv4 family vpnv4 unicast
[3Com-bgp-af-vpn]

ospf Syntax
ospf process-id [ router-id router-id-number ] [ vpn-instance vpn-instance-name ]

undo ospf process-id

View
System view

Parameter
process-id: OSPF procedure ID. By default, it is 1.

router-id-number: Router ID for OSPF procedure, optional

vpn-instance-name: VPN instance bound to the OSPF procedure

Description
Using the ospf command, you can an enable OSPF procedure. Using the undo
ospf command, you can disable an OSPF procedure.

After enabling OSPF procedure, you can perform OSPF configurations in the OSPF
protocol view.

By default, no OSPF protocol is enabled.

VRP supports multiple OSPF procedures, so you can specify different procedure IDs
to enable multiple OSPF procedures on a router.

It is recommended to specify procedure route-id with the router-id parameter in


enabling OSPF procedure. If you want to enable multiple processes on a router you
are recommended to specify different router IDs for different procedures.

To enable an OSPF procedure belonging to public network without specifying


router ID, the following conditions should be satisfied:
■ RM is configured with router ID.
■ There is an interface which configured with IP address.

If router ID is not specified in enabling OSPF procedure, but binding the procedure
with a VPN instance is required. An interface must exist that has been configured
with IP address.

If you want to bind a procedure to a VPN instance, you must specify VPN instance
name.

One VPN instance may include several procedures. For example, for the VPN
instance 1, you can configure it into OSPF procedures 1, 2 and 3 with the
BGP/MPLS VPN Configuration Commands 789

commands ospf 1 vpn-instance vpn1, ospf 2 vpn-instance vpn1, and ospf 3


vpn-instance vpn1.

But one procedure can belong to only one instance. If you have executed ospf 1
vpn-instance vpn1, you cannot configure ospf 1 vpn-instance vpn2. Otherwise,
the system prompts the information “Wrong configuration. Process 1 has been
bound to vpn-instance VRF1”. If you configure ospf 1 first and then execute ospf 1
vpn-instance vpn1, the system prompts the information “Wrong configuration.
Process 1 has been running in public domain”.

If you execute ospf 1 vpn-instance vpn1 first and then configure ospf 1, the system
enters ospf 1 vpn-instance vpn1 view, in which the commands ospf 1 and ospf 1
vpn-instance vpn1 are equivalent.

When an OSPF procedure is bound to a VPN instance, the default OSPF router is PE
router. After executing the display ospf process-id brief command, you will get
the information “PE router, connected to VPN backbone”.

CAUTION:

A router can run a maximum of 1024 OSPF procedures, with up to 10 procedures


in each VPN instance.

If you bind an OSPF procedure to a nonexistent VPN instance, the command fails
in executing and the system prompts the information “Specified vpn instance not
configured”.

When a VPN instance is deleted, all OSPF procedures associated to it will be


deleted. For example, suppose VPN instance vpn1 includes OSPF procedures 1, 2
and 3. If VPN instance vpn1 is deleted, the OSPF procedures 1, 2 and 3 will all be
deleted.

For the related command, see network.

Example
Enable the default OSPF procedure 1.
[3Com] router id 10.110.1.8
[3Com] ospf

Enable OSPF procedure 120 and run OSPF protocol.


[3Com] router id 10.110.1.8
[3Com] ospf 120
[3Com-ospf-120]

Enable OSPF procedure 100, specify its route ID as 2.2.2.2 and bind it to the VPN
instance vpn1.
[3Com] ospf 100 router-id 2.2.2.2 vpn-instance vpn1
[3Com-ospf-100]

peer allow-as-loop Syntax


peer { group-name | peer-address } allow-as-loop asn-limit

undo peer { group-name | peer-address } allow-as-loop asn-limit


790 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

View
BGP view, MBGP IPv4-family view

Parameter
group-name: Name of the peer group

ip-address: specified IP address of peer.

asn-limit: The maximum number allowed in received route updates of the local
autonomous system number AS.

Description
Using the peer allow-as-loop command, you can enable route loop detection in
the received route updates in hub&spoke networking mode. Using the undo peer
allow-as-loop command, you can prohibit loop to occur in the received route
updates.

By default, loop information is prohibited in the received route update


information.

In the case of standard BGP, BGP tests routing loop via AS number. In the case of
Hub&Spoke networking, however, PE carries the AS number of the local
autonomous system when advertising the routing information to CE, if EBGP is
run between PE and CE. Accordingly, the updated routing information will carry
the AS number of the local autonomous system when route update is received
from CE. In this case, PE cannot receive the route update information.

This phenomenon can be avoided by using the peer allow-as-loop command,


which makes PE router allow the route update information received from CE to
contain AS number of itself. The allowed maximum number is controlled by using
the parameter asn-imit.

Example
Enable route loop detection in the received route updates.
[3Com-bgp] ipv4-family vpn-instance one
[3Com-bgp-af-vpn-instance] peer 1.1.1.1 allow-as-loop 1

peer as-number Syntax


peer { group-name | [ peer-address group group-name ] } as-number as-number

undo peer { group-name | [ peer-address group group-name] } as-number as-number

View
BGP view, MBGP vpn-instance view

Parameter
group-name: Peer group name.

peer-address: IP address of a peer.

as-number: Peer end AS number of a peer (group).


BGP/MPLS VPN Configuration Commands 791

Description
Using the peer as-number command, you can configure the remote AS number
of the specified peer (group). Using the undo peer as-number command, you
can remove the remote AS number of the specified peer (group).

By default, a peer of the peer (group) has no AS number.

Example
Set the remote AS number of the specified peer (group) to 100.
[3Com-bgp] peer test as-number 100

peer enable Syntax


peer group-name enable

undo peer group-name enable

View
BGP view, MBGP VPNv4 view

Parameter
group-name: Peer group name

Description
Using the peer enable command, you can enable the specified peer (group).
Using the undo peer enable command, you can disable the specified peer
(group).

For IPv4 address family, address switching is enabled by default.

Example
Enable the peer (group) 168.
[3Com-bgp-af-vpn] peer 168 enable

peer connect-interface Syntax


peer { group-name | ip-address } connect-interface interface-type interface-number

undo peer { group-name | ip-address } connect-interface interface-type


interface-number

View
BGP view, MBGP vpn-instance view

Parameter
group-name: Peer group name.

peer-address: IP address of a peer.

interface-type: Interface type.

interface-number: Name of the interface.


792 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Description
Using the peer connect-interface command, you can configure to allow the
internal BGP session to use any operable interface that connects with TCP. Using
the undo peer connect-interface command, you can restore to use the best
local address to implement TCP connection.

By default, BGP uses the best local address to implement TCP connection.

Generally, BGP uses the best local address to implement TCP connection. In order
to make the TCP connection valid even when the interface fails, the internal BGP
session can be configured to be allow use of any operable TCP-connected
interface (For example, Loopback interface).

Example
Allow the internal BGP session to use any operable interface that connects with
TCP.
[3Com-bgp-af-vpn-instance] peer 1.1.1.1 connect-interface loopback 0

peer Syntax
default-route-advertise peer { group-name | peer-address } default-route-advertise

undo peer { group-name | peer-address } default-route-advertise

View
BGP view, MBGP IPv4-family view

Parameter
group-name: Peer group name.

peer-address: IP address of a peer.

Description
Using the peer default-route-advertise command, you can enable a peer
(group) to import a default route. Using the undo peer default-route-advertise
command, you can remove the existing setting.

By default, no default route is redistributed to a peer (group).

This command does not require any default route in the routing table but
transmits a default route whose next hop address is itself to the peer
unconditionally.

Example
Enable the peer (group) test to import a default route.
[3Com–bgp] peer test as-number
[3Com–bgp] peer test default-route-advertise

peer next-hop-local Syntax


peer { group-name | peer-address } next-hop-local

undo peer { group-name | peer-address } next-hop-local


BGP/MPLS VPN Configuration Commands 793

View
BGP view, MBGP IPv4-family view

Parameter
group-name: Peer group name.

peer-address: IP address of a peer.

Description
Using the peer next-hop-local command, you can remove the processing of the
next hop in the routes that BGP advertises to a peer (group) and configure to use
its self-address as the next-hop. Using the undo peer next-hop-local command,
you can remove the existing setting.

Example
Specify the local IP address as the next hop in BGP's route advertising to the peer
(group).
[3Com-bgp-af-vpn] peer test next-hop-local

peer public-as-only Syntax


peer { group-name | peer-address } public-as-only

undo peer { group-name | peer-address } public-as-only

View
BGP view, MBGP IPv4-family view

Parameter
group-name: Peer group name.

peer-address: IP address of a peer.

Description
Using the peer public-as-only command, you can configure not to carry private
AS number when transmitting BGP update packets. Using the undo peer
public-as-only command, you can configure to carry private AS number when
transmitting BGP update packets.

By default, private AS number is carried when transmitting BGP update packets.

Generally, BGP carries the AS number (either public or private AS number) when
transmitting BGP update packets. BGP can be configured not to carry the private
AS number so that some output routers may ignore the private AS number when
transmitting BGP update packets.

Example
Send MBGP update packets without bearing private AS number.
[3Com-bgp-af-vpn] peer 168 public-as-only
794 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

peer upe Syntax


peer peer-address upe

undo peer peer-address} upe

View
BGP view

Parameter
peer-address: IP address of a peer.

Description
Using the peer upe command, you can configure BGP peer as the UPE of
hierarchical BGP/MPLS VPN. Using the undo peer upe command, you can remove
this configuration.

Example
Configure BGP peer as the UPE of hierarchical BGP/MPLS VPN.
[3Com-bgp] ipv4-family vpnv4
[3Com-bgp-af-vpn] peer 1.1.1.1 upe

route-distinguisher Syntax
route-distinguisher route-distinguisher

View
vpn-instance view

Parameter
route-distinguisher: Configures a VPN IPv4 prefix by adding an 8-byte value to a
IPv4 prefix.

Description
Using the route-distinguisher command, you can configure RD for an MPLS VPN
instance. A vpn-instance cannot run until it is configured with an RD.

A route distinguisher (RD) creates route and forwarding list for a VPN and specify
default route identifier. Add RD to a specific IPv4 prefix start to make it the only
VPN IPv4 prefix.

If ID is associated with an autonomous system number(ASN), it is a combination of


an autonomous system number and an arbitrary number; if RD is associated with
IP address, it is a combination of an IP address and an arbitrary number.

RD has the following formats:

■ A 16-bit ASN: 32-bit number defined by user, for example, 101:3.


■ A 32-bit IP address: 16-bit number defined by user, for example,
192.168.122.15:1.

Example
Configure RD for the MPLS VPN instance.
BGP/MPLS VPN Configuration Commands 795

[3Com] ip vpn-instance vpn_blue


[3Com-vpn-vpn_blue] route-distinguisher 100:3
[3Com] ip vpn-instance vpn_red
[3Com-vpn-vpn_red] route-distinguisher 173.13.0.12:200

route-tag Syntax
route-tag tag-number

undo route-tag

View
OSPF protocol view

Parameter
tag-number: Tag value to identify VPN import route, in range of 0~4294967295.
By default, its first two fields are fixed to 0xD000, while the last two fields are the
ASN of local BGP. For example, if local BGP ASN is 100, then the default tag value
in decimal is 3489661028.

Description
Using the route-tag command, you can specify a tag value to identify VPN import
route. Using the undo route-tag command, you can restore the default value.

If a VPN site is linked to multiple PEs, when the route learned from MPLS/BGP is
advertised by a PE router via its type-5 or type-7 LSA to the VPN site, the route may
be received by another PE router. This will result in route loop. To avoid route loop,
you should configure route-tag and it is recommended to configure the same
route-tag for the PEs in the same VPN domain. The route-tag is included in the
type-5/-7 LSA. The route-tag is not transmitted in the extended community
attributes of BGP, but can only be configured and function on the PE router which
receives BGP route and generates OSPF LSA.

Configure route-tag in OSPF protocol view. Different processes can be configured


with the same route-tag. You can configure the same route-tag with different
commands, but with different priority levels:
■ Those configured with the import-route command are of highest priority
level.
■ Those configured with the route-tag command are in the second place in
terms of priority level.
■ Those configure with the default tag command are of the lowest priority
level.

If the route-tag included in the type-5/-7 LSA is identical with its existing tag, the
LSA received will be neglected in route calculation.

CAUTION: The route-tag configured will not take effect until the reset ospf
command is executed.

For the related commands, see import-route and default.

Example
Configure route-tag 100 to OSPF procedure 100.
796 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

[3Com-ospf-100] route-tag 100


OSPF: Process 100's route tag has been changed
OSPF: Reload or use 'reset ospf' command for this to take effect

vpn-target Syntax
vpn-target vpn-target-ext-community [ import-extcommunity | export-extcommunity |
both ]

undo vpn-target vpn-target-ext-community [ import-extcommunity |


export-extcommunity | both ]

View
Vpn-instance view

Parameter
import-extcommunity: Ingress route information from the extended community of
target VPN.

export-extcommunity: Egress route information to the extended community of


target VPN.

both: Imports ingress and egress route information to the extended community of
target VPN.

vpn-target-ext-community: Adds vpn-target extended community attribute to the


ingress and egress of vpn-instance or the vpn-target extended community list of
ingress and egress.

Description
Using the vpn-target command, you can create vpn-target extended community
for vpn-instance. Using the undo vpn-target command, you can remove the
vpn-target extended community attribute.

By default, the default value is both.

The vpn-target command you can create ingress and egress route target
extended community list for specified vpn-instance. Execute this command once
for each target community. Import the received route bearing the specific route
target extended community to all vpn-instances, which are configured extended
community as ingress route target. Vpn-target specifies a target VPN extended
community. Same as RD, an extended community is either composed with an
autonomous system number and an arbitrary number or composed with an IP
address and an arbitrary number.

Extended community has the following formats:

■ A 16-bit ASN: 32-bit number defined by user, for example, 100:1.


■ A 32-bit IP address: 16-bit number defined by user, for example,
172.1.1.1:1.

Example
Create vpn-target extended community for the vpn-instance.
[3Com] ip vpn-instance vpn_red
BGP/MPLS VPN Configuration Commands 797

[3Com-vpn-vpn_red] vpn-target 1000:1 both


[3Com-vpn-vpn_red] vpn-target 1000:2 export-extcommunity
[3Com-vpn-vpn_red] vpn-target 173.27.0.130:2 import-extcommunity

routing-table limit Syntax


routing-table limit { warn threshold | simply-alert }

undo routing-table limit

View
MBGP vpn-instance view

Parameter
limit: Specifies the route maximum allowed in a vpn-instance.

warn threshold: Rejects routes when the threshold value is reached. This threshold
value is the percentage of the specified route maximum from 1 to 100.

simply-alert: When the route maximum specified for a vpn-instance exceeds the
threshold, routes can be added and only a SYSLOG error message is sent out.

Description
Using the routing-table limit command, you can limit the route maximum in a
vpn-instance, to avoid too many routes in the ingress interface of the PE router.
Using the undo routing-table limit command, you can remove the limitation.

It is necessary to enter the vpn-instance sub-view before using the routing-table


command. Create a vpn-instance routing table in this view and allocate a route
distinguisher (RD) in one of the following formats:

■ A 16-bit AS number (ASN): 32-bit user-defined number, e.g., 100:1.


■ A 32-bit IP address: 16-bit user-defined number, e.g., 172.1.1.1:1.

Create a vpn-target extended community for a vpn-instance and specify ingress or


egress interface or both of them for the vpn-target command. These parameters
can be used to configure input and ingress/egress routing information of the
destination VPN extended community for a router.

Example
[3Com] ip vpn-instance vpn1
[3Com-vpn- vpn1] route-distinguisher 100:1
[3Com-vpn- vpn1] vpn-target 100:1 import-extcommunity
[3Com-vpn- vpn1] routing-table limit 1000 simply-alert

sham-link Syntax
sham-link source-addr destination-addr [ cost cost-value ] [ dead seconds ] [ hello
seconds ] [ md5 keyid key seconds ] [ retransimit seconds ] [ simple password ] [
trans-delay seconds ]

undo sham-link source-addr destination-addr

View
OSPF area view
798 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Parameter
source-addr: Source address of sham-link, a loopback interface address with 32-bit
mask

destination-addr: Destination address of sham-link, a loopback interface address


with 32-bit mask

cost-value: Cost at sham link, in the range of 1~65535. By default, it is 1.

password: Specify authentication string in plain text at the interface, 8 characters


at most. It must be consistent with the authentication string of sham link peer.

keyid: Specifies MD5 authentication string at the interface, in range of 1~255


characters. It must be consistent with the authentication string of sham link peer.

key: Specifies authentication string at the interface, 16 characters at most. It must


be consistent with the authentication string of sham link peer. When the display
current-configuration command is executed, the system displays the 24-character
MD5 authentication string in cipher text. You can also input 24-character
authentication string in cipher text.

dead seconds: Specifies interval for the dead timer, in range of 1~8192 seconds.
By default, it is 40 seconds. It must be consistent with the dead seconds value for
sham link peer.

hello seconds: Specifies interval between Hello message transmission at the


interface, in range of 1~8192 seconds. By default, it is 10 seconds. It must be
consistent with the hello seconds value for sham link peer.

retransmit seconds: Specifies internal for LSA message retransmission at the


interface, in range of 1~8192 seconds. By default, it is 5 seconds.

trans-delay seconds: Specifies delay period for LSA message transmission at the
interface, in range of 1~8192 seconds. By default, it is 1 second.

Description
Using the sham-link command, you can configure a sham link. Using the undo
sham-link command, you can delete a sham link.

In the OSPF PE-CE connection, suppose that in an OSPF area there are two sites
which belong to the same VPN, with each connected to different PE router and an
intra-domain link (backdoor) established between them. Though there may be
other routes connecting the two sites via the PE router, these routes are just
intra-domain routes, so OSPF will select those routes through the backdoor first.
Sometimes, the routes through VPN backbone are desired to be selected first, then
it is required to establish sham link between PE routers. In this case, the routes
through VPN backbone are of the highest priority within the OSPF area.

The sham link between VPN PE routers is taken as a link within the OSPF area. Its
source and destination addresses are both loopback interface addresses with
32-bit mask. This loopback interface must be bound with a VPN instance and
imported into BGP through a direct-connect route. The optional parameters can
be appended in the sham link command and only those appended in the sham
link command can be selected in the undo command.
BGP/MPLS VPN Configuration Commands 799

■ CAUTION

The source and destination addresses of a sham link are both loopback interface
addresses with 32-bit mask. This loopback interface must be bound with a VPN
instance and imported into BGP through a direct-connect route.

The source and destination addresses of a sham link cannot be the same.

The same sham link cannot be configured in the different OSPF procedures.

A maximum of 50 sham link can be configured in an OSPF procedure.

Example
Configure a sham link, with source address 1.1.1.1 and destination address
2.2.2.2.
[3Com-ospf-100-area-0.0.0.1] sham-link 1.1.1.1 2.2.2.2 cost 100

vpn-instance-capability Syntax
simple vpn-instance-capability simple

undo vpn-instance-capability

View
OSPF protocol view

Parameter
None

Description
Using the routing-table limit command, you can configure a router as
Multi-VPN-Instance CE. Using the undo routing-table limit command, you can
remove the configuration.

OSPF multi-VPN-instance application is often run at the PE router, so the CE router


on which OSPF multi-VPN-instance application runs is called Multi-VPN-Instance
CE. Though they both support multi-VPN-instance application, Multi-VPN-Instance
CE does not necessarily support BGP/OSPF interoperability.

When OSPF procedures are bound with VPN instances, the default OSPF router
serves as PE router. This command will remove the default configuration and
change a router into Multi-VPN-Instance CE. Then OSPF procedure will set up all
peers again. DN bits and route-tag will not be check in routing calculation. To
prevent route loss, loop test function is disabled on PE routes. MGP/OSPF
interoperability is also disabled to save system resources.

After the display ospf brief command is executed successfully, the system
prompts the information “Multi-VPN-Instance enable on CE router”.

CAUTION: OSPF process will set up all peers again after this command is run.

Example
Configure OSPF procedure 100 as Multi-VPN-Instance CE.
800 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

[3Com-ospf-100] vpn-instance-capability simple

Restore the OSPF procedure 100 as PE.


[3Com-ospf-100] undo vpn-instance-capability

MPLS L2VPN CCC


Configuration
Commands

ccc interface Syntax


transmit-lsp receive-lsp ccc ccc-connection-name interface interface-type interface-number transmit-lsp
transmit-lsp-name receive-lsp receive-lsp-name

undo ccc ccc-connection-name

View
System view

Parameter
interface-type interface-number: Interface for the remote connection.

ccc-connection-name: CCC connection name of 1 to 20 characters in length,


which uniquely identifies a CCC inside a PE.

transmit-lsp-name: Name of the transmit-LSP.

receive-lsp-name: Name of the receive-LSP.

Description
Using the ccc interface transmit-lsp receive-lsp command, you can create a
remote CCC connection. Using the undo ccc command, you can delete a remote
CCC connection.

You can delete a CCC connection in the interface or system view.

For the related command, see ccc interface out-interface.

Example
Create a remote CCC connection clink, with the transmit-LSP being tlsp and the
receive-LSP being rlsp.
[3Com-Ethernet3/0/0] ccc clink interface serial0/0/0 transmit-lsp tlsp receive-lsp rlsp

ccc interface Syntax


out-interface ccc ccc-connection-name interface interface-type interface-number out-interface
outinterface-type outinterface-num

undo ccc ccc-connection-name

View
System view
MPLS L2VPN CCC Configuration Commands 801

Parameter
ccc-connection-name: CCC connection name of 1 to 20 characters, which is used
for uniquely identifying the CCC inside the PE.

interface-type interface-number: Interface connected to the first CE

outinterface-type outinterface-num: Interface connected to the second CE.

Description
Using the ccc interface out-interface command, you can create a local CCC
connection. Using the undo ccc command, you can delete the local CCC
connection.

The supported interfaces include serial, asynchronous serial, ATM, Ethernet, VE,
and GE interfaces, as well as ATM, Ethernet, and GE sub-interfaces.

For a serial, asynchronous serial, Ethernet, GE, or VE interface, CCC encapsulation


defaults to link layer encapsulation and the command does not have any
parameter in this case. This is also applies to the CCC encapsulation on an
Ethernet sub-interface or GE sub-interface. For an ATM sub-interface, CCC
encapsulation defaults to ATM AAL5. In this case, the command can bring with it
a parameter indicating whether the encapsulation is ATM AAL5 or ATM CELL.

Example
Create a local CCC connection clink, with two CEs connected respectively to
Ethernet0/0/0 and Ethernet2/0/0.
[3Com] ccc clink interface serial0/0/0 out-interface Ethernet 2/0/0

debugging mpls l2vpn Syntax


debugging mpls l2vpn { all | advertisement | error | event | connections [ interface
interface-name | interface-type interface-num ] }

undo debugging mpls l2vpn { all | advertisement | error | event | connections [ interface
interface-name | interface-type interface-num ] }

View
User view

Parameter
all: Enables/Disables all L2VPN debugging.

advertisement: Enables/Disables BGP/LDP notify information debugging of


L2VPN.

error: Enables/Disables L2VPN error information debugging.

event: Enables/Disables L2VPN event information debugging.

connections: Enables/Disables connection information debugging.

interface-type interface-num: Specifies CE interface for information connection


debugging.
802 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Description
Using the debugging mpls l2vpn command, you can view L2VPN link
information. Using the undo debugging mpls l2vpn command, you can disable
the debug function.

Example
<3Com> debugging mpls l2vpn all

display ccc Syntax


display ccc [ ccc-name | type [ local | remote ] ]

View
Any view

Parameter
ccc-name: Name of the connection to be displayed.

local: Displays local CCC connection only.

remote: Displays remote CCC connection only.

Description
Using the display ccc command, you can view CCC connection information.

Example
Display CCC connection information.
[3Com] display ccc c-link

static-lsp egress l2vpn Syntax


static-lsp egress lsp-name l2vpn incoming-interface interface-type interface-num
in-label in-label

undo static-lsp egress lsp-name l2vpn

View
MPLS view

Parameter
lsp-name: LSP name

interface-type Interface-num: Interface type and interface number

in-label-value: Inbound label value, in range of 16~1024

Description
Using the static-lsp egress l2vpn command, you can configure a static LSP used
in L2VPN for egress LSR. Using the undo static-lsp egress l2vpn command, you
can delete an LSP used in L2VPN of egress LSR.

Two LSPs (one in each direction) should be created in advance before creating
remote CCC connection.
MPLS L2VPN CCC Configuration Commands 803

For related commands, see static-lsp ingress l2vpn and debugging mpls.

Example
Add the static LSP bj-sh at egress LSR.
[3Com-mpls] static-lsp egress bj-sh l2vpn incoming-interface serial8/0/0 in-label 233

static-lsp ingress l2vpn Syntax


static-lsp ingress lsp-name { l2vpn | destination ip_addr } { nexthop next-hop-addr |
outgoing-interface interface-type interface-num } out-label out-label

undo static-lsp ingress lsp-name l2vpn

View
MPLS view

Parameter
lsp-name: LSP name

next-hop-addr: Next hop address

interface-type Interface-num: Interface type and interface number

out-label-value: Outbound label value, in range of 16~1024

Description
Using the static-lsp egress l2vpn command, you can configure a static LSP used
in L2VPN for ingress LSR. Using the undo static-lsp egress l2vpn command, you
can delete an LSP used in L2VPN of ingress LSR.

With this command, you can configure a static LSP for ingress LSR, as well as
setting preference and measurement value for it.

Two LSPs (one in each direction) should be created in advance before creating
remote CCC connection.

For related commands, see static-lsp egress lvpn, static-lsp transit, and
debugging mpls.

Example
Add the static LSP with destination address 202.25.38.1 at ingress LSR.
[3Com-mpls] static-lsp ingress bj-sh destination 202.25.38.1 24 nexthop 202.55.25.33
out-label 237

static-lsp transit l2vpn Syntax


static-lsp transit lsp-name l2vpn incoming-interface interface-type interface-num
in-label in-label { nexthop next-hop-addr | outgoing-interface interface-type
interface-num } out-label out-label

undo static-lsp transit lsp-name l2vpn

View
MPLS view
804 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Parameter
lsp-name: LSP name

interface-type Interface-num: Interface type and interface number

next-hop-addr: Next hop address

in-label-value: Inbound label value, in range of 16~1024

out-label-value: Outbound label value, in range of 16~1024

Description
Using the static-lsp transit command, you can configure a static LSP used in
L2VPN for transit LSR. Using the undo static-lsp transit command, you can
delete an LSP used in L2VPN of transit LSR.

Two LSPs (one in each direction) should be created in advance and configured to
the transit LSR before creating remote CCC connection.

For related commands, see static-lsp egress l2vpn and static-lsp ingress
l2vpn.

Example
Add a static LSP used in 12vpn for the Serial0/0/0 of transit LSR, with inbound
label being 123 and outbound label being 253.
[3Com-mpls] static-lsp transit bj-sh l2vpn incoming-interface serial0/0/0 in-label 123
nexthop 202.34.114.7 out-label 253

SVC MPLS L2VPN


Configuration
Commands

display mpls static-l2vc Syntax


display mpls static-l2vc [ interface interface-type interface -num ]

View
Any view

Parameter
interface-type interface -num: Interface type and interface number

Description
Using the display mpls static-l2vc command, you can view the connection
information of static MPLS L2VPN.

Example
Display basic information of static connection.
[3Com-Ethernet1/0/1] display mpls static-l2vc
total connections: 1, 0 up, 1 down
ce-intf state destination tr-label rcv-label tnl-type tnl-index
Martini MPLS L2VPN Configuration Commands 805

Ethernet1/0/1 down 192.1.1.1 222 111 -- 0


[3Com] display mpls static-l2vc interface ethernet1/0/1
CE-interface: Ethernet1/0/1 is up, VC State: down, Destination: 192.1.1.1,
transmit-vpn-label: 222, receive-vpn-label: 111,
tunnel type: --, tunnel index: 0

mpls static-l2vc Syntax


mpls static-l2vc destination destination-ip-address transmit-vpn-label
transmit-label-value receive-vpn-label receive-label-value

View
Interface view

Parameter
destination-ip-address: ROUTER ID of destination router.

transmit-label-value: Transmit-label value of VPN.

receive-label-value: Receive-label value of VPN.

Description
Using the mpls static-l2vc command, you can create an SVC MPLS L2VPN
connection. Using the undo mpls static-l2vc command, you can delete the
connection.

Example
Create SVC MPLS L2VPN connection.
[3Com-s1/1/0] mpls static-l2vc destination 192.1.1.1 transmit-vpn-label 333
receive-vpn-label 111

Martini MPLS L2VPN


Configuration
Commands

display mpls l2vc Syntax


display mpls l2vc [ interface interface-type interface-num | verbose ]

View
Any view

Parameter
verbose: Displays the detailed information.

interface-type interface-num: Name of the interface connected with CE.

Description
Using the display mpls l2vc command, you can view the VC information in LDP
mode.
806 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Example
None

mpls l2vc Syntax


mpls l2vc ip-address vc-id

undo mpls l2vc

View
Interface view

Parameter
ip-address: lsr-id address of peer PE.

vc-id: Connected VC ID.

Description
Using the mpls l2vc command, you can create an LDP connection. Using the
undo mpls l2vc command, you can delete the connection.

Supporting interface types: Serial, Asy Serial, POS, ATM, ATM subinterface,
Ethernet, Ethernet subinterface, VE, GE, GE subinterface.

Enable MPLS L2VPN and encapsulate CCC on the interface before using this
command.

For the related command, see mpls l2vpn and ccc.

Example
Create LDP connection.
[3Com-Ethernet3/0/0] mpls l2vc 10.0.0.11

Kompella MPLS L2VPN


Configuration
Commands

ce Syntax
ce name [ id id range range ] [ default-offset offset ] ]

undo ce name

View

MPLS L2VPN view

Parameter
name: CE name, unique in the current PE VPN.

id: CE ID, unique in VPN, represents a CE, ranging from 1 to 65535.

offset:Specifies default offset value of the original CE.


Kompella MPLS L2VPN Configuration Commands 807

range: CE range, in other words, the maximum CE number local CE can connect
with, ranging from 1 to 100. Default value is 10.

Description
Using the ce command, you can create CE or modify CE range. Using the undo ce
command, you can delete CE.

After CE is created, the system will create a CE mode and all the configurations of
CE will be performed in this mode.

To facilitate VPN expansion, CE range can be configured larger than the real
capacity. But it’s a waste of identifier because the system will distribute an
identifier block as large as the CE range.

If the CE range is smaller than need in VPN expansion, for example, the CE range
is 10 while the needed CE number is 20, you can modify the CE range to 20.

For the related command, see mpls l2vpn encapsulation, connection.

Example
Create a CE for vpna, named “Marlborough,” with CEID being 1, range default
value being 10.
[3Com]mpls l2vpn
[3Com] mpls l2vpn vpna encapsulation ppp
[3Com-mpls-l2vpn-vpna] ce marlborough id 1
[3Com-mpls-l2vpn-ce-vpna-marlborough]

connection Syntax
connection [ ce-offset offset ] { interface interface-type interface-num }

undo connection [ ce-offset offset ] { interface interface-type interface-num }

View
MPLS L2VPN CE view

Parameter
offset: Specifies remote CE ID for L2VPN connection in establishing local
connection

interface-type interface-num: Specifies CE interface in establishing remote


connection.

Description
Using the connection command, you can create a CE connection. Using the
undo connection command, you can delete a CE connection.

Configure RD for MPLS L2VPN first before establishing a CE connection.

For related commands, see mpls l2vpn encapsulation and ccc.

Example
Establish a CE connection.
808 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

[3Com] mpls l2vpn vpna


[3Com-l2vpn-vpna] ce ce-a id 1 range 4
[3Com-l2vpn-vpna-ce-ce-a] connection s0/0/0 ce-offset 2

display bgp l2vpn Syntax


display bgp l2vpn { all | peer | route-distinguisher }

View
Any view

Parameter
all: All L2VPN information in local address family.

peer: Information of the specified BGP peer.

route-distinguisher: Information of the specified VPN RD.

Description
Using the display bgp l2vpn all command, you can view system operating
information and all L2VPN information.

Example
Display all L2VPN information.
[3Com] display bgp l2vpn all
BGP local router ID is 172.16.1.5 , Origin codes: i - IGP, e - EGP, ? - incomplete
bgp.l2vpn: 3 destinations
CE ID Label Offset Label Base nexthop pref as-path
Route Distinguisher: 100:1
2 1 800000 1.1.1.1 100 I 200 600
3 1 500000 1.1.1.1 100 I 200 600
Route Distinguisher: 100:2
1 1 700000 1.1.1.1 100 I 200 600

display mpls l2vpn Syntax


forwarding-info display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interface-num

View
Any view

Parameter
vclabel: VC label

interface-type interface-num: Interface type and interface number

Description
Using the display mpls l2vpn forwarding-info command, you can view the
L2VPN information under a specific interface.

Example
Display the L2VPN information under a specific interface.
[3Com] display mpls l2vpn forwarding-info interface serial1/0/0
Kompella MPLS L2VPN Configuration Commands 809

VCLABEL TUNNELTYPE ENTRYTYPE OUTINTERFACE OUTSLOT TOKEN CTRLWORD


102402 LSP SEND Serial1 0 0 FALSE
Record(s) Found.

l2vpn-family Syntax
l2vpn-family

undo l2vpn-family

View
BGP view

Parameter
None

Description
Using the l2vpn-family command, you can create an L2VPN address family view.
Using the undo l2vpn-family command, you can delete the L2VPN address
family view.

By default, it is BGP unicast view.

Using this command, you can enter L2VPN address family view.

Execute the undo l2vpn-family command to exit multicast extended address


family view. Delete all the configurations in this address family and back to BGP
unicast view.

Example
Create L2VPN address family view.
[3Com] bgp 100
[3Com-bgp] l2vpn-family
[3Com-bgp-af-l2vpn]

mpls l2vpn Syntax


mpls l2vpn

undo mpls l2vpn

View
System view

Parameter
None

Description
Using the mpls l2vpn command, you can enable L2VPN. Using the undo mpls
l2vpn command, you can disable L2VPN.

Enable MPLS before using this command.

For the related commands, see mpls and mpls lsr-id.


810 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS

Example
Enter MPLS view, then configure LSR ID and enable MPLS.
[3Com] undo mpls
[3Com-mpls] mpls lsr-id 10.0.0.1
[3Com] mpls

Enable L2VPN.
[3Com] mpls l2vpn

mpls l2vpn Syntax


encapsulation mpls l2vpn vpn-name encapsulation { atm-aal5 | ethernet | fr | vlan | hdlc | ppp }

undo mpls l2vpn vpn-name

View
System view

Parameter
vpn-name: Unique VPN name in PE with 1 to 20 bytes.

atm-aal5 | ethernet | fr | vlan | hdlc | ppp: VPN encapsulation types. The CCC
encapsulation type on CE interface must keep accordance with that of VPN when
creating BGP L2VPN connection. Otherwise, the connection can not be performed
normally.

Description
Using the mpls l2vpn encapsulation command, you can create Kompella MPLS
L2VPN and specify encapsulation mode. Using the undo mpls l2vpn
encapsulation command, you can remove the encapsulation.

Create Kompella MPLS L2VPN after global enable MPLS L2VPN.

After creating Kompella MPLS L2VPN, system will create a L2VPN mode, all the
parameters of which are configured in L2VPN mode.

For related commands, see ce and mtu.

Example
Create a Kompella MPLS L2VPN, named “3Com”, with encapsulation type being
vlan:
[3Com] mpls l2vpn 3Com encapsulation vlan

mtu Syntax
mtu mtu

View
L2VPN view

Parameter
mtu: Layer2 MTU value of VPN. MTU is defaulted as 1500.
Kompella MPLS L2VPN Configuration Commands 811

Description
Using the mtu command, you can configure MTU of Kompella MPLS L2VPN.

When configuring VPN layer2 mtu, the mtu value of the same VPN on different
PEs must be the consistent in the whole SP network. Otherwise, VPN will not work
normally.

For the related command, see mpls l2vpn encapsulation.

Example
Configure the mtu of VPN “3Com” as 1000.
[3Com-l2vpn-3Com] mtu 1000

peer enable Syntax


peer { group-name | peer-address } enable

undo peer { group-name | peer-address } enable

View
L2VPN address family view

Parameter
group-name: Peer group name, specifying the whole peer group.

peer-address: IP address of peer, specifying some specified peer.

Description
Using the peer enable command, you can activate specified peer (group) in
L2VPN address family view. Using the undo peer enable command, you can
deactivate specified peer (group) in L2VPN address family view.

By default, unicast peer (group) of IPv4 address family is activated, while other
peer (groups) are deactivated.

Example
Activate the peer (group) 192 in the L2VPN address family view.
[3Com-bgp] peer 1.1.1.1 as-number 100
[3Com-bgp] l2vpn-family
[3Com-bgp-af-l2vpn] peer 1.1.1.1 enable
812 CHAPTER 8: MPLS BASIC CONFIGURATION COMMANDS
SECURITY
9
This chapter describes security commands for the 3Com routers.

AAA Configuration
Commands

access-limit Syntax
access-limit { disable | enable max-user-number }
undo access-limit

View
ISP domain view

Parameter
disable: No limit to the supplicant number in the current ISP domain.
enable max-user-number: Specifies the maximum supplicant number in the
current ISP domain, ranging from 1 to 1024

Description
Using the access-limit command, you can configure a limit to the amount of
supplicants in the current ISP domain. Using the undo access-limit command,
you can restore the limit to the default setting.

By default, there is no limit to the amount of supplicants in the current ISP domain.

This command limits the amount of supplicants contained in the current ISP
domain. The supplicants may contend with each other for the network resources.
So setting a suitable limit to the amount will guarantee the reliable performance
for the existing supplicants.

Example
# Set a limit of 500 supplicants for the ISP domain "3com163.net".
[3Com-isp-3com163.net] access-limit enable 500

accounting optional Syntax


accounting optional

undo accounting optional

View
ISP domain view
814 CHAPTER 9: SECURITY

Parameter
None

Description
Using the accounting optional command, you can enable optional accounting.
Using the undo accounting optional command, you can disable it.

By default, optional accounting is disabled.

With the accounting optional command, a user that will be disconnected


otherwise can use the network resources even when there is no available
accounting server or the communication with the current accounting server fails.
This command is normally used for the authentication without accounting.

Example
# Enable optional accounting for users in the domain “3com163.net”.
[3Com] domain 3com163.net

[3Com-isp-3com163.net] accounting optional

display connection Syntax


display connection [ domain isp-name | interface portnum | ip
ip-address | mac mac-address | radius-scheme radius-scheme-name |
HWHWTACACSHWHWTACACS-scheme HWHWTACACS-scheme-name | ucibindex
ucib-index | user-name user-name ]

View
Any view

Parameter
domain isp-name: Displays all the user connections belonging to the ISP domain
specified by isp-name, a character string not exceeding 24 characters. The
specified ISP domain must an existing one.

ip ip-address: Displays all the user connections related to the specified IP


address.

mac mac-address: Displays a user connection by specifying its hexadecimal MAC


address in the format of x-x-x.

radius-scheme radius-scheme-name: Displays all the user connections


connected to the RADIUS server specified by radius-scheme-name, a character
string not exceeding 32 characters.

HWHWTACACS-scheme HWHWTACACS-scheme-name: Displays all the user connections


connected to the HWHWTACACS server specified by
HWHWTACACS-scheme-name, a character string not exceeding 32 characters.

ucibindex ucib-index: Displays information on a user connection by specifying


its connection index number, that is, ucib-index ranging from 0 to 1023.
AAA Configuration Commands 815

user-name user-name: Displays information on a user connection by specifying its


user name, a character string not exceeding 80 characters and excluding "/", ":",
"*", "?", "<" and ">". The @ character can be used only once in one username.
The username without domain name (the part before @, namely the user ID)
cannot exceed 24 characters.

Description
Using the display connection command, you can view the relevant information
on the specified user connection or all the connections. The output can help you
troubleshoot user connections.

By default, information about all user connections is displayed.

For the related command, see cut connection.

Example
# Display the relevant information of all the users.
<3Com> display connection

Total 0 connections matched, 0 listed.

display domain Syntax


display domain [ isp-name ]

View
Any view

Parameter
isp-name: Specifies the ISP domain name, with a character string not exceeding
24 characters. The specified ISP domain must be an exciting one.

Description
Using the display domain command, you can view the configuration of a
specified ISP domain or display the summary information of all ISP domains.

By default, the summary of all ISP domains is displayed.

This command is used to output the configuration of a specified ISP domain or


display the summary information of all ISP domains. If an ISP domain is specified,
the configuration information will be displayed exactly the same, concerning the
content and format, as the displayed information of the display domain
command. The output information can help with ISP domain diagnosis and
troubleshooting.

For the related commands, see access-limit, domain, scheme, state, display
domain.

Example
# Display the summary information of all ISP domains of the system.
<3Com> display domain

0 Domain = 2
816 CHAPTER 9: SECURITY

0 Domain = 2

State = Active Access-limit = Disable

Domain User Template:

Idle-cut = Disable

1 Domain = ls

State = Active Access-limit = Disable

Domain User Template:

Idle-cut = Disable

Default Domain Name: system

Total 6 domain(s).2 listed.

The following table describes information about the above terminal display.

Table 1 Information displayed after executing display domain (when no ISP domain is
specified)

Field Description
0 Domain=2 ISP domain index number domain name
State State
Access-limit Limit to the allowed number of access users
Default Domain Name name of the default ISP domain

display local user Syntax


display local-user [ domain isp-name | service-type { telnet | ssh |
terminal | pad | ftp | ppp } | state { active | block } | user-name
user-name ]

View
Any view

Paramet
domain isp-name: Displays all the local users in the ISP domain specified by
isp-name, a character string not exceeding 24 characters. The specified ISP domain
must be an existing one.

service-type: Displays local users by specifying service type, which can be telnet,
ssh, terminal (terminal users logging on from Console, AUX, or Asyn port), ftp,
ppp, or PAD (X.25 PAD).

state { active | block }: Displays local users by specifying user state, where
active means users allowed to request for network services and block means the
opposite.
AAA Configuration Commands 817

user-name user-name: Displays a user by specifying its user-name, a character


string not exceeding 80 characters and excluding "/", ":", "*", "?", "<" and
">". The @ character can be used only once in one username. The username
without domain name (the part before @, namely the user ID) cannot exceed 24
characters.

Description
Using the display local-user command, you can view the relevant information on
the specified local user or all the local users. The output can help you troubleshoot
faults related to local user.

By default, information on all local users is displayed.

For the related command, see local-user.

Example
# Display the relevant information of all the local users.
<3Com> display local-user

The contents of local user user1:

State: Active ServiceType Mask: None

Idle-Cut: Disable

Access-Limit: Disable Current AccessNum: 0

Bind location: Disable

Vlan ID: Disable

IP address: Disable

MAC address: Disable

Total 1 local user(s) Matched,1 listed.

The following table describes the displayed information.

Table 2 Information displayed after executing local-user.

Field Description
State State
Idle-cut Idle-cut switch
Access-limit Limit to the allowed number of access users
Bind location Whether to be bound to ports
VLAN ID VLAN to which users beling
IP address IP address of user
MAC address MAC address of user
818 CHAPTER 9: SECURITY

domain Syntax
domain [ isp-name | default { disable | enable isp-name } ]
undo domain isp-name

View
System view

Parameter
isp-name: Specifies an ISP domain name. The name is expressed with a character
string not exceeding 24 characters, excluding "/", ": ", "*", "? ", "<", and ">".

default: Configures the default ISP domain. The default ISP domain of the system
is "system".

disable: Disables the configured default ISP domain. The users that have
usernames without a domain name are to be refused as a result.

enable: Enables the configured default ISP domain. It is to be appended to the


usernames that are received without domain name before they are sent to the
intended AAA servers.

Description
Using the domain command, you can configure an ISP domain or enter the view
of an existing ISP domain. Using the undo domain command, you can cancel a
specified ISP domain.

By default, the default domain in the system is "system".

ISP domain is a group of users belonging to the same ISP. Generally, for a
username in the userid@isp-name format, gw20010608@3com163.net for
example, the isp-name ("3com163.net" in the example) following the "@" is the
ISP domain name. When an AAA server controls user access, for an ISP user whose
username is in userid@isp-name format, the system takes the part "userid" as
username for identification and takes the part "isp-name" as domain name.

The purpose of introducing ISP domain settings is to support the application


environment with several ISP domains. In this case, an access device may have
supplicants from different ISP domains. Because the attributes of ISP users, such as
username and password structures, service types, may be different, it is necessary
to separate them by setting ISP domains. In ISP domain view, you can configure a
complete set of ISP domain attributes for each ISP domain, including an AAA
scheme (the RADIUS scheme applied).

For a router, each supplicant belongs to an ISP domain. The system supports to
configure up to 16 ISP domains.

When this command is used, if the specified ISP domain does not exist, the system
will create a new ISP domain. All the ISP domains are in the active state when
they are created.

For the related commands, see access-limit, scheme, state, and display
domain.
AAA Configuration Commands 819

Example
# Create a new ISP domain, 3com163.net, and enters its view.
[3Com] domain 3com163.net

New Domain added.

[3Com-isp-3com163.net]

ip pool Syntax
ip pool pool-number low-ip-address [ high-ip-address ]
undo ip pool pool-number

View
System view, ISP domain

Parameter
pool-number: Address pool number, ranging from 0 to 99.
low-ip-address and high-ip-address: The start and end IP addresses of the
address pool. The number of in-between addresses cannot exceed 1024. If end IP
address is not specified, there will be only one IP address in the pool, namely the
start IP address.

Description
Using the ip pool command, you can configure a local address pool for assigning
addresses to PPP users. Using the undo ip pool command, you can delete the
specified local address pool.
By default, no local IP address pool is configured.
You can configure an IP address pool in system view and use the remote address
command in interface view to assign IP addresses from the pool to PPP users.
You can also configure an IP address pool in ISP domain view for assigning IP
addresses to PPP users in the current ISP domain. This applies to the case where an
interface serves a great amount of PPP users but with inadequate address
resources for allocation. For example, an Ethernet interface running PPPoE can
accommodate 4095 users at most. However, only one address pool with up to
1024 addresses can be configured on its Virtual Template (VT). This is obviously far
from what is required. To address the issue, you can configure address pools for
ISP domains and assign addresses from them to their PPP users.
For the related command, see remote address.

Example
# Configure the local IP address pool 0 with the address range of 129.102.0.1 to
129.102.0.10.
[3Com] domain 3com163.net
[3Com-isp-3com163.net] ip pool 0 129.102.0.1 129.102.0.10

level Syntax
level level

undo level
820 CHAPTER 9: SECURITY

View
Local user view

Parameter
level: Specifies user priority level, an integer ranging from 0 to 3.

Description
Using the level command, you can configure user priority level. Using the undo
level command, you can restore the default user priority level.

By default, user priority level is 3.

For the related command, see local user.

If the configured authentication mode is none authentication or password


authentication, the command level that a user can access after login depends on
the priority of user interface. In the case of authentication requiring both
username and password, however, the accessible command level depends on user
priority level.

Example
# Set the priority level of the user to 3.
[3Com-luser-3com1] level 3

local-user Syntax
local-user user-name
undo local-user { user-name | all }

View
System view

Parameter
user-name: Specifies a local username with a character string not exceeding 80
characters, excluding "/", ":", "*", "?", "<" and ">". The @ character can be
used only once in one username. The username without domain name (the part
before @, namely the user ID) cannot exceed 24 characters. user-name is
case-insensitive, so UserA and usera are the same for example.
all: All the users.

Description
Using the local-user command, you can add a local user and enter the local user
view. Using the undo local-user command, you can remove the specified local
user.

By default, no local user is configured

For the related command, see display local user.

Example
# Add a local user named 3com1.
AAA Configuration Commands 821

[3Com] local-user 3com1

[3Com-luser-3com1]

local-user Syntax
password-display-mode
local-user password-display-mode { cipher-force | auto }

undo local-user password-display-mode

View
System view

Parameter
cipher-force: Forced cipher mode specifies that the passwords of all the accessed
users must be displayed in cipher text.
auto: The auto mode specifies that a user is allowed to use the password
command to set a password display mode.

Description

Using the local-user password-display-mode command, you can configure the


password display mode of all the local users. Using the undo local-user
password-display-mode command, you can restore the default password display
mode of all the local users.

If cipher-force applies, the effort of specifying in the password command to display


passwords in simple text is rendered useless.

By default, auto applies when displaying passwords of local users.

For the related commands, see display local-user and password.

Example
Force all the local users to have passwords displayed in cipher text.

[3Com] local-user password-display-mode cipher-force

password Syntax
password { simple | cipher } password
undo password

View
Local user view

Parameter
simple: Specifies to display passwords in simple text.
cipher: Specifies to display passwords in cipher text.
password: Defines a password, which is a character string of up to 16 characters if
it is in simple text or of up to 24 characters if it is in cipher text.
822 CHAPTER 9: SECURITY

Description
Using the password command, you can configure a password for a local user.
Using the undo password command, you can cancel the password of the local
user.
If local-user password-display-mode cipher-force applies, the effort of
specifying in the password command to display passwords in simple text is
rendered useless.
For the related command, see display local-user.

Example
# Display the password of the user 3com1 in simple text, with the password being
20030422.
[3Com-luser-3com1] password simple 20030422

Scheme Syntax
scheme { radius-scheme radius-scheme-name | HWHWTACACS-scheme
HWHWTACACS-scheme-name | local | none }
undo scheme { radius-scheme | HWHWTACACS-scheme | none }

View
ISP domain view

Parameter
radius-scheme-name: RADIUS scheme, a character string not exceeding 32
characters
HWHWTACACS-scheme-name: HWHWTACACS scheme, a character string not
exceeding 32 characters
local: Local authentication
none: No authentication

Description
Using the scheme command, you can configure the AAA scheme to be
referenced by the current ISP domain. Using the undo scheme command, you
can restore the default AAA scheme.
The default AAA scheme in the system is local.
With this command, the current ISP domain can reference a
RADIUS/HWHWTACACS scheme that has been configured.
If the local or none scheme applies, no RADIUS or HWHWTACACS scheme can
be adopted.
For the related commands, see radius scheme and HWHWTACACS scheme.

Example
# Specify the current ISP domain, 3com163.net, to use the RADIUS scheme 3com.
[3Com-isp-3com163.net] scheme radius 3com
AAA Configuration Commands 823

service-type Syntax
service-type { telnet | ssh | terminal | pad }
undo service-type { telnet | ssh | terminal | pad }

View
Local user view

Parameter
telnet: Authorizes the user to use the Telnet service.

ssh:Authorizes the user to use the SSH service.

terminal: Authorizes the user to use the terminal service (login from the Console,
AUX or Asyn port).

pad: Authorizes the user to use the PAD service.

Description
Using the service-type command, you can configure a service type for a
particular user. Using the undo service-type command, you can delete one or all
service types configured for the user.

By default, no service is available for the user.

For the related commands, see service-type ppp and service-type ftp.

Example
# Authorize the user to use the Telnet service.
[3Com-luser-3com1] service-type telnet

service-type ftp Syntax


service-type ftp [ ftp-directory directory]
undo service-type ftp [ ftp-directory ]

View
Local user view

Parameter
ftp-directory directory: Specifies a directory accessible for the FTP user.

Description
Using the service-type ftp command, you can specify a directory accessible for
the FTP user. Using the undo service-type ftp command, you can restore the
default directory accessible for the FTP user.

By default, no services of any type are authorized to any user and access of
anonymous FTP users is not allowed, but a user that is granted the FTP service is
authorized to access the root directory “flash:/”.

For the related commands, see service-type and service-type ppp.


824 CHAPTER 9: SECURITY

Example
# Authorize the user to use the FTP service.
[3Com-luser-3com1] service-type ftp

service-type ppp Syntax


service-type ppp [ callback-nocheck | callback-number
callback-number | call-number call-number [ subcall-number ] ]
undo service-type ppp [ callback-nocheck | callback-number |
call-number ]

View
Local user view

Parameter
callback-nocheck: Specifies PPP user callback without authentication.

callback-number callback-number: Specifies a callback number.

call-number call-number: Specifies a caller number in ISDN user authentication,


with a length up to 64 bytes.

[ subcall-number ]: Specifies the sub-caller number. If included, the total length


of it plus the caller number cannot exceed 62 bytes.

Description
Using the service-type command, you can configure the callback attribute and
caller number of the PPP user. Using the undo service-type command, you can
restore their default settings.

By default, PPP users are allowed to call back without authentication and no
callback number is specified; the system does not authenticate caller numbers of
ISDN users.

For the related commands, see service-type and service-type ftp.

Example
# Set PPP user to call back without authentication.
[3Com-luser-3com1] service-type ppp callback-nocheck

state Syntax
state { active | block }

View
ISP domain view, local user view

Parameter
active: Configured to allow users in the current ISP domain or the current local
user to request for network services.
AAA Configuration Commands 825

block: Configured to block users in the current ISP domain or the current local
user to request for network services.

Description
Using the state command, you can configure the state of the current ISP domain
or local user.

By default, both ISP domain (in ISP domain view) and local user (in local user view)
are in the active state upon their creation (in ISP domain view).

Every ISP domain can be active or blocked. If an ISP domain is configured to be


active, the supplicants in it can request for network services; whereas in the block
state, its users are disallowed to request for any network service, which does not
affect the users currently online. This is also applies to local users.

For the related command, see domain.

Example
# Set the state of the current ISP domain "3com163.net" to block. The supplicants
in this domain cannot request for network services.
[3Com-isp-3com163.net] state block

# Set the state of the user "3com1" to block.

[3Com-luser-3com1] state block

Access Control List


Configuration
Commands

acl Syntax
acl { number acl-number | name acl-name [ basic | advanced | interface ] } [ match-order
{ config | auto } ]

undo acl { number acl-number | name acl-name | all }

View
System View

Parameter

number: Defines a number-typed ACL ( access control list). The number used for
basic ACL is ranges from 1 to 99, and that for advanced ACL ranges from
100-199, and that for interface-based ACL ranges from 1000-1999.

name: Defines an ACL by name.

basic: Defines a basic ACL.

advanced: Defines an advanced ACL.

interface: Defines an interface-based ACL.


826 CHAPTER 9: SECURITY

acl-number: ID of ACL, a number ranging from 1 to 199or ranging from


1000-1999. The range from 1 to 99 is used for basic ACL; the range from 100 to
199 is used for advanced ACL rules; the range from 1000 to 1999 is used for
interface-based ACL.

acl-name: Name of ACL

match-order: Indicates the match order.

config: Indicates to match the rule according to configuration oder that the user
configured them.

auto: Indicates to match the rule in automatic order (in acordance with “depth
first” principle._

all: Deletes all ACLs.

Description
Using the acl command, you can create an access control list and enter ACL view.
Using the undo acl command, you can delete an access control list.

An access control list consists of a list of rules that are described by a series of
permit or deny sub-sentences. Several rule lists form an ACL. Before configuring
the rules for an access control list, you should create the access control list first.

When you create an access control list, you should specify the following
parameters:

■ The number-typed ACL or a name-typed ACL.


■ If it is a name-typed ACL, the usage of the ACL (a basic ACL, an advanced
ACL, or an interface-based ACL) needs to be specified. If this name-typed
ACL already exists, it will enter ACL view directly.
■ The match order of the ACL. It is optional. By default, the match order is
configuration order (config).

Example
# Create an ACL numbered 10.
[3Com] acl number 10

[3Com-acl-basic-10]

# Create an advanced ACL named test.

[3Com] acl name test advanced

[3Com-acl-adv-test]

# Create an interface-base ACL named int.

[3Com] acl name int interface

[3Com-acl-if-int]
AAA Configuration Commands 827

display acl Syntax


display acl { all | acl-number | acl-name }

View
Any view

Parameter
all: All ACL rules.
acl-number: ACL expressed by number.
acl-name: ACL expressed by name.

Description
Using the display acl command, you can view the rules of access control list.

The default match order of the system is the configuration order (config). If you
select match order as auto-match (auto), the system will display the information
with the match order as "auto". If the default match order (config) is selected,
the system will display without the configuration order information.

Example
# Display the contents of ACL1 rule.
[3Com-acl-basic-1] display acl 1

Basic ACL 1, 2 rules,

rule 1 permit (0 times matched)

rule 2 permit source 1.1.1.1 0 (0 times matched)

reset acl counter Syntax


reset acl counter { all | acl-number | acl-name }

View
User View

Parameter
acl-number: ACL expressed by number.
acl-name: ACL expressed by name.
all: All ACL rules.

Description
Using the reset acl counter command, you can clear the statistics of access
control list.

Example
# Reset the statistics of access control list 1.
<3Com> reset acl counter 1
828 CHAPTER 9: SECURITY

rule Syntax
1.)> Create or delete a rule of a basic access control list.
rule [ rule-id ] { permit | deny } [ source source-addr source-wildcard | any ] [ time-range
time-name ] [ logging ] [ fragment ] [ vpn-instance vpn-instance-name ]

undo rule rule-id [ source ] [ time-range ] [ logging ] [ fragment ] [ vpn-instance


vpn-instance-name ]

2.)> Create or delete a rule of an advanced access control list.

rule [ rule-id ] { permit | deny } protocol [ source source-addr source-wildcard | any ] [


destination dest-addr dest-wildcard | any ] [ source-port operator port1 [ port2 ] ] [
destination-port operator port1 [ port2 ] ] [ icmp-type icmp-type icmp-code ] [
precedence precedence ] [ tos tos ] [ time-range time-name ] [ logging ] [ fragment ] [
vpn-instance vpn-instance-name ]

undo rule rule-id [ source ] [ destination ] [ source-port ] [ destination-port ] [ icmp-type


] [ precedence ] [ tos ] [ time-range ] [ logging ] [ fragment ] [ vpn-instance
vpn-instance-name ]

3.)> Create or delete a rule of an interfaced-based access control list.

rule [ rule-id ] { permit | deny } [ interface interface-name ] [ time-range time-name ] [


logging ]

undo rule rule-id

View
The first group of commands is used in basic ACL view.
The second group of commands is used in advanced ACL view.
The third group of commands is used in interface-based ACL view.

Parameter
In the rule command:
■ rule-id: ID of an ACL rule, optional, ranging from 0 to 127. If you specify a
rule-id, and the ACL rule related to the ID also exists, then the newly
defined rule will overwrite the old rule, just as editing an existing ACL rule.
If the rule-id you specify does not exist, a new rule related to the specified
rule-id will be created. If you do not specify the rule-id, it indicates to add a
new rule. The system will assign a rule-id to the ACL rule automatically and
add a new rule.
■ deny: Discards the qualified packets that meet the condition to pass.
■ permit: Permits the qualified packets.
■ protocol: protocol type over IP, expressed by name or number. The number
range is from 0 to 255, and the name range covers gre, icmp, igmp, ip,
ipinip, ospf, tcp and udp.
■ source: Optional, specify source address information of ACL rule. If it is not
configured, it indicates that any source address of the packets matches.
■ source-addr: Source IP address of packets in dotted decimal format. Or use
"any" to represent the source address 0.0.0.0 with the wildcard
255.255.255.255.
AAA Configuration Commands 829

■ source-wildcard: Source address wildcard in dotted decimal format.


Inputting “0” indicates that the wildcard is 0.0.0.0. It represents a host with
the address specified by parameter sour-addr.
■ destination: Optional, specify destination address information of ACL rule.
If it is not configured, it indicates that any destination address of the
packets matches.
■ dest-addr: destination IP address of packets in dotted decimal format. Or
use "any" to represent the destination address 0.0.0.0 with the wildcard
255.255.255.255.
■ dest-wildcard: Destination address wildcard in dotted decimal format.
Inputting “0” indicates that the wildcard is 0.0.0.0. It represents a host with
the address specified by parameter dest-addr.
■ source-port: Optional, specify source port information of UDP or TCP
packets, valid only when the protocol specified by the rule is TCP or UDP. If
it is not specified, it indicates that any source port information of TCP/UDP
packets matches.
■ destination-port: Optional, specify destination port information of UDP or
TCP packets, valid only when the protocol specified by the rule is TCP or
UDP. If it is not specified, it indicates that any destination port information
of TCP/UDP packets matches.
■ operator: Optional, comparison between port number of source or
destination address. Their names and meanings are as follows: lt (lower
than), gt (greater than), eq (equal to), neq (not equal to) and range
(between). If the operator is range, two port numbers should follow it.
Others only need one port number.
■ port: Optional, port number of TCP or UDP, expressed by name or number.
The number range is from 0 to 65535.
■ icmp-type: Optional, specify ICMP packet type and ICMP message code,
only valid when packet protocol is ICMP. If it is not configured, it indicates
any ICMP packet matches.
■ icmp-type: ICMP packet can be filtered according to ICMP message type. It
is a number ranging from 0 to 255.
■ icmp-code: ICMP packets that can be filtered according to ICMP message
type can also be filtered according to message code. It is a number ranging
from 0 to 255.
■ icmp-message: ICMP packets can be filtered according to ICMP message
type or ICMP message code.
■ precedence: Optional, a number ranging from 0 to 7, or a name. Packets
can be filtered according to precedence field.
■ tos: Optional, a number ranging from 0 to 15 or a name. Packets can be
filtered according to type of service.
■ logging: Optional, indicating whether to log qualified packets. The log
contents include sequence number of ACL rule, packets passed or
discarded, upper layer protocol type over IP, source/destination address,
source/destination port number, and number of packets.
■ time-name: specifies that the ACL is valid in this time range.
830 CHAPTER 9: SECURITY

■ fragment: Specifies that this rule is only valid for the fragment packets that
are not the first fragment. When this parameter is contained, it indicates
that the rule is only valid for the fragment packets that are not the first
fragment.
■ interface: Optional, specify the interface information of the packets. If it is
not specified, it indicates that all interfaces match.
■ interface-name: Specifies packets to enter from the interface. Or “any” can
be used to indicate all interfaces.
■ vpn-instance: Optional parameter specifying the vpn-instance to which the
packets belongs. If it is not specified, the ACL rule will be valid for the
packets in all the vpn-instances. If it is specified, the ACL rule will be valid
only for the specified vpn-instance.
■ vpn-instance-name: Specifies the name of a vpn-instance that existed.
■ In the undo rule command:
■ rule-id: ID of an ACL rule, it should be an existing ACL rule number. If the
command is not followed by other parameters, this ACL rule will be deleted
completely; otherwise, only part of information related to this ACL rule will
be deleted.
■ source: Optional. Only the information settings related to the source
address part of the ACL rule number will be deleted.
■ destination: Optional. Only the information setting related to the
destination address part of the ACL rule number will be deleted.
■ source-port: Optional. Only the information setting related to the source
port part of the ACL rule number will be deleted, valid only when the
protocol is TCP or UDP.
■ destination-port: Optional. Only the information setting related to the
destination port part of the ACL rule number will be deleted, valid only
when the protocol is TCP or UDP.
■ icmp-type: Optional. Only the information setting related to ICMP type and
message code part of the ACL rule number will be deleted, valid only when
the protocol is ICMP.
■ precedence: Optional. Only the setting of precedence configuration of the
ACL rule will be deleted.
■ tos: Optional. Only related tos setting corresponding to the ACL rule will be
deleted.
■ time-range: Optional. Only the setting corresponding to the time range
part of the ACL rule will be deleted.
■ logging: Optional. Only the setting corresponding to the logging part of
the ACL rule will be deleted.
■ fragment: Optional. Only the setting corresponding to the validity of
non-first packets fragmentation of the ACL rule will be deleted.
■ vpn-instance: Optional parameter. If it has been specified, the deletion
operation will delete only the settings involved the vpn-instance in the
specified ACL rule.
AAA Configuration Commands 831

Description
Using the rule command, you can add a rule in current ACL view. Using the undo
rule command, you can delete a rule.

The rule ID is needed when you try to delete a rule. If you do not know the ID,
using the display acl command to find it out.

Example
# Create ACL 101 and add a rule to prohibit the receiving or sending of RIP
packets.
[3Com] acl number 101

[3Com-acl-adv-101] rule deny udp destination-port eq rip

# Add a rule to permit hosts in the network segment 129.9.0.0 to send WWW
packet to hosts in the network segment 202.38.160.0.

[3Com-acl-adv-101] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0


0.0.0.255 destination-port eq www

# Add a rule to deny the WWW access (80) from the host in network segment
129.9.0.0 to the host in network segment 202.38.160.0, and log events that
violate the rule.

[3Com-acl-adv-101] rule deny tcp source 129.9.0.0 0.0.255.255 destination 202.38.160. 0


0.0.0.255 eq www logging

# Add a rule to permit the WWW access (80) from the host in network segment
129.9.8.0 to the host in network segment 202.38.160.0.

[3Com-acl-adv-101] rule permit tcp source 129.9.8.0 0.0.0.255 destination 202.38.160.0


0.0.0.255 destination-port eq www

# Add a rule to prohibit all hosts from establishing Telnet (23) connection to the
host with the IP address 202.38.160.1.

[3Com-acl-adv-101] rule deny tcp destination 202.38.160.1 0 destination-port eq telnet

# Add a rule to prohibit create UDP connections with port number greater than
128 from the hosts in network segment 129.9.8.0 to the hosts in network
segment 202.38.160.0

[3Com-acl-adv-101] rule deny udp source 129.9.8.0 0.0.0.255 destination 202.38.160.0


0.0.0.255 destination-port gt 128

# Add a rule, denying the packets carrying the source address 1.1.1.1 from VPN
vrf1.

[3Com-acl-adv-101] rule deny ip source 1.1.1.1 vpn-instance vrf1

Add/delete a rule [ rule-id ] { deny | permit } [ type type-code type-mask | lsap lsap-code
MAC-based ACL rule lsap-mask ] ] [ source-mac sour-addr source-mask ] [ dest-mac dest-addr
dest-mask ]
832 CHAPTER 9: SECURITY

Parameter
type-code: Data frame type, a 16-bit hexadecimal number equivalent to the
type-code field in Ethernet_II and Ethernet_SNAP frames.
type-mask: A 16-bit hexadecimal number used for specifying the mask bits.
lsap-code: Encapsulation format of data frames, a 16-bit hexadecimal number.
lsap-mask: LSAP mask, a 16-bit hexadecimal number used to specify mask bits.
sour-addr: Source MAC address in the format of xxxx-xxxx-xxxx.
sour-mask: Source MAC address mask.
dest-addr: Destination MAC address in the format of xxxx-xxxx-xxxx.
dest-mask: Destination MAC address mask.

Ethernet Type-Code The following table lists the Ethernet type-code values recommended in RFC 1700
Values and their meanings.

Table 3 0BAD0888-088AEthernet type-code values

Ethernet type-code value (in hexadecimal) Represents


0000-05DC IEEE802.3 Length Field
0101-01FF Experimental
200 XEROX PUP (see 0A00)
201 PUP Addr Trans (see 0A01)
400 Nixdorf
600 XEROX NS IDP
660 DLOG
661 DLOG
800 Internet IP (IPv4)
801 X.75 Internet
802 NBS Internet
803 ECMA Internet
804 Chaosnet
805 X.25 Level 3
806 ARP
807 XNS Compatability
081C Symbolics Private
0888-088A Xyplex
900 Ungermann-Bass net debugr
0A00 Xerox IEEE802.3 PUP
0A01 PUP Addr Trans
0BAD Banyan Systems
1000 Berkeley Trailer nego
1001-100F Berkeley Trailer encap/IP
1600 Valid Systems
4242 PCS Basic Block Protocol
5208 BBN Simnet
6000 DEC Unassigned (Exp.)
6001 DEC MOP Dump/Load
6002 DEC MOP Remote Console
6003 DEC DECNET Phase IV Route
Ethernet Type-Code Values 833

Ethernet type-code value (in hexadecimal) Represents


6004 DEC LAT
6005 DEC Diagnostic Protocol
6006 DEC Customer Protocol
6007 DEC LAVC, SCA
6008-6009 DEC Unassigned
6010-6014 3Com Corporation
7000 Ungermann-Bass download
7002 Ungermann-Bass dia/loop
7020-7029 LRT
7030 Proteon
7034 Cabletron
8003 Cronus VLN
8004 Cronus Direct
8005 HP Probe
8006 Nestar
8008 AT&T
8010 Excelan
8013 SGI diagnostics
8014 SGI network games
8015 SGI reserved
8016 SGI bounce server
8019 Apollo Computers
802E Tymshare
802F Tigan, Inc.
8035 Reverse ARP
8036 Aeonic Systems
8038 DEC LANBridge
8039-803C DEC Unassigned
803D DEC Ethernet Encryption
803E DEC Unassigned
803F DEC LAN Traffic Monitor
8040-8042 DEC Unassigned
8044 Planning Research Corp.
8046 AT&T
8047 AT&T
8049 ExperData
805B Stanford V Kernel exp.
805C Stanford V Kernel prod.
805D Evans & Sutherland
8060 Little Machines
8062 Counterpoint Computers
8065 Univ. of Mass. @ Amherst
8066 Univ. of Mass. @ Amherst
8067 Veeco Integrated Auto.
8068 General Dynamics
8069 AT&T
806A Autophon
806C ComDesign
806D Computgraphic Corp.
806E-8077 Landmark Graphics Corp.
834 CHAPTER 9: SECURITY

Ethernet type-code value (in hexadecimal) Represents


807A Matra
807B Dansk Data Elektronik
807C Merit Internodal
807D-807F Vitalink Communications
8080 Vitalink TransLAN III
8081-8083 Counterpoint Computers
809B Appletalk
809C-809E Datability
809F Spider Systems Ltd
80A3 Nixdorf Computers
80A4-80B3 Siemens Gammasonics Inc.
80C0-80C3 DCA Data Exchange Cluster
80C4 Banyan Systems
80C5 Banyan Systems
80C6 Pacer Software
80C7 Applitek Corporation
80C8-80CC Intergraph Corporation
80CD-80CE Harris Corporation
80CF-80D2 Taylor Instrument
80D3-80D4 Rosemount Corporation
80D5 IBM SNA Service on Ether
80DD Varian Associates
80DE-80DF Integrated Solutions TRFS
80E0-80E3 Allen-Bradley
80E4-80F0 Datability
80F2 Retix
80F3 AppleTalk AARP (Kinetics)
80F4-80F5 Kinetics
80F7 Apollo Computer
80FF-8103 Wellfleet Communications
8107-8109 Symbolics Private
8130 Hayes Microcomputers
8131 VG Laboratory Systems
8132-8136 Bridge Communications
8137-8138 Novell, Inc.
8139-813D KTI
8148 Logicraft
8149 Network Computing Devices
814A Alpha Micro
814C SNMP
814D BIIN
814E BIIN
814F Technically Elite Concept
8150 Rational Corp
8151-8153 Qualcomm
815C-815E Computer Protocol Pty Ltd
8164-8166 Charles River Data System
817D-818C Protocol Engines
818D Motorola Computer
Ethernet Type-Code Values 835

Ethernet type-code value (in hexadecimal) Represents


819A-81A3 Qualcomm
81A4 ARAI Bunkichi
81A5-81AE RAD Network Devices
81B7-81B9 Xyplex
81CC-81D5 Apricot Computers
81D6-81DD Artisoft
81E6-81EF Polygon
81F0-81F2 Comsat Labs
81F3-81F5 SAIC
81F6-81F8 VG Analytical
8203-8205 Quantum Software
8221-8222 Ascom Banking Systems
823E-8240 Advanced Encryption Systems
827F-8282 Athena Programming
8263-826A Charles River Data System
829A-829B Inst Ind Info Tech
829C-82AB Taurus Controls
82AC-8693 Walker Richer & Quinn
8694-869D Idea Courier
869E-86A1 Computer Network Tech
86A3-86AC Gateway Communications
86DB SECTRA
86DE Delta Controls
86DF ATOMIC
86E0-86EF Landis & Gyr Powers
8700-8710 Motorola
8A96-8A97 Invisible Software
9000 Loopback
9001 3Com(Bridge) XNS Sys Mgmt
9002 3Com(Bridge) TCP-IP Sys
9003 3Com(Bridge) loop detect
FF00 BBN VITAL-LanBridge cache
FF00-FF0F ISC Bunker Ramo

Time-range
Configuration
Commands

display time-range Syntax


display time-range { all | time-name }

View
Any view

Parameter
time-name: name of the time range.
836 CHAPTER 9: SECURITY

all: Displays all the configured time ranges.

Description
Using the display time-range command, you can view the configuration and the
status of time range. For the active time range at present, it displays "active" and
for the inactive time range, it displays "inactive".

Since there is a time deviation when the system updates acl status, which is about
1 minute, but display time-range will display the information of time range at
the current time exactly. Thus, the following case may happen: use the command
display time-range to find that a time range is activated but the acl that should
be active in the time range is inactive. This case is normal.

Example
# Display all time ranges.
[3Com] display time-range all

# Display the time range named trname.

[3Com] display time-range trname

Current time is 02:49:36 2-15-2003 Saturday

Time-range : trname ( Inactive )

14:00 to 16:00 off-day from 00:00 12-1-2002 to 00:00 12-1-2003

time-range Syntax
time-range time-name [ start-time to end-time ] [ days ] [ from time1 date1 ] [ to time2
date2 ]

undo time-range time-name [ start-time to end-time ] [ days ] [ from time1 date1 ] [ to


time2 date2 ]

View
System view

Parameter

time-name: Name of time range.

start-time: Start time of a time range, in the format of HH:MM.

end-time: End time of a time range, in the format of HH:MM.

days: Indicates on which day of a week the time range is valid or from which day
in a week the time range is valid. The following parameters can be input:

Number (0 to 6);

Monday to Sunday (Monday, Tuesday, Wednesday, Thursday, Friday, Saturday,


Sunday);

Working-day, from Monday to Friday;


Ethernet Type-Code Values 837

Off-day, including Saturday and Sunday;

Daily, including the seven days of a week.

from time1 date1: optional, which is used to indicate the start time and date. The
input format of time is hh:mm, which is shown with 24-hour type. The range of
hh is from 0 to 23 and the range of mm is from 0 to 59. The input format of date
is MM-DD-YYYY. DD can be in the value range from 1 to 31. MM is one number
in the range form 1 to 12 and YYYY is a 4-digit number. If no start time is set, it
means that there is no restriction on start time and only the end time should be
considered.

to time2 date2: Optional. It is used to indicate the end time and date. In addition,
the input format of time and date is the same with that of the start time. The end
time must be greater than the start time. If the end time is not set, it will be the
maximum time that the system can set.

Description
Using the time-range command, you can specify a time range. Using the undo
time-range command, you can delete a time range.

A time range consists of 2 parts, the first is the periodic time range within one
week described by the parameters start-time and end-time, depending on the
parameter days to specify on which day it is valid; the second is the time range
specified by from and to, which can be used to emphasize in what time range the
periodical time range is valid.

You can configure multiple time ranges with the same time-name. These time
ranges define a special time range all together and are expressed by name.

Example
# Configure the time range valid at 0:0 on Jan. 1, 2003, always valid.
[3Com] time-range test from 0:0 1-1-2003

# Configure the time range valid between 14:00 and 16:00 in every weekend
from 20:00 on Apr.01, 2003 to 20:00 on Dec.10, 2003.

[3Com] time test 14:00 to 16:00 off-day from 20:00 04-01-2003 to 20:00 12-10-2003

# Configure the time range valid between 8:00 and 18:00 in each working day.

[3Com] time-range test 8:00 to 18:00 working-day

# Configure the time range valid between 14:00 and 18:00 in each weekend day.

[3Com] time-range test 14:00 to 18:00 off-day


838 CHAPTER 9: SECURITY

Packet Filtering Firewall


Configuration
Commands

debugging firewall Syntax


debugging firewall { all | icmp | tcp | udp | fragments-inspect | others } [ interface
interface-name ]

undo debugging firewall { all | icmp | tcp | udp | fragments-inspect | others } [ interface
interface-name ]

View
User view

Parameter

icmp: Debugging information of ICMP packet filtering.

tcp: Debugging information of TCP packet filtering.

udp: Debugging information of UDP packet filtering.

fragments-inspect: Fragment debugging information.

others: Debugging information of all the other packets except ICMP, TCP and
UDP.

interface interface-name: Debugging information of the corresponding packets


passing the interface. The debugging information of all the interfaces will be
displayed if this parameter is not configured.

all: Debugging information of all the packets.

Description
Using the debugging firewall command, you can enable the information
debugging of the firewall packet filtering. Using the undo debugging firewall
command, you can disable the information debugging of the firewall packet
filtering.

By default, all the information debugging of the firewall is disabled.

For the related command, see display debugging.

Example
# Enable the debugging information about UDP packet filtering.
[3Com] debugging firewall udp

display firewall-statistics Syntax

display firewall-statistics { all | interface interface-name | fragments-inspect }


Ethernet Type-Code Values 839

View
Any view

Parameter
all: Displays the filtering packet statistics of all the interfaces.
interface: Displays the filtering packet statistics of a certain interface.
interface-name: Name of the interface.
fragments-inspect: Displays the fragment inspection information.

Description
Using the display firewall-statistics command, you can view the firewall
statistics.

For the related command, see firewall fragments-inspect.

Example
# Display the information of fragment inspection.
<3Com> display firewall-statistics fragments-inspect

Fragments inspection is enabled.

The high-watermark for clamping is 10000.

The low-watermark for clamping is 1000.

Current records for fragments inspection is 0.

firewall default Syntax


firewall default { permit | deny }

View
System view

Parameter
permit: Default filter rule is permitting packets to pass.
deny: Default filter rule is denying packets to pass.

Description
Using the firewall default command, you can configure the default filtering rule
of the firewall, whether to be “permit” or “deny”.

By default, the system permits packets.

Example
# Set the default filtering rule of the firewall to “deny”.
[3Com] firewall default deny
840 CHAPTER 9: SECURITY

firewall enable Syntax


firewall enable

undo firewall enable

View
System view

Parameter
none.

Description
Using the firewall enable command, you can enable the firewall. Using the
undo firewall enable command, you can disable the firewall.

By default, the firewall is disabled.

Example
# Enables the firewall
[3Com] firewall enable

firewall Syntax
fragments-inspect
Firewall fragments-inspect

Undo firewall fragments-inspect

View
System view

Parameter
none

Description
Using the firewall fragments-inspect command, you can enable fragment
inspection switch. Using the undo firewall fragments-inspect command, you
can disable fragment inspection switch.

By default, fragment inspection switch is disabled.

This command is the premise of realizing exact match. Only after fragment
inspection switch is enabled, can fragment exact match be implemented. Packet
filtering firewall will record the status of a fragment, and perform the exact
matching to advanced ACL rules according to the information beyond the layer 3
(IP layer).

Packet filtering firewall will consume some system resources for recording the
fragment status. If the exact match mode is not used, you are recommended to
disable this function so as to improve the running efficiency of system and reduce
the system cost.
Ethernet Type-Code Values 841

Only when the fragment packet inspection is enabled, can the exact match really
take effect.

For the related commands, see display firewall fragments-inspect and


firewall packet-filter.

Example
# Enable the fragment inspection switches
[3Com] firewall fragments-inspect

firewall Syntax
fragments-inspect { high
firewall fragments-inspect { high | low } { default | number }
| low }
undo firewall fragments-inspect { high | low }

View
System view

Parameter
high number: Specifies the high threshold of the fragment status records. It is in
the range from 100 to 10000.
low number: Specifies the low threshold of the fragment status records. It is in the
range from 100 to 10000.
default: Default number of fragment status records. The default high threshold of
the fragment status records is 2000 and the default low threshold of the fragment
status records is 1500.

Description
Using the firewall fragments-inspect { high | low } command, you can
configure the high and low thresholds of records for fragment inspection. Using
the undo firewall fragments-inspect { high | low } command, you can restore
the default high and low thresholds.

If fragment inspection switch is enabled and exact match filtering is applied, the
executing efficiency of the packet filtering will be slightly reduced. The more
matching entries are configured, the more the efficiency is reduced. Therefore, the
(high and low) thresholds should be set. When the number of fragment status
records reaches the high threshold, those status entries first reserved will be
deleted till the number of records is below the low threshold.

The low threshold must be no greater than the high threshold.

For the related commands, see display firewall-statistics fragments-inspect


and firewall packet-filter.

Example
# Configure the high threshold for fragment packet inspection to 3000 and
configure the low threshold to the default value.
[3Com] firewall fragments-inspect high 3000
842 CHAPTER 9: SECURITY

[3Com] firewall fragments-inspect low default

firewall packet-filter Syntax

firewall packet-filter { acl-number | acl-name } { inbound | outbound } [


match-fragments { normally | exactly } ]

undo firewall packet-filter { acl-number | acl-name } { inbound | outbound }

View
Interface view

Parameter

acl-number: Serial number of access control list rule.

acl-name: Name of ACL rule, in character string.

inbound: Filters the packet received from the interface.

outbound: Filters the packet forwarded from the interface.

normally: Normal matching mode, the default mode.

exactly: Exact matching mode.

Description
Using the firewall packet-filter command, you can apply the access control list
to the corresponding interface. Using the undo firewall packet-filter command,
you can delete the corresponding setting.

Interface-based ACL (namely ACL rule with sequence number from 1000 to 1999)
can only use the parameter outbound.

For related command, see acl, display acl and firewall fragments-inspect.

Example
# Apply access control list rule 101 to the "in" direction of the interface serial
1/0/0.
[3Com-Serial1/0/0] firewall packet-filter 101 inbound

reset firewall-statistics Syntax


reset firewall-statistics { all | interface interface-name }

View
User view

Parameter
all: Clears the filtering packet statistics of all the interfaces.
interface: Clears the filtering packet statistics of a certain interface.
interface-name: Name of the interface.
Ethernet Type-Code Values 843

Description
Using the reset firewall-statistics command, you can clear the firewall statistics.

Example
# Clear filtering packet statistics of the interface E3/1/0.
[3Com] reset firewall-statistics interface e3/1/0
844 CHAPTER 9: SECURITY

Example
# Specify the ISAKMP Sa duration for IKE proposal 10 as 600 seconds (10
minutes).
[3Com] ike proposal 10

[3Com-ike-proposal-10] sa duration 600

ASPF Configuration
Commands

aging-time Syntax
aging-time { syn | fin | tcp | udp } seconds

undo aging-time { syn | fin | tcp | udp } seconds

View
ASPF policy view

Parameter
seconds: Specifies the idle timeout time of SYN, FIN, TCP and UDP session entries
respectively when the related packets are inspected. The default timeout time of
SYN, FIN, TCP and UDP is 30s, 5s, 3600s and 30s respectively.

Description
Using the aging-time command, you can configure SYN status waiting timeout
value and FIN status waiting timeout value of TCP, session entry idle timeout value
of TCP and UDP. Using the undo aging-time command, you can restore the
default value.

Before the aging-time expires, the system will retain the connections and the
sessions that have been set up.

For related commands, see display aspf all, display aspf policy, display aspf
session and display aspf interface.

Example
# Configure SYN status waiting timeout value of TCP as 20 seconds.
[3Com-aspf-policy-1] aging-time syn 20

# Configure FIN status waiting timeout value of FIN as 10 seconds.

[3Com-aspf-policy-1] aging-time fin 10

# Configure TCP idle timeout value as 3000 seconds.

[3Com-aspf-policy-1] aging-time tcp 3000

# Configure UDP idle timeout value as 110 seconds.


[3Com-aspf-policy-1] aging-time udp 110
ASPF Configuration Commands 845

aspf-policy Syntax
aspf-policy aspf-policy-number

undo aspf-policy aspf-policy-number

View
System view

Parameter
aspf-policy-number: ASPF policy number, ranging from 1 to 99.

Description
Using the aspf-policy command, you can define an ASPF policy. For a defined
policy, the policy can be invoked through its policy number.

Example
# Define an ASPF policy and enter ASPF view.
[3Com] aspf-policy 1

[3Com-aspf-policy-1]

debugging aspf Syntax


debugging aspf { all | verbose | events | ftp | h323 | http | rtsp | session | smtp | tcp | timer
| udp }

undo debugging aspf { all | verbose | events | ftp | h323 | http | rtsp | session | smtp | tcp
| timer | udp }

View
User view

Parameter

all: All ASPF debugging switch.

verbose: Detailed debugging switch.

events: Event debugging switch.

ftp: Debugging switch for FTP detect information .

h323: Debugging switch for H.323 information detection.

http: Debugging switch for HTTP information detection.

rtsp: Debugging switch for RSTP information detection.

session: Debugging switch for Session information .

smtp: Debugging switch for SMTP information detection.

tcp : Debugging switch for TCP information detection.


846 CHAPTER 9: SECURITY

timers: Debugging switch for Timer information .

udp: Debugging switch for UDP information detection.

Description
Using the debugging aspf command, you can enable ASPF debugging function.
Using the undo debugging aspf command, you can disable ASPF debugging
function.

By default, ASPF debugging function is disabled.

For the related commands, see display aspf all, display aspf policy, display
aspf session and display aspf interface.

Example
# Open all the switches of debugging aspf
<3Com> debugging aspf all

detect Syntax
detect protocol [ java-list acl-number ] [ aging-time seconds ]

undo detect protocol

View
ASPF policy view

Parameter
seconds: Configures the idle timeout time of the protocol, ranging from 10 to
43200 seconds. The default TCP-based timeout time is 3600 seconds, and the
default UDP-based timeout time is 30 seconds.

java-list: Configures to block the Java Applets to specified network segment


packets, valid only when the protocol is HTTP.

acl-number: Basic ACL number, ranging from 1 to 99.

protocol: Name of the protocols supported by ASPF, the value can be ftp, http,
h323, smtp, rtsp, tcp and udp.

Description
Using the detect command, you can specify ASPF policy for application layer
protocols. Using the undo detect command, you can cancel the configuration.
When the protocol is HTTP, Java blocking is permitted.
For related commands, see display aspf all, display aspf policy, display aspf
session and display aspf interface.

Example
# Configure to specify an ASPF policy for HTTP protocol with policy number 1. At
the same time, permit Java blocking and set ACL1 to make ASPF able to filter Java
Applets from destination server 10.1.1.1.
ASPF Configuration Commands 847

[3Com] acl number 1

[3Com-acl-basic-1] rule deny source 10.1.1.1 0

[3Com-acl-basic-1] rule permit any

[3Com-acl-basic-1] quit

[3Com] aspf-policy 1

[3Com-aspf-policy-1] detect http java-list 1

display aspf all Syntax


display aspf all

View

Any view

Parameter

none

Description

Using the display aspf all command, you can view the information of all ASPF
policies and sessions.

Example
# View the information of ASPF policy and session.
[3Com] display aspf all

[ASPF Policy 1]

Session audit trail: disabled

tcp synwait-time: 30 sec

tcp finwait-time: 5 sec

tcp idle-time: 3600 sec

udp idle-time: 30 sec

h323 timeout: 3600

tcp timeout: 33

[Interface Configuration]

Interface: Ethernet0/0/0

Inbound ASPF policy: none


848 CHAPTER 9: SECURITY

Outbound ASPF policy: 1

Table 4 ASPF Configuration information

Item Description
Session audit trail: The session logging function is disabled.
disabled
tcp syn wait-time TCP connected SYN status timeout value is 30 seconds.
tcp finnwait-time TCP connection FIN status timeout value is 5 seconds.
tcp idle-time Timeout for the idle-time of TCP session is 3600 seconds.
udp idle-time Timeout for the idle-time of UDP session is 30 seconds.
http java-list 1 timeout Detect the HTTP traffic and filter the Java Applets from some
particular sites by using ACL 1. The HTTP timeout time is set to
3000 seconds. “h323 timeout” indicates the timeout time of the
h323 session entry.
h323 timeout The policy inspects h323 traffic. The timeout time of h323 is 3600
seconds.
tcp timeout The policy inspects tcp traffic. The timeout time of tcp is 33
seconds.
Inbound ASPF policy No ASPF policy is configured in inbound direction of the interface
Ethernet0/0/0.
outbound ASPF policy ASPF policy 1 is configured in outbound direction of the interface
Ethernet0/0/0.

display aspf interface Syntax


display aspf interface

View
Any view

Parameter
none

Description
Using the display aspf interface command, you can view the interface
configuration of the inspection policy.

Example
# View the interface configuration of the inspection policy.
<3Com> display aspf interface

[Interface Configuration]

Interface: Ethernet0/0/0

Inbound ASPF policy: none


ASPF Configuration Commands 849

Outbound ASPF policy: 1

Table 5 ASPF interface configuration information

Item Description
Inbound ASPF policy No ASPF policy is configured in inbound direction of the interface
Ethernet0/0/0.
outbound ASPF policy ASPF policy 1 is configured in outbound direction of the interface
Ethernet0/0/0.

display aspf policy Syntax


display aspf policy aspf-policy-number

View
Any view

Parameter
aspf-policy-number: ASPF policy number, ranging from 1 to 99.

Description
Using the the display aspf policy command, you can view the configuration of a
specific inspection policy.

Example
# Display the configuration information of the inspection policy with policy
number of 1.
[3Com] display aspf policy 1

[ASPF Policy 1]

Session audit trail: disabled

tcp synwait-time: 30 sec

tcp finwait-time: 5 sec

tcp idle-time: 3600 sec

udp idle-time: 30 sec

h323 timeout: 3600

tcp timeout: 33

display aspf session Syntax


display aspf session [ verbose ]

View
Any view

Parameter
verbose: Displays the detail information of the sessions.
850 CHAPTER 9: SECURITY

Description
Using the display aspf session command, you can view the information of the
ASPF sessions.

Example
# Display the information of current ASPF sessions.
[3Com] display aspf session

[Established Sessions]

[ Session 0xC7E5E4 ]

(192.168.0.1:2124)=>(13.1.0.5:1720) h323 H323_CALL_ACTIVE

# Display detailed information of current ASPF sessions.

[3Com] display aspf session verbose

[ Established Sessions ]

[ Session 0xC7E2B4 ]

(192.168.0.1:2125)=>(13.1.0.5:2093) h245-media-control H245_OPEN

SessNum: 229, TransProt: 6,

AppProt: 21

Prev: 0x0, Next: 0x0,

Child: 0xCA9EA4,

Parent: 0x0

SynNode: 0x0, FinNode: 0x0

Interface: Ethernet1/0/0,

Direction: outbound

Bytes/Packets sent (initiator:responder) [1339/15 : 1309/12]

Tcp SeqNum/AckNum [352115193/62885460 : 62885456/352115193]

Timeout 00:02:00(120),

Table 6 Information of current ASPF sessions

Item Description
TransProt: 6 Transport layer protocol is numbered 6, which
means that TCP is used.
AppProt: 21 Application layer protocol uses port 21, which
means that the sessions are FTP sessions
Interface: Ethernet1/0/0 Direction: outbound
ASPF policy is applied in outbound direction Bytes/Packets sent
of the interface Ethernet1/0/0
Bytes/Packets transmitted between the Timeout 00:02:00(120)
originating and responding sides of the
connection
ASPF Configuration Commands 851

Table 6 Information of current ASPF sessions

Item Description
Timeout time set for the protocol is 120
seconds

firewall aspf Syntax


firewall aspf aspf-policy-number { inbound | outbound }

undo firewall aspf aspf-policy-number { inbound | outbound }

View
Interface view

Parameter
aspf-policy-number: ASPF policy number used on the interface.
inbound: Applies ASPF policy in inbound direction of the interface.
outbound: Applies ASPF policy in outbound direction of the interface.

Description
Using the firewall aspf command, you can apply ASPF policy in specified
direction to an interface. Using the undo firewall aspf command, you can delete
the applied ASPF policy on the interface.

There are two concepts in ASPF, inbound interface and outbound interface. If the
router connects with both intranet and internet, and uses ASPF to protect the
servers of intranet, the router interface connected with intranet is regarded as
inbound interface and the one connected with internet is regarded as outbound
interface.

When ASPF is applied on outbound interface, ASPF will refuse the access of
intranet from internet users, but the returning packets of intranet users accessing
internet can pass the detection of ASPF.

Example
# Configure ASPF firewall function in outbound direction of the interface
ethernet1/0/0.
[3Com-Ethernet1/0/0] firewall aspf 1 outbound

log enable Syntax


log enable

undo log enable

View
ASPF policy view

Description
Using the log enable command, you can enable ASPF session logging function.
Using the undo log enable command, you can disable logging function.
852 CHAPTER 9: SECURITY

By default, session logging function is disabled.

ASPF provides enhanced session logging function which can log all connections,
including connection time, source address, destination address, port in use and
transmitted bytes number.

For related command, see display aspf all, display aspf policy, display aspf
session, display aspf interface.

Example
# Enable ASPF session logging function.
[3Com-aspf-policy-1] log enable

PAM Configuration
Commands

display port-mapping Syntax


display port-mapping [ application-name | port port-number ]

View
Any view

Parameter
application-name: Specifies the name of application for PAM. Optional
applications include ftp, http, h323, smtp and rtsp.
port-number: Port number in the range from 0 to 65535.

Description

Using the display port-mapping command, you can view PAM information.

For the related command, see port-mapping.

Example
# Display all PAM information.
[3Com] display port-mapping

port-mapping Syntax
port-mapping application-name port port-number [ acl acl-number ]

undo port-mapping [ application-name port port-number [ acl acl-number ] ]

View
System view

Parameter

application-name: Specifies the name of the application for PAM. Optional


applications include ftp, http, h323, smtp and rtsp.
Firewall Configuration Commands 853

port-number: Port number, ranging from 0 to 65535.

acl-number: Number of basic ACL, which is in the range from 1 to 99.

Description
Using the port-mapping command, you can establish a mapping from the port to
application layer protocol. Using the undo port-mapping command, you can
delete the PAM ingress defined by the user.

PAM supports two mapping mechanisms, general port mapping and host port
mapping based on basic ACL. The former is to establish the mapping relation
between a user-defined port number and an application protocol. For example,
mapping the port 8080 to the HTTP will make all the TCP packets destined to
8080 be regarded as HTTP packets. The latter is to map the self-defined port
number to the application protocol for the packets from some specific hosts. For
example, you can map the TCP packets using the port 8080, which destine to the
hosts residing on the segment 1.1.0.0 to be the HTTP packets. The range of hosts
will be specified by the basic ACL.

For the same port, general port mapping and host port mapping based on basic
ACL cannot be configured at the same time.

For the related command, see display port-mapping.

Example
# Map port 3456 to FTP service, with this configuration, all the data flows destined
to port 3456 will be regarded as FTP data flows.
[3Com] port-mapping ftp port 3456

Firewall Configuration
Commands

debugging firewall Syntax


debugging firewall { all | icmp | tcp | udp | fragments-inspect | others } [ interface
interface-name ]

undo debugging firewall { all | icmp | tcp | udp | fragments-inspect | others } [ interface
interface-name ]

View
User view

Parameter

icmp: Debugging information of ICMP packet filtering.

tcp: Debugging information of TCP packet filtering.

udp: Debugging information of UDP packet filtering.

fragments-inspect: Fragment debugging information.


854 CHAPTER 9: SECURITY

others: Debugging information of all the other packets except ICMP, TCP and
UDP.

interface interface-name: Debugging information of the corresponding packets


passing the interface. The debugging information of all the interfaces will be
displayed if this parameter is not configured.

all: Debugging information of all the packets.

Description
Using the debugging firewall command, you can enable the information
debugging of the firewall packet filtering. Using the undo debugging firewall
command, you can disable the information debugging of the firewall packet
filtering.

By default, all the information debugging of the firewall is disabled.

For the related command, see display debugging.

Example
# Enable the debugging information about UDP packet filtering.
[3Com] debugging firewall udp

display firewall-statistics Syntax

display firewall-statistics { all | interface interface-name | fragments-inspect }

View
Any view

Parameter
all: Displays the filtering packet statistics of all the interfaces.
interface: Displays the filtering packet statistics of a certain interface.
interface-name: Name of the interface.
fragments-inspect: Displays the fragment inspection information.

Description
Using the display firewall-statistics command, you can view the firewall
statistics.

For the related command, see firewall fragments-inspect.

Example
# Display the information of fragment inspection.
<3Com> display firewall-statistics fragments-inspect

Fragments inspection is enabled.

The high-watermark for clamping is 10000.

The low-watermark for clamping is 1000.


Firewall Configuration Commands 855

Current records for fragments inspection is 0.

firewall default Syntax


firewall default { permit | deny }

View
System view

Parameter
permit: Default filter rule is permitting packets to pass.
deny: Default filter rule is denying packets to pass.

Description
Using the firewall default command, you can configure the default filtering rule
of the firewall, whether to be “permit” or “deny”.

By default, the system permits packets.

Example
# Set the default filtering rule of the firewall to “deny”.
[3Com] firewall default deny

firewall enable Syntax


firewall enable

undo firewall enable

View
System view

Parameter
none.

Description
Using the firewall enable command, you can enable the firewall. Using the
undo firewall enable command, you can disable the firewall.

By default, the firewall is disabled.

Example
# Enables the firewall
[3Com] firewall enable

firewall Syntax
fragments-inspect
Firewall fragments-inspect

Undo firewall fragments-inspect


856 CHAPTER 9: SECURITY

View
System view

Parameter
none

Description
Using the firewall fragments-inspect command, you can enable fragment
inspection switch. Using the undo firewall fragments-inspect command, you
can disable fragment inspection switch.

By default, fragment inspection switch is disabled.

This command is the premise of realizing exact match. Only after fragment
inspection switch is enabled, can fragment exact match be implemented. Packet
filtering firewall will record the status of a fragment, and perform the exact
matching to advanced ACL rules according to the information beyond the layer 3
(IP layer).

Packet filtering firewall will consume some system resources for recording the
fragment status. If the exact match mode is not used, you are recommended to
disable this function so as to improve the running efficiency of system and reduce
the system cost.

Only when the fragment packet inspection is enabled, can the exact match really
take effect.

For the related commands, see display firewall fragments-inspect and


firewall packet-filter.

Example
# Enable the fragment inspection switches
[3Com] firewall fragments-inspect

firewall Syntax
fragments-inspect { high
firewall fragments-inspect { high | low } { default | number }
| low }
undo firewall fragments-inspect { high | low }

View
System view

Parameter
high number: Specifies the high threshold of the fragment status records. It is in
the range from 100 to 10000.
low number: Specifies the low threshold of the fragment status records. It is in the
range from 100 to 10000.
default: Default number of fragment status records. The default high threshold of
the fragment status records is 2000 and the default low threshold of the fragment
status records is 1500.
Firewall Configuration Commands 857

Description
Using the firewall fragments-inspect { high | low } command, you can
configure the high and low thresholds of records for fragment inspection. Using
the undo firewall fragments-inspect { high | low } command, you can restore
the default high and low thresholds.

If fragment inspection switch is enabled and exact match filtering is applied, the
executing efficiency of the packet filtering will be slightly reduced. The more
matching entries are configured, the more the efficiency is reduced. Therefore, the
(high and low) thresholds should be set. When the number of fragment status
records reaches the high threshold, those status entries first reserved will be
deleted till the number of records is below the low threshold.

The low threshold must be no greater than the high threshold.

For the related commands, see display firewall-statistics fragments-inspect


and firewall packet-filter.

Example
# Configure the high threshold for fragment packet inspection to 3000 and
configure the low threshold to the default value.
[3Com] firewall fragments-inspect high 3000

[3Com] firewall fragments-inspect low default

firewall packet-filter Syntax

firewall packet-filter { acl-number | acl-name } { inbound | outbound } [


match-fragments { normally | exactly } ]

undo firewall packet-filter { acl-number | acl-name } { inbound | outbound }

View
Interface view

Parameter

acl-number: Serial number of access control list rule.

acl-name: Name of ACL rule, in character string.

inbound: Filters the packet received from the interface.

outbound: Filters the packet forwarded from the interface.

normally: Normal matching mode, the default mode.

exactly: Exact matching mode.

Description
Using the firewall packet-filter command, you can apply the access control list
to the corresponding interface. Using the undo firewall packet-filter command,
you can delete the corresponding setting.
858 CHAPTER 9: SECURITY

Interface-based ACL (namely ACL rule with sequence number from 1000 to 1999)
can only use the parameter outbound.

For related command, see acl, display acl and firewall fragments-inspect.

Example
# Apply access control list rule 101 to the "in" direction of the interface serial
1/0/0.
[3Com-Serial1/0/0] firewall packet-filter 101 inbound

reset firewall-statistics Syntax


reset firewall-statistics { all | interface interface-name }

View
User view

Parameter
all: Clears the filtering packet statistics of all the interfaces.
interface: Clears the filtering packet statistics of a certain interface.
interface-name: Name of the interface.

Description
Using the reset firewall-statistics command, you can clear the firewall statistics.

Example
# Clear filtering packet statistics of the interface E3/1/0.
[3Com] reset firewall-statistics interface e3/1/0

IPSec Configuration
Commands

ah Syntax
authentication-algorith
ah authentication-algorithm { md5 | sha1 }
m
undo ah authentication-algorithm

View
IPSec proposal view

Parameter

md5: MD5 algorithm is adopted.

sha1: SHA1 algorithm is adopted.


IPSec Configuration Commands 859

Description
Using the ah authentication-algorithm command, you can set the
authentication algorithm adopted by Authentication Header protocol in IPSec
proposal. Using the undo ah authentication-algorithm command, you can
restore the default setting.

By default, the md5 authentication algorithm is adopted by Authentication


Header protocol in IPSec proposal.

AH proposal can’t be used to encrypt, but to authenticate.

MD5 algorithm uses the 128-bit key, and SHA1 uses the 160-bit key. By
comparison, MD5 is faster than SHA1, while SHA1 is securer than MD5.

The IPSec proposal adopted by the security policy at both ends of the security
tunnel must be set as using the same authentication algorithm.

Can the AH authentication algorithm be configured only if AH or AH-ESP security


protocol was selected by executing the transform command.

For the related commands, see ipsec proposal, proposal, sa sip and transform.

Example
# Set IPSec proposal using AH and SHA1.
[3Com] ipsec proposal prop1

[3Com-ipsec-proposal- prop1] transform ah

[3Com-ipsec-proposal- prop1] ah authentication-algorithm sha1

debugging encrypt-card Syntax


debugging encrypt-card {all | command | error | misc | packet | sa} [
slot-id ]

debugging encrypt-card host {all | command | error | misc | packet |


sa}

View
Any view

Parameter
all: Enables all debugging on the encryption card.

command: Enables command debugging on the encryption card.

error: Enables error debugging on the encryption card.

misc: Enables other debugging on the encryption card.

packet: Enables packet debugging on the encryption card.

sa: Enables security association (SA) debugging on the encryption card.

host: Enables host debugging on the encryption card.


860 CHAPTER 9: SECURITY

slot-id: Slot ID for the encryption card, whose range depends on the slot number on the router.
It is in 3-dimentional format, for example, x/y/z, where x stands for slot ID on the router, y and z
are fixed to 0 for the encryption card. If you do not specify a value for the parameter, the system
will display the log of all encryption cards.

Description
Using the debugging encrypt-card command, you can enable debugging on the encryption
card. Using the undo debugging ipsec command, you can disable debugging on the
encryption card.

The command is only available on the encryption card.

Example
# Enable command debugging on the encryption card at slot 5/0/0.

[Router] debugging encrypt-card command 5/0/0 d

debugging ipsec Syntax


debugging ipsec { all | sa | misc | packet [ policy policy-name [ seq-number ] | parameters
ip-address protocol spi-number ] | misc }

undo debugging ipsec { all | sa | misc | packet [ policy policy-name [ seq-number ] |


parameters ip-address protocol spi-number ] | misc }

View
User view

Parameter

all: Displays all debugging information.

sa: Displays debugging information of SA.

packet: Displays debugging information of IPSec packets.

policy policy-name: Displays debugging information of IPSec policy whose name is


policy-name.

seq-number: Displays debugging information of IPSec policy whose sequence


number is seq-number.

parameters: Displays debugging information of a SA whose remote address is


ip-address, Security protocol is protocol, and SPI is spi-number.

misc: Displays other debugging information of IPSec.

Description
Using the debugging ipsec command, you can turn IPSec debugging on, Using
the undo debugging ipsec command, you can turn IPSec debugging off.

By default, IPSec debugging is off.

Example
# Enable IPSec SA debugging function.
IPSec Configuration Commands 861

<3Com> debugging ipsec sa

display encrypt-card sa Syntax


display encrypt-card sa [ slot-id ]

View
Any view

Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.

Description
Using the display encrypt-card sa command, you can view SA information.

The command is only available on the encryption card.

These kinds of information shall be displayed: SA proposal name, local address,


remote address, SA remaining key duration, schedule performance index (SPI), slot
ID and other similar information.

Example
# Display all SA information on the encryption card at slot 5/0/0.
[Router] display encrypt-card sa 5/0/0

AH SAs

proposal: ESP-AUTH-SHA1HMAC96

local address: 20.0.0.2

remote address: 20.0.0.1

sa remaining key duration (bytes/sec): 1887435992/2401

spi: 1081108020 (0x40706634)

Uses Encrypt5/0

ESP SAs

proposal: ESP-ENCRYPT-3DES

proposal: ESP-AUTH-SHA1HMAC96

local address: 20.0.0.2

remote address: 20.0.0.1

sa remaining key duration (bytes/sec): 1887436136/2401

spi: 891512401 (0x35236651)


862 CHAPTER 9: SECURITY

Uses Encrypt5/0/0

ESP SAs

proposal: ESP-ENCRYPT-3DES

proposal: ESP-AUTH-SHA1HMAC96

local address: 20.0.0.1

remote address: 20.0.0.2

sa remaining key duration (bytes/sec): 1887436532/2401

spi: 3024247997 (0xb4425cbd)

Uses Encrypt5/0/0

AH SAs

proposal: ESP-AUTH-SHA1HMAC96

local address: 20.0.0.1

remote address: 20.0.0.2

sa remaining key duration (bytes/sec): 1887436464/2401

spi: 2937733563 (0xaf1a41bb)

Uses Encrypt5/0/0

display encrypt-card Syntax


statistics display encrypt-card statistics [ slot-id ]

View
Any view

Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.

Description
Using the display encrypt-card statistics command, you can view statistics on
the encryption cards.

The command is only available on the encryption card.

The statistics includes the processing information of ESP/AH packets on the


encryption card. More details are displayed in the following example.
IPSec Configuration Commands 863

If the slot ID you type in is greater than the available slot number on the router, the
error information "Invalid encrypt-card slot-id" will be prompted.

For the related command, see reset encrypt-card statistic.

Example
# Display the statistics on the encryption card at slot 5/0/0.
[Router] display encrypt-card statistics 5/0/0

Encrypt5/0/0 security packets statistics :

input/output security packets: 8/4

input/output security bytes: 1472/604

dropped security packet detail:

no enough memory: 0

can't find SA: 0

queue is full: 0

authentication is failed: 0

wrong length: 0

replay packet: 0

too long packet: 0

wrong SA: 0

invalid proposal: 0

invalid protocol: 0

buffer error: 0

wrap error: 0

crypto error: 0

pad error: 0

display encrypt-card Syntax


syslog display encrypt-card syslog [ slot-id ]

View
Any view

Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.
864 CHAPTER 9: SECURITY

Description
Using the display encrypt-card syslog command, you can view the current
system log on the encryption cards.

The command is only available on the encryption card.

If the slot ID you type in is greater than the available slot number on the router, the
error information "Invalid encrypt-card slot-id" shall be prompted.

For the related command, see encrypt-card set syslog.

Example
# Display the system log on the encryption card at slot 5/0/0.
[Router] display encrypt-card syslog 5/0/0

Date: 2004-03-27, Time: 11:45 Encrypt5/0/0 : receive time config


cmd.

Date: 2004-03-27, Time: 11:50 Encrypt5/0/0 : receive add tdb cmd.

Date: 2004-03-27, Time: 11:50 Encrypt5/0/0 : receive add tdb cmd.

Date: 2004-03-27, Time: 11:50 Encrypt5/0/0 : receive link tdb cmd.

Date: 2004-03-27, Time: 11:50 Encrypt5/0/0 : receive add tdb cmd.

Date: 2004-03-27, Time: 11:50 Encrypt5/0/0 : receive add tdb cmd.

Date: 2004-03-27, Time: 11:50 Encrypt5/0/0 : receive link tdb cmd.

display interface encrypt Syntax


display interface encrypt [ slot-id ]

View
Any view

Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card. If
you do not specify a value for the parameter, the system will display the log of all
encryption cards.

Description
Using the display interface encrypt command, you can view the information
about the ports on the encryption cards.

The command is only available on the encryption card.

With this command, you can view the status of the encryption card, total number
of packets transmitted or received on it, maximum number of packets dropped
per second, information during the last five seconds.

For the related command, see interface encrypt.


IPSec Configuration Commands 865

Example
# Display the port information on the encryption card at slot 5/0/0.
[Router] display interface Encrypt 5/0/0

Description : Encrypt5/0/0 Interface

Protocol Status: READY

Driver Status : READY

Total Statistics

Packets sent to card : 10

Packets received from card : 9

Bytes sent to card : 1216

Bytes received from card : 584

Dropped packets : 0

Statistics during last 5 seconds

Packets sent to card : 0

Packets received from card : 0

Bytes sent to card : 0

Bytes received from card : 0

Dropped packets : 0

display ipsec policy Syntax


display ipsec policy [ brief | name policy-name [ seq-number ] ]

View
Any view

Parameter

brief: Displays brief information about all the ipsec policies.

name: Displays information of the ipsec policy with the name policy-name and
sequence number seq-number.

policy-name: Name of an ipsec policy.

seq-number: Sequence number of an ipsec policy.

If no argument has been specified, the details of all the IPSec policies will be
displayed. If name policy-name has been specified but seq-number has not, the
information of the specified IPSec policy group will be listed out.

Description
Using the display ipsec policy command, you can view information about the
ipsec policy.
866 CHAPTER 9: SECURITY

The brief keyword is used for displaying brief information about all the ipsec
policies, whose display format is the brief format (see the following example). The
brief command can be used to quickly display all the ipsec policies. Brief
information includes, name and sequence number, negotiation mode, access
control list, proposal, local address, and remote address.

The other command words are used to display the detailed information about the
ipsec policy, whose display format is the detailed format (refer to the following
example).

For the related commands, see ipsec policy(system view).

Example
# View brief information about all the ipsec policies.
<3Com> display ipsec policy brief

Ipsec-policy-Name Mode acl Local Address Remote Address

policy1-100 manual 100 150.1.1.2 150.1.1.1

test-300 isakmp 120 202.38.160.66

Table 7 Brief Information of IPSec Policy

Item Description
Ipsec-policy-Name name and sequence number of an ipsec policy
Mode negotiation method used by an ipsec policy
acl access control list used by an ipsec policy
Local Address local IP address
Remote Address remote IP address

# View information about all the ipsec policies

[3Com] display ipsec policy

===========================================

IPsec Policy Group: "policy_isakmp"

Using interface: {Ethernet1/0/0}

===========================================

--------------------------------------------

IPsec policy name: "policy_isakmp"

sequence number: 10

mode: isakmp

--------------------------------------------

security data flow : 100

tunnel remote address: 162.105.10.2

PFS (Y/N): N
IPSec Configuration Commands 867

proposal name: prop1

ipsec sa local duration(time based): 3600 seconds

ipsec sa local duration(traffic based): 1843200 kilobytes

===========================================

IPsec Policy Group: "policy_man"

Using interface: {Ethernet1/0/1}

===========================================

-----------------------------------------

IPsec policy name: "policy_man"

sequence number: 10

mode: manual

-----------------------------------------

security data flow : 100

tunnel local address: 162.105.10.1

tunnel remote address: 162.105.10.2

proposal name: prop1

inbound ah setting:

ah spi: 12345 (0x3039)

ah string-key:

ah authentication hex key : 1234567890123456789012345678901234567890

inbound esp setting:

esp spi: 23456 (0x5ba0)

esp string-key:

esp encryption hex key: 1234567890abcdef1234567890abcdef1234567812345678

esp authentication hex key: 1234567890abcdef1234567890abcdef

outbound ah setting:

ah spi: 54321 (0xd431)

ah string-key:

ah authtication hex key: 1122334455667788990011223344556677889900

outbound esp setting:

esp spi: 65432 (0xff98)

esp string-key:

esp encryption hex key: 11223344556677889900aabbccddeeff1234567812345678


868 CHAPTER 9: SECURITY

esp authentication hex key: 11223344556677889900aabbccddeeff

Table 8 Detailed Information of IPSec IPsec Policy

Item Description
ipsec policy name, sequence number and negotiation
method of an ipsec policy
security data flow access control list used by an ipsec policy
proposal name name of the proposal used by an ipsec policy
inbound/outbound ah/esp setting settings of inbound/outbound ends using
AH/ESP, including SPI and key
tunnel Local Address local IP address
tunnel Remote Address remote IP address
PFS (Y/N) Whether using PFS(Perfect Forward Security)
or not

display ipsec Syntax


policy-template
display ipsec policy-template [ brief | name template-name [ seq-number ] ]

View
Any view

Parameter

brief: Displays brief information about all the ipsec policy templates.

name: Displays information of the ipsec policy template with the name
template-name and sequence number seq-number.

template-name: Name of an ipsec policy template.

seq-number: Sequence number of an ipsec policy template. If seq-number is not


specified, then the information about all the ipsec policy templates named
template-name is shown.

If no parameter is specified, then the detail information about all the ipsec policy
templates will be displayed. If name template-name has been specified but
seq-number has not, the information of the specified IPSec policy template group
will be listed out.

Description
Using the display ipsec policy-template command, you can view information
about the ipsec policy template.

Parameter brief is for showing brief information about all the ipsec policy
templates, whose display format is the brief format (see the following example). It
can be used to quickly display all the ipsec policy templates. Brief information
includes, template name and sequence number, access control list, and remote
address.

Any of the sub-commands can be used to display detail information of the IPSec
policy template.
IPSec Configuration Commands 869

For the related commands, see ipsec policy-template.

Example
# View brief information about all the ipsec policy templates.
[3Com] display ipsec policy-template brief

Policy-template-Name acl Remote-Address

------------------------------------------------------

test-tplt300 120

Table 9 Brief Information of IPSec Policy Template

Item Description
Policy-template-Name name, sequence number of an ipsec policy
template
acl access control list used by an ipsec policy
template
Remote Address remote IP address

display ipsec proposal Syntax


display ipsec proposal [ proposal-name ]

View
Any view

Parameter
proposal-name: Name of the proposal.

Description
Using the display ipsec proposal command, you can view information about the
proposal.

If the name of the proposal is not specified, then information about all the
proposals will be shown.

For the related commands, see ipsec proposal, display ipsec sa and display
ipsec policy.

Example
# View all the proposals.
[3Com] display ipsec proposal

Ipsec proposal name: prop2

encapsulation mode: tunnel

transform: ah-new

ah protocol: authentication-algorithm sha1-hmac-96

Ipsec proposal name: prop1


870 CHAPTER 9: SECURITY

encapsulation mode: transport

transform: esp-new

esp protocol: authentication-algorithm md5-hmac96, encryption des

Table 10 IPSec Proposal Information

Item Description
Ipsec proposal name name of the proposal
encapsulation mode modes used by proposal, including two types:
transport mode and tunnel mode
transform security protocols used by proposal, including
two types: AH and ESP
ah protocol the authentication-algorithm used by AH:
md5 | sha1
esp protocol the authentication-algorithm and encryption
method used by ESP respectively: MD5 and
DES

display ipsec sa Syntax


display ipsec sa [ brief | remote ip-address | policy policy-name [ seq-number ] | duration
]

View
Any view

Parameter

brief: Displays brief information about all the SAs.

remote: Displays information about the SA with remote address as ip-address.

ip-address: Specifys the remote address in dotted decimal format.

policy: Displays information about the SA created by the ipsec policy whose name
is policy-name.

policy-name: Specifys the name of the ipsec policy.

seq-number: Specifys the sequence number of the ipsec policy.

duration: Global sa duration to be shown.

Description
Using the display ipsec sa command, you can view the relevant information
about the SA.

The command with brief parameter shows brief information about all the SAs,
whose display format is the brief format (refer to the following example). Brief
information includes source address, destination address, SPI, protocol, and
algorithm. A display beginning with "E" in the algorithm stands for the encryption
algorithm, and a display beginning with "A" stands for the authentication
algorithm. The brief command can be used to quickly display all the SAs already
set up.
IPSec Configuration Commands 871

The commands with remote and policy parameters both display the detailed
information about the SA. In display mode, part of the information about the
ipsec policy is shown first and then the detailed information of the SA in this ipsec
policy.

The command with duration parameter shows the global sa duration, including
"time-based" and "traffic-based" sa duration. Referring to the following
examples.

Information of all the SAs will be shown when no parameter is specified.

For the related commands, see reset ipsec sa, ipsec sa duration, display ipsec
sa and display ipsec policy.

Example
# View brief information about all the SAs.
<3Com> display ipsec sa brief

Src Address Dst Address SPI Protocol Algorithm

10.1.1.1 10.1.1.2 300 ESP E:DES; A:HMAC-MD5-96

10.1.1.2 10.1.1.1 400 ESP E:DES; A:HMAC-MD5-96

Table 11 Brief Information of IPSec SA

Item Description
Src Address Local IP address
Dst Address Remote Ip address
SPI security parameter index
Protocol security protocol used by IPSec
Algorithm The authentication algorithm and encryption
algorithm used by the security protocol. A
display beginning with "E" in the algorithm
stands for the encryption algorithm, and a
display beginning with "A" stands for the
authentication algorithm.

# View the global duration of SA.

[3Com] display ipsec sa duration

ipsec sa global duration (traffic based): 1843200 kilobytes

ipsec sa global duration (time based): 3600 seconds

# View information of all the SAs.

[3Com] display ipsec sa

===============================

Interface: Ethernet1/0/0

path MTU: 1500

===============================
872 CHAPTER 9: SECURITY

----------------------------------

IPsec policy name: "policy_isakmp"

sequence number: 10

mode: isakmp

----------------------------------

connection id: 4

in use settings = {tunnel}

tunnel local : 162.105.10.1

tunnel remote : 162.105.10.2

[inbound ah SAs]

spi: 3752719292 (0xdfadf3bc)

transform: AH-SHA1HMAC96

sa remaining key duration (bytes/sec): (1887436384/3594)

max received sequence-number: 4

[inbound esp SAs]

spi: 74180629 (0x46be815)

transform: ESP-ENCRYPT-3DES ESP-AUTH-MD5

sa remaining key duration (bytes/sec): (1887436528/3594)

max received sequence-number: 4

[outbound esp SAs]

spi: 1394075637 (0x5317e7f5)

transform: ESP-ENCRYPT-3DES ESP-AUTH-MD5

sa remaining key duration (bytes/sec): (1887436464/3594)

max sent sequence-number: 5

[outbound ah SAs]

spi: 2132905296 (0x7f218d50)

transform: AH-SHA1HMAC96

sa remaining key duration (bytes/sec): (1887436336/3594)

max sent sequence-number: 5

Table 12 Detailed Information of IPSec SA

Item Description
Interface Interface using ipsec policy
path MTU Maximum IP packet length sent from the
interface
IPSec Configuration Commands 873

Table 12 Detailed Information of IPSec SA

Item Description
ipsec policy ipsec policy used, including name, sequence
number and negotiation method
connection id security channel identifier
in use settings IPSec mode, including two types: transport
mode and tunnel mode
tunnel local local IP address
tunnel remote remote IP address
inbound SA information of the inbound end
transform proposal used by the ipsec policy
sa remaining key duration rest sa duration of SA
max received sequence-number maximum sequence number of the received
packets (the anti-replay function provided by
the security protocol)
outbound SA information of the outbound end
max sent sequence-number maximum sequence number of the sent
packets (the anti-replay function provided by
the security protocol)

display ipsec statistics Syntax


display ipsec statistics

View
Any view

Parameter
none

Description
Using the display ipsec statistics command, you can view the IPSec packet
statistics information, including the input and output security packet statistics,
bytes, number of packets discarded and detailed description of discarded packets.

For the related command, see reset ipsec statistics.

Example
# View IPSec packet statistics.
<3Com> display ipsec statistics

the security packet statistics:

input/output security packets: 5124/8231

input/output security bytes: 52348/64356

input/output dropped security packets: 0/0

dropped security packet detail:

no enough memory: 0
874 CHAPTER 9: SECURITY

can't find SA: 0

queue is full: 0

authen failed: 0

invalid length: 0

replay packet: 0

too long packet: 0

invalid SA: 0

Table 13 IPSec Packet Statistics

Item Description
input/output security packets input/output packets under the security
protection
input/output security bytes input/output bytes under the security
protection
input/output discarded security packets input/output packets under the security
protection discarded by the router

encapsulation-mode Syntax
encapsulation-mode { transport | tunnel }

undo encapsulation-mode

View
IPSec proposal view

Parameter

transport: Sets that the encapsulation mode of IP packets is transport mode.

tunnel: Sets that the encapsulation mode of IP packets is tunnel mode.

Description
Using the encapsulation-mode command, you can set the encapsulation mode
that the security protocol applies to IP packets which can be transport or tunnel.
Using the undo encapsulation-mode command, you can restore it to the
default.

By default, tunnel mode is used.

There are two encapsulation modes where IPSec is used to encrypt and
authenticate IP packets: transport mode and tunnel mode. In transport mode,
IPSec does not encapsulate a new header into the IP packet. The both ends of
security tunnel is of source and destination of original packets. In tunnel mode,
IPSec protects the whole IP packet, and adds a new IP header in the front part of
the IP packet. The source and destination addresses of the new IP header are the IP
addresses of both ends of the tunnel.

Generally, the tunnel mode is used between two security gateways (routers). A
packet encrypted in a security gateway can only be decrypted in another security
IPSec Configuration Commands 875

gateway. So an IP packet needs to be encrypted in tunnel mode, that is, a new IP


header is added; the IP packet encapsulated in tunnel mode is sent to another
security gateway before it is decrypted.

The transport mode is suitable for communication between two hosts, or for
communication between a host and a security gateway (like the network
management communication between the gateway workstation and a router). In
transport mode, two devices responsible for encrypting and decrypting packets
must be the original sender and receiver of the packet. Most of the data traffic
between two security gateways is not of the security gateway’s own. So the
transport mode is not ofen used between security gateways.

The proposal used by the ipsec policies, set at both ends of the security tunnel,
must be set as having the same packet encapsulation mode.

For the related commands, see ah authentication-algorithm, ipsec proposal,


esp encryption-algorithm, esp authentication-algorithm, proposal and
transform.

Example
# Set the proposal whose name is prop2 as using the transport mode to
encapsulate IP packets.
[3Com] ipsec proposal prop2

[3Com-ipsec-proposal- prop2] encapsulation-mode transport

encrypt-card backuped Syntax


encrypt-card backuped

undo encrypt-card backuped

View
Any view

Parameter
None

Description
Using the encrypt-card backuped command, you can enable backup function
for the encryption card. Using the undo encrypt-card backuped command, you
can disable backup function for the encryption card.

This command is only available on the encryption card.

For the IPSec SA implemented by the encryption card, if the card is normal, IPSec is
processed by the card. If the card fails, backup function is enabled on the card and
the selected encryption/authentication algorithms for the SA are supported by the
IPSec module on VRP platform, IPSec shall be implemented by the IPSec module
on VRP platform. In the event that the selected algorithms are not supported by
the IPSec module, the system drops packets.
876 CHAPTER 9: SECURITY

Example
# Enable backup function for the encryption card.
[Router] encrypt-card backuped

esp Syntax
authentication-algorith
esp authentication-algorithm { md5 | sha1 }
m
undo esp authentication-algorithm

View
IPSec proposal configuration view

Parameter
md5: Use MD5 algorithm with the length of the key 128 bits.
sha1: Use SHA1 algorithm with the length of the key 160 bits.

Description
Using the esp authentication-algorithm command, you can set the
authentication algorithm used by ESP. Using the undo esp
authentication-algorithm command, you can set ESP not to authenticate
packets.

By default, MD5 algorithm is used.

MD5 is faster than SHA1, while SHA1 is securer than MD5.

ESP permits a packet to be encrypted or authenticated or both.

The encryption and authentication algorithm used by ESP cannot be set to vacant
at the same time.

The undo esp authentication-algorithm command is not used to restore the


authentication algorithm to the default; instead it is used to set the authentication
algorithm to vacant, i.e. not authentication. When the encryption algorithm is not
vacant, the undo esp authentication-algorithm command is valid.

The proposal used by the ipsec policies, set at both ends of the security tunnel,
must be set as having the same authentication algorithm.

For the related commands, see ipsec proposal, esp encryption-algorithm,


proposal, sa encryption-hex and transform.

Example
# Set a proposal that adopts ESP, and uses SHA1.
[3Com] ipsec proposal prop1

[3Com-ipsec-proposal- prop1] transform esp

[3Com-ipsec-proposal- prop1] esp authentication-algorithm sha1


IPSec Configuration Commands 877

esp Syntax
encryption-algorithm
esp encryption-algorithm { 3des | des }

undo esp encryption-algorithm

View
IPSec proposal view

Parameter

des: Data Encryption Standard (DES), a universal encryption algorithm with the
length of the key being 56 bits.

3des: 3DES (Triple DES), another universal encryption algorithm with the length of
the key being 168 bits.

Description
Using the esp encryption-algorithm command, you can set the encryption
algorithm adopted by ESP. Using the undo esp encryption-algorithm command,
you can set the ESP not to encrypt packets.

By default, DES algorithm is used.

3des can meet the requirement of high confidentiality and security, but it is
comparatively slow. And DES can satisfy the normal security requirements.

ESP permits a packet to be encrypted or authenticated or both.

The encryption and authentication methods used by ESP cannot be set to a vacant
value at the same time. The undo esp encryption-algorithm command can take
effect only if the authentication algorithm is not null.

For the related commands, see ipsec proposal, esp authentication-algorithm,


proposal, sa encryption-hex and transform.

Example
# Set ESP to use 3des.
[3Com] ipsec proposal prop1

[3Com-ipsec-proposal-prop1] transform esp

[3Com-ipsec-proposal-prop1] esp encryption-algorithm 3des

interface encrypt Syntax


interface encrypt [ slot-id ]

View
System view
878 CHAPTER 9: SECURITY

Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.

Description
Using the interface encrypt command, you can enter encryption card interface
mode.

This command is only available on the encryption card.

In encryption card interface mode, you only can the shutdown and undo
shutdown commands, respectively to shut down the encryption card or turn the
card up.

Example
# Enter the interface mode of the encryption card at slot 5/0/0.
[Router] interface encrypt 5/0/0

[Router-Encrypt5/0/0]

ipsec card-proposal Syntax


ipsec card-proposal proposal-name

undo ipsec card-proposal proposal-name

View
System view

Parameter
proposal-name: Name of the SA proposal view, a string of less than 32 characters.
It is case-sensitive.

Description
Using the ipsec card-proposal command, you can create an SA proposal for the
encryption card and enter the corresponding view. Using the undo ipsec
card-proposal command, you can delete an SA proposal of the encryption card.

This command is used in encryption card SA proposal view (the corresponding


encryption/decryption/authentication are implemented on the encryption card),
whereas the host software is also compatible with host proposal view (the ipsec
proposal command), in which the encryption/decryption/authentication are
implemented by the host. In encryption card SA proposal view, you can also
specify the slot ID of the encryption card for the SA proposal, with the use encrypt
card command, while other configurations are identical with the ipsec proposal
command.

After completing SA proposal configuration, you need to return to system view


using the quit command, so that you can initiate other configuration.
IPSec Configuration Commands 879

Example
# Create the SA proposal "card" using the encryption card at slot 5/0/0, configure
security and encryption algorithm.
[Router] ipsec card-proposal card

[Router-ipsec-card-proposal] use encrypt-card 5/0/0

[Router-ipsec-card-proposal-card] transform ah-esp

[Router-ipsec-card-proposal-card] ah authentication-algorithm sha1

[Router-ipsec-card-proposal-card] esp authentication-algorithm sha1

[Router-ipsec-card-proposal-card] esp encryption-algorithm 3des

[Router-ipsec-card-proposal-card]quit

[Router]

ipsec policy(interface Syntax


view)
ipsec policy policy-name

undo ipsec policy

View
Interface view

Parameter
policy-name: Specifies the name of an ipsec policy group applied at the interface.
The ipsec policy group with name policy-name should be configured in system
view.

Description
Using the ipsec policy(interface view) command, you can apply an ipsec policy
group with the name policy-name at the interface,. Using the undo ipsec
policy(interface view) command, you can cancel the ipsec policy group so as to
disable the IPSec function of the interface.

At an interface only one ipsec policy group can be applied. An ipsec policy group
can be applied at multiple interfaces.

When a packet is sent from an interface, it searches for each ipsec policy in the
ipsec policy group by number in an ascending order. If the packet matches an
access control list used by an ipsec policy, then this ipsec policy is used to process
the packet, otherwise it continues to search for the next ipsec policy. If the packet
does not match any of the access control lists used by all the ipsec policies, it will
be directly transmitted (that is, IPSec will not protect the packet).

To prevent transmitting any unencrypted packet from the interface, it is necessary


to use the firewall together with IPSec; the firewall is for dropping all the packets
that do not need to be encrypted.

For the related command, see ipsec policy(system view).


880 CHAPTER 9: SECURITY

Example
# Apply an ipsec policy whose name is policy1 to interface Serial 4/1/2.
[3Com] interface serial 4/1/2/

[3Com-Serial4/1/2] ipsec policy policy1

ipsec policy (system Syntax


view)
ipsec policy policy-name seq-number [ manual | isakmp [ template template-name ] ]

undo ipsec policy policy-name [ seq-number ]

View
System view

Parameter

policy-name: Name of the ipsec policy. The naming rule is: the length of the name
is 1 to 15 characters, the name is case insensitive and the characters can be
English characters or numbers, cannot include “-”.

seq-number: Sequence number of the ipsec policy, ranging 1 to 10000, with lower
value indicating higher sequence priority.

manual: Sets up SA manually.

isakmp: Sets up SA through IKE negotiation.

template: Dynamically sets up SA by using policy template. The policy-name


discussed here will reference template-name which is a created policy template
thus named.

template-name: Name of the template.

Description
Using the ipsec policy command, you can establish or modify an ipsec policy, and
enter ipsec policy view. Using the undo ipsec policy policy-name command, you
can delete an ipsec policy group whose name is policy-name. Using the undo
ipsec policy policy-name seq-number command. you can delete an ipsec policy
whose name is policy-name and sequence number is seq-number.

By default, no ipsec policy exists.

To establish an ipsec policy, it is necessary to specify the negotiation mode


(manual or isakmp). To modify the ipsec policy, it is not necessary to specify a
negotiation mode.

Once the ipsec policy is established, its negotiation mode cannot be modified. For
example, if an ipsec policy is established in manual mode it cannot be changed to
isakmp mode--this ipsec policy must be deleted and then recreated, if
appropriate, with the negotiation mode being isakmp.

Ipsec policies with the same name constitute an ipsec policy group. The name and
sequence number are used together to define a unique ipsec policy. In an ipsec
IPSec Configuration Commands 881

policy group, at most 100 ipsec policies can be set. In an ipsec policy, the smaller
the sequence number of an ipsec policy is, the higher is its preference. Apply an
ipsec policy group at an interface means applying all ipsec policies in the group
simultaneously, so that different data streams can be protected by adopting
different SAs.

Using the ipsec policy policy-name seq-number isakmp template


template-name command, you can establish an ipsec policy according the
template through IKE negotiation. Before using this command, the template
should have been created. During the negotiation and policy matching, the
parameters defined in the template should be compliant, the other parameters are
decided by the initiator. The proposal must be defined in policy template, other
parameters are optional.

Note that IKE will not use a policy with a template argument to initiate a
negotiation. Rather, it uses such a policy to response the negotiation initiated by
its peer.

For the related commands, see ipsec policy (interface view), security acl, tunnel
local, tunnel remote, sa duration, proposal, display ipsec policy, ipsec
policy-template, and ike-peer.

Example
# Set an ipsec policy whose name is newpolicy1, sequence number is 100, and
negotiation mode is isakmp.
[3Com] ipsec policy newpolicy1 100 isakmp

[3Com-ipsec-policy-isakmp-newpolicy1-100]

ipsec policy-template Syntax


ipsec policy-template policy-name seq-number

undo ipsec policy-template policy-name [ seq-number ]

View
System view

Parameter

policy-name: Name of the ipsec policy. The naming rule is as follows: length is 1 to
15 bytes, the name is case insensitive and the characters can be English characters
or numbers, cannot include “-”.

seq-number: Serial number of the ipsec policy, ranging 1 to 10000. In one ipsec
policy group, the smaller the serial number of the ipsec policy, the higher the
preference.

Description
Using the ipsec policy-template command, you can establish or modify an ipsec
policy template, and enter ipsec policy view. Using the undo ipsec
policy-template policy-name command, you can delete the ipsec policy group
named policy-name. Using the undo ipsec policy-template policy-name
882 CHAPTER 9: SECURITY

seq-number command, you can delete an ipsec policy with the name
policy-name and the serial number seq-number.

By default, no ipsec policy template exists.

A policy template that has been created with the name being template-name can
be referenced by the ipsec policy policy-name seq-number isakmp template
template-name command to create an IPSec policy.

The IPSec policy template and the security policy of IPSec IPSAMP negotiation
share the same kinds of arguments, including the referenced IPSec proposal, the
protected traffic, PFS feature, lifetime, and the address of the remote tunnel end.
However, you should note that the proposal argument is compulsory to be
configured whereas other arguments are optional. If an IPSec policy template is
used for the policy match operation undertaken in an IKE negotiation, the
configured arguments must be matched, and the settings of the initiator will be
used if the corresponding arguments have not been configured.

For the related commands, see ipsec policy, security acl, tunnel local, tunnel
remote, proposal, display ipsec policy, and ike-peer.

Example
# Establish an ipsec policy template with the name template1 and the serial
number 100.
[3Com] ipsec policy-template template1 100

[3Com-ipsec-policy-template- template1-100]

ipsec proposal Syntax


ipsec proposal proposal-name

undo ipsec proposal proposal-name

View
System view

Parameter
proposal-name: Name of the specified proposal. The naming rule is: the length of
the name is 1 to 15 characters, case insensitive.

Description
Using the ipsec proposal proposal-name command, you can establish or modify
a proposal named proposal-name, and enter IPSec proposal view. Using the undo
ipsec proposal proposal-name command, you can delete the proposal named
proposal-name.

By default, no proposal exists.

This proposal is a combination of the security protocol, encryption and


authentication algorithm and packet encapsulation format for implementing IPSec
protection.
IPSec Configuration Commands 883

An ipsec policy determines the protocol, algorithm and encapsulation mode to be


adopted by the use of the proposal. Before the ipsec policy uses a proposal, this
proposal must have already been set up.

After a new IPSec proposal is established by using the ipsec proposal command,
the ESP protocol, DES encryption algorithm and MD5 authentication algorithm are
adopted by default.

For the related commands, see ah authentication-algorithm, esp


encryption-algorithm, esp authentication-algorithm, encapsulation-mode,
proposal, display ipsec proposal and transform.

Example
# Establish a proposal named newprop1.
[3Com] ipsec proposal newprop1

ipsec sa global-duration Syntax


ipsec sa global-duration { time-based seconds | traffic-based kilobytes }

undo ipsec sa global-duration { time-based | traffic-based }

View
System view

Parameter

time-based seconds: Time-based global SA duration in second, ranging 30 to


604800 seconds. It is 3600 seconds (1 hour) by default.

traffic-based kilobytes: Traffic-based global SA duration in kilobyte, ranging 256


to 4194303 kilobytes. It is 1843200 kilobytes by default and when the traffic
reaches this value, the duration expires.

Description
Using the ipsec sa global-duration command, you can set a global SA duration.
Using the undo ipsec sa global-duration command, you can restore to the
default setting of the global SA duration.

When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration
specified by this command to negotiate with the peer. If the IPSec policy is
configured with its own duration, the system will use the duration of the IPSec
policy to negotiate with the peer. When IKE negotiates to set up an SA for IPSec,
the smaller one of the lifetime set locally and that proposed by the remote is
selected.

There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA,
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first the SA will become invalid. Before the SA is about to become
884 CHAPTER 9: SECURITY

invalid IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.

Modifying the global SA duration will not affect a map that has individually set up
its own SA duration, or an SA already set up. But the modified global SA duration
will be used to set up a new SA in the future IKE negotiation.

The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.

For the related commands, see sa duration and display ipsec sa duration.

Example
# Set the global SA duration to 2 hours.
[3Com] ipsec sa global-duration time-based 7200

# Set the global SA duration to 10M bytes transmitted.

[3Com] ipsec sa global-duration traffic-based 10000

pfs Syntax
pfs { dh-group1 | dh-group2 }

undo pfs

View
IPSec policy view, IPSec policy template view

Parameter

dh-group1: Specifies that the 768-bit Diffie-Hellman group is used.

dh-group2: Specifies that the 1024-bit Diffie-Hellman group is used.

Description
Using the pfs command, you can set the Perfect Forward Secrecy (PFS) feature for
the IPSec policy to initiate the negotiation. Using the undo pfs command, you can
set not to use the PFS feature during the negotiation.

By default, no PFS feature is used.

The command is used to add a PFS exchange process when IPSec uses the ipsec
policy to initiate a negotiation. This additional key exchange is performed during
the phase 2 negotiation to enhance the communication’s safety. The DH group
specified by the local and remote ends must be consistent, otherwise the
negotiation will fail.

Can this command be used only when the security alliance is established through
IKE style.

For the related commands, see ipsec policy-template, ipsec policy(system


view), ipsec policy(interface view), tunnel local, tunnel remote, sa duration
and proposal.
IPSec Configuration Commands 885

Example
# Set that PFS must be used when negotiating through ipsec policy shanghai 200.
[3Com] ipsec policy shanghai 200 isakmp

[3Com-ipsec-policy-isakmp-shanghai-200] pfs group1

proposal Syntax
proposal proposal-name1 [ proposal-name2...proposal-name6 ]

undo proposal [ proposal-name ]

View
IPSec policy view, IPSec policy template view

Parameter
proposal-name1,…, proposal-name6: Name of the proposals adopted.

Description
Using the proposal command, you can set the proposal used by the IPSec policy.
Using the undo proposal command, you can cancel the proposal used by the
IPSec policy.

By default, no proposal is used.

Before using this command, the corresponding IPSec proposal must has been
configured.

If set up in manual mode, an SA can only use one proposal. If a proposal is


already set, it needs to be deleted by using the undo proposal command before a
new one can be set.

If set up in isakmp mode, an SA can use six proposals at most. IKE negotiation will
search for the matching proposal at both ends of the security tunnel.

If it is the IPSec template, each template can use six proposals at most, and the IKE
negotiation will search for the matching proposal.

For the related commands, see ipsec proposal, ipsec policy(system view), ipsec
policy(interface view), security acl, tunnel local and tunnel remote.

Example
# Set a proposal with name prop1, adopting ESP and the default algorithm, and
sets an IPSec policy as using a proposal name prop1.
[3Com] ipsec proposal prop1

[3Com-ipsec-proposal-prop1] transform esp

[3Com-ipsec-proposal-prop1] quit

[3Com] ipsec policy policy1 100 manual

[3Com-ipsec-policy-manual-policy1-100] proposal prop1


886 CHAPTER 9: SECURITY

reset counters encrypt Syntax


reset counters encrypt [ slot-id ]

View
User view

Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.

Description
Using the reset counters encrypt command, you can clear the statistics on the
encryption card.

This command is only available on the encryption card.

The statistics record all the information starting from normal operation of the
encryption card, while system debugging requires statistics of a specific time
period for fault analysis. Then you may need to reset the existing statistics and get
the statistics of a required time period.

For the related commands, see ipsec card-proposal and display encrypt-card
sa.

Example
# Clear the statistics on the encryption card on the slot 5/0/0.
[Router] reset counters encrypt-card 5/0/0

reset encrypt-card sa Syntax


reset encrypt-card sa [ slot-id ]

View
User view

Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.

Description
Using the reset encrypt-card sa command, you can clear the SAs on the
encryption card.

This command is only available on the encryption card.

You may need to clear the SA database information stored on the encryption card,
to output only the required information during debugging.

For the related commands, see ipsec card-proposal and display encrypt-card
sa.
IPSec Configuration Commands 887

Example

# Clear the SAs on the encryption card on the slot 5/0/0.


[Router] reset encrypt-card sa 5/0/0

reset encrypt-card Syntax


statistics reset encrypt-card statistics [ slot-id ]

View
User view

Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.

Description
Using the reset encrypt-card statistics command, you can clear the statistics
during processing of the encryption card.

This command is only available on the encryption card.

The statistics record all the protocol processing information from the last
rebooting, including counts of incoming/outgoing ESP/AH packets, dropped
packets, failed authentications, erroneous SAs, invalid SA proposals, invalid
protocols.

For the related command, see display encrypt-card statistic.

Example
# Clear the processing statistics on the encryption card on the slot 5/0/0.
[Router] reset encrypt-card statistic 5/0/0

reset encrypt-card syslog Syntax


reset encrypt-card syslog [ slot-id ]

View
User view

Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.

Description
Using the reset encrypt-card syslog command, you can clear all the logging
information on the encryption card.

This command is only available on the encryption card.


888 CHAPTER 9: SECURITY

The encryption card records all logging history information. And all the
information (including those obsolete items) shall be reported for every query,
which imposes somewhat difficulties to log monitoring and locating. Then you
may need to clear the log buffer of the encryption card.

For the related commands, see display encrypt-card syslog.

Example

# Clear all the logging information on the encryption card on the slot 5/0/0.

[Router] reset encrypt-card syslog 5/0

reset ipsec sa Syntax


reset ipsec sa [ remote ip-address | policy policy-name [ seq-number ] | parameters
dest-addr protocol spi ]

View
User view

Parameter

remote ip-address: Specifies remote address, in dotted decimal format.

policy: Specifies the IPSec policy.

policy-name: Specifies the name of the IPSec policy. The naming rule is as follows:
length is 1 to 15 characters, case sensitive, and the character can be English
character or number.

seq-number: Optional parameter specifying the serial number of the ipsec policy. If
no seq-number is specified, the IPSec policy refers to all the policies in the IPSec
policy group named policy-name.

parameters: Defines a Security Association (SA) by the destination address,


security protocol and SPI.

dest-address: Specifies the destination address in the dotted decimal IP address


format.

protocol: Specifies the security protocol by inputting the key word ah or esp, case
insensitive. ah indicates the Authentication Header protocol and esp indicates
Encapsulating Security Payload.

spi: Specifies the security parameter index (SPI), ranging 256 to 4294967295.

Description
Using the reset ipsec sa command, you can delete an SA already set up (manually
or through IKE negotiation). If no parameter (remote, policy, parameters) is
specified, all the SA will be deleted.

An SA is uniquely identified by a triplet of IP address, security protocol and SPI. A


SA can be set up either manually or through Internet Key Exchange (IKE)
negotiation.
IPSec Configuration Commands 889

If an SA set up manually is deleted, the system will automatically set up a new SA


according to the parameter manually set up.

If a packet re-triggers IKE negotiation after an SA set up through IKE negotiation is


deleted, IKE will reestablish an SA through negotiation.

The keyword parameters will take effect only after the spi of the outbound SA is
defined. Because SAs appear in pairs, the inbound SA will also be deleted after the
outbound SA is deleted.

For the related command, see display ipsec sa.

Example
# Delete all the SAs.
<3Com> reset ipsec sa

# Delete an SA whose remote IP address is 10.1.1.2.

<3Com> reset ipsec sa remote 10.1.1.2

# Delete all the SAs in policy1.

<3Com> reset ipsec sa policy policy1

# Delete the SA of the ipsec policy with the name policy1 and the serial number
10.

<3Com> reset ipsec sa policy policy1 10

# Delete an SA whose remote IP address is 10.1.1.2, security protocol is AH, and


SPI is 10000

<3Com> reset ipsec sa parameters 10.1.1.2 ah 10000

reset ipsec statistics Syntax


reset ipsec statistics

View
User view

Parameter
none

Description
Using the reset ipsec statistics command, you can clear IPSec message statistics,
and set all the statistics to zero.
For the related command, see display ipsec statistics.

Example
# Clear IPSec message statistics.
<3Com> reset ipsec statistics
890 CHAPTER 9: SECURITY

sa authentication-hex Syntax
sa authentication-hex { inbound | outbound } { ah | esp } hex-key

undo sa authentication-hex { inbound | outbound } { ah | esp }

View
IPSec policy view in manual mode

Parameter

inbound: Configures the authentication-hex parameter for the inbound SA. IPSec
uses the inbound SA for processing the packet in the inbound direction (received).

outbound: Configures the authentication-hex parameter for the outbound SA.


IPSec uses the outbound SA for processing the packet in the outbound direction
(sent).

ah: Sets the authentication-hex parameter for the SA using AH. If the IPSec
proposal used by the ipsec policy adopts AH, the ah key word is used here to set
the AH relevant parameter of the SA.

esp: Sets the authentication-hex parameter for the SA using ESP. If the IPSec
proposal used by the ipsec policy adopts ESP, the esp key word is used here to set
the ESP relevant parameter of the SA.

hex-key: Specifies a key for the SA input in the hex format. If MD5 is used, then
input a 16-byte key; if SHA1 is used, input a 20-byte key.

Description
Using the sa authentication-hex command, you can set the SA authentication
key manually for the ipsec policy of manual mode. Using the undo sa
authentication-hex command, you can delete the SA authentication key already
set.

This command is only used for the ipsec policy in manual mode.

For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually. IKE will automatically negotiate the SA parameter and establish a SA.

When configuring the SA of manual mode, the SA parameters of inbound and


outbound directions must be set separately.

The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.

There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.
IPSec Configuration Commands 891

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.

Example
# Set SPI of the inbound SA to 10000, key to
0x112233445566778899aabbccddeeff00; sets the SPI of the outbound SA to
20000, and its key to 0xaabbccddeeff001100aabbccddeeff00 in the ipsec policy
using AH and MD5.
[3Com] ipsec proposal prop_ah

[3Com-ipsec-proposal-prop_ah] transform ah

[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5

[3Com-ipsec-proposal-prop_ah] quit

[3Com] ipsec policy tianjin 100 manual

[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah

[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000

[3Com-ipsec-policy-manual-tianjin-100] sa authentication-key inbound ah


112233445566778899aabbccddeeff00

[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000

[3Com-ipsec-policy-manual-tianjin-100] sa authentication-key outbound ah


aabbccddeeff001100aabbccddeeff00

sa duration Syntax
sa duration { traffic-based kilobytes | time-based seconds }

undo sa duration { traffic-based | time-based }

View
IPSec policy view, IPSec policy template view

Parameter

time-based seconds: Time-based SA duration in second, ranging 30 to 604800


seconds. It is 3600 seconds (1 hour) by default.

traffic-based kilobytes: Traffic-based SA duration in kilobyte, ranging 256 to


4194303 kilobytes. It is 1843200 kilobytes by default.

Description
Using the sa duration command, you can set a SA duration of the ipsec policy.
Using the undo sa duration command, you can cancel the SA duration, i.e.,
restore the use of the global SA duration.

When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration to
negotiate with the peer. If the IPSec policy is configured with its own duration, the
system will use the duration of the IPSec policy to negotiate with the peer. When
892 CHAPTER 9: SECURITY

IKE negotiates to set up an SA for IPSec, the shorter one of the lifetime set locally
and that proposed by the remote is selected.

There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first, the SA will become invalid. Before the SA is about to become
invalid, IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.

The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.

For the related commands, see ipsec sa global-duration, ipsec policy(system


view), ipsec policy(interface view), security acl, tunnel local, tunnel remote
and proposal.

Example
# Set the Sa duration for the ipsec policy shenzhen 100 to 2 hours, that is, 7200
seconds.
[3Com] ipsec policy shenzhen 100 isakmp

[3Com-ipsec-policy-isakmp-shenzhen-100] sa duration time-based 7200

# Set the Sa duration for the ipsec policy shenzhen 100 to 20M bytes, that is, the
SA is overtime when the traffic exceeds 20000 kilobytes.

[3Com] ipsec policy shenzhen 100 isakmp

[3Com-ipsec-policy-isakmp-shenzhen-100] sa duration traffic-based 20000

sa encryption-hex Syntax
sa encryption-hex { inbound | outbound } esp hex-key

undo sa encryption-hex { inbound | outbound } esp

View
IPSec policy view in manual mode

Parameter

inbound: Sets the encryption-hex parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).

outbound: Sets the encryption-hex parameter for outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).

esp: Sets the encryption-hex parameter for the SA using ESP. If the IPSec proposal
used by the ipsec policy adopts ESP, the esp key word is used here to set the ESP
relevant parameter of the SA.

hex-key: Specifies a key for the SA input in the hex format. When applied in ESP, if
DES is used, then input a 8-byte key; if 3DES is used, then input a 24-byte key.
IPSec Configuration Commands 893

Description
Using the sa encryption-hex command, you can set the SA encryption key
manually for the ipsec policy of manual mode. Using the undo sa
encryption-hex command, you can delete the SA parameter already set.

This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.

For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish an SA.

When configuring the SA of manual mode, the SA parameters of inbound and


outbound directions must be set separately.

The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.

Example
# Set the SPI of the inbound SA to 10000, and the key to 0x1234567890abcdef;
set the SPI of the outbound SA to 20000, and its key to 0xabcdefabcdef1234 in
the ipsec policy using ESP and DES.
[3Com] ipsec proposal prop_esp

[3Com-ipsec-proposal-prop_esp] transform esp

[3Com-ipsec-proposal-prop_esp] ah encryption-algorithm des

[3Com-ipsec-proposal-prop_esp] quit

[3Com] ipsec policy tianjin 100 manual

[3Com-ipsec-policy-manual-tianjin-100] proposal prop_esp

[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound esp 1001

[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex inbound esp 1234567890abcdef

[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound esp 2001

[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex outbound esp


abcdefabcdef1234

sa spi Syntax
sa spi { inbound | outbound } { ah | esp } spi-number

undo sa spi { inbound | outbound } { ah | esp }

View
IPSec policy view in manual mode
894 CHAPTER 9: SECURITY

Parameter

inbound: Sets the spi parameter for the inbound SA. IPSec uses the inbound SA
for processing the packet in the inbound direction (received).

outbound: Sets the spi parameter for outbound SA. IPSec uses the outbound SA
for processing the packet in the outbound direction (sent).

ah: Sets the spi parameter for the SA using AH. If the IPSec proposal set used by
the ipsec policy adopts AH, the ah key word is used here to set the spi relevant
parameter of the SA.

esp: Sets the spi parameter for the SA using ESP. If the IPSec proposal set used by
the ipsec policy adopts ESP, the esp key word is used here to set the spi relevant
parameter of the SA.

spi-number: Security Parameter Index (SPI) in the triplet identification of the SA,
ranging 256 to 4294967295. The triplet identification of the SA, which appears as
SPI, destination address, and protocol number, must be unique.

Description
Using the sa spi command, you can set the SA SPI manually for the ipsec policy of
manual mode. Using the undo sa spi command, you can delete the SA SPI
already set.

This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.

For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.

When configuring the SA of manual mode, the SA parameters of inbound and


outbound directions must be set separately.

The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.

Example
# Set the SPI of the inbound SA to 10000, set the SPI of the outbound SA to
20000, in the ipsec policy using AH and MD5.
[3Com] ipsec proposal prop_ah

[3Com-ipsec-proposal-prop_ah] transform ah

[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5

[3Com-ipsec-proposal-prop_ah] quit

[3Com] ipsec policy tianjin 100 manual


IPSec Configuration Commands 895

[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah

[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000

[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000

sa string-key Syntax
sa string-key { inbound | outbound } { ah | esp } string-key

undo sa string-key { inbound | outbound } { ah | esp }

View
IPSec policy view in manual mode

Parameter

inbound: Sets the string-key parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).

outbound: Sets the string-key parameter for the outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).

ah: Sets the string-key parameter for the SA using AH. If the IPSec proposal set
used by the ipsec policy adopts AH, the ah key word is used here to set the
string-key relevant parameter of the SA.

esp: Sets the string-key parameter for the SA using ESP. If the IPSec proposal set
used by the ipsec policy adopts ESP, the esp key word is used here to set the
string-key relevant parameter of the SA.

string-key: Specifies the key for an SA input in the character string format, with a
length ranging 1 to 256 characters. For different algorithms, you can input
character strings of any length in the specified range, and the system will generate
keys meeting the algorithm requirements automatically according to the input
character strings. As for ESP, the system will automatically generate the key for the
authentication algorithm and that for the encryption algorithm at the same time.

Description
Using the sa string-key command, you can set the SA parameter manually for
the ipsec policy of manual mode. Using the undo sa string-key command, you
can delete the SA parameter already set.

This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.

For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.

When configuring the SA of manual mode, the SA parameters of inbound and


outbound directions must be set separately

The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
896 CHAPTER 9: SECURITY

output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.

There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.

Example
# Set the SPI of the inbound SA to 10000, and the key string to abcdef; sets the
SPI of the outbound SA to 20000, and its key string to efcdab in the ipsec policy
using AH and MD5.
[3Com] ipsec proposal prop_ah

[3Com-ipsec-proposal-prop_ah] transform ah

[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5

[3Com-ipsec-proposal-prop_ah] quit

[3Com] ipsec policy tianjin 100 manual

[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah

[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000

[3Com-ipsec-policy-manual-tianjin-100] sa string-key abcdef

[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000

[3Com-ipsec-policy-manual-tianjin-100] sa string-key efcdab

security acl Syntax


security acl acl-number

undo security acl

View
IPSec policy view, IPSec policy template view

Parameter
acl-number: Specifies the number of the access control list used by the ipsec
policy, ranging 100 to199.

Description
Using the security acl command, you can set an access control list to be used by
the ipsec policy. Using the undo security acl command, you can remove the
access control list used by the ipsec policy.

By default, no ACL has been specified for the IPSec policies.


IPSec Configuration Commands 897

The data flow that will be protected by the IPSec policy is confined by the ACL in
this command. According to the rules in the ACL, IPSec determines which packets
need security protection and which do not. The packet permitted by the access
control list will be protected, and a packet denied by the access control list will not
be protected. The denied packets are sent out derectly without IPSec protection.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), tunnel local, tunnel remote, sa duration and proposal.

Example
# Set the ipsec policy as using access control list 101.
[3Com] acl number 101

[3Com-acl-adv-101] rule permit tcp source 10.1.1.1 0.0.0.255 destination 10.1.1.2


0.0.0.255

[3Com] ipsec policy beijing 100 manual

[3Com-ipsec-policy-manual-beijing-100] security acl 101

snmp-agent trap enable Syntax


encrypt-card snmp-agen trap enable encrypt-card
undo snmp-agen trap enable encrypt-card

View
System view

Parameter
None

Description
Using the snmp-agen trap enable encrypt-card command, you can enable
SNMP agent trap function on the encryption card. Using the undo snmp-agent
trap enable encrypt-card command, you can disable SNMP agent trap function
on the card.

By default, no ACL has been specified for the IPSec policies.

When combined with appropriate NM configuration, the trap function allow you
to view the information about card rebooting, status transition and packet loss
processing on the Console of the NM station or router.

Example
# Enable the trap function on the encryption card.
[Router]snmp-agent trap enable encrypt-card

transform Syntax
transform { ah | ah-esp | esp }

undo transform
898 CHAPTER 9: SECURITY

View
IPSec proposal view

Parameter

ah: Uses AH protocol specified in RFC2402.

ah-esp: Uses ESP specified in RFC2406 to protect the packets and then use AH
protocol specified in RFC2402 to authenticate packets.

esp: Uses ESP specified in RFC2406.

Description
Using the transform command, you can set a security protocol used by a
proposal. Using the undo transform command, you can restore the default
security protocol.

By default, esp, that is, the ESP specified in RFC2406 is used.

If ESP is adopted, the default encryption algorithm is DES and the authentication
algorithm is MD5.

If AH is adopted, the default authentication algorithm is MD5.

If the parameter ah-esp is specified, the default authentication algorithm for AH is


MD5 and the default encryption algorithm for ESP is DES without authentication.

AH protocol provides data authentication, data integrity check and anti-replay


function.

ESP protocol provides data authentication, data integrity check, anti-replay


function and data encryption.

While establishing an SA manually, the proposals used by the ipsec policy set at
both ends of the security tunnel must be set as using the same security protocol.

The following figure illustrates the data encapsulation formats of different security
protocols in the transport mode and the tunnel mode.

Figure 1 Data encapsulation formats of security protocols

Transfer
Security mode transport tunnel
protocol
ah IP AH data IP AH IP data

esp IP ESP data ESP-T IP ESP IP data ESP-T

ah-esp IP AH ESP data ESP-T IP AH ESP IP data ESP-T

“data” in the figure is the original IP datagram.


IPSec Configuration Commands 899

For the related commands, see ah authentication-algorithm, ipsec proposal,


esp encryption-algorithm, esp authentication-algorithm,
encapsulation-mode and proposal.

Example
# Set a proposal using AH.
[3Com] ipsec proposal prop1

[3Com-ipsec-proposal-prop1] transform ah

tunnel local Syntax


tunnel local ip-address

undo tunnel local

View
IPSec policy view in Manual mode

Parameter
ip-address: Local address in dotted decimal format.

Description
Using the tunnel local command, you can set the local address of an ipsec policy.
Using the undo tunnel local command, you can delete the local address set in
the ipsec policy.

By default, the local address of an ipsec policy is not configured.

It is not necessary to set a local address for an ipsec policy in isakmp mode, so this
command is invalid in this situation. IKE can automatically obtain the local address
from the interface where this ipsec policy is applied.

As for the ipsec policy in manual mode, it is necessary to set the local address
before the SA can be established. A security tunnel is set up between the local and
remote end, so the local address and remote address must be correctly configured
before a security tunnel can be set up.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel remote, sa duration and proposal.

Example
# Set the local address for the ipsec policy, which is applied at serial 4/1/2 whose IP
address is 10.0.0.1.
[3Com] ipsec policy guangzhou 100 manual

[3Com-ipsec-policy-manual-guangzhou-100] tunnel local 10.0.0.1

[3Com-ipsec-policy-manual-guangzhou-100] quit

[3Com] interface serial 4/1/2

[3Com-if-Serial4/1/2] ipsec policy guangzhou


900 CHAPTER 9: SECURITY

tunnel remote Syntax


tunnel remote ip-address

undo tunnel remote [ ip-address ]

View
Manually-established IPSec policy view

Parameter
ip-address: Remote address in dotted decimal format.

Description
Using the tunnel remote command, you can set the remote address of an ipsec
policy. Using the undo tunnel remote command, you can delete the remote
address in the ipsec policy.

By default, the remote address of an ipsec policy is not configured.

For the ipsec policy in manual mode, only one remote address can be set. If a
remote address is already set, this existing address must be deleted before a new
one can be set.

The security tunnel is established between the local and remote ends. The remote
address must be set correctly on both ends of the security tunnel.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, sa duration, proposal.

Example
# Set the remote address of the ipsec policy to 10.1.1.2.
[3Com] ipsec policy shanghai 10 manual

[3Com-ipsec-policy-shanghai-10] tunnel remote 10.1.1.2

use encrypt-card Syntax


use encrypt-card [ slot-id ]
undo use encrypt-card [ slot-id ]

View
Card SA proposal view

Parameter
slot-id: Slot ID for the encryption card, whose range depends on the slot
number on the router. It is in 3-dimentional format, for example, x/y/z, where x
stands for slot ID on the router, y and z are fixed to 0 for the encryption card.

Description
Using the use encrypt-card command, you can specify the SA proposal uses the
encryption card at a designated slot. Using the undo use encrypt-card
command, you can remove the configuration.
IPSec Configuration Commands 901

By default, no ACL has been specified for the IPSec policies.

One SA proposal can only be processed by a single encryption card, but one single
encryption card can process different SA proposals.

For the related command, see ipsec card-proposal.

Example
Refer to the example of the ipsec card-proposal command.

ah Syntax
authentication-algorith
ah authentication-algorithm { md5 | sha1 }
m
undo ah authentication-algorithm

View
IPSec proposal view

Parameter

md5: MD5 algorithm is adopted.

sha1: SHA1 algorithm is adopted.

Description
Using the ah authentication-algorithm command, you can set the
authentication algorithm adopted by Authentication Header protocol in IPSec
proposal. Using the undo ah authentication-algorithm command, you can
restore the default setting.

By default, the md5 authentication algorithm is adopted by Authentication


Header protocol in IPSec proposal.

AH proposal can’t be used to encrypt, but to authenticate.

MD5 algorithm uses the 128-bit key, and SHA1 uses the 160-bit key. By
comparison, MD5 is faster than SHA1, while SHA1 is securer than MD5.

The IPSec proposal adopted by the security policy at both ends of the security
tunnel must be set as using the same authentication algorithm.

Can the AH authentication algorithm be configured only if AH or AH-ESP security


protocol was selected by executing the transform command.

For the related commands, see ipsec proposal, proposal, sa sip and transform.

Example
# Set IPSec proposal using AH and SHA1.
[3Com] ipsec proposal prop1

[3Com-ipsec-proposal- prop1] transform ah

[3Com-ipsec-proposal- prop1] ah authentication-algorithm sha1


902 CHAPTER 9: SECURITY

debugging ipsec Syntax


debugging ipsec { all | sa | misc | packet [ policy policy-name [ seq-number ] | parameters
ip-address protocol spi-number ] | misc }

undo debugging ipsec { all | sa | misc | packet [ policy policy-name [ seq-number ] |


parameters ip-address protocol spi-number ] | misc }

View
User view

Parameter

all: Displays all debugging information.

sa: Displays debugging information of SA.

packet: Displays debugging information of IPSec packets.

policy policy-name: Displays debugging information of IPSec policy whose name is


policy-name.

seq-number: Displays debugging information of IPSec policy whose sequence


number is seq-number.

parameters: Displays debugging information of a SA whose remote address is


ip-address, Security protocol is protocol, and SPI is spi-number.

misc: Displays other debugging information of IPSec.

Description
Using the debugging ipsec command, you can turn IPSec debugging on, Using
the undo debugging ipsec command, you can turn IPSec debugging off.

By default, IPSec debugging is off.

Example
# Enable IPSec SA debugging function.
<3Com> debugging ipsec sa

display ipsec policy Syntax


display ipsec policy [ brief | name policy-name [ seq-number ] ]

View
Any view

Parameter

brief: Displays brief information about all the ipsec policies.

name: Displays information of the ipsec policy with the name policy-name and
sequence number seq-number.
IPSec Configuration Commands 903

policy-name: Name of an ipsec policy.

seq-number: Sequence number of an ipsec policy.

If no argument has been specified, the details of all the IPSec policies will be
displayed. If name policy-name has been specified but seq-number has not, the
information of the specified IPSec policy group will be listed out.

Description
Using the display ipsec policy command, you can view information about the
ipsec policy.

The brief keyword is used for displaying brief information about all the ipsec
policies, whose display format is the brief format (see the following example). The
brief command can be used to quickly display all the ipsec policies. Brief
information includes, name and sequence number, negotiation mode, access
control list, proposal, local address, and remote address.

The other command words are used to display the detailed information about the
ipsec policy, whose display format is the detailed format (refer to the following
example).

For the related commands, see ipsec policy(system view).

Example
# View brief information about all the ipsec policies.
<3Com> display ipsec policy brief

Ipsec-policy-Name Mode acl Local Address Remote Address

policy1-100 manual 100 150.1.1.2 150.1.1.1

test-300 isakmp 120 202.38.160.66

Table 14 Brief information of IPSec policy

Item Description
Ipsec-policy-Name name and sequence number of an ipsec policy
Mode negotiation method used by an ipsec policy
acl access control list used by an ipsec policy
Local Address local IP address
Remote Address remote IP address

# View information about all the ipsec policies

[3Com] display ipsec policy

===========================================

IPsec Policy Group: "policy_isakmp"

Using interface: {Ethernet1/0/0}

===========================================

--------------------------------------------
904 CHAPTER 9: SECURITY

IPsec policy name: "policy_isakmp"

sequence number: 10

mode: isakmp

--------------------------------------------

security data flow : 100

tunnel remote address: 162.105.10.2

PFS (Y/N): N

proposal name: prop1

ipsec sa local duration(time based): 3600 seconds

ipsec sa local duration(traffic based): 1843200 kilobytes

===========================================

IPsec Policy Group: "policy_man"

Using interface: {Ethernet1/0/1}

===========================================

-----------------------------------------

IPsec policy name: "policy_man"

sequence number: 10

mode: manual

-----------------------------------------

security data flow : 100

tunnel local address: 162.105.10.1

tunnel remote address: 162.105.10.2

proposal name: prop1

inbound ah setting:

ah spi: 12345 (0x3039)

ah string-key:

ah authentication hex key : 1234567890123456789012345678901234567890

inbound esp setting:

esp spi: 23456 (0x5ba0)

esp string-key:

esp encryption hex key: 1234567890abcdef1234567890abcdef1234567812345678

esp authentication hex key: 1234567890abcdef1234567890abcdef

outbound ah setting:
IPSec Configuration Commands 905

ah spi: 54321 (0xd431)

ah string-key:

ah authtication hex key: 1122334455667788990011223344556677889900

outbound esp setting:

esp spi: 65432 (0xff98)

esp string-key:

esp encryption hex key: 11223344556677889900aabbccddeeff1234567812345678

esp authentication hex key: 11223344556677889900aabbccddeeff

Table 15 Detailed information of IPSec ipsec policy

Item Description
ipsec policy name, sequence number and negotiation method of an ipsec
policy
security data flow access control list used by an ipsec policy
proposal name name of the proposal used by an ipsec policy
inbound/outbound settings of inbound/outbound ends using AH/ESP, including SPI
ah/esp setting and key
tunnel Local Address local IP address
tunnel Remote Address remote IP address
PFS (Y/N) Whether using PFS(Perfect Forward Security) or not

display ipsec Syntax


policy-template
display ipsec policy-template [ brief | name template-name [ seq-number ] ]

View
Any view

Parameter

brief: Displays brief information about all the ipsec policy templates.

name: Displays information of the ipsec policy template with the name
template-name and sequence number seq-number.

template-name: Name of an ipsec policy template.

seq-number: Sequence number of an ipsec policy template. If seq-number is not


specified, then the information about all the ipsec policy templates named
template-name is shown.

If no parameter is specified, then the detail information about all the ipsec policy
templates will be displayed. If name template-name has been specified but
seq-number has not, the information of the specified IPSec policy template group
will be listed out.
906 CHAPTER 9: SECURITY

Description
Using the display ipsec policy-template command, you can view information
about the ipsec policy template.

Parameter brief is for showing brief information about all the ipsec policy
templates, whose display format is the brief format (see the following example). It
can be used to quickly display all the ipsec policy templates. Brief information
includes, template name and sequence number, access control list, and remote
address.

Any of the sub-commands can be used to display detail information of the IPSec
policy template.

For the related commands, see ipsec policy-template.

Example
# View brief information about all the ipsec policy templates.
[3Com] display ipsec policy-template brief

Policy-template-Name acl Remote-Address

------------------------------------------------------

test-tplt300 120

Table 16 Brief information of IPSec policy template

Item Description
Policy-template-Name name, sequence number of an ipsec policy template
acl access control list used by an ipsec policy template
Remote Address remote IP address

display ipsec proposal Syntax


display ipsec proposal [ proposal-name ]

View
Any view

Parameter
proposal-name: Name of the proposal.

Description
Using the display ipsec proposal command, you can view information about the
proposal.

If the name of the proposal is not specified, then information about all the
proposals will be shown.

For the related commands, see ipsec proposal, display ipsec sa and display
ipsec policy.
IPSec Configuration Commands 907

Example
# View all the proposals.
[3Com] display ipsec proposal

Ipsec proposal name: prop2

encapsulation mode: tunnel

transform: ah-new

ah protocol: authentication-algorithm sha1-hmac-96

Ipsec proposal name: prop1

encapsulation mode: transport

transform: esp-new

esp protocol: authentication-algorithm md5-hmac96, encryption des

Table 17 IPSec proposal information

Item Description
Ipsec proposal name name of the proposal
encapsulation mode modes used by proposal, including two types: transport mode
and tunnel mode
transform security protocols used by proposal, including two types: AH and
ESP
ah protocol the authentication-algorithm used by AH: md5 | sha1
esp protocol the authentication-algorithm and encryption method used by ESP
respectively: MD5 and DES

display ipsec sa Syntax


display ipsec sa [ brief | remote ip-address | policy policy-name [ seq-number ] | duration
]

View
Any view

Parameter

brief: Displays brief information about all the SAs.

remote: Displays information about the SA with remote address as ip-address.

ip-address: Specifys the remote address in dotted decimal format.

policy: Displays information about the SA created by the ipsec policy whose name
is policy-name.

policy-name: Specifys the name of the ipsec policy.

seq-number: Specifys the sequence number of the ipsec policy.

duration: Global sa duration to be shown.


908 CHAPTER 9: SECURITY

Description
Using the display ipsec sa command, you can view the relevant information
about the SA.

The command with brief parameter shows brief information about all the SAs,
whose display format is the brief format (refer to the following example). Brief
information includes source address, destination address, SPI, protocol, and
algorithm. A display beginning with "E" in the algorithm stands for the encryption
algorithm, and a display beginning with "A" stands for the authentication
algorithm. The brief command can be used to quickly display all the SAs already
set up.

The commands with remote and policy parameters both display the detailed
information about the SA. In display mode, part of the information about the
ipsec policy is shown first and then the detailed information of the SA in this ipsec
policy.

The command with duration parameter shows the global sa duration, including
"time-based" and "traffic-based" sa duration. Referring to the following
examples.

Information of all the SAs will be shown when no parameter is specified.

For the related commands, see reset ipsec sa, ipsec sa duration, display ipsec
sa and display ipsec policy.

Example
# View brief information about all the SAs.
<3Com> display ipsec sa brief

Src Address Dst Address SPI Protocol Algorithm

10.1.1.1 10.1.1.2 300 ESP E:DES; A:HMAC-MD5-96

10.1.1.2 10.1.1.1 400 ESP E:DES; A:HMAC-MD5-96

Table 18 Brief information of IPSec SA

Item Description
Src Address Local IP address
Dst Address Remote Ip address
SPI security parameter index
Protocol security protocol used by IPSec
Algorithm The authentication algorithm and encryption algorithm used by the
security protocol. A display beginning with "E" in the algorithm
stands for the encryption algorithm, and a display beginning with
"A" stands for the authentication algorithm.

# View the global duration of SA.

[3Com] display ipsec sa duration

ipsec sa global duration (traffic based): 1843200 kilobytes


IPSec Configuration Commands 909

ipsec sa global duration (time based): 3600 seconds

# View information of all the SAs.

[3Com] display ipsec sa

===============================

Interface: Ethernet1/0/0

path MTU: 1500

===============================

----------------------------------

IPsec policy name: "policy_isakmp"

sequence number: 10

mode: isakmp

----------------------------------

connection id: 4

in use settings = {tunnel}

tunnel local : 162.105.10.1

tunnel remote : 162.105.10.2

[inbound ah SAs]

spi: 3752719292 (0xdfadf3bc)

transform: AH-SHA1HMAC96

sa remaining key duration (bytes/sec): (1887436384/3594)

max received sequence-number: 4

[inbound esp SAs]

spi: 74180629 (0x46be815)

transform: ESP-ENCRYPT-3DES ESP-AUTH-MD5

sa remaining key duration (bytes/sec): (1887436528/3594)

max received sequence-number: 4

[outbound esp SAs]

spi: 1394075637 (0x5317e7f5)

transform: ESP-ENCRYPT-3DES ESP-AUTH-MD5

sa remaining key duration (bytes/sec): (1887436464/3594)

max sent sequence-number: 5

[outbound ah SAs]

spi: 2132905296 (0x7f218d50)


910 CHAPTER 9: SECURITY

transform: AH-SHA1HMAC96

sa remaining key duration (bytes/sec): (1887436336/3594)

max sent sequence-number: 5

Table 19 Detailed information of IPSec SA

Item Description
Interface Interface using ipsec policy
path MTU Maximum IP packet length sent from the interface
ipsec policy ipsec policy used, including name, sequence number and
negotiation method
connection id security channel identifier
in use settings IPSec mode, including two types: transport mode and tunnel mode
tunnel local local IP address
tunnel remote remote IP address
inbound SA information of the inbound end
transform proposal used by the ipsec policy
sa remaining key rest sa duration of SA
duration
max received maximum sequence number of the received packets (the
sequence-number anti-replay function provided by the security protocol)
outbound SA information of the outbound end
max sent maximum sequence number of the sent packets (the anti-replay
sequence-number function provided by the security protocol)

display ipsec statistics Syntax


display ipsec statistics

View
Any view

Parameter
none

Description
Using the display ipsec statistics command, you can view the IPSec packet
statistics information, including the input and output security packet statistics,
bytes, number of packets discarded and detailed description of discarded packets.

For the related command, see reset ipsec statistics.

Example
# View IPSec packet statistics.
<3Com> display ipsec statistics

the security packet statistics:

input/output security packets: 5124/8231

input/output security bytes: 52348/64356


IPSec Configuration Commands 911

input/output dropped security packets: 0/0

dropped security packet detail:

no enough memory: 0

can't find SA: 0

queue is full: 0

authen failed: 0

invalid length: 0

replay packet: 0

too long packet: 0

invalid SA: 0

Table 20 IPSec packet statistics

Item Description
input/output security packets input/output packets under the security protection
input/output security bytes input/output bytes under the security protection
input/output discarded security input/output packets under the security protection
packets discarded by the router

encapsulation-mode Syntax
encapsulation-mode { transport | tunnel }

undo encapsulation-mode

View
IPSec proposal view

Parameter

transport: Sets that the encapsulation mode of IP packets is transport mode.

tunnel: Sets that the encapsulation mode of IP packets is tunnel mode.

Description
Using the encapsulation-mode command, you can set the encapsulation mode
that the security protocol applies to IP packets which can be transport or tunnel.
Using the undo encapsulation-mode command, you can restore it to the
default.

By default, tunnel mode is used.

There are two encapsulation modes where IPSec is used to encrypt and
authenticate IP packets: transport mode and tunnel mode. In transport mode,
IPSec does not encapsulate a new header into the IP packet. The both ends of
security tunnel is of source and destination of original packets. In tunnel mode,
IPSec protects the whole IP packet, and adds a new IP header in the front part of
the IP packet. The source and destination addresses of the new IP header are the IP
addresses of both ends of the tunnel.
912 CHAPTER 9: SECURITY

Generally, the tunnel mode is used between two security gateways (routers). A
packet encrypted in a security gateway can only be decrypted in another security
gateway. So an IP packet needs to be encrypted in tunnel mode, that is, a new IP
header is added; the IP packet encapsulated in tunnel mode is sent to another
security gateway before it is decrypted.

The transport mode is suitable for communication between two hosts, or for
communication between a host and a security gateway (like the network
management communication between the gateway workstation and a router). In
transport mode, two devices responsible for encrypting and decrypting packets
must be the original sender and receiver of the packet. Most of the data traffic
between two security gateways is not of the security gateway’s own. So the
transport mode is not ofen used between security gateways.

The proposal used by the ipsec policies, set at both ends of the security tunnel,
must be set as having the same packet encapsulation mode.

For the related commands, see ah authentication-algorithm, ipsec proposal,


esp encryption-algorithm, esp authentication-algorithm, proposal and
transform.

Example
# Set the proposal whose name is prop2 as using the transport mode to
encapsulate IP packets.
[3Com] ipsec proposal prop2

[3Com-ipsec-proposal- prop2] encapsulation-mode transport

esp Syntax
authentication-algorith
esp authentication-algorithm { md5 | sha1 }
m
undo esp authentication-algorithm

View
IPSec proposal configuration view

Parameter
md5: Use MD5 algorithm with the length of the key 128 bits.
sha1: Use SHA1 algorithm with the length of the key 160 bits.

Description
Using the esp authentication-algorithm command, you can set the
authentication algorithm used by ESP. Using the undo esp
authentication-algorithm command, you can set ESP not to authenticate
packets.

By default, MD5 algorithm is used.

MD5 is faster than SHA1, while SHA1 is securer than MD5.

ESP permits a packet to be encrypted or authenticated or both.


IPSec Configuration Commands 913

The encryption and authentication algorithm used by ESP cannot be set to vacant
at the same time.

The undo esp authentication-algorithm command is not used to restore the


authentication algorithm to the default; instead it is used to set the authentication
algorithm to vacant, i.e. not authentication. When the encryption algorithm is not
vacant, the undo esp authentication-algorithm command is valid.

The proposal used by the ipsec policies, set at both ends of the security tunnel,
must be set as having the same authentication algorithm.

For the related commands, see ipsec proposal, esp encryption-algorithm,


proposal, sa encryption-hex and transform.

Example
# Set a proposal that adopts ESP, and uses SHA1.
[3Com] ipsec proposal prop1

[3Com-ipsec-proposal- prop1] transform esp

[3Com-ipsec-proposal- prop1] esp authentication-algorithm sha1

esp Syntax
encryption-algorithm
esp encryption-algorithm { 3des | des }

undo esp encryption-algorithm

View
IPSec proposal view

Parameter

des: Data Encryption Standard (DES), a universal encryption algorithm with the
length of the key being 56 bits.

3des: 3DES (Triple DES), another universal encryption algorithm with the length of
the key being 168 bits.

Description
Using the esp encryption-algorithm command, you can set the encryption
algorithm adopted by ESP. Using the undo esp encryption-algorithm command,
you can set the ESP not to encrypt packets.

By default, DES algorithm is used.

3des can meet the requirement of high confidentiality and security, but it is
comparatively slow. And DES can satisfy the normal security requirements.

ESP permits a packet to be encrypted or authenticated or both.

The encryption and authentication methods used by ESP cannot be set to a vacant
value at the same time. The undo esp encryption-algorithm command can take
effect only if the authentication algorithm is not null.
914 CHAPTER 9: SECURITY

For the related commands, see ipsec proposal, esp authentication-algorithm,


proposal, sa encryption-hex and transform.

Example
# Set ESP to use 3des.
[3Com] ipsec proposal prop1

[3Com-ipsec-proposal-prop1] transform esp

[3Com-ipsec-proposal-prop1] esp encryption-algorithm 3des

ipsec policy(interface Syntax


view)
ipsec policy policy-name

undo ipsec policy

View
Interface view

Parameter
policy-name: Specifies the name of an ipsec policy group applied at the interface.
The ipsec policy group with name policy-name should be configured in system
view.

Description
Using the ipsec policy(interface view) command, you can apply an ipsec policy
group with the name policy-name at the interface,. Using the undo ipsec
policy(interface view) command, you can cancel the ipsec policy group so as to
disable the IPSec function of the interface.

At an interface only one ipsec policy group can be applied. An ipsec policy group
can be applied at multiple interfaces.

When a packet is sent from an interface, it searches for each ipsec policy in the
ipsec policy group by number in an ascending order. If the packet matches an
access control list used by an ipsec policy, then this ipsec policy is used to process
the packet, otherwise it continues to search for the next ipsec policy. If the packet
does not match any of the access control lists used by all the ipsec policies, it will
be directly transmitted (that is, IPSec will not protect the packet).

To prevent transmitting any unencrypted packet from the interface, it is necessary


to use the firewall together with IPSec; the firewall is for dropping all the packets
that do not need to be encrypted.

For the related command, see ipsec policy(system view).

Example
# Apply an ipsec policy whose name is policy1 to interface Serial 4/1/2.
[3Com] interface serial 4/1/2/

[3Com-Serial4/1/2] ipsec policy policy1


IPSec Configuration Commands 915

ipsec policy (system Syntax


view)
ipsec policy policy-name seq-number [ manual | isakmp [ template template-name ] ]

undo ipsec policy policy-name [ seq-number ]

View
System view

Parameter

policy-name: Name of the ipsec policy. The naming rule is: the length of the name
is 1 to 15 characters, the name is case insensitive and the characters can be
English characters or numbers, cannot include “-”.

seq-number: Sequence number of the ipsec policy, ranging 1 to 10000, with lower
value indicating higher sequence priority.

manual: Sets up SA manually.

isakmp: Sets up SA through IKE negotiation.

template: Dynamically sets up SA by using policy template. The policy-name


discussed here will reference template-name which is a created policy template
thus named.

template-name: Name of the template.

Description
Using the ipsec policy command, you can establish or modify an ipsec policy, and
enter ipsec policy view. Using the undo ipsec policy policy-name command, you
can delete an ipsec policy group whose name is policy-name. Using the undo
ipsec policy policy-name seq-number command. you can delete an ipsec policy
whose name is policy-name and sequence number is seq-number.

By default, no ipsec policy exists.

To establish an ipsec policy, it is necessary to specify the negotiation mode


(manual or isakmp). To modify the ipsec policy, it is not necessary to specify a
negotiation mode.

Once the ipsec policy is established, its negotiation mode cannot be modified. For
example, if an ipsec policy is established in manual mode it cannot be changed to
isakmp mode--this ipsec policy must be deleted and then recreated, if
appropriate, with the negotiation mode being isakmp.

Ipsec policies with the same name constitute an ipsec policy group. The name and
sequence number are used together to define a unique ipsec policy. In an ipsec
policy group, at most 100 ipsec policies can be set. In an ipsec policy, the smaller
the sequence number of an ipsec policy is, the higher is its preference. Apply an
ipsec policy group at an interface means applying all ipsec policies in the group
simultaneously, so that different data streams can be protected by adopting
different SAs.
916 CHAPTER 9: SECURITY

Using the ipsec policy policy-name seq-number isakmp template


template-name command, you can establish an ipsec policy according the
template through IKE negotiation. Before using this command, the template
should have been created. During the negotiation and policy matching, the
parameters defined in the template should be compliant, the other parameters are
decided by the initiator. The proposal must be defined in policy template, other
parameters are optional.

Note that IKE will not use a policy with a template argument to initiate a
negotiation. Rather, it uses such a policy to response the negotiation initiated by
its peer.

For the related commands, see ipsec policy (interface view), security acl, tunnel
local, tunnel remote, sa duration, proposal, display ipsec policy, ipsec
policy-template, and ike-peer.

Example
# Set an ipsec policy whose name is newpolicy1, sequence number is 100, and
negotiation mode is isakmp.
[3Com] ipsec policy newpolicy1 100 isakmp

[3Com-ipsec-policy-isakmp-newpolicy1-100]

ipsec policy-template Syntax


ipsec policy-template policy-name seq-number

undo ipsec policy-template policy-name [ seq-number ]

View
System view

Parameter

policy-name: Name of the ipsec policy. The naming rule is as follows: length is 1 to
15 bytes, the name is case insensitive and the characters can be English characters
or numbers, cannot include “-”.

seq-number: Serial number of the ipsec policy, ranging 1 to 10000. In one ipsec
policy group, the smaller the serial number of the ipsec policy, the higher the
preference.

Description
Using the ipsec policy-template command, you can establish or modify an ipsec
policy template, and enter ipsec policy view. Using the undo ipsec
policy-template policy-name command, you can delete the ipsec policy group
named policy-name. Using the undo ipsec policy-template policy-name
seq-number command, you can delete an ipsec policy with the name
policy-name and the serial number seq-number.

By default, no ipsec policy template exists.


IPSec Configuration Commands 917

A policy template that has been created with the name being template-name can
be referenced by the ipsec policy policy-name seq-number isakmp template
template-name command to create an IPSec policy.

The IPSec policy template and the security policy of IPSec IPSAMP negotiation
share the same kinds of arguments, including the referenced IPSec proposal, the
protected traffic, PFS feature, lifetime, and the address of the remote tunnel end.
However, you should note that the proposal argument is compulsory to be
configured whereas other arguments are optional. If an IPSec policy template is
used for the policy match operation undertaken in an IKE negotiation, the
configured arguments must be matched, and the settings of the initiator will be
used if the corresponding arguments have not been configured.

For the related commands, see ipsec policy, security acl, tunnel local, tunnel
remote, proposal, display ipsec policy, and ike-peer.

Example
# Establish an ipsec policy template with the name template1 and the serial
number 100.
[3Com] ipsec policy-template template1 100

[3Com-ipsec-policy-template- template1-100]

ipsec proposal Syntax


ipsec proposal proposal-name

undo ipsec proposal proposal-name

View
System view

Parameter
proposal-name: Name of the specified proposal. The naming rule is: the length of
the name is 1 to 15 characters, case insensitive.

Description
Using the ipsec proposal proposal-name command, you can establish or modify
a proposal named proposal-name, and enter IPSec proposal view. Using the undo
ipsec proposal proposal-name command, you can delete the proposal named
proposal-name.

By default, no proposal exists.

This proposal is a combination of the security protocol, encryption and


authentication algorithm and packet encapsulation format for implementing IPSec
protection.

An ipsec policy determines the protocol, algorithm and encapsulation mode to be


adopted by the use of the proposal. Before the ipsec policy uses a proposal, this
proposal must have already been set up.
918 CHAPTER 9: SECURITY

After a new IPSec proposal is established by using the ipsec proposal command,
the ESP protocol, DES encryption algorithm and MD5 authentication algorithm are
adopted by default.

For the related commands, see ah authentication-algorithm, esp


encryption-algorithm, esp authentication-algorithm, encapsulation-mode,
proposal, display ipsec proposal and transform.

Example
# Establish a proposal named newprop1.
[3Com] ipsec proposal newprop1

ipsec sa global-duration Syntax


ipsec sa global-duration { time-based seconds | traffic-based kilobytes }

undo ipsec sa global-duration { time-based | traffic-based }

View
System view

Parameter

time-based seconds: Time-based global SA duration in second, ranging 30 to


604800 seconds. It is 3600 seconds (1 hour) by default.

traffic-based kilobytes: Traffic-based global SA duration in kilobyte, ranging 256


to 4194303 kilobytes. It is 1843200 kilobytes by default and when the traffic
reaches this value, the duration expires.

Description
Using the ipsec sa global-duration command, you can set a global SA duration.
Using the undo ipsec sa global-duration command, you can restore to the
default setting of the global SA duration.

When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration
specified by this command to negotiate with the peer. If the IPSec policy is
configured with its own duration, the system will use the duration of the IPSec
policy to negotiate with the peer. When IKE negotiates to set up an SA for IPSec,
the smaller one of the lifetime set locally and that proposed by the remote is
selected.

There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA,
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first the SA will become invalid. Before the SA is about to become
invalid IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.
IPSec Configuration Commands 919

Modifying the global SA duration will not affect a map that has individually set up
its own SA duration, or an SA already set up. But the modified global SA duration
will be used to set up a new SA in the future IKE negotiation.

The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.

For the related commands, see sa duration and display ipsec sa duration.

Example
# Set the global SA duration to 2 hours.
[3Com] ipsec sa global-duration time-based 7200

# Set the global SA duration to 10M bytes transmitted.

[3Com] ipsec sa global-duration traffic-based 10000

pfs Syntax
pfs { dh-group1 | dh-group2 }

undo pfs

View
IPSec policy view, IPSec policy template view

Parameter

dh-group1: Specifies that the 768-bit Diffie-Hellman group is used.

dh-group2: Specifies that the 1024-bit Diffie-Hellman group is used.

Description
Using the pfs command, you can set the Perfect Forward Secrecy (PFS) feature for
the IPSec policy to initiate the negotiation. Using the undo pfs command, you can
set not to use the PFS feature during the negotiation.

By default, no PFS feature is used.

The command is used to add a PFS exchange process when IPSec uses the ipsec
policy to initiate a negotiation. This additional key exchange is performed during
the phase 2 negotiation to enhance the communication’s safety. The DH group
specified by the local and remote ends must be consistent, otherwise the
negotiation will fail.

Can this command be used only when the security alliance is established through
IKE style.

For the related commands, see ipsec policy-template, ipsec policy(system


view), ipsec policy(interface view), tunnel local, tunnel remote, sa duration
and proposal.

Example
# Set that PFS must be used when negotiating through ipsec policy shanghai 200.
920 CHAPTER 9: SECURITY

[3Com] ipsec policy shanghai 200 isakmp

[3Com-ipsec-policy-isakmp-shanghai-200] pfs group1

proposal Syntax
proposal proposal-name1 [ proposal-name2...proposal-name6 ]

undo proposal [ proposal-name ]

View
IPSec policy view, IPSec policy template view

Parameter
proposal-name1,…, proposal-name6: Name of the proposals adopted.

Description
Using the proposal command, you can set the proposal used by the IPSec policy.
Using the undo proposal command, you can cancel the proposal used by the
IPSec policy.

By default, no proposal is used.

Before using this command, the corresponding IPSec proposal must has been
configured.

If set up in manual mode, an SA can only use one proposal. If a proposal is


already set, it needs to be deleted by using the undo proposal command before a
new one can be set.

If set up in isakmp mode, an SA can use six proposals at most. IKE negotiation will
search for the matching proposal at both ends of the security tunnel.

If it is the IPSec template, each template can use six proposals at most, and the IKE
negotiation will search for the matching proposal.

For the related commands, see ipsec proposal, ipsec policy(system view), ipsec
policy(interface view), security acl, tunnel local and tunnel remote.

Example
# Set a proposal with name prop1, adopting ESP and the default algorithm, and
sets an IPSec policy as using a proposal name prop1.
[3Com] ipsec proposal prop1

[3Com-ipsec-proposal-prop1] transform esp

[3Com-ipsec-proposal-prop1] quit

[3Com] ipsec policy policy1 100 manual

[3Com-ipsec-policy-manual-policy1-100] proposal prop1


IPSec Configuration Commands 921

reset ipsec sa Syntax


reset ipsec sa [ remote ip-address | policy policy-name [ seq-number ] | parameters
dest-addr protocol spi ]

View
User view

Parameter

remote ip-address: Specifies remote address, in dotted decimal format.

policy: Specifies the IPSec policy.

policy-name: Specifies the name of the IPSec policy. The naming rule is as follows:
length is 1 to 15 characters, case sensitive, and the character can be English
character or number.

seq-number: Optional parameter specifying the serial number of the ipsec policy. If
no seq-number is specified, the IPSec policy refers to all the policies in the IPSec
policy group named policy-name.

parameters: Defines a Security Association (SA) by the destination address,


security protocol and SPI.

dest-address: Specifies the destination address in the dotted decimal IP address


format.

protocol: Specifies the security protocol by inputting the key word ah or esp, case
insensitive. ah indicates the Authentication Header protocol and esp indicates
Encapsulating Security Payload.

spi: Specifies the security parameter index (SPI), ranging 256 to 4294967295.

Description
Using the reset ipsec sa command, you can delete an SA already set up (manually
or through IKE negotiation). If no parameter (remote, policy, parameters) is
specified, all the SA will be deleted.

An SA is uniquely identified by a triplet of IP address, security protocol and SPI. A


SA can be set up either manually or through Internet Key Exchange (IKE)
negotiation.

If an SA set up manually is deleted, the system will automatically set up a new SA


according to the parameter manually set up.

If a packet re-triggers IKE negotiation after an SA set up through IKE negotiation is


deleted, IKE will reestablish an SA through negotiation.

The keyword parameters will take effect only after the spi of the outbound SA is
defined. Because SAs appear in pairs, the inbound SA will also be deleted after the
outbound SA is deleted.

For the related command, see display ipsec sa.


922 CHAPTER 9: SECURITY

Example
# Delete all the SAs.
<3Com> reset ipsec sa

# Delete an SA whose remote IP address is 10.1.1.2.

<3Com> reset ipsec sa remote 10.1.1.2

# Delete all the SAs in policy1.

<3Com> reset ipsec sa policy policy1

# Delete the SA of the ipsec policy with the name policy1 and the serial number
10.

<3Com> reset ipsec sa policy policy1 10

# Delete an SA whose remote IP address is 10.1.1.2, security protocol is AH, and


SPI is 10000

<3Com> reset ipsec sa parameters 10.1.1.2 ah 10000

reset ipsec statistics Syntax


reset ipsec statistics

View
User view

Parameter
none

Description
Using the reset ipsec statistics command, you can clear IPSec message statistics,
and set all the statistics to zero.
For the related command, see display ipsec statistics.

Example
# Clear IPSec message statistics.
<3Com> reset ipsec statistics

sa authentication-hex Syntax
sa authentication-hex { inbound | outbound } { ah | esp } hex-key

undo sa authentication-hex { inbound | outbound } { ah | esp }

View
IPSec policy view in manual mode
IPSec Configuration Commands 923

Parameter

inbound: Configures the authentication-hex parameter for the inbound SA. IPSec
uses the inbound SA for processing the packet in the inbound direction (received).

outbound: Configures the authentication-hex parameter for the outbound SA.


IPSec uses the outbound SA for processing the packet in the outbound direction
(sent).

ah: Sets the authentication-hex parameter for the SA using AH. If the IPSec
proposal used by the ipsec policy adopts AH, the ah key word is used here to set
the AH relevant parameter of the SA.

esp: Sets the authentication-hex parameter for the SA using ESP. If the IPSec
proposal used by the ipsec policy adopts ESP, the esp key word is used here to set
the ESP relevant parameter of the SA.

hex-key: Specifies a key for the SA input in the hex format. If MD5 is used, then
input a 16-byte key; if SHA1 is used, input a 20-byte key.

Description
Using the sa authentication-hex command, you can set the SA authentication
key manually for the ipsec policy of manual mode. Using the undo sa
authentication-hex command, you can delete the SA authentication key already
set.

This command is only used for the ipsec policy in manual mode.

For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually. IKE will automatically negotiate the SA parameter and establish a SA.

When configuring the SA of manual mode, the SA parameters of inbound and


outbound directions must be set separately.

The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.

There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.

Example
# Set SPI of the inbound SA to 10000, key to
0x112233445566778899aabbccddeeff00; sets the SPI of the outbound SA to
20000, and its key to 0xaabbccddeeff001100aabbccddeeff00 in the ipsec policy
using AH and MD5.
924 CHAPTER 9: SECURITY

[3Com] ipsec proposal prop_ah

[3Com-ipsec-proposal-prop_ah] transform ah

[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5

[3Com-ipsec-proposal-prop_ah] quit

[3Com] ipsec policy tianjin 100 manual

[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah

[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000

[3Com-ipsec-policy-manual-tianjin-100] sa authentication-key inbound ah


112233445566778899aabbccddeeff00

[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000

[3Com-ipsec-policy-manual-tianjin-100] sa authentication-key outbound ah


aabbccddeeff001100aabbccddeeff00

sa duration Syntax
sa duration { traffic-based kilobytes | time-based seconds }

undo sa duration { traffic-based | time-based }

View
IPSec policy view, IPSec policy template view

Parameter

time-based seconds: Time-based SA duration in second, ranging 30 to 604800


seconds. It is 3600 seconds (1 hour) by default.

traffic-based kilobytes: Traffic-based SA duration in kilobyte, ranging 256 to


4194303 kilobytes. It is 1843200 kilobytes by default.

Description
Using the sa duration command, you can set a SA duration of the ipsec policy.
Using the undo sa duration command, you can cancel the SA duration, i.e.,
restore the use of the global SA duration.

When IKE negotiates to establish a SA, if the adopted IPSec policy is not
configured with its own duration, the system will use the global SA duration to
negotiate with the peer. If the IPSec policy is configured with its own duration, the
system will use the duration of the IPSec policy to negotiate with the peer. When
IKE negotiates to set up an SA for IPSec, the shorter one of the lifetime set locally
and that proposed by the remote is selected.

There are two types of SA duration, time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA
is accounted according to the total traffic that can be processed by this SA, and
the SA is invalid when the set value is exceeded. No matter which one of the two
types expires first, the SA will become invalid. Before the SA is about to become
invalid, IKE will set up a new SA for IPSec negotiation. So, a new SA is ready before
the existing one gets invalid.
IPSec Configuration Commands 925

The SA duration does not function for an SA manually set up, that is, the SA
manually set up will never be invalidated.

For the related commands, see ipsec sa global-duration, ipsec policy(system


view), ipsec policy(interface view), security acl, tunnel local, tunnel remote
and proposal.

Example
# Set the Sa duration for the ipsec policy shenzhen 100 to 2 hours, that is, 7200
seconds.
[3Com] ipsec policy shenzhen 100 isakmp

[3Com-ipsec-policy-isakmp-shenzhen-100] sa duration time-based 7200

# Set the Sa duration for the ipsec policy shenzhen 100 to 20M bytes, that is, the
SA is overtime when the traffic exceeds 20000 kilobytes.

[3Com] ipsec policy shenzhen 100 isakmp

[3Com-ipsec-policy-isakmp-shenzhen-100] sa duration traffic-based 20000

sa encryption-hex Syntax
sa encryption-hex { inbound | outbound } esp hex-key

undo sa encryption-hex { inbound | outbound } esp

View
IPSec policy view in manual mode

Parameter

inbound: Sets the encryption-hex parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).

outbound: Sets the encryption-hex parameter for outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).

esp: Sets the encryption-hex parameter for the SA using ESP. If the IPSec proposal
used by the ipsec policy adopts ESP, the esp key word is used here to set the ESP
relevant parameter of the SA.

hex-key: Specifies a key for the SA input in the hex format. When applied in ESP, if
DES is used, then input a 8-byte key; if 3DES is used, then input a 24-byte key.

Description
Using the sa encryption-hex command, you can set the SA encryption key
manually for the ipsec policy of manual mode. Using the undo sa
encryption-hex command, you can delete the SA parameter already set.

This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.
926 CHAPTER 9: SECURITY

For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish an SA.

When configuring the SA of manual mode, the SA parameters of inbound and


outbound directions must be set separately.

The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.

Example
# Set the SPI of the inbound SA to 10000, and the key to 0x1234567890abcdef;
set the SPI of the outbound SA to 20000, and its key to 0xabcdefabcdef1234 in
the ipsec policy using ESP and DES.
[3Com] ipsec proposal prop_esp

[3Com-ipsec-proposal-prop_esp] transform esp

[3Com-ipsec-proposal-prop_esp] ah encryption-algorithm des

[3Com-ipsec-proposal-prop_esp] quit

[3Com] ipsec policy tianjin 100 manual

[3Com-ipsec-policy-manual-tianjin-100] proposal prop_esp

[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound esp 1001

[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex inbound esp 1234567890abcdef

[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound esp 2001

[3Com-ipsec-policy-manual-tianjin-100] sa encryption-hex outbound esp


abcdefabcdef1234

sa spi Syntax
sa spi { inbound | outbound } { ah | esp } spi-number

undo sa spi { inbound | outbound } { ah | esp }

View
IPSec policy view in manual mode

Parameter

inbound: Sets the spi parameter for the inbound SA. IPSec uses the inbound SA
for processing the packet in the inbound direction (received).

outbound: Sets the spi parameter for outbound SA. IPSec uses the outbound SA
for processing the packet in the outbound direction (sent).
IPSec Configuration Commands 927

ah: Sets the spi parameter for the SA using AH. If the IPSec proposal set used by
the ipsec policy adopts AH, the ah key word is used here to set the spi relevant
parameter of the SA.

esp: Sets the spi parameter for the SA using ESP. If the IPSec proposal set used by
the ipsec policy adopts ESP, the esp key word is used here to set the spi relevant
parameter of the SA.

spi-number: Security Parameter Index (SPI) in the triplet identification of the SA,
ranging 256 to 4294967295. The triplet identification of the SA, which appears as
SPI, destination address, and protocol number, must be unique.

Description
Using the sa spi command, you can set the SA SPI manually for the ipsec policy of
manual mode. Using the undo sa spi command, you can delete the SA SPI
already set.

This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.

For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.

When configuring the SA of manual mode, the SA parameters of inbound and


outbound directions must be set separately.

The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.

Example
# Set the SPI of the inbound SA to 10000, set the SPI of the outbound SA to
20000, in the ipsec policy using AH and MD5.
[3Com] ipsec proposal prop_ah

[3Com-ipsec-proposal-prop_ah] transform ah

[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5

[3Com-ipsec-proposal-prop_ah] quit

[3Com] ipsec policy tianjin 100 manual

[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah

[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000

[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000


928 CHAPTER 9: SECURITY

sa string-key Syntax
sa string-key { inbound | outbound } { ah | esp } string-key

undo sa string-key { inbound | outbound } { ah | esp }

View
IPSec policy view in manual mode

Parameter

inbound: Sets the string-key parameter for the inbound SA. IPSec uses the
inbound SA for processing the packet in the inbound direction (received).

outbound: Sets the string-key parameter for the outbound SA. IPSec uses the
outbound SA for processing the packet in the outbound direction (sent).

ah: Sets the string-key parameter for the SA using AH. If the IPSec proposal set
used by the ipsec policy adopts AH, the ah key word is used here to set the
string-key relevant parameter of the SA.

esp: Sets the string-key parameter for the SA using ESP. If the IPSec proposal set
used by the ipsec policy adopts ESP, the esp key word is used here to set the
string-key relevant parameter of the SA.

string-key: Specifies the key for an SA input in the character string format, with a
length ranging 1 to 256 characters. For different algorithms, you can input
character strings of any length in the specified range, and the system will generate
keys meeting the algorithm requirements automatically according to the input
character strings. As for ESP, the system will automatically generate the key for the
authentication algorithm and that for the encryption algorithm at the same time.

Description
Using the sa string-key command, you can set the SA parameter manually for
the ipsec policy of manual mode. Using the undo sa string-key command, you
can delete the SA parameter already set.

This command is only used for the ipsec policy in manual mode. It is used to set
the SA parameter manually and establish a SA manually.

For the ipsec policy in isakmp mode, it is unnecessary to set the SA parameter
manually, and this command is invalid. IKE will automatically negotiate the SA
parameter and establish a SA.

When configuring the SA of manual mode, the SA parameters of inbound and


outbound directions must be set separately

The SA parameters set at both ends of the security tunnel must be fully matching.
The SPI and key for the SA input at the local end must be the same as those
output at the remote. The SA SPI and key output at the local end must be the
same as those input at the remote.

There are two methods for inputting the key, hex and character string. For the
character string key and hex string key, the last one set will be adopted. At both
ends of a security tunnel, the key should be input by the same method. If the key
IPSec Configuration Commands 929

is input in character string at one end, and it is input in hex at the other end, then
a security tunnel cannot be set up correctly.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, tunnel remote, sa duration and proposal.

Example
# Set the SPI of the inbound SA to 10000, and the key string to abcdef; sets the
SPI of the outbound SA to 20000, and its key string to efcdab in the ipsec policy
using AH and MD5.
[3Com] ipsec proposal prop_ah

[3Com-ipsec-proposal-prop_ah] transform ah

[3Com-ipsec-proposal-prop_ah] ah authentication-algorithm md5

[3Com-ipsec-proposal-prop_ah] quit

[3Com] ipsec policy tianjin 100 manual

[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah

[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000

[3Com-ipsec-policy-manual-tianjin-100] sa string-key abcdef

[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000

[3Com-ipsec-policy-manual-tianjin-100] sa string-key efcdab

security acl Syntax


security acl acl-number

undo security acl

View
IPSec policy view, IPSec policy template view

Parameter
acl-number: Specifies the number of the access control list used by the ipsec
policy, ranging 1000 to1999.

Description
Using the security acl command, you can set an access control list to be used by
the ipsec policy. Using the undo security acl command, you can remove the
access control list used by the ipsec policy.

By default, no ACL has been specified for the IPSec policies.

The data flow that will be protected by the IPSec policy is confined by the ACL in
this command. According to the rules in the ACL, IPSec determines which packets
need security protection and which do not. The packet permitted by the access
control list will be protected, and a packet denied by the access control list will not
be protected. The denied packets are sent out derectly without IPSec protection.
930 CHAPTER 9: SECURITY

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), tunnel local, tunnel remote, sa duration and proposal.

Example
# Set the ipsec policy as using access control list 101.
[3Com] acl number 101

[3Com-acl-adv-101] rule permit tcp source 10.1.1.1 0.0.0.255 destination 10.1.1.2


0.0.0.255

[3Com] ipsec policy beijing 100 manual

[3Com-ipsec-policy-manual-beijing-100] security acl 101

transform Syntax
transform { ah | ah-esp | esp }

undo transform

View
IPSec proposal view

Parameter

ah: Uses AH protocol specified in RFC2402.

ah-esp: Uses ESP specified in RFC2406 to protect the packets and then use AH
protocol specified in RFC2402 to authenticate packets.

esp: Uses ESP specified in RFC2406.

Description
Using the transform command, you can set a security protocol used by a
proposal. Using the undo transform command, you can restore the default
security protocol.

By default, esp, that is, the ESP specified in RFC2406 is used.

If ESP is adopted, the default encryption algorithm is DES and the authentication
algorithm is MD5.

If AH is adopted, the default authentication algorithm is MD5.

If the parameter ah-esp is specified, the default authentication algorithm for AH is


MD5 and the default encryption algorithm for ESP is DES without authentication.

AH protocol provides data authentication, data integrity check and anti-replay


function.

ESP protocol provides data authentication, data integrity check, anti-replay


function and data encryption.

While establishing an SA manually, the proposals used by the ipsec policy set at
both ends of the security tunnel must be set as using the same security protocol.
IPSec Configuration Commands 931

The following figure illustrates the data encapsulation formats of different security
protocols in the transport mode and the tunnel mode.

Figure 2 Data encapsulation formats of security protocols

Transfer
Security mode transport tunnel
protocol
ah IP AH data IP AH IP data

esp IP ESP data ESP-T IP ESP IP data ESP-T

ah-esp IP AH ESP data ESP-T IP AH ESP IP data ESP-T

“data” in the figure is the original IP datagram.

For the related commands, see ah authentication-algorithm, ipsec proposal,


esp encryption-algorithm, esp authentication-algorithm,
encapsulation-mode and proposal.

Example
# Set a proposal using AH.
[3Com] ipsec proposal prop1

[3Com-ipsec-proposal-prop1] transform ah

tunnel local Syntax


tunnel local ip-address

undo tunnel local

View
IPSec policy view in Manual mode

Parameter
ip-address: Local address in dotted decimal format.

Description
Using the tunnel local command, you can set the local address of an ipsec policy.
Using the undo tunnel local command, you can delete the local address set in
the ipsec policy.

By default, the local address of an ipsec policy is not configured.

It is not necessary to set a local address for an ipsec policy in isakmp mode, so this
command is invalid in this situation. IKE can automatically obtain the local address
from the interface where this ipsec policy is applied.

As for the ipsec policy in manual mode, it is necessary to set the local address
before the SA can be established. A security tunnel is set up between the local and
932 CHAPTER 9: SECURITY

remote end, so the local address and remote address must be correctly configured
before a security tunnel can be set up.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel remote, sa duration and proposal.

Example
# Set the local address for the ipsec policy, which is applied at serial 4/1/2 whose IP
address is 10.0.0.1.
[3Com] ipsec policy guangzhou 100 manual

[3Com-ipsec-policy-manual-guangzhou-100] tunnel local 10.0.0.1

[3Com-ipsec-policy-manual-guangzhou-100] quit

[3Com] interface serial 4/1/2

[3Com-if-Serial4/1/2] ipsec policy guangzhou

tunnel remote Syntax


tunnel remote ip-address

undo tunnel remote [ ip-address ]

View
Manually-established IPSec policy view

Parameter
ip-address: Remote address in dotted decimal format.

Description
Using the tunnel remote command, you can set the remote address of an ipsec
policy. Using the undo tunnel remote command, you can delete the remote
address in the ipsec policy.

By default, the remote address of an ipsec policy is not configured.

For the ipsec policy in manual mode, only one remote address can be set. If a
remote address is already set, this existing address must be deleted before a new
one can be set.

The security tunnel is established between the local and remote ends. The remote
address must be set correctly on both ends of the security tunnel.

For the related commands, see ipsec policy(system view), ipsec policy(interface
view), security acl , tunnel local, sa duration, proposal.

Example
# Set the remote address of the ipsec policy to 10.1.1.2.
[3Com] ipsec policy shanghai 10 manual

[3Com-ipsec-policy-shanghai-10] tunnel remote 10.1.1.2


IKE Configuration Commands 933

IKE Configuration
Commands

authentication-algorith Syntax
m
authentication-algorithm { md5 | sha }

undo authentication-algorithm

View
IKE Proposal View

Parameter

md5: Selects the authentication algorithm: HMAC-MD5.

sha: Selects the authentication algorithm: HMAC-SHA1.

Description
Using the authentication-algorithm command, you can select the
authentication algorithm for an IKE proposal. Using the undo
authentication-algorithm command, you can restore the authentication
algorithm for an IKE proposal to the default.

By default, HMAC-SHA1 authentication algorithm is used.

For the related commands, see ike proposal, display ike proposal.

Example
# Set HMAC-MD5 as the authentication algorithm for IKE proposal 10.
[3Com] ike proposal 10

[3Com-ike-proposal-10] authentication-algorithm md5

authentication-method Syntax
authentication-method { pre-share }

undo authentication-method

View
IKE proposal view

Parameter
pre-share: Specifies the pre-shared key authentication as the Internet Key
Exchange (IKE) proposal authentication method.

Description
Using the authentication-method command, you can select the authentication
method used by an IKE proposal. Using the undo authentication-method
command, you can restore the authentication method used by an IKE proposal to
the default.
934 CHAPTER 9: SECURITY

By default, the authentication method used by an IKE proposal is pre-shared key


authentication.

Authentication key must be configured to adopt the pre-shared key authentication


method.

For the related commands, see ike proposal and display ike proposal.

Example
# Specify pre-shared key authentication as the authentication method for IKE
proposal 10.
[3Com] ike proposal 10

[3Com-ike-proposal-10] authentication-method pre-share

debugging ike Syntax


debugging ike { error | exchange | message | misc }

undo debugging ike { error | exchange | message | misc }

View
User view

Parameter

error: Displays the IKE error debugging information.

exchange: Displays the IKE exchange mode debugging information.

message: Displays the IKE message debugging information.

misc: Displays all the other IKE debugging information.

Description
Using the debugging ike command, you can enable IKE debugging. Using the
undo debugging ike command, you can disable IKE debugging.

By default, IKE debugging is disabled.

Example
# Enable IKE error debugging.
<3Com> debugging ike error

dh Syntax
dh { group1 | group2 }

undo dh

View
IKE proposal view
IKE Configuration Commands 935

Parameter

group1: Selects group1, that is, the 768-bit Diffie-Hellman group.

group2: Selects group2, that is, the 1024-bit Diffie-Hellman group.

Description
Using the dh command, you can select the Diffie-Hellman group for an IKE
proposal. Using the undo dh command, you can restore the Diffie-Hellman group
for an IKE proposal to the default.

By default, group1, that is, 768-bit Diffie-Hellman group is used.

For the related commands, see ike proposal, display ike proposal.

Example
# Specify 768-bit Diffie-Hellman for IKE proposal 10.
[3Com] ike proposal 10

[3Com-ike-proposal-10] dh group1

display ike proposal Syntax


display ike proposal

View
Any view

Parameter
none

Description
Using the display ike proposal command, you can view the parameters
configured for each IKE proposal.

This command shows IKE proposals in the sequence of the priority.

For the related commands, see ike proposal, encryption-algorithm,


authentication-algorithm, dh and sa duration.

Example
# View the IKE proposal information after two IKE proposals are configured.
[3Com] display ike proposal

Protection suite priority 10

encryption algorithm: DES_CBC

authentication algorithm: SHA

authentication method: PRE_SHARED

Diffie-Hellman group: MODP_1024


936 CHAPTER 9: SECURITY

sa duration(seconds): 5000

Protection suite priority 11

encryption algorithm: DES_CBC

authentication algorithm: MD5

authentication method: PRE_SHARED

Diffie-Hellman group: MODP_768

sa duration(seconds): 50000

Default protection suite

encryption algorithm: DES_CBC

authentication algorithm: SHA

authentication method: PRE_SHARED

Diffie-Hellman group: MODP_768

sa duration(seconds): 86400

Table 21 Display Information of IKE Proposal

Item Description
Protection suite priority priority of the IKE proposal, being any integer
between 1 and 100. The larger the priority
value, the lower the priority.
encryption algorithm encryption algorithm used by the IKE proposal
authentication algorithm authentication algorithm used by the IKE
proposal
authentication method authentication method used by the IKE
proposal
Diffie-Hellman group Diffie-Hellman (DH) group ID
sa duration ISAKMP Sa duration used by the IKE proposal
Default protection suite Default IKE proposal, which is used by default
or when all the configured IKE policies are not
matched. Its priority is the lowest.

display ike sa Syntax


display ike sa

View
Any view

Parameter
none

Description
Using the display ike sa command, you can view the current security tunnels
established by IKE.

For the related command, see ike proposal.


IKE Configuration Commands 937

Example
# View the security tunnels established by IKE.
[3Com] display ike sa

conn-id remote flag phase doi

1 202.38.0.2 RD|ST 1 IPSEC

2 202.38.0.2 RD|ST 2 IPSEC

flag meaning:

RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO-TIMEOUT

The descriptions of the items displayed are listed in the following table.
Table 22 Display Information of IKE SA

Item Description
conn-id Security channel ID
remote Remote IP address of this SA
flag Display the status of this SA
RD (READY) means this SA has been ST (STAYALIVE) means that SA duration is
established successfully negotiated, and this SA will be refreshed in
fixed interval.
RL (REPLACED) means that this SA has been FD (FADING) means this SA has been soft
replaced by a new one, and will be timeout, but is still in use, and will be deleted
automatically deleted after a period of time. at the time of hard timeout.
TO (TIMEOUT) means this SA have not phase
received any keepalive packet after previous
keepalive timeout occurred. If this SA receives
no keepalive packet till next keepalive timeout
occurs, this SA will be deleted.
Phase of the SA: Phase 1: a phase of establishing security
channel to communicate, ISAKMP SA will be
established in the phase;
Phase 2: a phase of negotiating security doi
service, IPSec SA will be established in the
phase.
Domain of Interpretation

encryption-algorithm Syntax
encryption-algorithm { des-cbc | 3des-cbc }

undo encryption-algorithm

View
IKE proposal view

Parameter

des-cbc: Selects the 56-bit DES-CBC encryption algorithm for an IKE proposal.
DES algorithm adopts 56-bit keys for encryption.
938 CHAPTER 9: SECURITY

3des-cbc: Setss the encryption algorithm to the 3DES algorithm in CBC mode. The
3DES algorithm uses 168-bit keys for encryption.

Description
Using the encryption command, you can specify the encryption algorithm for an
IKE proposal. Using the undo encryption command, you can restore to the
default.

By default, 56-bit DES-CBC encryption algorithm is used.

For the related commands, see ike proposal and display ike proposal.

Example
# Specify the 56-bit DES-CBC encryption algorithm for IKE proposal 10.
[3Com] ike proposal 10

[3Com-ike-proposal-10] encryption-algorithm des-cbc

exchange-mode Syntax
exchange-mode [ aggressive | main ]

undo exchange-mode

View
IKE-peer view

Parameter

aggressive: Aggressive mode

main: Main mode.

Description
Using the exchange-mode command, you can select an IKE negotiation mode.
Using the undo exchange-mode command, you can restore the default
negotiation mode.

By default, main mode is adopted.

If the device at one end of a security tunnel obtains IP address dynamically, IKE
negotiation mode must be set to aggressive.

Example
# Adopt the main mode for IKE negotiation.
[Router] ike peer new_peer

[RouterA-ike-peer-new_peer] exchange-mode main

id-type Syntax
id-type [ ip | name ]
IKE Configuration Commands 939

undo id-type

View
IKE-peer view

Parameter

ip: Uses IP address as ID of the local GW.

name: Uses name of the local GW as its ID, i.e., IKE local ID designated by the ike
local id the command.

Description
Using the id-type command, you can select the type of ID used for identifying the
local GW in an IKE negotiation. Using the undo id-type command, you can
restore the default setting.
By default, the local GW is identified by its IP address.
If the id-type name command is configured, id configured in the ike local id
command will be used as ID of the local GW.

In main mode, only IP address can be used to identify the local GW. In IKE
aggressive mode, however, both IP address and name (configured using the ike
local id command) can be used to identify the local GW for SA setup. In the latter
case, regardless of the IP address assigned to a subscriber, whether static
or dynamic, an SA can be set up so long as the name and password used for
setting up the SA are correct.

For the related command, see ike local id.

Example
# Identify the local GW by name.
[Router] ike peer new_peer

[Router-ike-peer-new_peer] id-type name

ike local id Syntax


ike local id id

undo ike local id

View
System view

Parameter
id: ID of the local GW, which can be a string of 1 to 32 characters.

Description
Using the ike local id command, you can configure ID of the local GW. Using the
undo ike local id command, you can restore the default ID of the local GW.

By default, router name is used as the ID of the local GW.


940 CHAPTER 9: SECURITY

Only if the id-type name command has been configured can the id configured
using the ike local id command be ID of the local GW.

Example
# Identify the local GW by the configured name (local ID) “beijing_VPN”
[Router] ike local id beijing_VPN

ike peer (system view) Syntax


ike peer peer-name

undo ike peer peer-name

View
System view

Parameter
peer-name: IKE peer name, which can be a string of up to 15 characters.

Description
Using the ike peer command, you can configure an IKE peer and access IKE-peer
view. Using the undo ike peer command, you can delete an IKE peer.

Example
# Configure an IKE peer “new_peer” and access its view.
[Router] ike peer new_peer

[3Com-ike-peer-new_peer]

ike peer (IPSec policy Syntax


view, IPSec policy
ike peer peer-name
template view)
undo ike peer peer-name

View
IPSec policy view, IPSec policy template view

Parameter
peer-name: IKE peer name, which is a string of up to 15 characters.

Description
Using the ike peer command, you can quote an IKE peer in an IPSec policy or
IPSec policy template. Using the undo ike peer command, you can remove the
quoted IKE peer from the IPSec policy or IPSec policy template.

For the related command, see ipsec policy.

Example
# Quote an IKE peer in the IPSec policy.
[Router-ipsec-policy-isakmp-policy-10] ike peer new_peer
IKE Configuration Commands 941

ike proposal Syntax


ike proposal priority-level

undo ike proposal priority-level

View
System view

Parameter
priority-level: An integer ranging 1 to 100, it is a priority level of an IKE proposal,
and can distinguish this proposal from other proposal, the bigger the
value(priority-level) be selected, the lower the priority level be set actually.

Description
Using the ike proposal command, you can define an IKE proposal. Using the
undo ike proposal command, you can delete an IKE proposal.

By default, the system provides default IKE proposal with the lowest priority.

Performing this command in system view will enter IKE proposal view. In the IKE
proposal, you can select encryption algorithm, authentication algorithm, DH group
ID, authentication method and specify sa duration for this IKE proposal. Default
IKE proposal has a default encryption algorithm, authentication algorithm, DH
group ID, authentication method and sa duration, as follows:

■ an encryption algorithm: DES-CBC


■ an Authentication algorithm: HMAC-SHA1
■ an Authentication method: Pre-Shared Key
■ a DH group ID: MODP_768
■ an SA duration and: 86400 seconds

These parameters will be used to establish a security tunnel once these parameters
are confirmed by both sides of the negotiation.

Both sides of the negotiation can be configured in more then one IKE proposal.
During the negotiation, the IKE proposals in both sides are selected to match one
by one, by turns of their priority level. The parameters that must be same durning
the match are encryption algorithm, authentication algorithm, authentication
method, and DH group. The sa duration is decided by the initiator of the
negotiation, needing no agreement.

For the related commands, see authentication-algorithm,


encryption-algorithm, dh, authentication-algorithm, sa duration, display
crypto isakmp policy.

Example
# Define IKE proposal 10 with default encryption algorithm.
[3Com] ike proposal 10

[3Com-ike-proposal-10] authentication-algorithm md5


942 CHAPTER 9: SECURITY

[3Com-ike-proposal-10] authentication-method pre-share

[3Com-ike-proposal-10] sa duration 5000

ike sa keepalive-timer Syntax


interval
ike sa keepalive-timer interval seconds

undo ike sa keepalive-timer interval

View
System view

Parameter
seconds: Specifies the interval for sending Keepalive packet to the remote end
through ISAKMP SA. It can be set to a value in the range 20 to 28800.

Description
Using the ike sa keepalive-timer interval command, you can configure the
interval for sending Keepalive packet to the remote end through ISAKMP SA.
Using the undo ike sa keepalive-timer interval command, you can disable the
function.

By default, this function is disabled.

This command is used to configure the interval for sending Keepalive packet to
the remote end through ISAKMP SA. IKE maintains the link state of the ISAKMP
SA by using the Keepalive packet. In general, if a timeout is configured at the
remote end by using the ike sa keepalive-timer timeout command, an interval
for sending Keepalive packet must be configured at the local end. When the
remote end in the configured timeout time does not receive the Keepalive packet,
the ISAKMP SA with the TIMEOUT flag and the IPSec SA corresponding to it will
be deleted, and otherwise the ISAKMP SA without the TIMEOUT flag will be
marked as TIMEOUT. Thus the configured timeout should be longer than the
interval for sending the Keepalive packet during configuration.
For the related command, see ike sa keepalive-timer timeout.

Example
# Configure the interval as 20 seconds for the local end to send Keepalive packet
to the remote end.
[3Com] ike sa keepalive-timer interval 20

ike sa keepalive-timer Syntax


timeout
ike sa keepalive-timer timeout seconds

undo ike sa keepalive-timer timeout

View
System view
IKE Configuration Commands 943

Parameter
seconds: Specifies the timeout for ISAKMP SA to wait for the Keepalive packet. It
can be set to a value in the range 20 to 28800.

Description
Using the ike sa keepalive-timer timeout command, you can configure a
timeout for ISAKMP SA to wait for the Keepalive packet. Using the undo ike sa
keepalive-timer timeout command, you can disable the function.
By default, this function is disabled.
This command is used to configure the timeout for the remote end to send the
Keepalive packet. IKE maintains the link state of the ISAKMP SA by using the
Keepalive packet. When the remote end in the configured timeout does not
receive the Keepalive packet, the ISAKMP SA with the TIMEOUT flag and the IPSec
SA corresponding to it will be deleted, and otherwise the ISAKMP SA without the
TIMEOUT flag will be marked as TIMEOUT. Thus the configured timeout should be
longer than the interval for sending the Keepalive packet during configuration.

Generally, packets will not be lost for more than three consecutive times in the
network, so the timeout can be configured as three times of the interval set for
the remote end to send Keepalive packets.

For the related command, see ike sa keepalive-timer interval.

Example
# Configure the timeout as 20 seconds for the local end to wait for the remote
end to send the Keepalive packet.
[3Com] ike sa keepalive-timer timeout 20

nat-traversal Syntax
nat-traversal

undo nat-traversal

View
IKE-peer view

Parameter
None

Description
Using the nat-traversal command, you can configure the NAT traversal function
of IKE/IPSec. Using the undo nat-traversal command, you can disable the NAT
traversal function of IKE/IPSec.

This command fits for the application that the NAT GW functionality is included in
the VPN tunnel constructed by IKE/IPSec.

Example
# Enable the NAT traversal function.
944 CHAPTER 9: SECURITY

[Router] ike peer new_peer

[Router-ike-peer-new_peer] nat traversal

pre-shared-key Syntax
pre-shared-key key

undo pre-shared-key

View
IKE-peer view

Parameter
key: Specifies a pre-shared key, which is a string of 1 to 128 characters.

Description
Using the pre-shared-key command, you can configure a pre-shared key to be
used in IKE negotiation. Using the undo pre-shared-key command, you can
remove the pre-shared key used in IKE negotiation.

Example
# Set the pre-shared key used in IKE negotiation to “abcde”.
[Router] ike peer new_peer

[Router-ike-peer-new_peer] pre-shared-key abcde

remote-address Syntax
remote-address ip-address

undo remote-address

View
IKE-peer view

Parameter
ip-address: IP address.

Description
Using the remote-address command, you can configure IP address of the remote
GW. Using the undo remote-address command, you can delete IP address of the
remote GW.

ip-address configured in this command should comply with the one configured for
the remote GW.

Example
# Set IP address of the remote GW to 10.0.0.1.
[Router] ike peer new_peer

[Router-ike-peer-new_peer] remote-address 10.0.0.1


IKE Configuration Commands 945

remote-id Syntax
remote-id id

undo remote-id

View
IKE-peer view

Parameter
id: Specifies ID of the remote GW, which is a string of 1 to 32 characters.

Description
Using the remote-id command, you can specify a remote GW. Using the undo
remote-id command, you can remove the configuration of the remote GW.
id configured in this command must be the same one configured using the ike
local id command on the remote GW.

Example
# Set ID of the remote GW to “beijing”.
[Router] ike peer new_peer

[Router-ike-peer-new_peer] remote-id beijing

reset ike sa Syntax


reset ike sa [ connection-id ]

View
User view

Parameter
connection-id: Specifies the SA to be deleted. If this parameter is not specified, all
the SAs at phase 1 and phase 2 will be deleted.

Description
Using the reset ike sa command, you can delete the security tunnel set up by IKE.

If connection-id is not specified, all the SAs at phase 1 and phase 2 will be deleted.
If ISAKMP SA at phase 1 exists when deleting the local security tunnel, a Delete
Message notification is sent to the remote under the protection of this security
tunnel to notify the remote to delete the SA database.

IKE uses ISAKMP of two phases: phase 1 or ISAKMP SA to establish SA, phase 2 or
IPSec SA to negotiate and establish IPSec SA, using the former established SA.

For the related command, see display ike sa.

Example
# Delete the security tunnel to 202.38.0.2.
<3Com> display ike sa
946 CHAPTER 9: SECURITY

conn-id remote flag phase doi

1 202.38.0.2 RD|ST 1 IPSEC

2 202.38.0.2 RD|ST 2 IPSEC

flag meaning:

RD--READY ST--STAYALIVE RT--REPLACED FD--FADING

<3Com> reset ike sa 2

<3Com> display ike sa

conn-id remote flag phase doi

2 202.38.0.2 RD|ST 2 IPSEC

flag meaning:

RD--READY ST--STAYALIVE RT--REPLACED FD—FADING

CAUTION: If the SA of phase 1 is deleted first, the remote end cannot be


informed of clearing the SA database when deleting the SA of phase 2.

sa duration Syntax
sa duration seconds

undo sa duration

View
IKE proposal view

Parameter
seconds: Specifies the ISAKMP Sa duration. When the sa duration expires, ISAKMP
SA will update automatically. It can be set to a value in the range 60 to 604800
seconds.

Description
Using the sa duration command, you can specify the ISAKMP Sa duration for an
IKE proposal. Using the undo sa duration command, you can restore it to the
default.

By default, the value of ISAKMP Sa duration is 86400 seconds (one day).

Before the sa duration for a SA expires, a new SA will be negotiated for replacing
the existing SA, and the old SA will be automatically cleared when the Sa duration
expires.

For the related commands, see ike proposal and display ike proposal.

authentication-algorith Syntax
m
authentication-algorithm { md5 | sha }

undo authentication-algorithm
IKE Configuration Commands 947

View
IKE Proposal View

Parameter

md5: Selects the authentication algorithm: HMAC-MD5.

sha: Selects the authentication algorithm: HMAC-SHA1.

Description
Using the authentication-algorithm command, you can select the
authentication algorithm for an IKE proposal. Using the undo
authentication-algorithm command, you can restore the authentication
algorithm for an IKE proposal to the default.

By default, HMAC-SHA1 authentication algorithm is used.

For the related commands, see ike proposal, display ike proposal.

Example
# Set HMAC-MD5 as the authentication algorithm for IKE proposal 10.
[3Com] ike proposal 10

[3Com-ike-proposal-10] authentication-algorithm md5

authentication-method Syntax
authentication-method { pre-share }

undo authentication-method

View
IKE proposal view

Parameter
pre-share: Specifies the pre-shared key authentication as the Internet Key
Exchange (IKE) proposal authentication method.

Description
Using the authentication-method command, you can select the authentication
method used by an IKE proposal. Using the undo authentication-method
command, you can restore the authentication method used by an IKE proposal to
the default.

By default, the authentication method used by an IKE proposal is pre-shared key


authentication.

Authentication key must be configured to adopt the pre-shared key authentication


method.

For the related commands, see ike proposal and display ike proposal.
948 CHAPTER 9: SECURITY

Example
# Specify pre-shared key authentication as the authentication method for IKE
proposal 10.
[3Com] ike proposal 10

[3Com-ike-proposal-10] authentication-method pre-share

debugging ike Syntax


debugging ike { error | exchange | message | misc }

undo debugging ike { error | exchange | message | misc }

View
User view

Parameter

error: Displays the IKE error debugging information.

exchange: Displays the IKE exchange mode debugging information.

message: Displays the IKE message debugging information.

misc: Displays all the other IKE debugging information.

Description
Using the debugging ike command, you can enable IKE debugging. Using the
undo debugging ike command, you can disable IKE debugging.

By default, IKE debugging is disabled.

Example
# Enable IKE error debugging.
<3Com> debugging ike error

dh Syntax
dh { group1 | group2 }

undo dh

View
IKE proposal view

Parameter

group1: Selects group1, that is, the 768-bit Diffie-Hellman group.

group2: Selects group2, that is, the 1024-bit Diffie-Hellman group.


IKE Configuration Commands 949

Description
Using the dh command, you can select the Diffie-Hellman group for an IKE
proposal. Using the undo dh command, you can restore the Diffie-Hellman group
for an IKE proposal to the default.

By default, group1, that is, 768-bit Diffie-Hellman group is used.

For the related commands, see ike proposal, display ike proposal.

Example
# Specify 768-bit Diffie-Hellman for IKE proposal 10.
[3Com] ike proposal 10

[3Com-ike-proposal-10] dh group1

display ike proposal Syntax


display ike proposal

View
Any view

Parameter
none

Description
Using the display ike proposal command, you can view the parameters
configured for each IKE proposal.

This command shows IKE proposals in the sequence of the priority.

For the related commands, see ike proposal, encryption-algorithm,


authentication-algorithm, dh and sa duration.

Example
# View the IKE proposal information after two IKE proposals are configured.
[3Com] display ike proposal

Protection suite priority 10

encryption algorithm: DES_CBC

authentication algorithm: SHA

authentication method: PRE_SHARED

Diffie-Hellman group: MODP_1024

sa duration(seconds): 5000

Protection suite priority 11

encryption algorithm: DES_CBC

authentication algorithm: MD5


950 CHAPTER 9: SECURITY

authentication method: PRE_SHARED

Diffie-Hellman group: MODP_768

sa duration(seconds): 50000

Default protection suite

encryption algorithm: DES_CBC

authentication algorithm: SHA

authentication method: PRE_SHARED

Diffie-Hellman group: MODP_768

sa duration(seconds): 86400

Table 23 Display information of IKE proposal

Item Description
Protection suite priority priority of the IKE proposal, being any integer between 1 and 100.
The larger the priority value, the lower the priority.
encryption algorithm encryption algorithm used by the IKE proposal
authentication authentication algorithm used by the IKE proposal
algorithm
authentication method authentication method used by the IKE proposal
Diffie-Hellman group Diffie-Hellman (DH) group ID
sa duration ISAKMP Sa duration used by the IKE proposal
Default protection Default IKE proposal, which is used by default or when all the
suite configured IKE policies are not matched. Its priority is the lowest.

display ike sa Syntax


display ike sa

View
Any view

Parameter
none

Description
Using the display ike sa command, you can view the current security tunnels
established by IKE.

For the related command, see ike proposal.

Example
# View the security tunnels established by IKE.
[3Com] display ike sa

conn-id remote flag phase doi

1 202.38.0.2 RD|ST 1 IPSEC


IKE Configuration Commands 951

2 202.38.0.2 RD|ST 2 IPSEC

flag meaning:

RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO-TIMEOUT

The descriptions of the items displayed are listed in the following table.
Table 24 Display information of IKE SA

Item Description
conn-id Security channel ID
remote Remote IP address of this SA
flag Display the status of this SA
RD (READY) means this SA has been established ST (STAYALIVE) means that SA duration is
successfully negotiated, and this SA will be refreshed
in fixed interval.
RL (REPLACED) means that this SA has been FD (FADING) means this SA has been soft
replaced by a new one, and will be timeout, but is still in use, and will be
automatically deleted after a period of time. deleted at the time of hard timeout.
TO (TIMEOUT) means this SA have not received phase
any keepalive packet after previous keepalive
timeout occurred. If this SA receives no
keepalive packet till next keepalive timeout
occurs, this SA will be deleted.
Phase of the SA: Phase 1: a phase of establishing security
channel to communicate, ISAKMP SA will
be established in the phase;
Phase 2: a phase of negotiating security service, doi
IPSec SA will be established in the phase.
Domain of Interpretation

encryption-algorithm Syntax
encryption-algorithm { des-cbc | 3des-cbc }

undo encryption-algorithm

View
IKE proposal view

Parameter

des-cbc: Selects the 56-bit DES-CBC encryption algorithm for an IKE proposal.
DES algorithm adopts 56-bit keys for encryption.

3des-cbc: Setss the encryption algorithm to the 3DES algorithm in CBC mode. The
3DES algorithm uses 168-bit keys for encryption.

Description
Using the encryption command, you can specify the encryption algorithm for an
IKE proposal. Using the undo encryption command, you can restore to the
default.

By default, 56-bit DES-CBC encryption algorithm is used.


952 CHAPTER 9: SECURITY

For the related commands, see ike proposal and display ike proposal.

Example
# Specify the 56-bit DES-CBC encryption algorithm for IKE proposal 10.
[3Com] ike proposal 10

[3Com-ike-proposal-10] encryption-algorithm des-cbc

exchange-mode Syntax
exchange-mode [ aggressive | main ]

undo exchange-mode

View
IKE-peer view

Parameter

aggressive: Aggressive mode

main: Main mode.

Description
Using the exchange-mode command, you can select an IKE negotiation mode.
Using the undo exchange-mode command, you can restore the default
negotiation mode.

By default, main mode is adopted.

If the device at one end of a security tunnel obtains IP address dynamically, IKE
negotiation mode must be set to aggressive.

Example
# Adopt the main mode for IKE negotiation.
[Router] ike peer new_peer

[RouterA-ike-peer-new_peer] exchange-mode main

id-type Syntax
id-type [ ip | name ]

undo id-type

View
IKE-peer view

Parameter

ip: Uses IP address as ID of the local GW.

name: Uses name of the local GW as its ID, i.e., IKE local ID designated by the ike
local id the command.
IKE Configuration Commands 953

Description
Using the id-type command, you can select the type of ID used for identifying the
local GW in an IKE negotiation. Using the undo id-type command, you can
restore the default setting.
By default, the local GW is identified by its IP address.
If the id-type name command is configured, id configured in the ike local id
command will be used as ID of the local GW.

In main mode, only IP address can be used to identify the local GW. In IKE
aggressive mode, however, both IP address and name (configured using the ike
local id command) can be used to identify the local GW for SA setup. In the latter
case, regardless of the IP address assigned to a subscriber, whether static
or dynamic, an SA can be set up so long as the name and password used for
setting up the SA are correct.

For the related command, see ike local id.

Example
# Identify the local GW by name.
[Router] ike peer new_peer

[Router-ike-peer-new_peer] id-type name

ike local id Syntax


ike local id id

undo ike local id

View
System view

Parameter
id: ID of the local GW, which can be a string of 1 to 32 characters.

Description
Using the ike local id command, you can configure ID of the local GW. Using the
undo ike local id command, you can restore the default ID of the local GW.

By default, router name is used as the ID of the local GW.

Only if the id-type name command has been configured can the id configured
using the ike local id command be ID of the local GW.

Example
# Identify the local GW by the configured name (local ID) “beijing_VPN”
[Router] ike local id beijing_VPN

ike peer (system view) Syntax


ike peer peer-name
954 CHAPTER 9: SECURITY

undo ike peer peer-name

View
System view

Parameter
peer-name: IKE peer name, which can be a string of up to 15 characters.

Description
Using the ike peer command, you can configure an IKE peer and access IKE-peer
view. Using the undo ike peer command, you can delete an IKE peer.

Example
# Configure an IKE peer “new_peer” and access its view.
[Router] ike peer new_peer

[3Com-ike-peer-new_peer]

ike peer (IPSec policy Syntax


view, IPSec policy
ike peer peer-name
template view)
undo ike peer peer-name

View
IPSec policy view, IPSec policy template view

Parameter
peer-name: IKE peer name, which is a string of up to 15 characters.

Description
Using the ike peer command, you can quote an IKE peer in an IPSec policy or
IPSec policy template. Using the undo ike peer command, you can remove the
quoted IKE peer from the IPSec policy or IPSec policy template.

For the related command, see ipsec policy.

Example
# Quote an IKE peer in the IPSec policy.
[Router-ipsec-policy-isakmp-policy-10] ike peer new_peer

ike proposal Syntax


ike proposal priority-level

undo ike proposal priority-level

View
System view
IKE Configuration Commands 955

Parameter
priority-level: An integer ranging 1 to 100, it is a priority level of an IKE proposal,
and can distinguish this proposal from other proposal, the bigger the
value(priority-level) be selected, the lower the priority level be set actually.

Description
Using the ike proposal command, you can define an IKE proposal. Using the
undo ike proposal command, you can delete an IKE proposal.

By default, the system provides default IKE proposal with the lowest priority.

Performing this command in system view will enter IKE proposal view. In the IKE
proposal, you can select encryption algorithm, authentication algorithm, DH group
ID, authentication method and specify sa duration for this IKE proposal. Default
IKE proposal has a default encryption algorithm, authentication algorithm, DH
group ID, authentication method and sa duration, as follows:

■ an encryption algorithm: DES-CBC


■ an Authentication algorithm: HMAC-SHA1
■ an Authentication method: Pre-Shared Key
■ a DH group ID: MODP_768
■ an SA duration and: 86400 seconds

These parameters will be used to establish a security tunnel once these parameters
are confirmed by both sides of the negotiation.

Both sides of the negotiation can be configured in more then one IKE proposal.
During the negotiation, the IKE proposals in both sides are selected to match one
by one, by turns of their priority level. The parameters that must be same durning
the match are encryption algorithm, authentication algorithm, authentication
method, and DH group. The sa duration is decided by the initiator of the
negotiation, needing no agreement.

For the related commands, see authentication-algorithm,


encryption-algorithm, dh, authentication-algorithm, sa duration, display
crypto isakmp policy.

Example
# Define IKE proposal 10 with default encryption algorithm.
[3Com] ike proposal 10

[3Com-ike-proposal-10] authentication-algorithm md5

[3Com-ike-proposal-10] authentication-method pre-share

[3Com-ike-proposal-10] sa duration 5000

ike sa keepalive-timer Syntax


interval
ike sa keepalive-timer interval seconds

undo ike sa keepalive-timer interval


956 CHAPTER 9: SECURITY

View
System view

Parameter
seconds: Specifies the interval for sending Keepalive packet to the remote end
through ISAKMP SA. It can be set to a value in the range 20 to 28800.

Description
Using the ike sa keepalive-timer interval command, you can configure the
interval for sending Keepalive packet to the remote end through ISAKMP SA.
Using the undo ike sa keepalive-timer interval command, you can disable the
function.

By default, this function is disabled.

This command is used to configure the interval for sending Keepalive packet to
the remote end through ISAKMP SA. IKE maintains the link state of the ISAKMP
SA by using the Keepalive packet. In general, if a timeout is configured at the
remote end by using the ike sa keepalive-timer timeout command, an interval
for sending Keepalive packet must be configured at the local end. When the
remote end in the configured timeout time does not receive the Keepalive packet,
the ISAKMP SA with the TIMEOUT flag and the IPSec SA corresponding to it will
be deleted, and otherwise the ISAKMP SA without the TIMEOUT flag will be
marked as TIMEOUT. Thus the configured timeout should be longer than the
interval for sending the Keepalive packet during configuration.
For the related command, see ike sa keepalive-timer timeout.

Example
# Configure the interval as 20 seconds for the local end to send Keepalive packet
to the remote end.
[3Com] ike sa keepalive-timer interval 20

ike sa keepalive-timer Syntax


timeout
ike sa keepalive-timer timeout seconds

undo ike sa keepalive-timer timeout

View
System view

Parameter
seconds: Specifies the timeout for ISAKMP SA to wait for the Keepalive packet. It
can be set to a value in the range 20 to 28800.

Description
Using the ike sa keepalive-timer timeout command, you can configure a
timeout for ISAKMP SA to wait for the Keepalive packet. Using the undo ike sa
keepalive-timer timeout command, you can disable the function.
By default, this function is disabled.
IKE Configuration Commands 957

This command is used to configure the timeout for the remote end to send the
Keepalive packet. IKE maintains the link state of the ISAKMP SA by using the
Keepalive packet. When the remote end in the configured timeout does not
receive the Keepalive packet, the ISAKMP SA with the TIMEOUT flag and the IPSec
SA corresponding to it will be deleted, and otherwise the ISAKMP SA without the
TIMEOUT flag will be marked as TIMEOUT. Thus the configured timeout should be
longer than the interval for sending the Keepalive packet during configuration.

Generally, packets will not be lost for more than three consecutive times in the
network, so the timeout can be configured as three times of the interval set for
the remote end to send Keepalive packets.

For the related command, see ike sa keepalive-timer interval.

Example
# Configure the timeout as 20 seconds for the local end to wait for the remote
end to send the Keepalive packet.
[3Com] ike sa keepalive-timer timeout 20

nat-traversal Syntax
nat-traversal

undo nat-traversal

View
IKE-peer view

Parameter
None

Description
Using the nat-traversal command, you can configure the NAT traversal function
of IKE/IPSec. Using the undo nat-traversal command, you can disable the NAT
traversal function of IKE/IPSec.

This command fits for the application that the NAT GW functionality is included in
the VPN tunnel constructed by IKE/IPSec.

Example
# Enable the NAT traversal function.

[Router] ike peer new_peer

[Router-ike-peer-new_peer] nat traversal

pre-shared-key Syntax
pre-shared-key key

undo pre-shared-key
958 CHAPTER 9: SECURITY

View
IKE-peer view

Parameter
key: Specifies a pre-shared key, which is a string of 1 to 128 characters.

Description
Using the pre-shared-key command, you can configure a pre-shared key to be
used in IKE negotiation. Using the undo pre-shared-key command, you can
remove the pre-shared key used in IKE negotiation.

Example
# Set the pre-shared key used in IKE negotiation to “abcde”.
[Router] ike peer new_peer

[Router-ike-peer-new_peer] pre-shared-key abcde

remote-address Syntax
remote-address ip-address

undo remote-address

View
IKE-peer view

Parameter
ip-address: IP address.

Description
Using the remote-address command, you can configure IP address of the remote
GW. Using the undo remote-address command, you can delete IP address of the
remote GW.

ip-address configured in this command should comply with the one configured for
the remote GW.

Example
# Set IP address of the remote GW to 10.0.0.1.
[Router] ike peer new_peer

[Router-ike-peer-new_peer] remote-address 10.0.0.1

remote-id Syntax
remote-id id

undo remote-id

View
IKE-peer view
IKE Configuration Commands 959

Parameter
id: Specifies ID of the remote GW, which is a string of 1 to 32 characters.

Description
Using the remote-id command, you can specify a remote GW. Using the undo
remote-id command, you can remove the configuration of the remote GW.
id configured in this command must be the same one configured using the ike
local id command on the remote GW.

Example
# Set ID of the remote GW to “beijing”.
[Router] ike peer new_peer

[Router-ike-peer-new_peer] remote-id beijing

reset ike sa Syntax


reset ike sa [ connection-id ]

View
User view

Parameter
connection-id: Specifies the SA to be deleted. If this parameter is not specified, all
the SAs at phase 1 and phase 2 will be deleted.

Description
Using the reset ike sa command, you can delete the security tunnel set up by IKE.

If connection-id is not specified, all the SAs at phase 1 and phase 2 will be deleted.
If ISAKMP SA at phase 1 exists when deleting the local security tunnel, a Delete
Message notification is sent to the remote under the protection of this security
tunnel to notify the remote to delete the SA database.

IKE uses ISAKMP of two phases: phase 1 or ISAKMP SA to establish SA, phase 2 or
IPSec SA to negotiate and establish IPSec SA, using the former established SA.

For the related command, see display ike sa.

Example
# Delete the security tunnel to 202.38.0.2.
<3Com> display ike sa

conn-id remote flag phase doi

1 202.38.0.2 RD|ST 1 IPSEC

2 202.38.0.2 RD|ST 2 IPSEC

flag meaning:

RD--READY ST--STAYALIVE RT--REPLACED FD--FADING


960 CHAPTER 9: SECURITY

<3Com> reset ike sa 2

<3Com> display ike sa

conn-id remote flag phase doi

2 202.38.0.2 RD|ST 2 IPSEC

flag meaning:

RD--READY ST--STAYALIVE RT--REPLACED FD—FADING

CAUTION: If the SA of phase 1 is deleted first, the remote end cannot be


informed of clearing the SA database when deleting the SA of phase 2.

sa duration Syntax
sa duration seconds

undo sa duration

View
IKE proposal view

Parameter
seconds: Specifies the ISAKMP Sa duration. When the sa duration expires, ISAKMP
SA will update automatically. It can be set to a value in the range 60 to 604800
seconds.

Description
Using the sa duration command, you can specify the ISAKMP Sa duration for an
IKE proposal. Using the undo sa duration command, you can restore it to the
default.

By default, the value of ISAKMP Sa duration is 86400 seconds (one day).

Before the sa duration for a SA expires, a new SA will be negotiated for replacing
the existing SA, and the old SA will be automatically cleared when the Sa duration
expires.

For the related commands, see ike proposal and display ike proposal.
IKE Configuration Commands 961

Example
# Specify the ISAKMP Sa duration for IKE proposal 10 as 600 seconds (10
minutes).
[3Com] ike proposal 10

[3Com-ike-proposal-10] sa duration 600

authentication-method Syntax
authentication-method { pre-share | rsa-signature }
undo authentication-method

View
IKE proposal view

Parameter
pre-share: decides on pre-shared-key as the authentication method;
rsa-signature: decides on PKI digital signature as the authentication method.

Description
Using the authentication-method command, you can specify the authentication
method IKE policy uses. Using the undo authentication-method command, you
can reactivate the default authentication method.
pre-shared-key is the default authentication method.
This command is used to specify the authentication method for an IKE proposal.
Currently, both pre-shared-key and rsa-signature are practicable.
pre-shared-key requires the configuration of key, for which, you may refer to ike
pre-shared-key.
For related commands, see ike pre-shared-key, ike proposal, display ike
proposal, pki domain, and pki entity.

To configure PKI, please refer to “PKI Configuration.”

Example
# Specify pre-shared-key as the authentication method of IKE proposal 10
[Router] ike proposal 10

[Router-ike-proposal-10] authentication-method pre-share

authentication-method Syntax
authentication-method { pre-share | rsa-signature }
undo authentication-method

View
IKE proposal view

Parameter
pre-share: decides on pre-shared-key as the authentication method;
rsa-signature: decides on PKI digital signature as the authentication method.
962 CHAPTER 9: SECURITY

Description
Using the authentication-method command, you can specify the authentication
method IKE policy uses. Using the undo authentication-method command, you
can reactivate the default authentication method.
pre-shared-key is the default authentication method.
This command is used to specify the authentication method for an IKE proposal.
Currently, both pre-shared-key and rsa-signature are practicable.
pre-shared-key requires the configuration of key, for which, you may refer to ike
pre-shared-key.
For related commands, see ike pre-shared-key, ike proposal, display ike
proposal, pki domain, and pki entity.

To configure PKI, please refer to “PKI Configuration.”

Example
# Specify pre-shared-key as the authentication method of IKE proposal 10
[Router] ike proposal 10
[Router-ike-proposal-10] authentication-method pre-share

PKI Configuration
Commands

PKI Domain
Configuration
Commands

ca identifier Syntax
ca identifier name

undo ca identifier

View
PKI domain view

Parameter
name: CA identifier this device trusts, within the range of 1 to 63 characters.

Description
Using the ca identifier command, you can specify the CA this device trusts and
have the “name” CA bound with this device. Using the undo ca identifier
command, you can delete the CA this device trusts.

By default, no trusted CA is specified.

Before the CA is deleted, the request, retrieval, revocation, and polling of this
certificate are carried out.
PKI Configuration Commands 963

Example
#Specify the name of the CA this device trusts.
[RouterCA-pki-domain-1]ca identifier new-ca

certificate request from Syntax


certificate request from { ca | ra } entity entity-name

undo certificate request from { ca | ra }

View
PKI domain view

Parameter
ca: indicates that the entity registers by CA for certificate request.

ra: indicates that the entity registers by RA for certificate request.

entity entity-name: name of the entity under certificate request. Within the
range of 1 to 15 characters, it shall be identical with that defined by the pki
entity command.

Description
Using the certificate request from command, you can choose between CA and
RA to register for certificate request. Using the undo certificate request from
command, you can undo the selection registration agent.

RA offers an extension to the CA certificate issue management. It takes charge of


the input and verification of the applicant information, as well as, the certificate
issuing. However, it does not support a signature function. Within some minor PKI
systems there is no RA, and its functions are implemented through CA.

By default, no registration agent is specified. PKI security policy recommends RA as


the registration agent.

For the related command, see pki entity.

Example
# Specify that the entity registers by CA for certificate request

[RouterCA-pki-domain-1]certificate request from ca entity new-entity

[RouterCA-pki-domain-1]undo certificate request from ca

certificate request mode Syntax


certificate request mode { manual | auto }

undo certificate request mode

View
PKI domain view
964 CHAPTER 9: SECURITY

Parameter
manual: refers to the manual certificate request mode;

auto: refers to the auto certificate request mode.

Description
Using the certificate request mode command, you can decide between the
manual or the auto request mode. Using the undo certificate request mode
command, you can restore the default request mode.

Auto mode enables the auto delivery of certificate request when there is no
certificate, or when the current certificate is about to expire. Manual mode
requires manual operation in the request process.

By default, certificate request is carried out manually.

For related command, see pki request certificate.

Example
# Set the request mode to Auto
[RouterCA-pki-domain-1]certificate request mode auto

[RouterCA-pki-domain-1]undo certificate request mode

certificate request Syntax


polling certificate request polling { interval minutes | count count }

undo certificate request polling { interval | count }

View
PKI domain view

Parameter
minutes: renders the interval between two polls. Specified in minutes, it ranges
from 5 to 60 minutes, and by default, it is 20 minutes;

count: indicates the retry times. It ranges from 1 to 100, and by default, is 50.

Description
Using the certificate request polling command, you can specify the interval
between two polls and the retry times. Using the undo certificate request
polling command, you can restore the default parameters.

When the request is delivered, if CA requires manual authentication, it will take a


long time before the certificate is issued. The client, therefore, needs to
periodically poll the request for the timely acquisition of the certificate after being
authorized.

For related command, see display pki certificate.

Example
# Specify the interval between two polls and the retry times
PKI Configuration Commands 965

[RouterCA-pki-domain-1]certificate request polling interval 15

[RouterCA-pki-domain-1]certificate request polling count 40

certificate request url Syntax


certificate request url string

undo certificate request url

View
PKI domain view

Parameter
string: refers to the server URL of the registration authority. Ranging from 1 to
255 characters, it composes server location and CA CGI command interface script
location in the format of http://server_location/ca_script_location. Thereamong,
server_location is generally expressed as IP address, which if is to be replaced by
server name, DNS needs to be configured for the conversion match between IP
addressed and server names.

Description
Using the certificate request url command, you can specify the server URL for
certificate request through SCEP protocol. SCEP is a protocol specialized in the
communication with authentication authorities. Using the undo certificate
request url command, you can delete the concerned location setting.

By default, no server URL is specified.

Example
#Specify the server location for certificate request.
[RouterCA-pki-domain-1] certificate request url http:

//169.254.0.100/ certsrv/mscep.dll

crl update period Syntax


crl update period { default | days }

undo crl update period

View
PKI domain view

Parameter
default: identical with the validity period of CRL

days: number of days

Description
Using the crl update period command, you can specify the update period of
CRL, which is the interval between local downloads of CRLs from access server.
966 CHAPTER 9: SECURITY

Using the undo crl update period command, you can restpre the default CRL
update period.

By default, it updates according to CRL validity period.

Example
#Specify CRL update period.
[RouterCA-pki-domain-1] crl update period 20

crl url Syntax


crl url url-string

undo crl url

View
PKI domain view

Parameter
url-string: refers to the distribution point location of CRL. Ranging from 1 to
255 characters, it is in the format of Idap://server_location. Thereamong,
server_location is generally expressed as IP address, which if is to be replaced by
server name, DNS needs to be configured for the match between IP addresses and
server names.

Description
Using the crl url command, you can specify the distribution point URL for CRL.
Using the undo crl url command, you can undo the specification.

By default, no CRL distribution point URL is specified.

Example
#Specify the URL location of CRL database.
[RouterCA-pki-domain-1] crl url ldap: // 169.254.0 30

Idap server Syntax


Idap server ip ip-address [ port port-num ] [ version version-number]

undo Idap server ip

View
PKI domain view

Parameter
ip-address: IP address of LDAP server.

port-num: port number of LDAP server, ranging from 1 to 65535. By default, it is


389.

version-number: LDAP version number, alternatively 2 or 3. By default, it is 2.


PKI Configuration Commands 967

Description
Using the Idap server ip command, you can configure the LDAP server IP address
and the port. Using the undo ldap server ip command, you can cancel the
related configuration.

By default, no LDAP server IP address or port is configured.

Example
#Specify the LDAP server address.
[RouterCA-pki-domain-1]ldap server ip 169.254.0 30

pki domain Syntax


pki domain name

undo pki domain name

View
Any view

Parameter
name: PKI domain name specified for the quotation of other commands, indicating
the PKI domain this device belongs to. It can contain 1 to 15 characters.

Description
Using the pki domain command, you can enter PKI domain view, and configure
the parameters of LDAP server and for certificate request and authentication.
Using the undo pki domain command to delete the specified PKI domain.

By default, no PKI domain name is specified.

Example
#Enter PKI domain view.
[RouterCA]pki domain 1

PKI Entity Configuration


Commands

fqdn Syntax
fqdn name-str

undo fqdn

View
PKI entity view

Parameter
name-str: FQDN of an entity, within the range of 1 to 255 characters.
968 CHAPTER 9: SECURITY

Description
Using the fqdn command, you can specify the FQDN of an entity. Using the undo
fqdn command, you can delete the entity FQDN.

By default, no entity FQDN is specified.

FQDN (Fully Qualified Domain Name) is the unique identifier an entity has in the
network, like email address. It can be resolved into IP address, usually in the form
of user.domain.

Example
#Configure the FQDN of an entity.
[RouterCA-pki-entity-1]fqdn pki.3com.com

common name Syntax


common-name name-str

undo common-name

View
PKI entity view

Parameter
name-str: common name of an entity, within the range of 1 to 31 characters

Description
Using the common-name command, you can specify the common name of an
entity, for instance, User Name. Using the undo common-name command, you
can delete the common name of this entity.

By default, no common name is specified for any entity.

Example
#Configure the common name of an entity.
[RouterCA-pki-entity-1]common-name pki test

country code Syntax


country country-code-str

undo country

View
PKI entity view

Parameter
country-code-str: country code of 2 bytes
PKI Configuration Commands 969

Description
Using the country command, you can specify the code of the country the entity
belongs to. It is a standard 2-byte code, e.g., CN for China. Using the undo
country command, you can delete the country code of this entity.

By default, no country code is specified for any entity.

Example
#Set the country code of an entity.
[RouterCA-pki-entity-1]country CN

ip Syntax
ip ip-address

undo ip

View
PKI entity view

Parameter
ip-address: IP address of an entity in the form of dotted decimal like A.B.C.D

Description
Using the ip command, you can specify the IP address of an entity. Using the
undo ip command, you can delete the specified IP address.

By default, no entity IP address is specified.

Example
#Configure the IP address of an entity.
[RouterCA-pki-entity-1]ip 161.12.2.3

locality Syntax
locality locality-str

undo locality

View
PKI entity view

Parameter
locality-str: name of the geographical locality of an entity, in the range of 1 to
31 characters.

Description
Using the locality command, you can name the geographical locality of an entity,
by a city for example. Using the undo locality command you can cancel the
mentioned naming operation.

By default, no geographical locality is specifed for an entity.


970 CHAPTER 9: SECURITY

Example
#Configure the name of the city where the entity lives.
[RouterCA-pki-entity-1]locality bei jing

organization Syntax
organization org-str

undo organization

View
PKI entity view

Parameter
org-str: organization name in the range of 1 to 31 characters.

Description
Using the organization command, you can specify the name of the organization
the entity belongs to. Using the undo organization command, you can delete
that name.

By default, no organization name is specified for any entity.

Example
#Configure the name of the organization to which an entity belongs.
[RouterCA-pki-entity-1]organization hua wei - 3com

organizational unit Syntax


organizational-unit org-unit-str

undo organizational-unit

View
PKI entity view

Parameter
org-unit-str: organization unit name in the range of 1 to 31 characters.

Description
Using the organizational-unit command, you can specify the name of the
organization unit to which this entity belongs. Using the undo
organizational-unit command, you can delete the specified organization unit
name.

By default, no organization unit name is specified for any entity.

Example
#Configure the name of the organization unit to which an entity belongs.
[RouterCA-pki-entity-1]organizational-unit soft plat
PKI Configuration Commands 971

state Syntax
state state-str

undo state

View
PKI entity view

Parameter
state-str: state name within the range of 1 to 31 characters.

Description
Using the state command, you can clarify the name of the state where an entity
lies. Using the undo state command, you can cancel the previous operation.

By default, the state of an entity is not specified.

Example
#Specify the state where an entity lies.
[RouterCA-pki-entity-1]state bei jing

pki entity Syntax


pki entity name-str

undo pki entity

View
Any view

Parameter
name-str: device-related unique character string of identification. Specified when
being quoted, it shall be within the range of 1 to 15 characters.

Description
Using the pki entity command, you can name a PKI entity and enter PKI entity
view. Using the undo pki entity command, you can delete the name and cancel
all configurations under the name space.

A variety of attributes can be configured in PKI entity view. name-str plays only for
the convenience in being quoted by other commands. No field of certificate is
concerned.

By default, entity name is not specified.

Example
#Enter PKI entity view.
[RouterCA]pki entity en
972 CHAPTER 9: SECURITY

PKI Certificate operation


Commands

pki delete certificate Syntax


pki delete certificate { local | ca }

View
Any view

Parameter
local: indicates the deletion of all local certificates that are locally stored.

ca: indicated the deletion of all CA certificates that are locally stored.

Description
Using the pki delete certificate command, you can delete the locally stored
certificates.

Example
#Delete the local certificates.
[RouterCA] pki delete certificate local

pki request certicicate Syntax


pki request certificate domain-name [ password ] [ pem ]

View
Any view

Parameter
domain-name: contains CA or RA related information. It is configured by using the
pki domain command.

password: optionally involved in certificate revocation.

pem: optionally involved in the printing of the certificate requests that can be in
outband modes such as phone, disk, and e-mail.

Description
Using the pki request certificate command, you can deliver certificate request
through SCEP to CA for the generated RSA key repair. If SCEP fails to go through
normal communication, you can print the local certificate request in base64
format using the optional parameter “pem”, copy it, and send one to CA in an
outband mode.

This operation is not saved within the configuration.

For the related command, see pki domain.

Example
#Manually apply for a certificate.
PKI Configuration Commands 973

[RouterCA] pki request certificate 1

#Display the request information for local certificates.

[RouterCA] pki request certificate 1 pem

pki retrieval certificate Syntax


pki retrieval certificate { local | ca } domain domain-name

View
Any view

Parameter
local: indicates the download of a local certificate.

ca: indicates the download of a CA certificate.

domain-name: contains CA or RA related information. It is configured by using the


pki domain command.

Description
Using the pki retrieval certificate command, you can download a certificate
from the certificate issuing server.

For related command, see pki domain.

Example
# Retrieve a certificate.
[RouterCA] pki retrieval certificate ca domain 1

pki retrieval crl Syntax


pki retrieval crl domain domain-name

View
Any view

Parameter
domain-name: contains CA or RA related information. It is configured by using the
pki domain command.

Description
Using the pki retrieval crl command, you can obtain the latest CRL from CRL
server for the verification of the validity of a current certificate.

For related command, see pki domain.

Example
#Retrieve a CRL.
[RouterCA] pki retrieval crl domain 1
974 CHAPTER 9: SECURITY

pki validation certificate Syntax


pki validation certificate { local | ca } domain domain-name

View
Any view

Parameter
local: indicates the validation of a local certificate;
ca: indicates the validation of a CA certificate;
domain-name: specifies the domain of the certificate about to be verified. It is
configured by using the pki domain command.

Description
Using the pki validation certificate command, you can verify the validity of a
certificate. The focus is to check the CA signature on the certificate, and to make
sure that the certificate is still within the validity period and beyond revocation. All
certificates with authentic signatures of CA can pass the validation, since it is
believed that CA never issues fake certificates.
For related command, see pki domain.

Example
# Verify the validity of a certificate
[RouterCA] pki validation certificate domain 1

PKI Displaying and


Debugging Commands

debugging pki Syntax


certificate debugging pki { request | retrieval | verify | error }
undo debugging pki { request | retrieval | verify | error }

View
Any view

Parameter
request: debugging in certificate request;
retrieval: debugging in certificate retrieval;
verify: debugging in certification validation;
error: debugging in error cases

Description
Using the debugging pki command, you can enable PKI debugging functions.
Using the undo debugging pki command, you can disable PKI debugging
functions.
Unexpected problems do occur during the device operation. Debugging
commands enable the optional output and print of debugging information,
PKI Configuration Commands 975

facilitating the network monitor and fault diagnosis for the network operators and
developers.
By default, all PKI debugging functions are disabled.

Example
# Enable the debugging function related to errors in PKI certificate operation
[RouterCA] debugging pki error
[RouterCA] pki delete certificate ca
[RouterCA] pki request certificate 1
Certificate enroll failed!
Cannot get the CA/RA certificate when creating the x509 Request
# Enable the debugging function for PKI certificate retrieval
[RouterCA] debugging pki retrieval
[RouterCA] pki retrieval certificate local domain 1
Retrievaling CA/RA certificates. Please wait a while......
We receive 3 certificates.
The trusted CA's finger print is:
MD5 fingerprint: 74C9 B71D 406B DDB3 F74A 96BC E05B 40E9
SHA1 fingerprint: 770E 2937 4E32 ACD4 4ACC 7CF1 0FF0 6FB8 6C34 E24A
Is the finger print correct?(Y/N): y
Saving the CA/RA certificate to flash.....................Done!
# Enable the debugging function for PKI certificate request
[RouterCA] debugging pki request
[RouterCA] pki request certificate 1
Create PKCS#10 request: token seen: CN=pki test
Create PKCS#10 request: CN=pki test added
Create PKCS#10 request: subject dn set to '/CN=pki test'

Certificate Request:
…..

dir_name: certsrv/mscep/mscep.dll
host_name: 169.254.0.100
SCEP transaction id: 58D41D0C5A7B1E21C5F4A008B580B1A1
PKCS#7 envelope: creating inner PKCS#7
PKCS#7 envelope: data payload size: 297 bytes

data payload:
….
PKCS#7 envelope: successfully encrypted payload
PKCS#7 envelope: size 667 bytes
PKCS#7 envelope: creating outer PKCS#7
PKCS#7 envelope: signature added successfully
PKCS#7 envelope: adding signed attributes
976 CHAPTER 9: SECURITY

PKCS#7 envelope: adding string attribute transId


PKCS#7 envelope: adding string attribute messageType
PKCS#7 envelope: adding octet attribute senderNonce
PKCS#7 envelope: PKCS#7 data written successfully
PKCS#7 envelope: applying base64 encoding
PKCS#7 envelope: base64 encoded payload size: 2145 bytes
SCEP send message: IP = 0xa9fe0064
SCEP send message: Server returned status code
Valid response from server
PKCS#7 develope: reading outer PKCS#7
PKCS#7 develope: PKCS#7 payload size: 1872 bytes
PKCS#7 develope: PKCS#7 contains 1276 bytes of enveloped data
PKCS#7 develope: verifying signature
PKCS#7 develope: signature ok
PKCS#7 develope: finding signed attributes
PKCS#7 develope: finding attribute transId
PKCS#7 develope: allocating 32 bytes for attribute
PKCS#7 develope: reply transaction id:
58D41D0C5A7B1E21C5F4A008B580B1A1

PKCS#7 develope: finding attribute messageType


PKCS#7 develope: allocating 1 bytes for attribute
PKCS#7 develope: reply message type is good
PKCS#7 develope: finding attribute senderNonce
PKCS#7 develope: allocating 16 bytes for attribute

PKCS#7 develope: senderNonce in reply: :

a6341944 28d9b544 a4755d9a ba320d35


PKCS#7 develope: finding attribute recipientNonce
PKCS#7 develope: allocating 16 bytes for attribute

PKCS#7 develope: recipientNonce in reply: :

b98da9c3 20b638c5 634f4924 65f804d9


PKCS#7 develope: finding attribute pkiStatus
PKCS#7 develope: allocating 1 bytes for attribute
PKCS#7 develope: pkistatus SUCCESS
PKCS#7 develope: reading inner PKCS#7
PKCS#7 develope: decrypting inner PKCS#7
PKCS#7 develope: PKCS#7 payload size: 1003 bytes
PKI Get the Signed Certificates:
subject: / CN=pki test
issuer:
/emailAddress=myca@.com/C=CN/ST=Beijing/L=Beijing/O=hw3c/OU=bjs/
PKI Configuration Commands 977

CN=myca
Key usage: general purpose
# Enable the debugging function for PKI certificate validation
[RouterCA] debugging pki validation
[RouterCA] pki validation certificate local domain 1
Verify certificate......
Serial Number:
101E266A 00000000 006B
Issuer:
emailAddress=myemail@3com.com
C=CN
ST=Beijing
L=Beijing
O=hw3c
OU=bjs
CN=myca
Subject:
C=CN
ST=bei jing
O=hua wei - 3com
CN=pki test
Verify result: ok

Table 25 Description of PKI Debugging Information Fields

Field Description
Create PKCS#10 request Encapsulation of entity request in PKCS#10
format
PKCS#7 envelope Data encapsulation in PKCS#7 encryption
format
inner PKCS#7 PKCS#7 encryption of datagram
outer PKCS#7 Signing of PKCS#7 datagram
PKCS#7 develope De-encapsulation of PKCS#7 encrypted packet
host_name Host name of registration server
dir_name CGI script directory of registration server
data payload Data payload
token seen DN information of an entity
pkistatus PKI certificate operation status
SUCCESS Succeeded
FAILURE Failed
PENDING Waiting for procession
fingerprint Usually the signature of CA
base64 encoded A data encoding mode
x509 Request Request for certificates in standard X509
format
978 CHAPTER 9: SECURITY

Table 25 Description of PKI Debugging Information Fields

Field Description
Key usage Encryption, signature, and other common
usages
Issuer Certificate issuer
Subject The entity that delivers certificate request
SCEP send message The entity sends a certificate operation packet
to CA through SCEP
Signed certificates Certificates signed by CA

display pki certificate Syntax


display pki certificate { local | ca | request-status } [ domain
domain-name ]

View
Any view

Parameter
local: indicates the display of all local certificates;
ca: indicates the display of all CA certificates;
request-status: refers to the status of the certificate request after being
delivered;
domain-name: represents the domain of the certificate about to be verified. It is
configured by using the pki domain command.

Description
Using the display pki certificate command, you can display and browse through
the certificate.
For related commands, see pki retrieval certificate, pki domain, and
certificate request polling.

Example

# Display the local certificates

[RouterCA] display pki certificate local domain 1

Data:

Version: 3 (0x2)

Serial Number:

10B7D4E3 00010000 0086

Signature Algorithm: md5WithRSAEncryption

Issuer:

emailAddress=myemail@3com.com
PKI Configuration Commands 979

C=CN

ST=Beijing

L=Beijing

O=hw3c

OU=bjs

CN=new-ca

Validity

Not Before: Jan 13 08: 57: 21 2004 GMT

Not After : Jan 20 09: 07: 21 2005 GMT

Subject:

C=CN

ST=beijing

L=beijing

CN=pki test

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public Key: (512 bit)

Modulus (512 bit):

00D41D1F …

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Subject Alternative Name:

DNS: hyf.-3com.com

… …

Signature Algorithm: md5WithRSAEncryption

A3A5A447 4D08387D …

display pki crl Syntax


display pki crl [ domain domain-name ]

View
Any view

Parameter
domain-name: represents the domain of the certificate about to be verified. It is
configured by using the pki domain command.
980 CHAPTER 9: SECURITY

Description
Using the display pki crl command, you can display and browse through the
locally saved CRL.
For related commands, see pki retrieval crl, and pki domain.

Example
# Display a CRL
[RouterCA] display pki crl domain 1
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer:
C=CN
O=h3c
OU=soft
CN=A Test Root
Last Update: Jan 5 08: 44: 19 2004 GMT
Next Update: Jan 5 21: 42: 13 2004 GMT
CRL extensions:
X509v3 CRL Number: 2
X509v3 Authority Key Identifier:
keyid:0F71448E E075CAB8 ADDB3A12 0B747387 45D612EC
Revoked Certificates:
Serial Number: 05a234448E…
Revocation Date: Sep 6 12:33:22 2004 GMT
CRL entry extensions:……
Serial Number: 05a278445E…
Revocation Date: Sep 7 12:33:22 2004 GMT
CRL entry extensions:…

HWTACACS
Configuration
Commands

data-flow-format Syntax
data-flow-format data [ byte | giga-byte | kilo-byte | mega-byte ]
data-flow-format packet [ giga-packet | kilo-packet | mega-packet |
one-packet ]
undo data-flow-format [ data | packet ]

View
HWHWTACACS view

Parameter

data: Sets data unit.


HWTACACS Configuration Commands 981

byte: Sets 'byte' as the unit of data flow.

giga-byte: Sets 'giga-byte' as the unit of data flow.

kilo-byte: Sets 'kilo-byte' as the unit of data flow.

mega-byte: Sets 'mega-byte' as the unit of data flow.

packet: Sets data packet unit.

giga-packet: Sets 'giga-packet' as the unit of packet flow.

kilo-packet: Sets 'kilo-packet' as the unit of packet flow.

mega-packet: Sets 'mega-packet' as the unit of packet flow.

one-packet: Sets 'one-packet' as the unit of packet flow.

Description
Using the data-flow-format command, you can configure the unit of data flow
that is sent to the HWHWTACACS server. Using the undo data-flow-format
command, you can restore the default setting.

By default, the data unit is byte and the data packet unit is one-packet.

For the related command, see display HWHWTACACS.

Example
# Set the unit of data flow destined for the HWHWTACACS server "3com" to be
kilo-byte and the data packet unit be kilo-packet.
[3com- HWHWTACACS-3com] data-flow-format data kilo-byte packet
kilo-packet

debugging Syntax
HWHWTACACS debugging HWHWTACACS { all | error | event | message | receive-packet
| send-packet }
undo debugging HWHWTACACS { all | error | event | message |
receive-packet | send-packet }

View
User view

Parameter

all: Specifies all HWHWTACACS debugging.

error: Specifies error debugging.

event: Specifies event debugging.

message: Specifies message debugging.

receive-packet: Specifies incoming packet debugging.


982 CHAPTER 9: SECURITY

send-packet: Specifies outgoing packet debugging.

Description
Using the debugging HWHWTACACS command, you can enable
HWHWTACACS debugging. Using the undo debugging HWHWTACACS
command, you can disable HWHWTACACS debugging.

By default, HWHWTACACS debugging is disabled.

Example
# Enable the event debugging of HWHWTACACS.
<3com> debugging HWHWTACACS event

display HWHWTACACS Syntax


display HWHWTACACS [ HWHWTACACS-scheme-name]

ViewHWHWTACACS
Any view

Parameter
HWHWTACACS-scheme-name: Scheme name of the HWHWTACACS server, a string
of 1 to 32 case-insensitive characters, excluding "/",":", "*", "?", "<" and ">".
Void of this argument, configuration information of all HWHWTACACS schemes
are displayed.

Description
Using the display HWHWTACACS command, you can view configuration
information of one or all HWHWTACACS schemes.

By default, configuration information of all HWHWTACACS schemes is displayed.

For the related command, see HWHWTACACS scheme.

Example
# View configuration information of all HWHWTACACS schemes.
<3com> display HWHWTACACS

display Syntax
stop-accounting-buffer display stop-accounting-buffer HWHWTACACS-scheme
HWHWTACACS-scheme-name

View
Any view

Parameter
HWHWTACACS-scheme HWHWTACACS-scheme-name: Displays information on buffered
stop-accounting requests related to the HWHWTACACS scheme specified by
HWHWTACACS-scheme-name, a character string not exceeding 32 characters
and excluding "/", ":", "*", "?", "<" and ">".
HWTACACS Configuration Commands 983

Description
Using the display stop-accounting-buffer command, you can view information
on the stop-accounting requests buffered in the router.

For the related commands, see reset stop-accounting-buffer,


stop-accounting-buffer enable, and retry stop-accounting.

Example
# Display information on the buffered stop-accounting requests related to the
HWHWTACACS scheme "3com".
<3com> display stop-accounting-buffer HWHWTACACS-scheme 3com

HWHWTACACS scheme Syntax


HWHWTACACS scheme HWHWTACACS-scheme-name
undo HWHWTACACS scheme HWHWTACACS-scheme-name

View
System view

Parameter
HWHWTACACS-scheme-name: Specifies an HWHWTACACS server scheme, with a
character string of 1 to 32 characters.

Description
Using the HWHWTACACS scheme command, you can enter HWHWTACACS
Server view. If the specified HWHWTACACS server scheme does not exist, you can
create a new HWHWTACACS scheme. Using the undo HWHWTACACS scheme
command, you can delete an HWHWTACACS scheme.

Example
# Create an HWHWTACACS scheme named "test1" and enter the relevant
HWHWTACACS Server view.
[3com] HWHWTACACS scheme test1

[3com-HWHWTACACS-test1]

key Syntax
key { accounting | authentication | authorization } string
undo key { accounting | authentication | authorization } string

View
HWHWTACACS view

Parameter
accounting: Shared key of the accounting server.

authentication: Shared key of the authentication server.

authorization: Shared key of the authorization server.


984 CHAPTER 9: SECURITY

string: The shared key, a string up to 16 characters excluding the characters "/",
":", "*", "?", "<", and ">".

Description
Using the key command, you can configure a shared key for HWHWTACACS
authentication, authorization or accounting. Using the undo key command, you
can delete the configuration.

By default, no key is set.

The HWHWTACACS client (the router system) and HWHWTACACS server use
MD5 algorithm to encrypt the exchanged packets. The two ends verify packets
using a shared key. Only when the same key is used can both ends accept the
packets from each other and give responses. So it is necessary to ensure that the
same key is set on the router and the HWHWTACACS server. If the
authentication/authorization and accounting are performed on two server devices
with different shared keys, you must set one shared key for each.

For the related command, see display HWHWTACACS.

Example
# Use "hello" as the shared key for HWHWTACACS accounting.
[3com] HWHWTACACS scheme test1

[3com-HWHWTACACS-test1] key accounting hello

nas-ip Syntax
nas-ip ip-address
undo nas-ip

View
HWHWTACACS view

Parameter
ip-address: IP address in dotted decimal format.

Description
Using the nas-ip command, you can have all the HWHWTACACS packets sent by
the NAS (the router) carry the same source address. Using the undo nas-ip
command, you can delete the setting.

Specifying a source address for the HWHWTACACS packets to be transmitted can


avoid the situation where the packets sent back by the HWHWTACACS server
cannot be received as the result of a physical interface failure. The address of a
loopback interface is usually used as the source address.

By default, the source IP address of a HWHWTACACS packet sent by the NAS is


the IP address of the output port.

For the related command, see display HWHWTACACS.


HWTACACS Configuration Commands 985

Example
# Set the source IP address carried in the HWHWTACACS packets that are sent by
the NAS to 10.1.1.1.
[3com] HWHWTACACS scheme test1

[3com-HWHWTACACS-test1] nas-ip 10.1.1.1

primary accounting Syntax


primary accounting ip-address [ port ]
undo primary accounting

View
HWHWTACACS view

Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.

port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.

Description
Using the primary accounting command, you can configure a primary
HWHWTACACS accounting server. Using the undo primary accounting
command, you can delete the configured primary HWHWTACACS accounting
server.

By default, IP address of HWHWTACACS accounting server is all zeros.

You are not allowed to assign the same IP address to both primary and secondary
accounting servers.

You can configure only one primary accounting server in a HWHWTACACS


scheme. If you repeatedly use this command, the latest configuration replaces the
previous one.

You can remove an accounting server only when it is not being used by any active
TCP connections, and the removal impacts only packets forwarded afterwards.

Example
# Configure a primary accounting server.
[3com] HWHWTACACS scheme test1

[3com-HWHWTACACS-test1] primary accouting 10.163.155.12 49

primary authentication Syntax


primary authentication ip-address [ port ]
undo primary authentication
986 CHAPTER 9: SECURITY

View
HWHWTACACS view

Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.

port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.

Description
Using the primary authentication command, you can configure a primary
HWHWTACACS authentication server. Using the undo primary authentication
command, you can delete the configured authentication server.

By default, IP address of HWHWTACACS authentication server is all zeros.

You are not allowed to assign the same IP address to both primary and secondary
authentication servers.

You can configure only one primary authentication server in a HWHWTACACS


scheme. If you repeatedly use this command, the latest configuration replaces the
previous one.

You can remove an authentication server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.

For the related command, see display HWHWTACACS.

Example
# Configure a primary authentication server.
[3com] HWHWTACACS scheme test1

[3com-HWHWTACACS-test1] primary authentication 10.163.155.13 49

primary authorization Syntax


primary authorization ip-address [ port ]
undo primary authorization

View
HWHWTACACS view

Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.

port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.
HWTACACS Configuration Commands 987

Description
Using the primary authorization command, you can configure a primary
HWHWTACACS authorization server. Using the undo primary authorization
command, you can delete the configured primary authorization server.

By default, IP address of HWHWTACACS authorization server is all zeros.

You are not allowed to assign the same IP address to both primary and secondary
authorization servers.

You can configure only one primary authorization server in a HWHWTACACS


scheme. If you repeatedly use this command, the latest configuration replaces the
previous one.

You can remove an authorization server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.

For the related command, see display HWHWTACACS.

Example
# Configure a primary authorization server.
[3com] HWHWTACACS scheme test1

[3com-HWHWTACACS-test1] primary authorization 10.163.155.13 49

reset HWHWTACACS Syntax


statistics reset HWHWTACACS statistics{accounting | authentication |
authorization | all }

View
User view

Parameter
accounting: Clears all the HWHWTACACS accounting statistics.

authentication: Clears all the HWHWTACACS authentication statistics.

authorization: Clears all the HWHWTACACS authorization statistics.

all: Clears all statistics.

Description
Using the reset HWHWTACACS statistics command, you can clear
HWHWTACACS protocol statistics.

For the related command, see display HWHWTACACS.

Example
# Clear all HWHWTACACS protocol statistics.
<3com>reset HWHWTACACS statistics
988 CHAPTER 9: SECURITY

reset Syntax
stop-accounting-buffer reset stop-accounting-buffer HWHWTACACS-scheme
HWHWTACACS-scheme-name

View

User view

Parameter
HWHWTACACS-scheme HWHWTACACS-scheme-name: Configures to delete the
stop-accounting requests from the buffer according to the specified
HWHWTACACS scheme name. The HWHWTACACS-scheme-name specifies the
HWHWTACACS scheme name with a character string not exceeding 32
characters, excluding "/", ":", "*", "?", "<" and ">".

Description
Using the reset stop-accounting-buffer command, you can clear the
stop-accounting requests that have no response and are buffered on the router.

For the related commands, see stop-accounting-buffer enable, retry


stop-accounting, display stop-accounting-buffer.

Example
# Delete the buffered stop-accounting requests that are related to the
HWHWTACACS scheme "3com".
<3com> reset stop-accounting-buffer HWHWTACACS-scheme 3com

retry stop-accounting Syntax


retry stop-accounting retry-times
undo retry stop-accounting

View
HWHWTACACS view

Parameter
retry-times: The maximum number of real-time accounting request attempts. It
is in the range 1 to 300 and defaults to 100.

Description
Using the retry stop-accounting command, you can enable stop-accounting
packet retransmission and configure the maximum number of stop-accounting
request attempts. Using the undo retry stop-accounting command, you can
restore the default setting.

By default, stop-accounting packet retransmission is enabled and up to 100


packets are allowed to be transmitted for each request.

For the related commands, see reset stop-accounting-buffer, HWHWTACACS


scheme, and display stop-accounting-buffer.
HWTACACS Configuration Commands 989

Example
# Enable stop-accounting packet retransmission and allow up to 50 packets to be
transmitted for each request.
[3com] retry stop-accounting 50

secondary accounting Syntax


secondary accounting ip-address [ port ]
undo secondary accounting

View
HWHWTACACS view

Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.

port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.

Description
Using the secondary accounting command, you can configure a secondary
HWHWTACACS accounting server. Using the undo secondary accounting
command, you can delete the configured secondary HWHWTACACS accounting
server.

By default, IP address of HWHWTACACS accounting server is all zeros.

You are not allowed to assign the same IP address to both primary and secondary
accounting servers.

You can configure only one secondary accounting server in a HWHWTACACS


scheme. If you repeatedly use this command, the latest configuration replaces the
previous one.

You can remove an accounting server only when it is not being used by any active
TCP connections, and the removal impacts only packets forwarded afterwards.

Example
# Configure a secondary accounting server.
[3com] HWHWTACACS scheme test1

[3com-HWHWTACACS-test1] secondary accounting 10.163.155.12 49

secondary Syntax
authentication secondary authentication ip-address [ port ]
undo secondary authentication

View
HWTACACS view
990 CHAPTER 9: SECURITY

Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal
format.

port: Port number of the server, which is in the range 1 to 65535 and defaults to
49.

Description
Using the secondary authentication command, you can configure a secondary
HWTACACS authentication server. Using the undo secondary authentication
command, you can delete the configured secondary authentication server.

By default, IP address of HWTACACS authentication server is all zeros.

You are not allowed to assign the same IP address to both primary and secondary
authentication servers.

You can configure only one primary authentication server in a HWTACACS


scheme. If you repeatedly use this command, the latest configuration replaces the
previous one.

You can remove an authentication server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.

For the related command, see display HWTACACS.

Example
# Configure a secondary authentication server.
[3com] HWTACACS scheme test1

[3com-HWTACACS-test1] secondary authentication 10.163.155.13 49

secondary authorization Syntax


secondary authorization ip-address [ port ]
undo secondary authorization

View
HWTACACS view

Parameter
ip-address: IP address of the server, a legal unicast address in dotted decimal
format.

port: Port number of the server, ranging from 1 to 65535. By default, it is 49.

Description
Using the secondary authorization command, you can configure a secondary
HWTACACS authorization server. Using the undo secondary authorization
command, you can delete the configured secondary authorization server.

By default, IP address of HWTACACS authorization server is all zeros.


HWTACACS Configuration Commands 991

You are not allowed to assign the same IP address to both primary and secondary
authorization servers.

You can configure only one primary authorization server in a HWTACACS scheme.
If you repeatedly use this command, the latest configuration replaces the previous
one.

You can remove an authorization server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.

For the related command, see display HWTACACS.

Example
# Configure the secondary authorization server.
[3com] HWTACACS scheme test1

[3com-HWTACACS-test1] secondary authorization 10.163.155.13 49

HWTACACS nas-ip Syntax


HWTACACS nas-ip ip-address
undo HWTACACS nas-ip

View
System view

Parameter
ip-address: Specifies a source IP address, which must be the address of this
device. It cannot be the address of all zeros, or a host/network address of class A,
B, or C, or an address starting with 127.

Description
Using the HWTACACS nas-ip command, you can specify the source address of
the HWTACACS packet sent from NAS. Using the undo HWTACACS nas-ip
command, you can restore the default setting..

By specifying the source address of the HWTACACS packet, you can avoid
unreachable packets as returned from the server upon interface failure. The source
address is normally recommended to be a loopback interface address..

By default, the source address is not specified, that is, the address of the interface
sending the packet serves as the source address.

This command specifies only one source address; therefore, the newly configured
source address may overwrite the original one.

Example
# Configure the router to send HWTACACS packets from 129.10.10.1.
[3com] HWTACACS nas-ip 129.10.10.1
992 CHAPTER 9: SECURITY

timer quiet Syntax


timer quiet minutes
undo timer quiet

View
HWTACACS view

Parameter
minutes: Ranges from 1 to 255 minutes. By default, the primary server must wait
five minutes before it resumes the active state.

Description
Using the timer quiet command, you can set the duration that a primary server
must wait before it can resume the active state. Using the undo timer quiet
command, you can restore the default (five minutes).

For the related command, see display hwtacac.

Example
# Set the quiet timer for the primary server to ten minutes.
[3com3com] HWTACACS scheme test1

[3com-HWTACACS-test1] timer quiet 10

timer Syntax
realtime-accounting timer realtime-accounting minutes
undo timer realtime-accounting

View
HWTACACS view

Parameter
minutes: Real-time accounting interval, which is a multiple of 3 in the range 3 to
60 minutes and defaults to 12.

Description
Using the timer realtime-accounting command, you can configure a real-time
accounting interval. Using the undo timer realtime-accounting command, you
can restore the default interval.

Real-time accounting interval is necessary for real-time accounting. After an


interval value is set, the NAS transmits the accounting information of online users
to the HWTACACS accounting server at intervals of this value.

The setting of real-time accounting interval depends somewhat on the


performance of the NAS and the HWTACACS server: a shorter interval requires
higher device performance. You are therefore recommended to adopt a longer
interval when there are a large number of users (more than 1000, inclusive). The
following table recommends the ratio of minutes to the number of users.
HWTACACS Configuration Commands 993

Table 26 Recommended ratio of minutes to the number of users

Number of Users Real-time Accounting Interval (minute)


1-99 3
100-499 6
500-999 12
>=1000 >=15

For the related commands, see retry realtime-accounting and radius scheme.

Example
# Set the real-time accounting interval in the HWTACACS scheme "3com" to 51
minutes.
[3com-HWTACACS-3com] timer realtime-accounting 51

timer response-timeout Syntax


timer response-timeout seconds
undo timer response-timeout

View
HWTACACS view

Parameter
seconds: Ranges from 1 to 300 seconds and defaults to five seconds.

Description
Using the timer response-timeout command, you can set the response timeout
timer of the HWTACACS server. Using the undo timer response-timeout
command, you can restore the default (five seconds).

As the HWTACACS is based on TCP, either the server response timeout and or the
TCP timeout may cause disconnection to the HWTACACS server.

For the related command, see display HWTACACS.

Example
# Set the response timeout time of the HWTACACS server to 30 seconds.
[3com] HWTACACS scheme test1

[3com-HWTACACS-test1] timer response-timeout 30

user-name-format Syntax
user-name-format { with-domain | without-domain }

View
HWTACACS view
994 CHAPTER 9: SECURITY

Parameter
with-domain: Specifies to send the username with domain name to the
HWTACACS server..

without-domain: Specifies to send the username without domain name to the


HWTACACS server.

Description
Using the user-name-format command, you can configure the username format
sent to the HWTACACS server.

By default, HWTACACS scheme acknowledges that the username sent to it


includes ISP domain name..

The supplicants are generally named in "userid@isp-name" format. The part


following "@" is the ISP domain name. The router will put the users into certain
ISP domains according to the domain names. However, some earlier HWTACACS
servers reject the username including ISP domain name. In this case, the username
will be sent to the HWTACACS server after its domain name is removed.
Accordingly, the router provides this command to decide whether the username to
be sent to HWTACACS server carries ISP domain name or not.

If a HWTACACS scheme is configured to reject usernames including ISP domain


names, the HWTACACS scheme shall not be simultaneously used in more than
one ISP domains. Otherwise, the HWTACACS server will regard two users in
different ISP domains as the same user by mistake, if they have the same
username (excluding their respective domain names.)

For the related commands, see HWTACACS scheme.

Example
# Specify to send the username without domain name to the HWTACACS scheme
"3com".

[3com-HWTACACS-3com ] user-name-format without-domain


L2TP CONFIGURATION COMMANDS
10
allow l2tp Syntax
allow l2tp virtual-template virtual-template-number remote remote-name[ domain
domain-name ]

undo allow

View
L2TP group view

Parameter
virtual-template-number: Specifies the virtual-template used when creating new
virtual access interface, an integer ranging from 0 to 1023.
remote-name: Specifies the name of the peer end of the tunnel that initiates the
connection request, case sensitive, a character string with length ranging from 1
to 30.
domain-name: Specifies the name of the enterprise with length ranging from 1 to
30.

Description
Using the allow l2tp command, you can specify the name of the peer end of the
tunnel on receiving call, and the Virtual-Template it uses. Using the undo allow
command, you can remove the name of the peer end of the tunnel.

By default, receiving call is disabled.

This command is used on LNS side.

For the multi-instance application of L2TP, the domain-name parameter must be


configured.

When using L2TP group number1 (the default L2TP group number), the name of
the peer end of the tunnel remote-name can be unspecified. The format of the
command in group 1 configuration mode is as follows:

allow l2tp virtual-template virtual-template-number [ remote


remote-name ] [ domain domain-name ]

If the peer end name is still specified in L2TP group 1 configuration, L2TP group 1
is not served as the default L2TP group. For example, regarding Windows 2000
beta 2 version, the local name connected with VPN is NONE, so the peer end
name that the router receives is NONE. In order to receive the tunnel connection
request sent by this kind of nameless peer end, or for test application, a default
L2TP group can be configured.
996 CHAPTER 10: L2TP CONFIGURATION COMMANDS

The allow l2tp command is used on LNS side. If the peer end name of the tunnel
is configured, the name of the peer end of the tunnel should keep accordance
with the name of the local end configured on LAC side.

For the related command, see l2tp-group.

Example
# Receive L2TP tunnel connection request sent by LAC, the peer end of AS8010,
and creates virtual-access interface on virtual-template 1.
[3Com-l2tp2] allow l2tp virtual-template 1 remote AS8010

# Make L2TP group 1 as the default L2TP group, receiving L2TP tunnel connection
request sent by any peer end, and creates virtual-access interface according to
virtual-template 1.

[3Com] l2tp-group 1

[3Com-l2tp1] allow l2tp virtual-template 1

debugging l2tp Syntax


debugging l2tp { all | control | dump | error | event | hidden | payload | time-stamp }

undo debugging l2tp { all | control | error | event | hidden | payload | time-stamp }

View
System view

Parameter

all: Enables all L2TP debugging.

control: Enables control packet debugging.

dump: Enables PPP packet debugging.

error: Enables error debugging.

event: Enables event debugging.

hidden: Enables hidden AVP debugging.

payload: Enables L2TP payload debugging.

time-stamp: Enables time-stamp debugging.

Description
Using the debugging l2tp command, you can enable L2TP debugging. Using the
undo debugging l2tp command, you can disable L2TP debugging.

Example

# Enable all L2TP debugging.

<3Com> debugging l2tp all


997

display l2tp session Syntax


display l2tp session

View
Any view

Parameter
None

Description
Using the display l2tp session command, you can display the current L2TP
session.
The output information of the command assists the user in confirming the L2TP
session information currently established.
For the related command, see display l2tp tunnel.

Example

# Displays the current L2TP session.

<3Com> display l2tp session

LocalSIDRemoteSIDLocalTID

1 1 2

Table 1 Domain description in displayed information of the display L2tp session command

Domain Description
Total session Number of sessions
LocalSID The number uniquely identifying the local session
RemoteSID The number uniquely identifying the peer session
LocalTID The local ID number of the tunnel

display l2tp tunnel Syntax


display l2tp tunnel

View
Any view

Parameter
None

Description
Using the display l2tp tunnel command, you can display the information of the
current L2TP tunnel.

The output information of the command assists the user in confirming the L2TP
tunnel information currently established.

For the related command, see display l2tp session.


998 CHAPTER 10: L2TP CONFIGURATION COMMANDS

Example
# Display the information of the current L2TP tunnel.
<3Com> display l2tp tunnel

LocalTID RemoteTID RemoteAddress Port Sessions RemoteName

2 22849 11.1.1.1 1701 1 lns

Total tunnel = 1

Table 2 Domain description in displayed information of the display L2tp tunnel command

Domain Description
Total tunnels Number of tunnels
LocalTID The number uniquely identifying the local tunnel
RemoteTID The number uniquely identifying the peer tunnel
Remote Name Name of the peer end
RemoteAddress IP address of the peer end
Port Port number of the peer end
Sessions Number of sessions on the tunnel

interface Syntax
virtual-template
interface virtual-template virtual-template-number

undo interface virtual-template virtual-template-number

View
System view

Parameter
virtual-template-number: Identifies serial number of the virtual template, an
integer ranging from 0 to 1023.

Description
Using the interface virtual-template command, you can create a virtual
template. Using the undo interface virtual-template command, you can delete
a virtual template.

By default, no virtual template is created.

The virtual template is mainly used to configure parameters of the virtual


interfaces dynamically created by the router in operation, such as, the MP bundled
logical interface and the L2TP logical interface, etc.

For the related command, see allow l2tp.

Example
# Create virtual template 1 and enter its view.
[3Com] interface virtual-template 1
999

l2tp domain Syntax


prefix-separator
l2tp domain prefix-separator separator

undo l2tp domain prefix-separator separator

View
System view

Parameter
prefix-separator: Indicates that the specified delimiter is a prefix, such as
3Com.com#vpdnuser.

separator: Identifies domain name delimiter, Valid domain name delimiters


include:”%”, “@”, “#” and “/”.

Description
Using the l2tp domain prefix-separator command, you can specify the delimiter
served as prefix. Using the undo l2tp domain prefix-separator command, you
can delete the configured prefix delimiter.

By default, domain name delimiter served as prefix does not exist.

The l2tp domain prefix-separator command is used to specify one or more


domain name delimiters served as prefix. Based on the first successful delimiter,
domain name can be separated from username by domain name delimiter. In this
case, the domain name specified by the start l2tp command can be used on
VPDN to search for such a domain name. If there is such a domain name, it
indicates that the user is a VPN user, and needs to establish a VPN tunnel
connection with the LNS of the user. A character served as a prefix delimiter
cannot be used as suffix delimiter any more, and vise versa. This means that one
character cannot be served as prefix and suffix simultaneously.

In L2TP multi-example application, the l2tp domain command must be


configured on LNS side to separate the domain name of the enterprise from the
username, so as to search with the domain name specified by the allow l2tp
command on VPDN and check whether there is corresponding enterprise domain
name before performing the related route forwarding.

For the related command, see l2tp domain suffix-separator, start l2tp.

Example
# Specify the domain name as prefix and delimit the prefix and the username with
“#”.
[3Com] l2tp domain prefix-separator #

# Sets the prefix to be delimited by three delimiters: “#”, “@”, and “%”.

[3Com] l2tp domain prefix-separator #@%

l2tp domain Syntax


suffix-separator
l2tp domain suffix-separator separator
1000 CHAPTER 10: L2TP CONFIGURATION COMMANDS

undo l2tp domain suffix-separator separator

View
System view

Parameter
suffix-separator: Suffix delimiter, such as vpdnuser@3Com.com.
separator: Domain name delimiter, valid domain name delimiters include: “%”,
“@”,”#”, and “/”.

Description
Using the l2tp domain suffix-separator command, you can specify delimiter
used as suffix. Using the undo l2tp domain suffix-separator command, you can
delete the configured suffix delimiter.

By default, domain name delimiter does not exist.

The l2tp domain suffix-separator command is used to specify one or more


suffix delimiters, based on the first successful delimiter. Domain name can be
separated from username by domain name delimiter. In this case, the domain
name specified by the start l2tp command can be used on VPDN to search for
such a domain name. If there is such a domain name, it indicates that the user is a
VPN user, and needs to establish VPN tunnel connection with the LNS of the user.
A character served as a prefix delimiter can not be used as suffix delimiter any
more, and vise versa. This means that one character cannot be served as prefix and
suffix simultaneously.

In L2TP multi-example application, the l2tp domain command must be


configured on LNS side to separate the domain name of the enterprise from the
username, so as to search with the domain name specified by the allow l2tp
command on VPDN and check whether there is a corresponding enterprise
domain name before performing the related route forwarding.

For the related command, see l2tp domain prefix-separator, start l2tp.

Example
# Specify the domain name as a suffix, separated from the username by “@”.
[3Com] l2tp domain suffix-separator @

# Sets the suffix to be delimited by two delimiters: “@”, and “%”.

[3Com] l2tp domain suffix-separator @%

l2tp enable Syntax


l2tp enable

undo l2tp enable

View
System view
1001

Parameter
None

Description
Using the l2tp enable command, you can enable the L2TP function. Using the
undo l2tp enable command, you can disable the L2TP function.

By default, the L2TP function is disabled.

These commands are used to enable or disable the L2TP function. Only when this
function is enabled can the L2TP service be implemented.

For the related command, see l2tp-group.

Example
# Enable the L2TP function on the router.
[3Com] l2tp enable

l2tp match-order Syntax


l2tp match-order { dnis-domain | dnis | domain-dnis | domain }

undo l2tp match-order

View
System view

Parameter

dnis-domain: Searches L2TP group according to the called number before


according to the domain name.

dnis: Searches L2TP group only according to the called number.

domain-dnis: Searches L2TP group according to the domain name before


according to the called number.

domain: Searches L2TP group only according to the domain name.

Description
Using the l2tp match-order command, you can set the search order of the called
number and domain name. Using the undo l2tp match-order command, you
can reset the search order to default. By default, searching L2TP group according
to the called number before according to the domain name, that is, the
dnis-domain is adopted.

In the multi-instance application, the domain search is the only option at the LNS
side.

In practical search, it is required to search according to full username before


searching in turn according to the configured order.
1002 CHAPTER 10: L2TP CONFIGURATION COMMANDS

Delimiters fall into two types, prefix delimiter and suffix delimiter, and can be the
four special characters of “@”, “#”, “%” and “/”. A user with prefix delimiter is
as 3Com.com#vpdnuser, the one with a suffix delimiter is as
vpdnuser@3Com.com. The username and domain name will be separated on
searching according to the prefix/suffix delimiter and search only according to the
defined rule, so as to accelerate search speed greatly.

In the multi-instance application of L2TP, many enterprises share a single LNS, and
enterprises are distinguished with each other by their domain names. When the
LNS receives a packet sent by LAC, the domain name will be chosen from the
username in the packet, and the registered enterprise domain names in LNS are
checked to find one matching the received domain name. Obviously, the l2tp
match-order domain command must be used to set the search policy to
accelerate search speed.

Example
# Search only according to domain name.
[3Com] l2tp match-order domain

l2tpmoreexam enable Syntax


l2tpmoreexam enable

undo l2tpmoreexam enable

View
System view

Parameter
None

Description
This command serves the LNS side of L2TP.

Using the l2tpmoreexam enable command, you can enable the multi-instance
function of L2TP. Using the undo l2tpmoreexam enable command, you can
disable the function.

By default, L2TP multi-instance function is disabled.

Only after the multi-instance function is enabled, can the service be deployed.

The related command is l2tp enable.

Example
# Enable the multi-instance function at the LNS side.
[3Com] l2tpmoreexam enable

l2tp-group Syntax
l2tp-group group-number

undo l2tp-group group-number


1003

View
System view

Parameter
group-number: Number of L2TP group, an integer ranging from 1 to 1000.

Description
Using the l2tp-group command, you can create L2TP group. Using the undo
l2tp-group command, you can delete L2TP group.

By default, L2TP group is not created.

The l2tp-group command is used to create a L2TP group (L2TP group 1 can be
the default L2TP group). After a L2TP group is deleted by the undo l2tp-group
command, all configured information of the group will be deleted subsequently.

For the related command, see allow l2tp, start l2tp.

Example
# Create L2TP group 2 and enter L2TP group 2 view.
[3Com] l2tp-group 2
[3Com-l2tp2]

mandatory-chap Syntax
mandatory-chap

undo mandatory-chap

View
L2TP group view

Parameter
None

Description
Using the mandatory-chap command, you can force LNS to perform CHAP
authentication again with the client. Using the undo mandatory-chap
command, you can disable CHAP re-authentication.

By default, CHAP re-authentication is not performed.

After the agent authentication is performed to the client on LAC, LNS will perform
authentication to the client again, so as to increase security. If the
mandatory-chap command is used, the authentication will be performed twice
to VPN client whose tunnel connection is initialized by access server: one is
performed on access server, and another is performed on LNS side. Some PPP
clients may not support the second authentication. In this case, CHAP
authentication of the local end will fail.

For the related command, see mandatory-lcp.


1004 CHAPTER 10: L2TP CONFIGURATION COMMANDS

Example
# Force to perform CHAP authentication.
[3Com-l2tp1] mandatory-chap
1005

mandatory-lcp Syntax
mandatory-lcp

undo mandatory-lcp

View
L2TP group view

Parameter
None

Description
Using the mandatory-lcp command, you can renegotiate the Link Control
Protocol between LNS and the client. Using the undo mandatory-lcp command,
you can disable LCP renegotiation.
By default, the LCP is not renegotiated.

Concerning NAS-Initialized VPN client, PPP negotiation will be first performed with
NAS (Network Access Server) at the beginning of a PPP session. If the negotiation
is passed, the tunnel connection will be initiated by the access server and transmit
the information collected on negotiation with the client to LNS. LNS will judge
whether the user is legal or not according to received agent authentication
information. The mandatory-lcp command can be used to force LNS and the
client to LCP renegotiate. In this case, NAS agent authentication information is
ignored. If some PPP clients do not support LCP renegotiation, LCP renegotiation
will fail.

For the related command, see mandatory-chap.

Example
# Enable LCP renegotiation.
[3Com-l2tp1] mandatory-lcp

reset l2tp tunnel Syntax


reset l2tp tunnel { remote-name | tunnel-id }

View
user view

Parameter
remote-name: Name of the peer end of the tunnel, a character string with the
length ranging from 1 to 30.
tunnel-id: Local ID number of the tunnel.

Description
Using the reset l2tp tunnel command, you can clear the specified tunnel
connection, and clear all session connections in the tunnel.
1006 CHAPTER 10: L2TP CONFIGURATION COMMANDS

The reset l2tp tunnel command is used to clear a tunnel connection


compulsorily. When the peer end user calls in again, the tunnel connection can be
reestablished. If there is no tunnel connection satisfies the requirement, it does not
affect the current tunnel connection. If there are several tunnel connections satisfy
the requirement (with the same name but different IP addresses), the all tunnel
connections that satisfy the requirement will be cleared. When the tunnel-id is
specified, only the corresponding tunnel connection is disconnected.

For the related command, see display l2tp tunnel.

Example
# Clear the tunnel connection of the peer end named AS8010.
<3Com> reset l2tp tunnel AS8010

start l2tp Syntax


start l2tp { ip ip-addr [ ip ip-addr ] [ ip ip-addr ] ... } { domain domain-name | dnis
dialed-number | fullusername user-name }

undo start

View
L2TP group view

Parameter

ip ip-addr: IP address of the peer end of the tunnel (LNS), five of which can be set
at most, forming backup LNS to each other.

domain-name: Domain name triggering connection request, a character string


with the length ranging from 1 to 30, case sensitive.

dialed-number: Dialed number dialed by the user triggering connection request, a


number character string with the length ranging from 1 to 64.

user-name: Full username triggering connection request, a character string with


the length ranging from 1 to 32, case sensitive.

Description
Using the start l2tp command, you can specify the trigger condition at which the
local end to send requests as L2TP LAC side. Using the undo start l2tp command,
you can delete the specified trigger condition.

This command is used on LAC side to specify the IP address of LNS and support
several trigger connection requests, for instance:

■ Initiating tunnel connection request according to the user’s domain name.


For example, if the domain name of the user’s company is 3Com.com, the
user with domain name of 3Com.com can be specified as a VPN user.
■ Deciding whether the user is a VPN user according to the called number of
the user. For example, if the number 8810188 is specified as a special
service number, the access user who dials this number is a VPN user.
■ Specifying the user as a VPN user through full username directly.
1007

If it is found to be a VPN user, the local end (LAC) will send L2TP tunnel connection
request to a certain LNS according to the configured LNS priority or order. After
receiving response from LNS, the LNS will serve as the peer end of the tunnel.
Otherwise, LAC will send tunnel connection request to the next LNS.

Conflicts may exist between these VPN user judgment ways. For example, LNS
address specified according to full username is 1.1.1.1, while that according to
domain name is 1.1.1.2. In this case, the order for search users is necessary to be
specified. The search sequence is, first checking by full username whether L2TP
group specified according to the username exists. If nothing is found, search
according to the sequence of domain names and number dialed, which is set by
the l2tp match-order command.

For the related command, see l2tp domain prefix-separator,l2tp domain


suffix-separator,l2tp match-order.

Example
# Judge VPN users according to domain name “3Com.com”, with the
corresponding IP address of the L2TP access server of the headquarters being
202.38.168.1.
[3Com-l2tp1]start 12tp ip 202.38.168.1 domain 3Com.com

tunnel authentication Syntax


tunnel authentication

undo tunnel authentication

View
L2TP group view

Parameter
None

Description
Using the l2tp tunnel authentication command, you can enable L2TP tunnel
authentication function. Using the undo l2tp tunnel authentication command,
you can disable L2TP tunnel authentication function.

By default, L2TP tunnel authentication is performed.

L2TP tunnel authentication is permitted by default. Generally speaking,


authentication needs to be performed on both ends of the tunnel for security’s
sake. In case of network consistency test or receiving connection sent by nameless
peer end, tunnel authentication is not required.

Example
# Set not to authenticate the peer end of the tunnel.

[3Com-l2tp1] undo tunnel authentication


1008 CHAPTER 10: L2TP CONFIGURATION COMMANDS

tunnel avp-hidden Syntax


tunnel avp-hidden

undo tunnel avp-hidden

View
L2TP group view

Parameter
None

Description
Using the tunnel avp-hidden command, you can configure AVP (Attribute Value
Pair) data to be transmitted in hidden format. Using the undo tunnel
avp-hidden command, you can restore the default transmission way of AVP data.

By default, the tunnel transmits AVP data in plaintext.

Some parameters of L2TP protocol are transmitted by AVP data. If the user
demands data of high security, this command can be used to configure AVP data
to be transmitted in hidden.

Example
# Set AVP data to be transmitted in hidden.
[3Com-l2tp1] tunnel avp-hidden

tunnel flow-control Syntax


tunnel flow-control

undo tunnel flow-control

View
L2TP group view

Parameter
None

Description
Using the tunnel flow-control command, you can enable L2TP tunnel
flow-control function. Using the undo tunnel flow-control command, you can
disable the flow-control function.
By default, the L2TP tunnel flow-control function is not performed.

Example
# Enable the flow-control function.
[3Com-l2tp1] tunnel flow-control
1009

tunnel name Syntax


tunnel name name

undo tunnel name

View
L2TP group view

Parameter
name: Local name of the tunnel, a character string with the length ranging from 1
to 30.

Description

Using the tunnel name command, you can specify the local name of the tunnel.
Using the undo tunnel name command, you can restore the local name to the
default value.

By default, the local name is the router name.

On creating a L2TP group, the local name will be initiated into the router name.

For the related command, see sysname.

Example
# Set the local name of the tunnel as itsme.
[3Com-l2tp1] tunnel name itsme

tunnel password Syntax


tunnel password { simple | cipher } password

undo tunnel password

View
L2TP group view

Parameter
simple: Password in plaintext.
cipher: Password in ciphertext.
password: Password used on tunnel authentication, a character string with the
length ranging from 1 to 16.

Description
Using the tunnel password command, you can specify the password of tunnel
authentication. Using the undo l2tp tunnel password command, you can
remove the password of tunnel authentication.

By default, The password of tunnel authentication is null.

Example
# Set the password of tunnel authentication as yougotit, displaying in cipher text.
1010 CHAPTER 10: L2TP CONFIGURATION COMMANDS

[3Com-l2tp1] tunnel password cipher yougotit

tunnel timer hello Syntax


tunnel timer hello hello-interval

undo tunnel timer hello

View
L2TP group view

Parameter
hello-interval: Forwarding time interval of Hello packet when LAC or LNS has no
packet to receive, an integer in second, ranging from 60 to 1000.

Description
Using the tunnel timer hello command, you can set the forwarding time interval
of Hello packet. Using the undo tunnel timer hello command, you can restore
the forwarding time interval of Hello packet in the tunnel to the default value.

By default, Hello packet is forwarded in every 60 seconds.

Different Hello packet time intervals can be configured on LNS and LAC side. The
undo tunnel timer hello command is used to restore the time interval to the
default value.

Example
# Set forwarding time interval of Hello packet to 99 seconds.
[3Com-l2tp1] tunnel timer hello 99

GRE Configuration
Commands

debugging tunnel Syntax


debugging tunnel

undo debugging tunnel

View
User view

Parameter
None

Description
Using the debugging tunnel command, you can enable tunnel debugging. Using
the undo debugging tunnel command, you can disable tunnel debugging.

Example
None
GRE Configuration Commands 1011

destination Syntax
destination ip-addr

undo destination

view
Tunnel interface view

Parameter
ip-addr: IP address of the physical interface used by the peer end of the tunnel.

Description
Using the destination command, you can specify the filled destination IP address
of added IP header by tunnel interface on encapsulation. Using the undo
destination command, you can delete the set destination address.

By default, the destination address of the tunnel is not specified in the system.

The specified tunnel destination address is the IP address of the real physical
interface receiving GRE packet, which should be the same as the specified source
address in the tunnel interface of the peer end, and the route to the physical
interface of the peer end should be ensured reachable.

The source address and destination address, if they are exactly the same, cannot
be configured on two or more tunnel interfaces using the same encapsulation
protocol.

For the related command, see interface tunnel, source.

Example
# Create tunnel connection between the interface serial 0/0/0 of the router
3Com1 (with IP address of 193.101.1.1) and the interface serial 1/0/0 of the router
3Com2 (with IP address of 192.100.1.1).
[3Com1-Tunnel0/0/0] source 193.101.1.1

[3Com1-Tunnel0/0/0] destination 192.100.1.1

[3Com2-Tunnel1/0/0] source 192.100.1.1

[3Com2-Tunnel1/0/0] destination 193.101.1.1

display interface tunnel Syntax


display interface tunnel [number ]

view
Any view

Parameter
number: Tunnel interface ID.
1012 CHAPTER 10: L2TP CONFIGURATION COMMANDS

Description
Using the display interface tunnel command, you can display the working
status of the tunnel interface.

The display interface tunnel command is used to specify such information


about the tunnel interface as the source address, destination address (the real
physical interface address receiving/sending GRE packet), encapsulation mode,
identification keyword and end-to-end check, etc.

For the related command, see source, destination, gre key, gre checksum,
tunnel-protocol.

Example

# Display the current tunnel interface.

<3Com> display interface tunnel 2/0/4

Tunnel2/0/4 is up, line protocol is up

Description : 3Com, 3Com Series, Tunnel2/0/4 Interface

The Maximum Transmit Unit is 1500

Internet Protocol processing is disable

Encapsulation is TUNNEL, loopback not set

Tunnel source 1.1.254.88 (Ethernet2/0/0), destination 1.1.254.11

Tunnel protocol/transport GRE/IP, key disabled

Checksumming of packets disabled

5 minutes input rate 0 bytes/sec, 0 packets/sec

5 minutes output rate 0 bytes/sec, 0 packets/sec

■ 0 packets input, 0 bytes


■ 0 input error
■ 0 packets output, 0 bytes
■ 0 output error
Table 3 Domain description in displayed information by the display interface tunnel 2/0/4
command

Domain Description
Tunnel2/0/4 is up The physical layer of the tunnel interface is up.
line protocol is up The link layer of the tunnel interface is up.
Description The description information of the tunnel interface, being 3Com
in this example.
3Com Series The router is 3Com series
Tunnel2/0/4 Interface Tunnel interface number
GRE Configuration Commands 1013

Table 3 Domain description in displayed information by the display interface tunnel 2/0/4
command

Domain Description
Maximum Transmit The size of MTU in the tunnel, being 1500 bytes in this example
Unit
Encapsulation The tunnel formed by encapsulated GRE protocol
Loopback Enable/disable loopback test. Because the tunnel interface does
not support loopback test, disable loopback is the case in this
example.
Tunnel source Source address of the tunnel, being 1.1.254.88 here.
Ethernet2/0/0 The interface of tunnel source address is the interface Ethernet 2/0/0.
destination Destination address of the tunnel, being 1.1.254.11 here.
Tunnel Encapsulation protocol and transmission protocol of the tunnel,
protocol/transport being GRE and IP here.
key Identification keyword of the tunnel interface, which is not
specified here.
Checksumming of End-to-end check of the tunnel, being disabled here.
packets
5 minutes input rate Input rate in second within the last 5 minutes
packets/sec Input packet number in second within the last 5 minutes
packets input Total input packet number
bytes Total input byte number
input error Number of error packet among all input packets.
output error Number of error packet among all output packets.

gre checksum Syntax


gre checksum

undo gre checksum

view
Tunnel interface view

Parameter
None

Description
Using the gre checksum command, you can set the two ends of the tunnel to
perform end-to-end check so as to authenticate the correctness of the packet and
discard the packet that does not pass the verification. Using the undo gre
checksum command, you can cancel the check.

By default, end-to-end check of the two ends of the tunnel is disabled.

The two ends of the tunnel can be enabled or disabled checksum according to real
application need. If the local end is enabled checksum, with the peer end disabled
checksum, the local end will not perform checksum on the received packet, but
perform checksum on the transmitted packet. On the contrary, the local end will
perform checksum to the packet sent from the peer end, but will not perform
checksum on the transmitted packet.
1014 CHAPTER 10: L2TP CONFIGURATION COMMANDS

For the related command, see interface tunnel.

Example
# Create a tunnel between interface serial 3/0/1 of the router 3Com1 and
interface serial 2/1/1 of the router 3Com2 and sets check on both ends of the
tunnel.
[3Com1-Tunnel3/0/1] gre checksum
[3Com2-Tunnel2/1/1] gre checksum

gre key Syntax


gre key key-number

undo gre key

view
Tunnel interface view

Parameter
key-number: Identification keyword of the two ends of the tunnel, an integer
ranging from 0 to 4294967295.

Description
Using the gre key command, you can set identification keyword of the tunnel
interface, and by this feeble security mechanism avoid incorrectly identifying or
receiving packets from unexpected places. Using the undo gre key command,
you can delete this configuration.

By default, the identification keyword of the tunnel in use is not set in the system.

If key-number is set on both the two ends of the tunnel, the same key-number is
required to be specified on the two ends, or key-number is not set on either of the
two ends.

For the related command, see interface tunnel.

Example
# Create a tunnel between the router 3Com1 and the router 3Com2 and sets the
identification keyword of the tunnel.
[3Com1-Tunnel3/1/0] gre key 123

[3Com2-Tunnel2/1/0] gre key 123

interface tunnel Syntax


interface tunnel number

undo interface tunnel number

view
System view
GRE Configuration Commands 1015

Parameter
Number: For centralized router, the number is one dimensional, ranging from 0 to
1023.

When creating a tunnel interface on a distributed router, the slot parameter


should keep in line with the slot number of the source end interface set by the
source command. In other words, the slot number specified by slot is the same as
the slot number of actual physical interface sending GRE packet.

Description
Using the interface tunnel command, you can create a tunnel interface and
enters tunnel interface configuration view. Using the undo interface tunnel
command, you can delete the specified tunnel interface.

By default, there is no tunnel interface in the system.

The interface tunnel command is used to enter interface configuration view of


the specified tunnel. If the tunnel interface is not created, it will be created before
entering interface configuration view.

The interface number of the tunnel is only of local significance. Different or same
interface numbers can be used on the two ends of the tunnel.

For the related command, see source, destination, gre key, gre checksum,
tunnel-protocol.

Example
# Create the tunnel interface with slot number/card number/interface number as
3/0/1.
[3Com] interface tunnel 3/0/1

source Syntax
source { ip-addr | interface-type interface-num }

undo source

view
Tunnel interface view

Parameter
ip-addr: Specifies the IP address of the real interface sending GRE packet in the
address form of A.B.C.D.

interface-type interface-num: Specifies the real interface sending packets in the


form of router interface name. These interfaces include: Ethernet, Serial, ATM,
Tunnel and Loopback, etc.

Description
Using the tunnel source command, you can specify the filled source IP address of
added IP header by tunnel interface on encapsulation. Using the undo tunnel
source command, you can delete the set source address.
1016 CHAPTER 10: L2TP CONFIGURATION COMMANDS

By default, the source address of the tunnel is not specified in the system.

The specified source address of the tunnel is the real interface address sending
GRE packet, which should keep accordance with the specified destination address
in the peer end of the tunnel.

The source address and destination address, if they are exactly the same, cannot
be configured on two or more tunnel interfaces using the same encapsulation
protocol.

For the related command, see interface tunnel, destination.

Example
# Configure the interface tunnel0/0/5 on the router 3Com1, on which the real
outlet of the encapsulated packet is the interface serial 0/0/0 (with the IP address
of the interface being 192.100.1.1.
[3Com1-Tunnel0/0/5] source 192.100.1.1
Otherwise the “interface-name” form will be used:
[3Com1-Tunnel0/0/5] source serial 0/0/0

tunnel-protocol gre Syntax


tunnel-protocol gre

undo tunnel-protocol

view
Tunnel interface view

Parameter
gre: Encapsulation protocol of the tunnel.

Description
Using the tunnel mode command, you can set encapsulation mode of the tunnel
interface to be GRE.

By default, the encapsulation protocol of the tunnel interface is GRE. Under the
GRE mode, users can execute and view the GRE related commands, whereas other
relevant commands are available under other modes.

For the related command, see interface tunnel.

Example
# Create a tunnel between the router 3Com1 and the router 3Com2, with
encapsulation protocol being GRE and transmission protocol being IP.
[3Com1-Tunnel3/1/0] tunnel-protocol gre

[3Com2-Tunnel2/1/0] tunnel-protocol gre


Dynamic VPN 1017

Dynamic VPN

debugging dvpn Command


debugging dvpn { all | error | event | hexadecimal | packet }

undo debugging dvpn { all | error | event | hexadecimal | packet }

View
User view

Parameter

all: Opens all debugging information.

error: Opens DVPN error debugging information.

event: Opens DVPN event debugging information, including register and other
errors.

hexadecimal: Displays debugging information in hexadecimal.

packet: Opens DVPN packet debugging information.

Description
Using the debugging dvpn command, you can enable DVPN debugging.

Example
# Enable DVPN event debugging.
[3Com] debugging dvpn event

display dvpn map Command


display dvpn map [ vpn-id vpn-id ] [ private-ip private-ip ]

View
Any view

Parameter
vpn-id: Specifies vpn-id.
private-IP: Specifies private IP address, that is, the IP address of a Tunnel interface.

Description
Using the display dvpn map command, you can view all of the Map information
for current the node.

Example
# Display current map information.
[3Com] display dvpn map

Public IP UDP port Private IP


1018 CHAPTER 10: L2TP CONFIGURATION COMMANDS

202.113.11.3 8001 10.1.1.1

211.122.12.2 8003 10.1.1.3

# Display map information of private IP 10.1.1.1.

[3Com] display dvpn map 10.1.1.1

Private IP: 10.1.1.1 Status: Active

Used public IP: 202.113.11.3 UDP port: 8001

Send : 123 Bytes, 9 Packets

Receive : 120 Bytes, 10 Packets

Error: 8 Bytes, 1 Packets

dvpn authenticate Command


enable
dvpn authenticate enable

undo dvpn authenticate enable

View
Tunnel interface view

Parameter
None

Description
Using the dvpn authenticate enable command, you can enable authentication
at a tunnel interface. Using the undo dvpn authenticate enable command, you
can disable authentication at a tunnel interface.

Example
# Enable Tunnel interface authentication.
[3Com-Tunnel0] dvpn authenticate enable

dvpn class Command


dvpn class dvpn-class-name

undo dvpn class dvpn-class-name

View
System view

Parameter
dvpn-class-name: Name for a dvpn-class view, in a string of 1~30 bytes.

Description
Using the dvpn class command, you can create a dvpn-class view and enter it. In
this view, you can configure destination server address and UDP port ID. Using the
undo dvpn class command, you can delete a dvpn-class view.
Dynamic VPN 1019

Example
# Create dvpn-class view “abc”.
[3Com] dvpn class abc

dvpn client Command


dvpn client private-ip private-ip key key-value

undo dvpn client private-ip private-ip key key-value

View
Tunnel interface view

Parameter
Private-ip: Private IP address at client, that is, IP address of a Tunnel interface
key-value: Private key of a client

Description
Using the dvpn client private-ip command, you can configure client
authentication information at server. Using the undo dvpn client private-ip
command, you can delete client authentication information.

private-ip and key-value are used for client authentication at server. If no private
key is configured for both the server and client, then authentication is not required
in registration and establishing session links.

Example
# Configure private key of the client with the IP address 10.0.0.2 as 123.
[3Com] dvpn client private-ip 10.0.0.2 key 123

dvpn interface-type Command


dvpn interface-type { client | server }

View
Tunnel interface view

Parameter
client: Interface is client.
server: Interface is server.

Description
Using the dvpn interface-type command, you can specify type for a tunnel
interface.
By default, a tunnel interface is set as client.

Example
# Set a Tunnel interface as server.
[3Com-Tunnel0] dvpn interface-type server
1020 CHAPTER 10: L2TP CONFIGURATION COMMANDS

dvpn key Command


dvpn key key-value

undo dvpn key key-value

View
Tunnel interface view

Parameter
key-value: Encrypted value, in range of 0~4294967295.

Description
Using the dvpn key command, you can configure private key for a client (while
public key for server is generated randomly). Using the undo dvpn key
command, you can delete a private key configured.

Keys are used in establishing session links between DVPN clients. When the
authentication of a client succeeds, server encrypts its public key with a private key
with the client, then puts the encrypted value into a node register success packet
and transmits it back to the client. When the client decrypts the received value
with its private key to get the public key, then it can use the public key to set up
session links with other clients.

Example
# Set private key for a Tunnel interface as 123.
[3Com-Tunnel0] dvpn key 123

dvpn map Command


dvpn map private-ip ip-address public-ip ip-address [ udp-port port-number]

undo dvpn map private-ip ip-address public-ip ip-address [ udp-port port-number]

View
Tunnel interface view

Parameter
ip-address: Specifies IP address for the peer, public IP address and private IP
address (IP address for the tunnel interface) separately.
port-number: Specifies UDP port ID for the peer. The parameter is unavailable for
GRE encapsulation.

Description
Using the dvpn map private-ip command, you can create a static map, i.e. a
static tunnel. Using the undo dvpn map command, you can delete an existing
map.

If you have already known the private IP, public IP and UDP port ID of other clients,
you can use this command to create a static map. Note that the IP addresses and
UDP port ID configured here should be consistent with the peer, otherwise, no
correct static tunnel can be created.
Dynamic VPN 1021

Example
# Configure a static map at the tunnel interface with the public IP address
211.122.12.2, UDP port ID 8008 and private IP address 10.1.1.3.
[3Com-tunnel0] dvpn map private-ip 10.1.1.3 public-ip 211.122.12.2 8008

dvpn register-type Command


dvpn register-type { forward | stable | undistributed | want | }
undo dvpn register-type { forward | stable | undistributed | want | }

View
Tunnel interface view

Parameter

forward: Instructs server to forward all data packets at the client and not to send
next hop redirect notify packets to the client.

stable: Means the client has a fixed public IP address.

undistributed: Instructs server not to send information about this client to other
clients.

want: Instructs server to send information about other clients to this client.

Description
Using the dvpn register-type command, you can configure the type of
supplementary information for client registration at server. With the
supplementary information type, server can judge if a client is configured with a
fixed IP address and run further processing accordingly. Using the undo dvpn
register-type command, you can restore supplementary information type to the
default.

By default, the supplementary information is configured as follows: no fixed public


IP address; server does not distribute information about other clients to this client,
while it does propagate information about this client to other clients; server does
not forward data packets at the client.

Example
# Set client registration type as that server propagate information about this client
to other clients.
[3Com-tunnel0] dvpn register-type undistributed

dvpn retry Command


dvpn retry retry-times

undo dvpn retry

View
Tunnel interface view
1022 CHAPTER 10: L2TP CONFIGURATION COMMANDS

Parameter
retry-times: The maximum trial times for redirect notification, session setup
request and session keepalive request, in range of o1~10. By default, it is 3.

Description
Using the dvpn retry command, you can configure maximum trial times for
redirect notification, session setup request and session keepalive request at client.
Using the undo dvpn retry command, you can restore maximum trial times to
the default value.

Example
# Set the maximum trial times to 5.
[3Com-Tunnel0] dvpn retry 5

dvpn server Command


dvpn server dvpn-class-name

undo dvpn server dvpn-class-name

View
Tunnel interface view

Parameter
dvpn-class-name: Dvpn-class name for the Tunnel interface. Dvpn-class is a data
structure which includes such information as public and private IP addresses and
UDP port ID and it is created with the dvpn class command.

Description
Using the dvpn server command, you can specify dvpn-class name for a Tunnel
interface at client. Using the undo dvpn server command, you can delete a
dvpn-class name.
If the dvpn-class view specified does not exist, this command will also create a
dvpn-class configuration module.
By default, no dvpn-class is created.

Example
# Set server name for a Tunnel interface as abc.
[3Com-Tunnel0] dvpn server abc

dvpn timer aging Command


dvpn timer aging time-interval

undo dvpn timer aging

View
Tunnel interface view
Dynamic VPN 1023

Parameter
time-interval: Time interval for map age_timer, in range of 10~3600 seconds. By
default, it is 60 seconds.

Description
Using the dvpn timer aging command, you can define time interval for map
age_timer. Using the undo dvpn timer aging command, you can restore the
time interval of map age_timer to the default value.

Example
# Set the time interval of map age_timer for a Tunnel interface to 120 seconds.
[3Com-Tunnel0] dvpn timer aging 120

dvpn timer idle Command


dvpn timer idle time-interval

undo dvpn timer idle

View
Tunnel interface view

Parameter
time-interval: Time interval for idle_timer, in range of 60~86400 seconds. By
default, it is 600 seconds.

Description
Using the dvpn timer idle command, you can define time interval for idle_timer
which works in disconnecting session links in case of timeout. Using the undo
dvpn timer idle command, you can restore the time interval of idle_timer to the
default value.

Example
# Set the time interval of idle_timer for session links to 300 seconds.
[3Com-Tunnel0] dvpn timer idle 300

dvpn timer keepalive Command


dvpn timer keepalive time-interval

undo dvpn timer keepalive

View
Tunnel interface view

Parameter
time-interval: Time interval for map keepalive_timer, in range of 1~3600 seconds.
By default, it is 10 seconds.
1024 CHAPTER 10: L2TP CONFIGURATION COMMANDS

Description
Using the dvpn timer keepalive command, you can define time interval for map
keepalive_timer. Using the undo dvpn timer keepalive command, you can
restore the time interval of map keepalive_timer.

Keepalive_Timer keeps normal session between clients. When a session link is set
up successfully, a keepalive packet is sent to the peer and the keepalive_timer also
is enabled. Once the timer times out, the client sends a keepalive packet to the
peer and waits for response from the peer.

Example
# Set the time interval of map keepalive_timer to 30 seconds.
[3Com-Tunnel0] dvpn timer keepalive 30

dvpn timer redirect Command


dvpn timer redirect time-interval

undo dvpn timer redirect

View
Tunnel interface view

Parameter
time-interval: Time interval for next hop redirect notify_timer, in range of 1~180
seconds. By default, it is 10 seconds.

Description
Using the dvpn timer redirect command, you can define time interval for next
hop redirect notify_timer. Each time timeout occurs the node sends next hop
redirect notification to the source client until it receives the acknowledgement
packet. Using the undo dvpn timer redirect command, you can set the time
interval of next hop redirect notify_timer to the default value.

When server or a client finds the destination of a packet received is not itself, but
another node in the VPN, it needs to forward this packet and send a next hop
redirect notify packet to the source node of the packet. If no response is received
from the source node within the preset time limit, it counts this as a trial action.

Example
# Set the time interval of next hop redirect notify_timer for a Tunnel interface to
30 seconds.
[3Com-Tunnel0] dvpn timer redirect 30

dvpn timer register Command


dvpn timer register time-interval

undo dvpn timer register

View
Tunnel interface view
Dynamic VPN 1025

Parameter
time-interval: Time interval for node register request_timer, in range of 1~600
seconds. By default, it is 30 seconds.

Description
Using the dvpn timer register command, you can define time interval for node
register request_timer. Each time timeout occurs, a client should log into server
again. Using the undo dvpn timer register command, you can restore the time
interval of node register request_timer to the default value.

Example
# Set the time interval of node register request_timer for a Tunnel interface to 60
seconds.
[3Com-Tunnel0] dvpn timer register 60

dvpn timer setup Command


dvpn timer setup time-interval

undo dvpn timer setup

View
Tunnel interface view

Parameter
time-interval: Time interval for session setup request_timer, in range of 1~180
seconds. By default, it is 10 seconds.

Description
Using the dvpn timer setup command, you can define time interval for session
setup request_timer. Each time timeout occurs, a client sends session setup
request packets. Using the undo dvpn timer setup command, you can restore
the time interval of session setup request_timer to the default value.

When a client sends a session setup request, it also enables session setup
request_timer. If it receives no responses from the peer within the present time
limit, it counts this as one trial action and another session setup request.

Example
# Set the time interval of session setup request_timer for a Tunnel interface to 30
seconds.
[3Com-Tunnel0] dvpn timer setup 30

dvpn udp-port Command


dvpn udp-port udp-port

undo dvpn udp-port

View
Tunnel interface view
1026 CHAPTER 10: L2TP CONFIGURATION COMMANDS

Parameter
udp-port: UDP port ID in DVPN, in range of 8000~8010. By default, it is 8000.

Description
Using the dvpn udp-port command, you can configure UDP port ID for a Tunnel
interface. The command is available at a Tunnel interface where UDP
encapsulation type is configured. Using the undo dvpn udp-port command, you
can restore the default port ID.

Example
# Configure UDP port ID for a Tunnel interface.
[3Com-Tunnel0 ] dvpn udp-port 8001

dvpn vpn-id Command


dvpn vpn-id vpn-id

undo dvpn vpn-id

View
Tunnel interface view

Parameter
vpn-id: VPN ID for a tunnel interface, in range of 1~4294967295.

Description
Using the dvpn vpn-id command, you can specify VPN for a Tunnel interface.
Using the undo dvpn vpn-id command, you can delete VPN configuration for a
Tunnel interface.

Example
# Set the VPN for a Tunnel interface as 100.
[3Com-Tunnel0] dvpn vpn-id 100

private-ip Command
private-ip ip-address

undo private-ip ip-address

View
dvpn-class view

Parameter
ip-address: Specifies private IP address for a specific server, that is, the IP address of
a Tunnel interface.

Description
Using the private-ip command, you can configure private IP address for a specific
server. Using the undo private-ip command, you can delete the private IP address
of a specific server.
Dynamic VPN 1027

By default, no private IP address is configured

Example
# Configure the private IP address of a server as 192.168.0.1.
[3Com-Dvpn-class-abc] private-ip 192.168.0.1

public-ip Command
public-ip ip-address

undo public-ip ip-address

View
dvpn-class view

Parameter
ip-address: Specifies public IP address for a specific server.

Description
Using the public-ip command, you can configure public IP address for a specific
server. Using the undo public-ip command, you can delete the public IP address
of a specific server.
By default, no public IP address is configured.

Example
# Configure the public IP address of a server as 61.18.3.66.
[3Com-dvpn-class-abc] public-ip 61.18.3.66

reset dvpn map Command


reset dvpn map vpn-id

View
User view

Parameter
vpn-id: Specifies vpn-id.

Description
Using the reset dvpn map command, you can clear sessions for a specific VPN.

Example
# Clear session links of VPN 100.
<3Com> reset dvpn map 100

tunnel-protocol dvpn Command


tunnel-protocol [ gre | udp ] dvpn
1028 CHAPTER 10: L2TP CONFIGURATION COMMANDS

View
Tunnel interface view

Parameter
gre dvpn: Creates tunnels in GRE DVPN encapsulation mode.
udp dvpn: Creates tunnels in UDP DVPN encapsulation mode.

Description
Using the tunnel-protocol dvpn command, you can configure encapsulation
mode for a Tunnel interface. DVPN attribute means the Tunnel interface is in DVPN
mode, then the interface turns into Multipoint attribute and NBMA type.

By default, GRE encapsulation mode is available at a Tunnel interface, that is,


point-to-point tunnels are set up in GRE mode.

Example
# Set UDP DVPN encapsulation mode for a Tunnel interface.
[3Com-Tunnel0] tunnel-protocol udp dvpn

udp-port Command
udp-port port-number

undo udp-port

View
dvpn-class view

Parameter
port-number: UDP port ID for a specific server, only available for UDP
encapsulation mode. By default, it is 8000.

Description
Using the udp-port command, you can configure UDP port ID for server which is
specified with the dvpn-class command. Using the undo udp-port command, you
can restore the UDP port ID to the default value.

Example
# Configure UDP port ID for a server as 8010.
[3Com-Dvpn-class-abc] udp-port 8010
TRAFFIC POLICING AND SHAPING
11 CONFIGURATION COMMANDS

Traffic Policing (TP)


Configuration
Commands

display qos car interface Syntax


display qos car interface [ interface-type interface-number ]

View
Any view

Parameter
interface-type: Interface type.
interface-number: Interface number.

Description
Using the display qos car interface command, you can view parameter
configuration and operating statistics of TP at each or all interfaces.

If no interface is specified, TP configuration and operating statistics of all interfaces


will be displayed.

Example
# Display the TP parameter configuration information and running statistic
information on each interface.
[3Com] display qos car interface

Interface: Ethernet6/0/0

Direction: Inbound

Rule(s): If-match CARL 1

CIR 8000(Bps), CBS 15000(Bit), EBS 0(Bit)

Conform Action: remark ip-precedence 3 and pass

Exceed Action: remark ip-precedence 4 and continue

Conformed: 0/0 (Packets/Bytes)

Exceeded: 0/0 (Packets/Bytes)

Direction: Outbound
1030 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Rule(s): If-match ACL 1

CIR 8000(Bps), CBS 15000(Bit), EBS 0(Bit)

Conform Action: pass

Exceed Action: discard

Conformed: 0/0(Packets/Bytes)

Exceeded: 0/0(Packets/Bytes)

display qos carl Syntax


display qos carl [ carl-index ]

View
Any view

Parameter
carl-index: Committed Access Rate List (CARL) number in the range of 1 to 199.

Description
Using the display qos carl command, you can view a certain rule or all the rules
of CARL.
If carl-index is not specified, all rules of CARL will be displayed.

Example
# Display the first rule of CAR list.
[3Com] display qos carl 1

[3Com] display qos carl 1

Current CARL Configuration:

List Params

------------------------------------------------------

1 Precedence 1 2

2 MAC Address 0050-ba27-bed3

qos car Syntax


qos car { inbound | outbound } { any | acl acl-index | carl carl-index } cir
committed-information-rate cbs committed-burst-size ebs excess-burst-size red action
green action

undo qos car { inbound | outbound } { any | acl acl-index | carl carl-index } cir
committed-information-rate cbs committed-burst-size ebs excess-burst-size

View
Interface view
Traffic Policing (TP) Configuration Commands 1031

Parameter

inbound: Limit rate for the packets received by the interface.

outbound: Limit rate for the packets sent by the interface.

any: Limit rates for the packets that match any rules.

acl acl-index: Specified to limit the rate of packets matching the ACL, with
acl-index being the ACL number in the range of 1 to 199.

carl carl-index: Specified to limit the rate of packets matching the CARL, with
carl-index being the CARL number in the range of 1 to 199.

cir committed-information-rate: Committed Information Rate(CIR) in the range of


8000 to 155000000 bits.

cbs committed-burst-size: Committed Burst Size (CBS) in the range of 15000 to


155000000 bits.

ebs excess-committed-burst-size: Excessive Burst Size (EBS) in the range of 0 to


155000000 bits.

red: Action taken on the packets when the traffic rate conforms to CAR..

green: Action taken on the packets when the traffic rate does not conform to
CAR.

action: Action taken on a packet, which can be:

■ continue: to have it dealt with by the next TP strategy.


■ discard: to dicard the packet.
■ pass: to send the packet.
■ remark-prec-continue new-precedence: to specify a new IP priority
new-precedence and execute the next TP strategy. The value range is 0~7.
■ remark-prec-pass new-precedence: to specify a new IP priority
new-precedence and send the packet. The value range is 0~7.

Description
Using the qos car command, you can implement TP strategy on an interface.
Using the undo qos car command, you can remove a certain TP policy at the
interface.

This command is only used to process IP packets.

The repeated use of this command will lead to setting several TP policies at an
interface. The executing order of the policies is the same as the configuration
order.

Example
# Configure traffic policing for output packets that conform to traffic at the
interface Ethernet6/0/0. The normal traffic is 38400 bps. The burst size, twice of
the normal traffic, can pass at the first time; then it is normally transmitted when
1032 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

the rate is less than or equal to 38400 bps. When it is larger than 38400 bps, it
should be transmitted after the packet precedence is changed to 0.
[3Com-Ethernet6/0/0] qos car outbound any carl 1 cir 38400 cbs 76800 ebs 0 red pass
green remark-prec-pass 0

qos carl Syntax


qos carl carl-index { precedence precedence-value | mac mac-address }

undo qos carl carl-index

View
System view

Parameter
carl: Specifies TPL(Committed Access Rate List) configuration information.
carl-index: TP list number in the range 1 to 199.
precedence-value: Precedence in the range 0 to 7.
mac-address: Hexadecimal MAC address.

Description
Using the qos carl command, you can establish or modify an access list for Traffic
Policing (TP) policies (abbreviated to TP list). Using the undo qos carl command,
you can delete TP list.

You can establish an access list based on IP precedence or MAC address.

For a different carl-index, the repeat execution of this command will create
multiple CARLs, and for the same carl-index, such undertaking will modify the
parameters of the CARL.

You are allowed to define multiple precedence values but no more than eight. If
the same precedence is specified several times, the system by default regards that
only one precedence value has been specified. The precedence values are related
to one another in the way of “OR”.

Example
# Configure rule 1 of TP list with packet precedence 1 and 7.
[3Com] qos carl 1 precedence 1 7

Traffic Shaping
Configuration
Commands

display qos gts interface Syntax


display qos gts interface [ interface-type interface-number ]

View
Any view
Traffic Shaping Configuration Commands 1033

Parameter
interface-type: Interface type.
interface-number: Interface number.

Description
Using the display qos gts interface command, you can view TS configuration
and accounting information of certain interface or all interfaces.

If no interface is specified, the TS configuration and operating statistics of all


interfaces will be displayed.

Example
# Display TS configuration and accounting information of all interfaces.
[3Com] display qos gts interface

Interface: Ethernet6/0/0

Rule(s): If-match ACL 1

CIR 8000(Bps), CBS 15000(Bit), EBS 0(Bit)

Queue Length: 1000 (Packet)

Queue Size: 700 (Packet)

Pass: 0/0 (Packets/Bytes)

Discard : 0/0 (Packets/Bytes)

Delay : 0/0 (Packets/Bytes)

qos gts Syntax


qos gts { any | acl acl-index } cir committed-information-rate [ cbs committed-burst-size
[ ebs excess-burst-size [ queue-length queue-length ] ] ]

undo qos gts { any | acl acl-index }

View
Interface view

Parameter

any: Performs TP on all the IP packets.

acl acl-index: Specified to limit the rate of packets matching the ACL, with
acl-index being the ACL number in the range of 1 to 199.

cir committed-information-rate: CIR in the range of 8000 to 155000000 bits.

cbs committed-burst-size: Committed burst size in the range of 15000 to


155000000bits. By default, committed-burst-size is 1/2 of
committed-information-rate.

ebs excess-burst-size: Excess burst size in the range of 0 to 155000000bits. By


default, excess-burst-size is 0, That is, only one token bucket is used to police.
1034 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

queue-length queue-length: The maximum length of the buffer in the range of 1


to 1024. By default, queue-length is 50.

Description
Using the qos gts command, you can set the shaping parameters for a certain
type of traffic and perform the traffic shaping. Using the undo qos gts command,
you can remove the shaping configuration for a certain type of traffic.

qos gts acl is used to set shaping parameters for the packets that conform to a
certain ACL. Different access-lists can be used to set shaping parameters for
different packets.

qos gts any is used to set shaping parameters for all packets.

qos gts acl cannot be used together with the qos gts any.

Repeated using qos gts will replace configuration set earlier.

Example
# Configure traffic shaping for the packets that conform to ACL rule 1 at
Ethernet6/2/0 interface. The normal traffic is 38400bps. The burst size, twice of
the normal traffic, can pass at the first time. Then it is normally transmitted when
the traffic is less than or equal to 38400bps. When it is larger than 38400bps, it
will be added to the buffer queue and the buffer queue length is 100.
[3Com-Ethernet6/2/0] qos gts acl 1 cir 38400 cbs 76800 ebs 0 queue-length 100

Physical Interface
Rate-limit
Configuration
Commands

display qos lr interface Syntax


display qos lr interface [ interface-type interface-number ]

View
Any view

Parameter
interface-type: Interface type.
interface-number: Interface number.

Description
Using the display qos lr interface command, you can view LR configuration and
statistics of an interface.
If no interface is specified, the LR configuration and operating statistics of all
interfaces will be displayed.

Example
# Display LR configuration and statistics information in serial 0/0/0.
Congestion Management Configuration Commands 1035

[3Com] display qos lr interface

Interface: Ethernet6/0/0

CIR 8000 (Bps), CBS 15000 (Bit), EBS 0 (Bit)

Pass: 0/0 (Packets/Bytes)

Delay : 0/0 (Packets/Bytes)

Active Shaping : NO

qos lr Syntax
qos lr cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size
]]

undo qos lr

View
Interface view

Parameter

cir committed-information-rate: CIR in the range of 8000 to 155000000 bits.

cbs committed-burst-size: Committed burst size in the range of 15000 to


155000000bits.By default, committed-burst-size is half of
committed-information-rate,

ebs excess-burst-size: Excess burst size in the range of 0 to 155000000bits.By


default, excess-burst-size is 0. There is only one token bucket is used to police.

Description
Using the qos lr command, you can limit the bandwidth of a physical interface.
Using the undo qos lr command, you can remove the limit.

Example
# Limit packet-forwarding rate of the physical interface Ethernet6/0/0.
[3Com-Ethernet6/0/0] qos lr cir 38400 cbs 76800 ebs 0

Congestion
Management
Configuration
Commands

FIFO Queue
Configuration
Commands

qos fifo queue-length Syntax


qos fifo queue-length queue-length
1036 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

undo fifo queue-length

View
Interface view

Parameter
queue-length: Length limit of a queue in the range of 1 to 1024.

Description
Using the qos fifo queue-length command, you can set the length limit of FIFO
queue. Using the undo qos fifo queue-length command, you can restore the
default value of the queue length.

By default, queue-length is 75.

For the related command, see display interface.

Example
# Set the length of FIFO queue to 100.
[3Com-Ethernet3/0/0] qos fifo queue-length 100

PQ Configuration
Commands

display qos pq interface Syntax


display qos pq interface [ interface-type interface-number ]

View
Any view

Parameter
interface-type: Interface type.
interface-number: Interface number.

Description
Using the display qos pq interface command, you can view the configuration
and statistics of priority queues at interfaces.

If interfaces are not specified when this command is used, the configuration and
statistics of the priority queues at all interfaces will be displayed.

For the related command, see qos pq.

Example
# Display the configuration and statistics of PQ at interface Ethernet 6/0/0.
[3Com] display qos pq interface ethernet 6/0/0
Interface: Ethernet6/0/0
Priority queueing: PQL 1 (Outbound queue:Size/Length/Discards)
PQ Configuration Commands 1037

Top: 0/20/0 Middle: 0/40/0 Normal: 0/60/0 Bottom: 0/80/0

display qos pql Syntax


display qos pql

View
Any view

Parameter
None

Description
Using the display qos pql command, you can view contents of priority lists.

Default items are not displayed.

For the related commands, see qos pq and qos pq pql.

Example
# Display priority lists.
[3Com] display qos pql

Current PQL Configuration:

List Queue Params

------------------------------------------------------

1 Top Protocol ip less-than 1000

2 Normal Length 60

2 Bottom Length 40

3 Middle Inbound-interface Ethernet5/0/0

qos pq Syntax
qos pq pql pql-index
undo qos pq

View
Interface view

Parameter
pql-index: Pql index of the priority list, ranging 1 to 16.

Description
Using the qos pq command, you can apply a group of priority list to an interface.
Using the undo qos pq command, you can restore the congestion management
policy at the interface to FIFO.

By default, the congestion management policy at the interfaces is FIFO.


1038 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

All the physical interfaces can use the priority queue except ATM interface and
interfaces with X.25 as the link layer.

An interface can only use one group of priority lists.

This command can configure multiple classification rules for each group in the
priority list. During traffic classification, the system matches packets along the rule
list. If matching a certain rule, a packet will be classified into the priority queue
specified by this rule; or it will be put into the default priority queue.

For the related commands, see qos pql, display qos pq interface, display qos
pql, and display interface.

Example
# Apply the priority list 12 to the Ethernet 0/2/0.
[3Com-Ethernet0/2/0] qos pq pql 12

qos pql default-queue Syntax


qos pql pql-index default-queue { top | middle | normal | bottom }
undo qos pql pql-index default

View
System view

Parameter
pql-index: Pql index of the priority list, ranging 1 to 16.
top, middle, normal and bottom: Corresponding to the four levels of priority
queue, with the priority reducing in turn. The queue defaults to normal.

Description
Using the qos pql default-queue command, you can designate the packets
without corresponding rules to a default queue. Using the undo qos pql
default-queue command, you can cancel the configuration and restore the
default value.

During traffic classification, if a packet does not match any rule, it will be put into
the default priority queue.

For the same pql-index, repeated use of this command will set new default queue.

For the related command, see display qos pql.

Example
# Set the default queue of the packets without corresponding rules in group 12 of
the priority list to be the bottom queue.
[3Com] qos pql 12 default-queue bottom

qos pql Syntax


inbound-interface qos pql pql-index inbound-interface interface-type interface-number queue { top |
middle | normal | bottom }
PQ Configuration Commands 1039

undo qos pql pql-index inbound-interface interface-type interface-number

View
System view

Parameter
pql-index: Group number of the priority list, ranging 1 to 16.
Interface-type: Interface type.
Interface-number: Interface number.
top, middle, normal and bottom: Corresponding to the four levels of priority
queue, with the priority reducing in turn. By default, it is set to normal.

Description
Using the qos pql inbound-interface command, you can establish classification
rules based on interfaces. Using the undo qos pql inbound-interface command,
you can delete the corresponding classification rule.

This command can match packets according to which interface the packet comes
from. For the same pql-index, this command can be repeatedly used, establishing
classification rules for packets that come from different interfaces.

For the related commands, see qos pql default-queue, qos pql protocol, qos
pql queue, and qos pq.

Example
# Display how to make packets from an interface Serial 0/0/0 be put into a middle
queue.
[3Com] qos pql 12 inbound-interface Serial 0/0/0 middle

qos pql protocol Syntax


qos pql pql-index protocol protocol-name queue-key key-value queue { top | middle |
normal | bottom }
undo qos pql pql-index protocol protocol-name queue-key key-value

View
System view

Parameter
pql-index: Pql index of the priority list, ranging 1 to 16.
top, middle, normal, bottom: Corresponding PQ queues, whose priority levels
are in descending order.
protocol-name: Protocol type, which can only be IP by far.
When the protocol-name is IP, the values of queue-key and key-value are displayed
in the following table:
Table 1 Descriptions of values of queue-key and key-value

queue-key key-value Description


fragments Null Any IP packet that is fragmented will be classified.
1040 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Table 1 Descriptions of values of queue-key and key-value

queue-key key-value Description


acl ACL group Any IP packet that complies with an ACL will be
number, 1 to classified.
999
less-than Length, 0 to Any IP packet whose length is less than a certain
65535 value will be classified.
greater-than Length, 0 to Any IP packet whose length is greater than a
65535 certain value will be classified.
tcp Port number, 0 Any IP packet whose source or destination TCP
to 65535 port number is the specified port number will be
classified.
udp Port number, 0 Any IP packet whose source or destination UDP
to 65535 port number is the specified port number will be
classified.
- - All IP packets

When queue-key is tcp or udp, key-value can be port name or the associated port
number. You can enter “?” to get the port numbers associated with port names..

Description
Using the qos pql protocol command, you can establish classification rules based
on the protocol type. Using the undo qos pql protocol command, you can delete
the corresponding classification rule.

The system matches a packet to a rule according to the set order. When the
packet matches a certain rule, the search process is completed.

For the same pql-index, this command can be repeatedly used, establishing
multiple classification rules for IP packets.

For the related command, see display qos pql.

Example
# Specify a rule to make IP packets be put into the top queue.
[3Com] qos pql 1 protocol ip acl 100 queue top

qos pql queue Syntax


qos pql pql-index queue { top | middle | normal | bottom } queue-length queue-length

undo qos pql pql-index queue { top | middle | normal | bottom } queue-length

View
System view

Parameter

pql-index: Pql index of the priority list, ranging 1 to 16.

queue-length: Four length values of priority queues ranging 1 to 1024. By default,


the length values of the queues are displayed as follows:
CQ Configuration Commands 1041

■ The default length value of the top queue is 20.


■ The default length value of the middle queue is 40.
■ The default length value of the normal queue is 60.
■ The default length value of the bottom queue is 80.

Description
Using the qos pql queue command, you can specify the maximum number of
packets that can wait in each of the priority queues, or the length of a PQ. Using
the undo qos pql queue command, you can restore to the default value of each
PQ length.

If a queue is full, any newly incoming packet will be dropped.

For the related commands, see qos pql default-queue, qos pql
inbound-interface, qos pql protocol, and qos pq.

Example
# Specify the maximum number of packets waiting in the top priority queue 10 to
10.
[3Com] qos pql 10 queue top queue-length 10

CQ Configuration
Commands

display qos cq interface Syntax


display qos cq interface [ interface-type interface-number ]

View
Any view

Parameter
interface-type: Interface type.
interface-number: Interface number.

Description
Using the display qos cq interface command, you can view configuration and
statistics of customized queues at interfaces.
If no interface is specified CQ configuration and statistics of all interfaces will be
displayed.
For the related command, see qos cq.

Example
# Display configuration and statistics of customized queues at interface Ethernet
6/0/0/.
[3Com] display qos cq interface 6/0/0

Interface: Ethernet6/0/0
1042 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Custom queueing: CQL 1 (Outbound queue:Size/Length/Discards)

0: 0/ 20/0 1: 0/ 20/0 2: 0/ 20/0

3: 0/ 20/0 4: 0/ 20/0 5: 0/ 20/0

6: 0/ 20/0 7: 0/ 20/0 8: 0/ 20/0

9: 0/ 20/0 10: 0/ 20/0 11: 0/ 20/0

12: 0/ 20/0 13: 0/ 20/0 14: 0/ 20/0

15: 0/ 20/0 16: 0/ 20/0

display qos cql Syntax


display qos cql

View
Any view

Parameter
None

Description
Using the display qos cql command, you can view contents of custom lists.
Default values will not be displayed.
For the related commands, see qos cq cql and qos cq.

Example
# Display information about a custom list.
[3Com] display qos cql

Current CQL Configuration:

List Queue Params

2 3 Protocol ip fragments

3 0 Length 100

3 1 Inbound-interface Ethernet0

qos cq Syntax
qos cq cql cql-index

undo qos cq

View
Interface view

Parameter
cql-index: Cql index number of a custom list, ranging 1 to 16.
CQ Configuration Commands 1043

Description
Using the qos cq cql command, you can apply the customized queue to an
interface. Using the undo qos cq command, you can restore the congestion
management policy at the interface to FIFO.

By default, the congestion management policy at the interfaces is FIFO.

All the physical interfaces can use customized queues, except ATM interface and
interfaces with X.25 as the link layer.

One interface can only use one group of customized queues.

This command can configure multiple classification rules for each group in the
custom list. During traffic classification, the system matches packets along the rule
link. If matching a certain rule, a packet will be classified into the corresponding
priority queue specified by this rule. If not matching any rule, it will go to the
default priority queue.

For the related commands, see qos cql default-queue, qos cql
inbound-interface, qos cql protocol, qos cql queue serving, and qos cql
queue queue-length.

Example
# Apply the custom group 5 on the Ethernet 6/0/0.
[3Com-Ethernet6/0/0] qos cq cql 5

qos cql default-queue Syntax


qos cql cql-index default-queue queue-number
undo qos cql cql-index default-queue

View
System view

Parameter
cql-index: Cql index of the custom list, ranging 1 to 16.
queue-number: Queue number, ranging 0 to 16. By default, customized queue
number is 1.

Description
Using the qos cql default-queue command, you can assign a default queue for
those packets that do not match any rule in the custom list. Using the undo qos
cql default-queue command, you can restore to the default queue.

During traffic classification, if a packet does not match any rule, it will go to the
default queue.

For the related command, see qos cql inbound-interface, qos cql protocol, qos
cql queue serving, and qos cql queue queue-length.

Example
# Assign default queue 2 to custom list 5.
1044 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

[3Com] qos cql 5 default-queue 2

qos cql Syntax


inbound-interface qos cql cql-index inbound-interface interface-type interface-number queue
queue-number
undo qos cql cql-index inbound-interface interface-type interface-number

View
System view

Parameter

cql-index: Group number of the custom list, ranging 1 to 16.

Interface-type: Interface type.

interface-number: Interface number.

queue-number: Queue number, ranging 0 to 16.

Description
Using the qos cql inbound-interface command, you can establish classification
rules based on interfaces. Using the undo qos cql inbound-interface command,
you can delete corresponding classification rules.

By default, no classification rules are configured.

This command matches a packet to a rule according to the interface that the
packet comes from. For the same group-number, this command can be repeatedly
used, establishing different classification rules for packets from different
interfaces.

For the related commands, see qos cql protocol, qos cql queue serving, and
qos cql queue queue-length.

Example
# Specify a rule to make a packet from tunnel 0/0/0 be put into queue 3.
[3Com] qos cql 5 inbound-interface tunnel 0 queue 3

qos cql protocol Syntax


qos cql cql-index protocol protocol-name queue-key key-value queue queue-number
undo qos cql cql-index protocol protocol-name queue-key key-value queue
queue-number

View
System view

Parameter
cql-index: Group number of the custom list, ranging 1 to 16.
protocol-name: Protocol name, which can only be ip by far.
CQ Configuration Commands 1045

queue-number: Queue number, ranging 0 to 16.


When protocol-name is IP, the values of queue-key and key-value are displayed in
the following table:
Table 2 Descriptions of values of queue-key and key-value

queue-key key-value Description


fragments Null Any IP packet that is fragmented will be
classified.
Acl ACL group number, 1 Any IP packet that complies with ACL will
to 999 be classified.
Less-than Length, 0 to 65535 Any IP packet whose length is less than a
certain value will be classified.
Greater-than Length, 0to 65535 Any IP packet whose length is greater than
a certain value will be classified.
tcp Port number, 0 to IP packets are classified according to
65535 source or destination TCP port number.
udp Port number, 0 to IP packets are classified according to
65535 source or destination UDP port number.
- - All IP Packets

When queue-key is tcp or udp, key-value can be port name or the associated port
number. You can enter “?” to get the port numbers associated with port names.

Description
Using the qos cql protocol command, you can establish classification rules based
on the protocol type. Using the undo qos cql protocol command, you can delete
corresponding classification rules.

The system matches a packet to a rule according to the order that rules are
configured. When the packet matches a certain rule, the search process is
completed.

For the same cql-index, this command can be repeatedly used, establishing
multiple classification rules for IP packets.

For the related commands, see qos cql inbound-interface, qos cql protocol,
qos cql queue serving, and qos cql queue queue-length.

Example
# Specify a rule to make any IP packet that matches the access-list 100 be put into
queue 3.
[3Com] qos cql 5 protocol ip acl 100 queue 3

qos cql queue Syntax


qos cql cql-index queue queue-number queue-length queue-length
undo qos cql cql-index queue queue-number queue-length

View
System view
1046 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Parameter
cql-index: Cql index of the custom list, ranging 1 to 16.
queue-number: Queue number, ranging 0 to 16.
queue-length: The maximum length of the queue, ranging 0 to 1024 packets.

Description
Using the qos cql queue command, you can specify a default queue for the
packets without corresponding rules. Using the undo qos cql queue command,
you can cancel the configuration and restore the default value.

By default, queue-length is 20 packets.

If a queue is full, any newly incoming packet will be dropped.

For the related commands, see qos cql inbound-interface, qos cql protocol,
and qos cql queue serving.

Example
# Specify the amount of packets in a queue 4 in custom list 5 to 40.
[3Com] qos cql 5 queue 4 queue-length 40

qos cql queue serving Syntax


qos cql cql-index queue queue-number serving byte-count
undo qos cql cql-index queue queue-number serving

View
System view

Parameter
cql-index: Cql-index of the custom list, ranging 1 to 16.
queue-number: Queue number, ranging 0 to 16.
byte-count: number of bytes in packets that the given queue sends during each
poll, ranging 0 to 16777215 bytes.

Description
Using the qos cql queue serving command, you can set the byte-count of the
packets sent from a given queue during each poll. Using the undo qos cql queue
serving command, you can restore the byte-count of sent packets to the default
value.

By default, byte-count is 1500.

For the related commands, see qos cql inbound-interface, qos cql protocol,
and qos cql queue queue-length.

Example
# Specify byte-count of queue 2 in the custom list 5 to 1400.
[3Com] qos cql 5 queue 2 serving 1400
WFQ Configuration Commands 1047

WFQ Configuration
Commands

display qos wfq Syntax


interface display qos wfq interface [ interface-type interface-number ]

View
Any view

Parameter
interface-type: Interface type.
interface-number: Interface number.

Description
Using the display qos wfq interface command, you can view customized queue
configuration and statistics of an interface.

If no interface is specified, the customized queue configuration and statistics of all


interfaces will be displayed.

For the related command, see qos wfq.

Example
# Display the custom queue configuration and statistics of Ethernet 6/0/0
interface.
[3Com] display qos wfq interface ethernet 6/0/0

Interface: Ethernet6/0/0

Weighted Fair queueing: (Outbound queue:Size/Length/Discards)

WFQ: 0/100/0

Hashed queues: 0/0/128 (Active/Max active/Total)

qos wfq Syntax


qos wfq [ queue-length max-queue-length [ queue-number total-queue-number ] ]
undo qos wfq

View
Interface view

Parameter
max-queue-length: The maximum queue length in the range of 1 to 1024. It is the
maximum number of packets in each queue. Packets out of the range will be
discarded.

total-queue-number: Total queue number. Available numbers are 16, 32, 64, 128,
256, 512, 1024, 2048 and 4096.

By default, max-queue-length is 64; total-queue-number is 256.


1048 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Description
Using the qos wfq command, you can apply weighed fair queue or modify WFQ
parameters at an interface. Using the undo qos wfq command, you can restore
the default congestion management mechanism FIFO.

Except ATM interface and interfaces with X.25 as the link layer, all physical
interfaces can use weighed fair queue.

When an interface does not apply WFQ policy, this command can be used to apply
WFQ policy at the interface as well as specifying WFQ parameters. If an interface
has applied WFQ policy, this command can be used to modify WFQ parameters.

For the related commands, see display interface and display qos wfq
interface.

Example
# Apply WFQ at the Ehernet6/0/0 interface, set the queue length to 100 and set
the total queue number to 512.
[3Com-Ethernet6/0/0] qos wfq queue-length100 queue-number 512

CBQ Configuration
Commands

car Syntax
car cir committed-information-rate [ cbs committed-burst-size ebs excess-burst-size ] [
green action [ red action] ]
undo car

View
Traffic behavior view

Parameter

cir committed-information-rate: Committed information rate of traffic in the


range of 8000 to 155000000bit.

cbs committed-burst-size: Committed burst size, number of bits that can be sent
in each interval in the range of 15000 to 155000000 bits.

ebs excess-burst-size: Excessive burst size in the range of 0 to 155000000 bits.

green: Action conducted to packets when traffic of packets conforms to the


traffic convention. By default, the action of green is “pass".

red: Action conducted to packets when traffic of packets does not conform to the
traffic convention. By default, the action of red is “discard”.

action: Action conducted on a packet. Divided into the following types:

■ discard: Drops the packet


■ remark-dscp-pass new-dscp: Sets new-dscp and transmits the packet.
CBQ Configuration Commands 1049

■ remark-prec-pass new-precedence: Sets new-precedence of IP and transmit


the packet.
■ remark-mpls-exp-pass new-exp: Sets the new MPLS EXP and transmit the
packet.
■ pass: Transmits the packet.

Description
Using the car command, you can configure traffic monitoring for a behavior.
Using the undo car command, you can delete the configuration of traffic
monitoring.

The policy can be used in the input or output direction of the interface.

Application of policy including of TP policy on an interface will cause the previous


qos car command to be ineffective.

If this command is frequently configured on classes of the same policy, the last
configuration will overwrite the previous ones.

For the related commands, see qos policy, traffic behavior, and classifier
behavior.

Example
# Use traffic monitor for a behavior. The normal traffic of packets is 38400bps.
Burst traffic twice of the normal traffic can pass initially and later the traffic is
transmitted normally when the rate does not exceed 38400bps. When the rate
exceeds 38400bps, the precedence of the packet turns to 0 and the packet is
transmitted.
[3Com] traffic behavior database

[3Com-behavior-database] car cir 38400 cbs 76800 ebs 0 green pass red
remark-precedence-pass 0

classifier behavior Syntax


classifier tcl-name behavior behavior-name
undo classifier tcl-name

View
Policy view

Parameter
tcl-name: Must be the name of the defined class, the system-defined or
user-defined class.
behavior–name: Must be the name of the defined behavior, the system-defined or
user-defined behavior.

Description
Using the classifier behavior command, you can specify the behavior for the
class in the policy. Using the undo classifier command, you can remove the
application of the class in the policy.
1050 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Each class in the policy can only be associated with one behavior.
The undo command is not used for the default class.
For the related command, see qos policy.

Example
# Specify the behavior test for the class database in the policy 3Com.
[3Com] qos policy 3Com

[3Com-qospolicy-3Com] classifier database behavior test

display qos cbq interface Syntax


display qos cbq interface [ { interface-type interface-number } [ pvc { pvc-name [ vpi/vci
] | vpi/vci } ] ]

View
Any view

Parameter
interface-type: Interface type.
interface-number: Interface number.
pvc: Used for ATM interface only, i.e., policy configuration of specified PVC on
specified ATM interface can be displayed.
pvc-name: PVC name.
vpi/vci: VPI/VCI value pair. For detailed description, refer to the Parameter
Description about pvc command.

Description
Using the display qos cbq interface command, you can view CBQ configuration
information and operating status, the specified PVC on specified ATM interface or
on all interfaces.

Example
[3Com] display qos cbq interface
Interface: Ethernet10/2/0
Class Based Queuing: (Outbound queue: Total Size/Discards)
CBQ: 0/0
Queue Size: 0/0/0 (EF/AF/BE)
BE Queues: 0/0/256 (Active/Max active/Total)
AF Queues: 1 (Allocated)
Bandwidth(Kbps): 74992/75000 (Available/Max reserve)

display qos policy Syntax


display qos policy { system-defined | user-defined } [ policy-name [ classifier tcl-name ] ]

View
Any view
CBQ Configuration Commands 1051

Parameter
system-defined: Policy pre-defined by the system.
user-defined: Policy pre-defined by the user.
policy-name: Policy name. If it is not specified, the configuration information of all
the policies pre-defined by the system or by the user will be displayed.
tcl-name: Class name in the policy.

Description
Using the display qos policy command, you can display the configuration
information of the specified class or all the classes and associated behaviors in the
specified policy or all policies.

Example
[3Com] display qos policy user-defined
User Defined QoS Policy Information:
Policy: test

Classifier: default-class

Behavior: be

-none-

Classifier: 3Com

Behavior: 3Com

Marking:

Remark IP Precedence 3

Committed Access Rate:

CIR 20000 (bps), CBS 15000 (bit), EBS 0 (bit)

Conform Action: pass

Exceed Action: discard

Expedited Forwarding:

Bandwidth 50 (Kbps) CBS 1500 (Bytes)

Classifier: database

Behavior: database

Assured Forwarding:

Bandwidth 30 (Kbps)

Discard Method: Tail

Queue Length : 64 (Packets)

General Traffic Shape:

CIR 30000 (bps), CBS 15000 (bit), EBS 0 (bit)


1052 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Queue length 50 (Packets)


Marking:
Remark MPLS EXP 3

display qos policy Syntax


interface display qos policy interface [ { interface-type interface-number } [ inbound | outbound ]
[ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ]

View
Any view

Parameter
interface-type: Interface type.
interface-number: Interface number.
pvc: Used for ATM interface only, i.e., policy configuration of specified PVC on
specified ATM interface can be displayed.
pvc-name: PVC name.
vpi/vci: VPI/VCI value pair. For details, refer to the parameter description about the
pvc command.

Description
Using the display qos policy interface command, you can view configuration
information and the operating status of the policy on the specified interface, the
specified PVC on specified ATM interface or on all interfaces and PVC.

Example
# Display qos policy on Ethernet 10/2/0.
[3Com] display qos policy interface Ethernet 10/2/0

Interface: Ethernet10/2/0

Direction: Outbound

Policy: test

Classifier: default-class

Matched : 0/0 (Packets/Bytes)

Rule(s) : if-match any

Behavior: be

Default Queue:

Flow Based Weighted Fair Queuing

Max number of hashed queues: 256

Matched : 0/0 (Packets/Bytes)

Enqueued : 0/0 (Packets/Bytes)

Discarded: 0/0 (Packets/Bytes)


CBQ Configuration Commands 1053

Discard Method: Tail

Classifier: 3Com

Matched : 0/0 (Packets/Bytes)

Operator: AND

Rule(s) : if-match ip-precedence 5

Behavior: 3Com

Marking:

Remark IP Precedence 3

Remarked: 0 (Packets)

Committed Access Rate:

CIR 20000 (bps), CBS 15000 (bit), EBS 0 (bit)

Conform Action: pass

Exceed Action: discard

Conformed: 0/0 (Packets/Bytes)

Exceeded : 0/0 (Packets/Bytes)

Expedited Forwarding:

Bandwidth 50 (Kbps), CBS 1500 (Bytes)

Matched : 0/0 (Packets/Bytes)

Enqueued : 0/0 (Packets/Bytes)

Discarded: 0/0 (Packets/Bytes)

Classifier: database

Matched : 0/0 (Packets/Bytes)

Operator: AND

Rule(s) : if-match acl 131

if-match inbound interface Ethernet10/2/0

Behavior: database

General Traffic Shape:

CIR 30000 (bps), CBS 15000 (bit), EBS 0 (bit)

Queue Length: 50 (Packets)

Queue size : 0 (Packets)

Passed : 0/0 (Packets/Bytes)

Discarded: 0/0 (Packets/Bytes)

Delayed : 0/0 (Packets/Bytes)


1054 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Marking:

Remark MPLS EXP 3

Remarked: 0 (Packets)

Assured Forwarding:

Bandwidth 30 (Kbps)

Matched : 0/0 (Packets/Bytes)

Enqueued : 0/0 (Packets/Bytes)

Discarded: 0/0 (Packets/Bytes)

display traffic behavior Command


display traffic behavior { system-defined | user-defined } [ behavior-name ]

View
Any view

Parameter
system-defined: Behavior pre-defined by the system.
user-defined: Behavior pre-defined by the user.
behavior-name: Behavior name. If it is not specified, the information of the
behaviors pre-defined by the system or by the user will be displayed.

Description
Using the display traffic behavior command, you can display the information of
the traffic behavior configured on the router.

Example
[3Com] display traffic behavior user-defined
User Defined Behavior Information:
Behavior: test
Assured Forwarding:
Bandwidth 30 (Kbps)
Discard Method: Tail
Queue Length : 64 (Packets)
General Traffic Shape:
CIR 30000 (bps), CBS 15000 (bit), EBS 0 (bit)
Queue length 50 (Packets)
Marking:
Remark MPLS EXP 3
Behavior: 3Com
Marking:
Remark IP Precedence 3
Committed Access Rate:
CIR 20000 (bps), CBS 15000 (bit), EBS 0 (bit)
CBQ Configuration Commands 1055

Conform Action: pass


Exceed Action: discard
Expedited Forwarding:
Bandwidth 50 (Kbps) CBS 1500 (Bytes)

display traffic classifier Syntax


display traffic classifier { system-defined | user-defined } [ tcl-name ]

View
Any view

Parameter
system-defined: Class pre-defined by the system.
user-defined: Class pre-defined by the user.
tcl-name: Class name. If it is not specified, the information of all classes
pre-defined by the system or by the user.

Description
Using the display traffic classifier command, you can view information about
class of router configuration.

Example
[3Com] display traffic classifier user-defined
User Defined Classifier Information:
Classifier: 3Com
Operator: AND
Rule(s) : if-match ip-precedence 5
Classifier: database
Operator: AND
Rule(s) : if-match acl 131
if-match inbound-interface Ethernet10/2/0

gts Syntax
gts cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size [
queue-length queue-length ] ] ]
undo gts

View
Traffic behavior view

Parameter

cir committed-information-rate: Average rate of traffic in the range of 8000 to


155000000 bps.

cbs committed-burst-size: Burst size in the range of 15000 to 155000000 bits.

ebs excess-burst-size: Excessive burst size in the range of 0 to 155000000 bits.


1056 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

queue-length queue-length: The maximum length of a queue in the range of 1 to


1024.

By default, committed-burst-size is a half of committed-information-rate,


excess-burst-size is 0, and queue-length is 50.

Description
Using the gts command, you can configure traffic shaping for a behavior. Using
the undo gts command, you can delete traffic shaping for a behavior.

A policy in which shape is used on an interface can only be applied in the output
direction of the interface.

Application of policy including shape policy on an interface will cause the


previously configured qos gts command to be ineffective.

If this command is frequently configured on the same traffic behavior, the last
configuration will overwrite the previous ones.

For the related commands, see qos policy, traffic behavior, and classifier
behavior.

Example
# Configure TS for a behavior. The normal traffic is 38400bps. Burst traffic twice
of the normal traffic can pass initially and later the traffic is transmitted normally
when the rate is less than or equal to 38400bps. When the rate exceeds
38400bps, the traffic will enter the queue buffer and the buffer queue length is
100.
[3Com] traffic behavior database

[3Com-behavior-database] gts cir 38400 cbs 76800 ebs 0 queue-length 100

if-match Syntax
if-match [ not ] match-criteria
undo if-match [ not ] match-criteria

View
Class view

Parameter
match-criteria: Match rule of a class, which can be acl, any, class-map,
destination-mac, inbound-interface, ip-precedence, dscp, protocol,
source-mac, mpls-exp.

Description
Using the if-match command, you can define the rule of all packets not satisfying
the specified match rule. Using the undo if-match command, you can delete the
rule of all packets not satisfying the specified match rule.

For the related command, see traffic classifier.


CBQ Configuration Commands 1057

Example
# Define the class to match packets which protocol is not IP.
[3Com] traffic classifier class1

[3Com-classifier-class1] if-match not protocol ip

if-match { Syntax
destination-mac | if-match [not ] { destination-mac | source-mac } mac-address
source-mac }
undo if-match [not ] { destination-mac | source-mac } mac-address

View
Class view

Parameter
mac-address: MAC address.

Description
Using the if-match { destination-mac | source-mac } command, you can define
match rule of destination or source MAC address. Using the undo if-match {
destination-mac | source-mac } command, you can delete the match rule of
destination or source MAC address.

The match rules of the destination MAC address are only meaningful for the
policies of the output direction and the interface of Ethernet type.

The match rules of the source MAC address are only meaningful for the policies of
the input direction and the interface of Ethernet type.

For the related command, see traffic classifier.

Example
# Define that the match rule of class2 is to match the packets with the destination
MAC address 0050-ba27-bed3.
[3Com] traffic classifier class1

[3Com-classifier-class1] if-match destination-mac 0050-ba27-bed3

# Define the match rule of class2 as matching the packets with source MAC address
0050-ba27-bed2.

[3Com] traffic classifier class2

[3Com-classifier-class2] if-match source mac 0050-ba27-bed2

if-match acl Syntax


if-match [ not ] acl access-list-number
undo if-match [ not ] acl access-list-number

View
Class view
1058 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Parameter
access-list-number: ACL number.

Description

Using the if-match acl command, you can define ACL match rule. Using the
undo if-match acl command, you can delete ACL match rule.

For the related command, see traffic classifier.

Example
# Define a class to match ACL101.
[3Com] traffic classifier class1

[3Com-classifier-class1] if-match acl 101

if-match any Syntax


if-match [ not ] any
undo if-match [ not ] any

View
Class view

Parameter
none

Description
Using the if-match any command, you can define the rule matching all packets.
Using the undo if-match any command, you can delete the rule matching all
packets.

For the related command, see traffic classifier.

Example
# Define the rule matching all packets.
[3Com] traffic classifier class1

[3Com-classifier-class1] if-match any

if-match classifier Syntax


if-match [ not ] classifier tcl-name
undo if-match [ not ] classifier tcl-name

View
Class view

Parameter
tcl-name: Class name.
CBQ Configuration Commands 1059

Description
Using the if-match classifier command, you can define class-map match rule.
Using the undo if-match classifier command, you can delete the class-map
match rule.
This configuration method is the only one to match the traffic with both the
match-all and match-any features.
For example: classA need to match: rule1 & rule2 | rule3
traffic classifier classB operator and
if-match rule1
if-match rule2
traffic classifier classA operator or
if-match rule3
if-match classifier classB
For the related command, see traffic classifier.

Example
# Define match rule of class2 and class1 should be used. Therefore, class1 is
configured first. The match rule of class1 is ACL 101 and the IP precedence is 5.
[3Com] traffic classifier class1

[3Com-classifier-class1] if-match ip-precedence 5

# Define the packet whose class is class2, match rule is class1 and destination MAC address is
0050-BA27-BED3.

[3Com] traffic classifier class2

[3Com-classifier-class2] if-match classifier class1

[3Com-classifier-class2] if-match destination-address mac 0050-BA27-BED3

if-match dscp Syntax


if-match [ not ] dscp { dscp-value }
undo if-match [ not ] dscp { dscp-value }

View
Class view

Parameter
dscp-value: DSCP value in the range of 0 to 63.

Description
Using the if-match dscp command, you can define IP DSCP match rule. Using the
undo if-match dscp command, you can delete IP DSCP match rule.

More than one such command can be configured under a class. They do not
overwrite one other. When each command is configured, the dscp-value will sort
the values automatically in the ascending order. Only when the specified DSCP
1060 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

values are identical with those in the rule (sequence may be different) can the
command be deleted.

More than one DSCP value can be configured and the maximum number is 8. If
multiple DSCPs of the same value are specified, the system regards them as one by
default. Relation between different DSCP values is “or”.

For the related command, see traffic classifier.

Example
# Define the match rule of class1 as matching the packets with the dscp value as
1, 6 or 9.
[3Com] traffic classifier class1

[3Com-classifier-class1] if-match dscp 1 6 9

if-match Syntax
inbound-interface if-match [ not ] inbound-interface { interface-type interface-number }
undo if-match [ not ] inbound-interface { interface-type interface-number }

View
Class view

Parameter
interface-type: Interface type.
interface-number: Interface number.

Description
Using the if-match inbound-interface command, you can define input interface
match rule of a class. Using the undo if-match inbound-interface command,
you can delete input interface match rule of a class.

If the interface is deleted, the match rule will not exist.

Supported interface type: ATM, Ethernet, Serial, Tunnel, VT etc.

For the related command, see traffic classifier.

Example
# Define that the class matches the packets entering from Ethernet6/0/0.
[3Com] traffic classifier class1

[3Com-classifier-class1] if-match inbound-interface Ethernet6/0/0

if-match ip-precedence Syntax


if-match [ not ] ip-precedence { ip-precedence-value }
undo if-match [ not ] ip-precedence

View
Class view
CBQ Configuration Commands 1061

Parameter
ip-precedence-value: Precedence value in the range of 0 to 7. Multiple values can
be specified and the maximum number is 8. If multiple precedence of the same
value are specified, only one of them is taken. Relation between different DSCP
values is “or”.

Description
Using the if-match ip-precedence command, you can define IP precedence
match rule. Using the undo if-match ip-precedence command, you can delete IP
precedence match rule.

When any command is configured, the ip-precedence-value will be sorted


automatically in ascending order.

Multiple precedence values can be specified but the maximum number is 8. If the
multiple precedence values specified are the same, the system regards them as
one. Relation between different precedence values is “or”.

For the related command, see traffic classifier.

Example
# Define the match rule of class1 as matching the packets with the precedence
value as 1 or 6.
[3Com] traffic classifier class1

[3Com-classifier-class1] if-match ip-precedence 1 6

if-match protocol Syntax


if-match [ not ] protocol protocol-name
undo if-match [ not ] protocol protocol-name

View
protocol-name Protocol name. IP is used.

Parameter
Class view

Description
Using the if-match protocol command, you can define protocol match rule.
Using the undo if-match protocol command, you can delete protocol match
rule.

For the related command, see traffic classifier.

Example
# Define the packet whose class match protocol is IP.
[3Com] traffic classifier class1

[3Com-classifier-class1] if-match protocol ip


1062 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

if-match rtp Syntax


if-match [ not ] rtp start-port starting-port-number end-port end-port-number
undo if-match [ not ] rtp start-port starting-port-number end-port end-port-number

View
Class view

Parameter
starting-port-number: Starting RTP port number in the range of 2000 to 65535.
end-port-number: Ending RTP port numbers in the range of 2000 to 65535.

Description
Using the if-match rtp command, you can define port match rule of RTP. Using
the undo if-match rtp command, you can delete the port match rule of RTP.

This command can match RTP packets in the range of specified RTP port number,
i.e., to match packets of even UDP port numbers between
<starting-port-number> and < end-port-number >. If this command is frequently
used under a class, the last configuration will overwrite the previous ones.

For the related command, see traffic classifier.

Example
# Define the match rule of class1 as matching the packets whose RTP port number
is the even UDP port number between 16384 and 32767.
[3Com] traffic classifier class1

[3Com-classifier-class1] if-match rtp start-port 16384 end-port 32767

qos apply policy Syntax


qos apply policy policy-name [ inbound | outbound ]
undo qos apply policy [ inbound | outbound ]

View
Interface view

Parameter
inbound: Inbound direction.
outbound: Outbound direction.
policy-name: Policy name.

Description
Using the qos apply policy command, you can attach a service policy to the
output interface. Using the undo qos apply policy command, you can delete
associated policy on an interface.
When applying the policy, the interface will be unavailable if the sum of
bandwidth specified for the classes in the policy, to ensure forwarding and
expedited forwarding, exceeds the available bandwidth on the interface. When
the available bandwidth on the interface is modified, the policy will be deleted if
CBQ Configuration Commands 1063

the sum of bandwidth specified for the classes in the policy, to ensure forwarding
and expedited forwarding, exceeds the available bandwidth on the interface. The
configurations of queue af, queue ef and queue wfq and gts are not allowed in
the input direction policy and the behaviors associated with the class.

The application rule of the policy in the interface view is as follows.

■ The VT introduced by common physical interface and MP can apply the


policy configured with various features, including remark, car, gts, queue af,
queue ef, queue wfq, wred, etc.
■ The policy configured with TS (e.g. gts) and queue (e.g. queue ef, queue af,
queue wfq) features can not be applied on the inbound interface as the
input direction policy.
■ Only the output direction policy configured with queue (e.g. queue ef,
queue af, queue wfq) feature can be applied on ATM PVC.
■ The sub-interface does not support queue (e.g. queue ef, queue af, queue
wfq) feature but support TS (e.g. gts) and TP (e.g. car). The policy
configured with TS and TP can be applied on the sub-interface.

Example
# Apply the policy 3Com in the output direction of interface Ethernet6/0/0.
[3Com-Ethernet6/0/0] qos apply policy 3Com outbound

qos policy Syntax


qos policy policy-name
undo qos policy policy-name

View
System View

Parameter
policy-name: Policy name.

Description
Using the qos policy command, you can define a policy and enter policy view.
Using the undo qos policy command, you can delete a policy.

The policy cannot be deleted if it is applied on an interface. It is necessary to


remove application of the policy on the current interface before deleting it via the
undo qos policy command.

Policy-name should not be that of the policies defined by the system.

For the related commands, see classifier behavior and qos apply policy.

Example
# Define a policy named as 3Com.
[3Com] qos policy 3Com

[3Com-qospolicy-3Com]
1064 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

queue af Syntax
queue af bandwidth { bandwidth | pct percentage }
undo queue af

View
traffic behavior view

Parameter
bandwidth: Bandwidth in Kbps in the range of 8 to 1000000.
pct percentage: Percentage of the available bandwidth configured in the range of
1 to 100.

Description
Using the queue af command, you can configure the class to perform the
assured-forwarding and the minimum bandwidth used. Using the undo queue af
command, you can cancel the configuration.

When associating the class with the traffic behavior queue af belonging in the
policy, the following must be satisfied:

■ The sum of the bandwidth specified for the classes in the same policy, to
ensure forwarding (queue af) and expedited forwarding (queue ef), must be
less than or equal to the available bandwidth of the interface where the
policy is applied.
■ The sum of percentages of the bandwidth specified for the classes in the
same policy, to ensure forwarding (queue af) and expedited forwarding
(queue ef), must be less than or equal to 100.
■ The bandwidth configuration for the classes in the same policy, to ensure
forwarding (queue af) and expedited forwarding (queue ef), must adopt the
value of the same type. For example, they all adopt the absolute value form
or the percentage form.

For the related commands, see qos policy, traffic behavior, and classifier
behavior.

Example
# Configure traffic behavior named database and configure the minimum
bandwidth of the traffic behavior to 200Kbps.
[3Com] traffic behavior database

[3Com-behavior-database] queue af bandwidth 200

queue ef Syntax
queue ef bandwidth { bandwidth [ cbs burst ] | pct percentage }
undo queue ef

View
Traffic behavior view
CBQ Configuration Commands 1065

Parameter
bandwidth: Bandwidth in Kbps in the range of 8 to 1000000.
percentage: Percentage of available bandwidth in the range of 1 to 100.
burst: Specifies the allowed burst size in byte in the range of 32 to 2000000, By
default, burst is bandwidth*25.

Description
Using the queue ef command, you can configure expedited-forwarding packets
to the absolute priority queue and configure the maximum bandwidth. Using the
undo queue ef command, you can cancel the configuration.

The command can not be used together with queue af, queue-length, and
wred in traffic behavior view.

In the policy the default class default-class can not be associated with the traffic
behavior, queue ef, which belongs to:

■ The sum of the bandwidth specified for the classes in the same policy, to
ensure forwarding (queue af) and expedited forwarding (queue ef), must be
less than or equal to the available bandwidth of the interface where the
policy is applied.
■ The sum of percentages of the bandwidth specified for the classes in the
same policy, to ensure forwarding (queue af) and expedited forwarding
(queue ef), must be less than or equal to 100.
■ The bandwidth configuration for the classes in the same policy, to ensure
forwarding (queue af) and expedited forwarding (queue ef), must adopt the
value of the same type. For example, they all adopt the absolute value form
or the percentage form.

For the related command, see qos policy, traffic behavior, and classifier
behavior.

Example
# Configure packets to enter priority queue. The maximum bandwidth is 200Kbps
and burst is 5000 bytes by default.
[3Com] traffic behavior database

[3Com-behavior-database] queue ef bandwidth 200 cbs 5000

queue wfq Syntax


queue wfq [ queue-number total-queue-number ]
undo queue wfq

View
traffic behavior view

Parameter
total-queue-number: Number of fair queue, which can be 16, 32, 64, 128, 256,
512, 1024, 2048 and 4096 and the default value is 64.
1066 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Description
Using the queue wfq command, you can configure the default-class to use fair
queue. Using the undo queue wfq command, you can .delete configuration.

The traffic behavior configured with the command can only be associated with the
default class. It can also be used together with commands like queue-length or
wred.

For the related command, see qos policy, traffic behavior, and classifier
behavior.

Example
# Configure WFQ for default-class and the queue number is 16.
[3Com] traffic behavior test

[3Com-behavior-test] queue wfq 16

[3Com] qos policy 3Com

[3Com-qospolicy-3Com] classifier default-class behavior test

queue-length Syntax
queue-length queue-length
undo queue-length queue-length

View
traffic behavior view

Parameter
queue-length: The maximum threshold value of the queue in the range of 1 to
512. The default drop mode is tail drop and the queue length is 64.

Description
Using the queue-length command, you can configure maximum queue length.
Using the undo queue-length command, you can delete configuration.

This command can be used only after the queue af or queue wfq command has
been configured.

The queue-length, which has been configured, will be deleted when the undo
queue af or undo queue wfq command is executed.

The queue-length, which has been configured, will be deleted when the random
drop mode is configured via the wred command, and vise versa.

By default, tail drop is configured.

For the related commands, see qos policy, traffic behavior, and classifier
behavior.

Example
# Configure tail drop and set the maximum queue length to 16.
CBQ Configuration Commands 1067

[3Com] traffic behavior database

[3Com-behavior-database] queue af bandwidth 200

[3Com-behavior-database] queue-length 16

remark dscp Syntax


remark dscp dscp-value
undo remark dscp

View
Traffic behavior view

Parameter
dscp-value: Preset DSCP value in the range of 0 to 63, which can be any of the
following keys: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41,
af42, af43, cs1, cs2, cs3, cs4, cs5, or cs7.
Table 3 DSCP key words and values

DSCP
Key word value(binary) DSCP value(decimal)
ef 000000 0
af11 001010 10
af12 001100 12
af13 001110 14
af21 010010 18
af22 010100 20
af23 010110 22
af31 011010 26
af32 011100 28
af33 011110 30
af41 100010 34
af42 100100 36
af43 100110 38
cs1 001000 8
cs2 010000 16
cs3 011000 24
cs4 100000 32
cs5 101000 40
cs6 110000 48
cs7 111000 56

Description
Using the remark dscp command, you can configure or delete DSCP value for a
class to identify matched packets. Using the undo remark dscp command, you
can

For the related commands, see qos policy, traffic behavior, and classifier
behavior.
1068 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Example
# Configure DSCP value to 6 to identify packets.
[3Com] traffic behavior database

[3Com-behavior-database] remark dscp 6

remark fr-de Command


remark fr-de fr-de-value
undo remark fr-de

View
Traffic behavior view

Parameter
fr-de-value: Value of the DE flag bit in the FR packet, ranging from 0 to 1.

Description
Using the remark fr-de command, you can configure the value of the DE flag bit
in the FR packet. Using the undo remark fr-de command, you can remove cancel
the value of the DE flag bit in the FR packet.

For the related command, see qos policy, traffic behavior, and classifier
behavior.

Example
# Configure the value of the DE flag bit in the FR packet as 1.
[3Com] traffic behavior database

[3Com-behavior-database] remark fr-de 1

remark ip-precedence Syntax


remark ip-precedence ip-precedence-value
undo remark ip-precedence

View
Traffic behavior view

Parameter
ip-precedence-value: Preset precedence value in the range of 0 to 7.

Description
Using the remark ip-precedence command, you can configure precedence value
to identify matched packets. Using the undo set ip precedence command, you
can delete precedence value set for a class to identify matched packets.

For the related commands, see qos policy, traffic behavior, and classifier
behavior.
CBQ Configuration Commands 1069

Example
# Configure precedence value to 6 to identify packets.
[3Com] traffic behavior database

[3Com-behavior-database] remark ip-precedence 6

traffic behavior Command


traffic behavior behavior–name
undo traffic behavior behavior–name

View
System view.

Parameter
behavior-name: Behavior name.

Description
Using the traffic behavior command you can define a traffic behavior and enter
the behavior view. Using the undo traffic behavior command, you can delete a
traffic behavior.

behavior-name shall not be that of the traffic behavior pre-defined by the system.

For the related command, see qos policy, qos apply policy, and classifier
behavior.

Example
# Define a traffic behavior named behavior1.
[3Com] traffic behavior behavior1

[3Com-behavior-behavior1]

traffic classifier Syntax


traffic classifier tcl-name [ operator { and | or } ]
undo traffic classifier tcl-name [ operator { and | or } ]

View
System View

Parameter
operator and: Specifies the relation between the rules in the class as logic AND.
That is, the packet that matches all the rules belongs to this class.

operator or: Specifies the relation between the rules in the class as logic OR. That
is, the packet that matches any one of the rules belongs to this class.

tcl-name: Class name.


1070 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Description
Using the traffic classifier command, you can define a class and enter the class
view. Using the undo traffic classifier command, you can delete a class.

By default, the relation is operator and.

tcl-name shall not be that of the classes pre-defined by the system.

For the related commands, see qos policy, qos apply policy, and classifier
behavior.

Example
# Define a class named as gold.
[3Com] traffic classifier class1

[3Com-classifier-class1]

wred Syntax
wred [ dscp | ip-precedence ]
undo wred [ dscp | ip-precedence ]

View
Traffic behavior view

Parameter
dscp: Uses DSCP value for calculating drop probability for a packet.
ip-precedence: Uses IP precedence value for calculating drop probability for a
packet.

Description
Using the wred command, you can configure drop mode as WRED. Using the
undo wred command, you can delete the configuration.

By default, ip-precedence is configured.

This command can be used only after the queue af command has been
configured. Wred command and queue-length command can not be used
simultaneously. Other configurations under the random drop will be deleted when
this command is deleted. When a policy is applied on an interface, the previous
WRED configuration on interface level will become ineffective.

When configuration is performed in default-class view, ip-precedence is


configured, by default.

The behavior associated with default-class can only use wred ip-precedence.

For the related commands, see qos policy, traffic behavior, and classifier
behavior.
CBQ Configuration Commands 1071

Example
# Configure WRED for a traffic behavior named database and drop probability is
calculated by IP precedence.
[3Com] traffic behavior database

[3Com-behavior-database] wred

wred dscp Syntax


wred dscp dscp-value low-limit low-limit high-limit high-limit [ discard-probability
discard-prob ]
undo wred dscp dscp-value

View
Traffic behavior view

Parameter
dscp-value: DSCP value in the range of 0 to 63, which can be any of the following
keys: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43,
cs1, cs2, cs3, cs4, cs5, or cs7.
Table 4 DSCP key words and values

DSCP
Key word value(binary) DSCP value(decimal)
ef 000000 0
af11 001010 10
af12 001100 12
af13 001110 14
af21 010010 18
af22 010100 20
af23 010110 22
af31 011010 26
af32 011100 28
af33 011110 30
af41 100010 34
af42 100100 36
af43 100110 38
cs1 001000 8
cs2 010000 16
cs3 011000 24
cs4 100000 32
cs5 101000 40
cs6 110000 48
cs7 111000 56

■ low-limit low-limit: Lower threshold value in the range of 1 to 1024. It is


10 by default.
1072 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

■ high-limit high-limit: Upper threshold value in the range of 1 to 1024. It is


30 by default.
■ discard-probability discard-prob: Denominator of drop probability in the
range of 1 to 255. It is 10 by default.

Description
Using the wred dscp command, you can set DSCP lower-limit, upper-limit and
drop probability denominator of WRED. Using the undo wred dscp command,
you can delete the configuration.

This command can be used only after the wred dscp command has been used to
enable WRED drop mode based on DSCP.

The configuration of wred dscp will be deleted if the configuration of qos wred
is deleted.

The configuration of drop parameter will be deleted if the configuration of queue


af is deleted.

For the related commands, see qos policy, traffic behavior, and classifier
behavior.

Example
# Set the queue lower-limit to 20, upper-limit to 40 and discard probability to 15
for the packet whose DSCP is 3.
[3Com] traffic behavior database

[3Com-behavior-database] wred dscp

[3Com-behavior-database] wred dscp 3 low-limit 20 high-limit 40


discard-probability 15

wred ip-precedence Syntax


wred ip-precedence precedence low-limit low-limit high-limit high-limit [
discard-probability discard-prob ]
undo wred ip-precedence precedence

View
Traffic behavior view

Parameter

precedence: Precedence of IP packet in the range of 0 to 7.

low-limit low-limit: Lower threshold value in the range of 1 to 1024. It is 10 by


default.

high-limit high-limit: Upper threshold value in the range of 1 to 1024. It is 30 by


default.

discard-probability discard-prob: Denominator of drop probability in the range


of 1 to 255. It is 10 by default.
CBQ Configuration Commands 1073

Description
Using the wred ip-precedence command, you can set precedence lower-limit,
upper-limit and drop probability denominator of WRED.

If the wred ip-precedence command has been used to enable WRED drop mode
based on the precedence, the configuration of wred ip-precedence will be
deleted when wred is deleted.

The configuration of drop parameters will be deleted if queue af is deleted.

For the related commands, see qos policy, traffic behavior, and classifier
behavior.

Example
# Set lower-limit to 20, upper-limit to 40 and discard probability to 40 for the
packet with the precedence 3.
[3Com] traffic behavior database

[3Com-behavior-database] wred

[3Com-behavior-database] wred ip-precedence 3 low-limit 20 high-limit 40


discard-probability 15
1074 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

wred Syntax
weighting-constant wred weighting-constant exponent
undo wred weighting-constant

View
Traffic behavior view

Parameter
exponent: Exponential in the range of 1 to 16. It is 6 by default.

Description
Using the wred weighting-constant command, you can set exponential for the
calculation of average queue length by WRED.

This command can be used only after the que af command has been configured
and the wred command has been used to enable WRED drop mode.

The configuration of wred weighting-constant will be deleted if


random-detect is deleted.

For the related commands, see qos policy, traffic behavior, and classifier
behavior.

Example
# Configure exponential for calculating average queue to 6.
[3Com] traffic behavior database

[3Com-behavior-database] queue af bandwidth 200

[3Com-behavior-database] wred ip-precedence

[3Com-behavior-database] wred weighting-constant 6

RTP Priority Queue


Configuration
Commands

display qos rtpq Syntax


interface display qos rtpq interface [ interface-type | interface-number ]

View
Any view

Parameter

interface-type: Interface type.

interface-number: Interface number.


RTP Priority Queue Configuration Commands 1075

Description
Using the display qos rtpq interface command, you can view the queue
information of the current IP RTP Priority, including the current RTP queue depth
and number of RTP dropping packets and display the RTP priority queue
configuration and statistics on an interface or on all interfaces.

Example
# Display the queue information of the current IP RTP Priority.
[3Com] display qos rtpq interface Ethernet 10/2/0

Interface: Ethernet10/2/0

RTP Queueing: (Output queue: Size/Max/Outputs/Discards)

RTPQ: 0/0/0/0

qos reserved-bandwidth Syntax


qos reserved-bandwidth pct percent
undo qos reserved-bandwidth

View
Interface view

Parameter
percent: Percentage of the reserved bandwidth to the available bandwidth. It is in
the range of 1 to 100 and the default value is 80.

Description
Using the qos reserved-bandwidth command, you can set the maximum
reserved bandwidth percentage of the available bandwidth. Using the undo qos
reserved-bandwidth command, you can restore the default value.

Usually the bandwidth configured for the QoS queue is no more than 75 percent
of the total bandwidth for the consideration that part of the bandwidth should be
used for the controlling protocol packets, the layer 2 frame header and so on. You
are recommended to use this command with caution while modifying the
maximum preserved bandwidth.

For the related command, see qos rtpq.

Example
# Set the maximum reserved bandwidth allocated for RTP priority queue and WFQ
to be 80% of the available bandwidth.
[3Com-Serial1/0/0] qos reserved-bandwidth pct 80

qos rtpq Syntax


qos rtpq start-port starting-rtp-port-number end-port end-rtp-port-number bandwidth
bandwidth
undo qos rtpq
1076 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

View
Interface view

Parameter

first-rtp-port: Specifies the first UDP port number to initiate RTP messages.

last-rtp-port: Specifies the last UDP port number to initiate RTP messages.

bandwidth: Bandwidth for RTP priority queue, which is part of the maximum
reserved bandwidth in Kbps.

Description
Using the qos rtpq command, you can enable RTP queue feature on an interface
so as to reserve a real-time service for the RTP packets sent to some UDP
destination port range. Using the undo qos rtpq command, you can disable the
RTP queue feature of the interface.

By default, RTP queue feature is disabled.

This command is applied to the delay-sensitive applications, for example, real-time


voice transmission. Configured with the qos rtpq command, the system will serve
the voice services first among all other services.

The parameter "bandwidth" should be set greater than the service-required


bandwidth so as to prevent conflict caused by the burst traffic. However, the
bandwidth should be no greater than 75% of the total bandwidth. If you need to
configure the bandwidth to be greater than 75% of the total bandwidth, please
first change the max. reserved bandwidth via qos reserved-bandwidth
command.

In bandwidth allocation, the bandwidth for data load, IP header, UDP header and
RTP header is allocated, except that for the Layer2 frame header. Therefore, it is
obligatory to reserve 25% of the total bandwidth.

By default, the IP RTP Priority is disabled.

For the related command, see qos reserved-bandwidth.

Example
# Enable IP RTP Priority on Serial 1/0/0. The starting port number is 16384. The
starting port number is 16383.The RTP packets in the range of 16384~32767 of
the destination port use 64Kbps bandwidth. If network convergence happens, the
packets will enter IP RTP Priority queue.
[3Com-Serial1/0/0] qos rtpq start-port 16384 end-port 32767 bandwidth 64
Weighted Random Early Detection Configuration Commands 1077

Weighted Random
Early Detection
Configuration
Commands

display qos wred Syntax


interface display qos wred interface [ interface-type interface-number ]

View
Any view

Parameter

interface-type: Interface type.

interface-number: interface number.

Description
Using the display qos wred interface command, you can view WRED
configuration and statistics of an interface.

If no interface is specified, WRED configuration and statistics of all interfaces will


be displayed.

Example
# Display WRED configuration and statistics about the specified interface.
[3Com] display qos wred interface ethernet 6/0/0

Interface: Ethernet6/0/0

Current WRED configuration:

Exponent: 10 (1/1024)

Precedence Random Tail Low High Discard

discard discard limit limit probability

-------------------------------------------------------------------------

0 0 0 10 30 10

1 0 0 100 1000 1

2 0 0 10 30 10

3 0 0 10 30 10

4 0 0 10 30 10

5 0 0 10 30 10

6 0 0 10 30 10

7 0 0 10 30 10
1078 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

qos wred Syntax


qos wred
undo qos wred

View
Interface view

Parameter
None

Description
Using the qos wred command, you can apply WRED (weighed random early
detection) at an interface. Using the undo qos wred command, you can restore
the default dropping method.

By default, the dropping method of a queue is tail drop.

WRED can only be used together with WFQ and cannot be used alone or together
with other queues. So before WRED is enabled at an interface, it is necessary to
ensure that the WFQ has been applied at the interface.

For the related commands, see qos wfq, qos wred, and display qos wred
interface.

Example
# Apply WRED at Ethernet0/0/0 interface. (Provided that WFQ has already been
applied at the interface).
[3Com-Ethernet0/0/0] qos wred

qos wred ip-precedence Syntax


qos wred ip-precedence ip-precedence low-limit low-limit high-limit high-limit
discard-probability discard-prob
undo qos wred ip-precedence ip-precedence

View
Interface view

Parameter

ip-precedence: Precedence of IP packets in the range 0 to 7;

low-limit low-limit: The minimum threshold in the range 1 to 1024; by default, it


is 10.

high-limit high-limit: The maximum threshold in the range 1 to 1024; by default,


it is 30.

discard-probability discard-prob: Drop probability denominator, ranging 1 to


255; by default, it is 10.
Weighted Random Early Detection Configuration Commands 1079

Description
Using the qos wred ip-precedence command, you can configure the minimum
threshold, maximum threshold and drop probability denominator of each
precedence in WRED. Using the undo qos wred ip-precedence command, you
can restore the default value.

WRED parameters can be set only after the command qos wred has been used to
apply WRED at the interface. And it is the average amount of packets in queue
that the threshold limits.

For the related commands, see qos wred and display qos wred interface.

Example
# Display how to set minimum threshold of the packet of precedence 3 at an
interface to 20, maximum threshold to 40 and discard probability to 15.
[3Com-Ethernet0/0/0] qos wred ip-precedence 3 low-limit 20 high-limit 40
discard-probability 15

qos wred Syntax


weighting-constant qos wred weighting-constant exponent
undo qos wred weighting-constant

View
Interface view

Parameter
exponent: Exponential used to calculate the average amount of packets in queues,
ranging 1 to 16. By default, exponent is 9.

Description
Using the qos wred weighting-constant command, you can set exponential
used to calculate the average length of WRED queues. Using the undo qos wred
weighting-constant command, you can restore the default value.

The WRED parameters can be set only after the command random-detect is used
to apply WRED at the interface.

For the related commands, see qos wred, and display qos wred interface.

Example
# Set the exponential used to calculate the average amount of packets in queue to
6 at Ethernet6/0/0 interface, provided that WRED has already been applied on this
interface.
[3Com-Ethernet0/0/0] qos wred weighting-constant 6
1080 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Link Efficiency
Mechanism
Configuration
commands

IP Header
Compression
Configuration
Commands

debugging ppp Syntax


compression iphc rtp debugging ppp compression iphc rtp

View
User view

Parameter
None

Description
Using the debugging ppp compression iphc rtp command, you can display the
single packet information of the RTP header compression.

Example
<3Com> debugging ppp compression iphc rtp

debugging ppp Syntax


compression iphc tcp debugging ppp compression iphc tcp

View
User view

Parameter
None

Description
Using the debugging ppp compression iphc tcp command, you can view the
single packet information of the TCP header compression.

Example
<3Com> debugging ppp compression iphc tcp

display ppp compression Syntax


iphc rtp display ppp compression iphc rtp [ interface-type interface-number ]

View
Any view
IP Header Compression Configuration Commands 1081

Parameter

interface-type: Interface type.

interface-number: Interface number.

Description
Using the display ppp compression iphc rtp command, you can view the
statistic information of the RTP header compression.

Example
[3Com] display ppp compression iphc rtp

display ppp compression Syntax


iphc tcp display ppp compression iphc tcp [ interface-type interface-number ]

View
Any view

Parameter

interface-type: Interface type.

interface-number: Interface number.

Description
Using the display ppp compression iphc tcp command, you can view the
statistic information of the TCP header compression.

Example
[3Com] display ppp compression iphc tcp

ppp compression iphc Syntax


ppp compression iphc [ nonstandard ]
undo ppp compression iphc

View
Interface view

Parameter
nonstandard: Nonstandard encapsulation mode.

Description
Using the ppp compression iphc command, you can enable RTP header
compression on an interface. Using the undo ppp compression iphc command,
you can disable RTP header compression.

By default, RTP header compression on an interface is disabled.


1082 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

When the RTP header compression is enabled, the TCP header compression will
also be enabled. When the RTP header compression is disabled, the TCP header
compression will be disabled either.

The configuration will take effect only when the shutdown and undo shutdown
operations are performed on the interface. If the configuration is applied on MP,
the shutdown and undo shutdown operations should be performed on all the
MPs.

For the related command, see ppp compression iphc rtc-connection.

Example
None

ppp compression iphc Syntax


rtp-connection ppp compression iphc rtp-connection number
undo ppp compression iphc rtp-connection

View
Interface view

Parameter
number: The maximum connection number (from 3 to 256) of IP Header
Compression mode on the interface. By default, the number is 16.

Description
Using the ppp compression iphc rtp-connection command, you can designate
the connections number of IP Header Compression allowed on one interface.
Using the undo ppp compression iphc rtp-connection command, you can
cancel the configuration and restore the default value.

The configuration will take effect after commands shutdown and undo
shutdown have been executed on the interface. When configuring MP,
commands shutdown and undo shutdown must be executed on all MPs.

Example
None

ppp compression iphc Syntax


tcp-connections ppp compression iphc tcp-connection number
undo ppp compression iphc tcp-connection

View
Interface view

Parameter
number: The maximum connection number (from 3 to 256) of TCP compression
mode on the interface. By default, the number is 16.
Configuration Commands of LFI 1083

Description
Using the ppp compression iphc tcp-connection command, you can configure
the connection number of TCP compression mode. Using the undo ppp
compression iphc tcp-connection command, you can restore the default
connection number of TCP compression mode.

The configuration can become valid on an interface only after you perform the
shutdown and then the undo shutdown operations on the interface. If the
configuration is for MPs, you should perform the operations on all the MPs.

Example
None

reset ppp compression Syntax


iphc reset ppp compression iphc [ interface-type interface-number ]

View
User view

Parameter

Interface-type: Interface type.

Interface-number: Interface number.

Description
Using the reset ppp compression iphc command, you can delete the invalid
IP/UDP/RTP header compression or decompression context storage table and clear
statistic information of IP/UDP/RTP header compression.

If no parameter is specified, the storage table entries of IP header compression on


all interfaces will be cleared.

Example
None

Configuration
Commands of LFI

ppp mp lfi Syntax


ppp mp lfi
undo ppp mp lfi

View
Virtual template interface view, MP-GROUP view

Parameter
None
1084 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Description
Using the ppp mp lfi command, you can enable LFI on the interface. Using the
undo ppp mp lfi command, you can remove LFI on the interface.
By default, the time delay of the fragment is 10ms after LFI is enabled on the
Virtual Template interface.
For the related command, see ppp mp lfi delay-per-frag.

Example
[3Com-Virtual-Template1] ppp mp lfi

ppp mp lfi delay- Syntax


per-frag ppp mp lfi delay-per-frag time
undo ppp mp lfi delay-per-frag

View
Virtual template interface view, MP-GROUP view

Parameter
time: The maximum time delay of LFI fragment in ms in the range of 1 to 1000.

Description
Using the ppp mp lfi delay-per-frag command, you can set the maximum time
delay for transmitting a LFI (link fragment and interleave) fragment. Using the
undo ppp mp lfi delay-per-frag command, you can restore the default
maximum time delay for transmitting an LFI fragment.

By default, the time delay of the fragment is 10ms after LFI is enabled on the
Virtual Template interface.

For the related command, see ppp mp lfi.

Example
# Set the maximum time delay of LFI fragment of Virtual-Template 1 to 20ms.
[3Com-Virtual-Template1] ppp mp lfi delay-per-frag 20

qos max-bandwidth Syntax


qos max-bandwidth kilobits
undo qos max-bandwidth

View
Interface view

Parameter
Kilobits : Available bandwidth of the interface in Kbps in the range of 1 to
1000000. By default, for physical interface the value is its speed or its baud rate
and for virtual template interface the value is 64Kbps.
Frame Relay QoS 1085

Description
Using the qos max-bandwidth command, you can configure the physical
bandwidth binding the MP links. Using the undo qos max-bandwidth
command, you can remove the configuration of the bandwidth.

This command can configure the physical bandwidth binding the MP links. The
command indicates the available bandwidth of the active interface, providing the
information of the QoS module but not the actual bandwidth binding the MP
links.

For the related command, see ppp mp lfi delay-per-frag, ppp mp lfi.

Example
# Set the bandwidth of Virtual-Template 1 to 128kbps.
[3Com-Virtual-Template1] qos max-bandwidth 128

Frame Relay QoS

apply policy outbound Syntax


apply policy outbound policyname
undo apply policy outbound

View
Frame Relay class view

Parameter
policyname: Name of the applied policy. It is a string with 1 to 31 characters.

Description
Using the apply policy outbound command, you can set the Frame Relay virtual
circuit queueing to CBQ (Class-Based Queueing). Using the undo apply policy
outbound command, you can restore the Frame Relay virtual circuit queueing to
FIFO.

By default, FIFO queueing is adopted.

Example
# Define a classifier named “class 1”.
[3Com] traffic classifier class1

[3Com-classifier-class1]

# Define a traffic behavior named “behavior 1”.

[3Com] traffic behavior behavior1

[3Com-behavior-behavior1] queue af bandwidth 56

# Define a policy named “policy 1” and associate class 1 with behavior.

[3Com] qos policy policy1


1086 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

[3Com-qospolicy-policy1] classifier class1 behavior behavior1

# Apply a defined policy to the Frame Relay class named “test 1” and set the
queueing of test 1 to CBQ.

[3Com] fr class test1

[3Com-fr-class-test1] apply policy policy1 outbound

cbs Syntax
cbs [ inbound | outbound ] burst-size
undo cbs [ inbound | outbound ]

View
Frame relay class view

Parameter

inbound: Sets the inbound committed burst size of the packet, valid only when
FRTP (frame relay traffic policing) is enabled on the interface.

outbound: Sets the outbound committed burst size of the packet, valid only
when FRTS (frame relay traffic shaping) is enabled on the interface.

burst-size: Committed burst size, in bit, ranging from 300 to 16000000. By


default, it is 56000 bits.

Description
Using the cbs command, you can set the committed burst size of frame relay
virtual circuit. Using the undo cbs command, you can restore the default value.

If the packet direction is not specified upon configuration, the parameter will be
set in both inbound and outbound directions.

The committed burst size is the packet traffic that is committed to send on a frame
relay network within an interval of Tc. When there is no congestion on the
network, the frame relay network ensures this part of traffic could be sent
successfully.

For the related commands, see ebs, cir allow, and cir.

Example
# Set the committed burst size of the frame relay class named test1 as 64000 bits.
[3Com] fr class test1

[3Com-fr-class-test1] cbs 64000

cir Syntax
cir rate-limit
undo cir
Frame Relay QoS 1087

View
Frame relay class view

Parameter
rate-limit: The minimum Committed Information Rate, in bit/s, ranging from 1000
to 45000000. By default, it is 56000 bit/s.

Description
Using the cir command, you can set the Minimum Committed Information Rate of
frame relay virtual circuit. Using the undo cir command, you can restore the
default value.

The Minimum Committed Information Rate is the minimum sending rate that can
be provided by virtual circuit. It ensures that the user could still send data at this
rate upon network congestion.

Upon network congestion, DCE will send a packet with a BECN flag bit of 1 to
DTE. After DTE receives this packet, it will gradually reduce the sending rate of
virtual circuit from CIR to MinCIR. If DTE does not receive the packet with the
BECN flag bit of 1 any more within a certain period of time, it will restore the
sending rate of virtual circuit as CIR.

During configuration, the Minimum Committed Information Rate (MinCIR) cannot


exceed the Committed Information Rate (CIR).

For the related commands, see cbs, ebs, and cir allow.

Example
# Set the MinCIR of the frame relay class named test1 as 32000 bit/s.
[3Com] fr class test1

[3Com-fr-class-test1] cir 32000

cir allow Syntax


cir allow [ inbound | outbound ] rate-limit

undo cir allow [ inbound | outbound ]

View
Frame relay class view

Parameter

inbound: Sets the inbound Committed Information Rate (CIR) of a packet, valid
only when FRTP is enabled on the interface.

outbound: Sets the outbound CIR of a packet, valid only when FRTS is enabled
on the interface.

rate-limit: Committed information rate, in bit/s, ranging from 1 to 45000000. By


default, it is 56000 bit/s.
1088 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Description
Using the cir allow command, you can set the CIR of frame relay virtual circuit.
Using the undo cir allow command, you can restore the default value.

CIR is the sending rate that can be normally provided by a frame relay network.
When there is no congestion on the network, it ensures the user could send data
at this rate.

If packet direction is not specified upon configuration, the parameter will be set in
both inbound and outbound directions.

For the related commands, see cbs, ebs, and cir.

Example
# Set the CIR of the frame relay class that is named test1 as 64000bit/s.
[3Com] fr class test1

[3Com-fr-class-test1] cir allow 64000

congestion-threshold Syntax
congestion-threshold { de | ecn } queue-percentage
undo congestion-threshold { de | ecn }

View
Frame relay class view

Parameter

de: Discards the frame relay packet whose DE flag bit is 1 upon congestion.

ecn: Processes the flag bits, BECN and FECN, of frame relay packet upon
congestion.

queue-percentage: Network congestion threshold, being the utility ratio of virtual


circuit queue, namely the percentage of the current queue length of virtual circuit
to the total queue length, ranging from 1 to 100. By default, it is 100.

Description
Using the congestion-threshold command, you can enable congestion
management function of frame relay virtual circuit. Using the undo
congestion-threshold command, you can disable this function.

When the percentage of current queue length to the total queue length of virtual
circuit exceeds the set congestion threshold, it will be regarded that congestion
occurs on the virtual circuit and congestion management will be performed on
packets on virtual circuit.

For the related command, see fr congestion-threshold.


Frame Relay QoS 1089

Example
# Set to begin to discard the frame relay packet whose DE flag bit is 1 concerning
the frame relay class named test1 when the current queue length of virtual circuit
exceeds 80% of the total length.
[3Com] fr class test1

[3Com-fr-class-test1] congestion-threshold de 80

cq Syntax
cq cql list-number
undo cq

View
FR class view

Parameter
cql list-number: Number of custom queue, from 1 to 16 available.

Description
Using the cq command, you can set the queue type of the FR virtual circuit to be
custom queue, while using undo cq, you can restore the type to be FIFO.

By default, the queue type of the virtual circuit is FIFO.

The value will be refreshed if this command is repeatedly applied to one same FR
class.

The related commands are wfq, pq, and fr pvc-pq.

Example
# Apply the custom queue 10 to the FR class test1:
[3Com] fr class test1

[3Com-fr-class-test1] cq cql 10

display fr fragment-info Syntax


display fr fragment-info [ interface interface-type interface-number ] [ dlci-number ]

View
Any view.

Parameter

interface-type: Interface type.

interface-number: Interface number, in 3-dimension form: slot number/card


number/interface number.

dlci-number: DLCI number, ranging from 16 to 1007. The detailed information will
be displayed when specifying the parameter.
1090 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Description
Using the display fr fragment-info command, you can view the frame relay
fragment information.

For the related command, see fragment.

Example
# View frame relay fragment information of all the interfaces.
<3Com> display fr fragment-info

interface serial 0/1/1:10:

dlci type size in/out/ drop

100 FRF12(ETE) 80 0/0/0

# View frame relay fragment information of a certain interfaces.

<3Com> display fr fragment-info serial0/1/1:10 100

Type : FRF11

Size : 80

Pre-fragment:

out pkts : 0 out bytes :0

Fragmented:

in pkts : 0 out pkts : 0

in bytes: 0 out bytes: 0

Assembled :

in pkts : 0 in bytes :0

Dropped :

in pkts : 0 out pkts :0

in bytes: 0 out bytes: 0

Out-of-sequence pkts: 0
Table 5 Output information description of the display fr fragment-info command

Item Description
interface Interface
dlci DLCI number
type Fragment type
size Fragment size
in/out/drop Number of received fragment packets/number of sent fragment
packets/number of discarded fragment packets
Pre-fragment: Number of packets and bytes to send before fragmented
Fragmented : Number of fragments received and sent counted in packet and
byte.
Frame Relay QoS 1091

Table 5 Output information description of the display fr fragment-info command

Item Description
Assembled : Number of assembled fragments
Out-of-sequence Number of out-of-sequence fragments
fragment :

display fr switch-table Syntax


display fr switch-table { all | name switch-name }

View
Any view

Parameter

interface-type: Interface type.

all: All the VC information

switch-name: VC information of a certain name.

Description
Using the display mfr command, you can view configuration and status
information of the FR route to confirm the correctness of the configuration.

For the related command, see fr switch.

Example
# View configuration and state information of all frame relay bundles and frame
relay

# To display all the charactors of the FR route.

[3Com] display fr switch-table all

Switch-Name Interface DLCI Interface DLCI State

test MFR4/0/100 100 MFR4/0/101 101 UP

The parameters given in the table is demonstrated in the table below:


Table 6 Information of FR route table

Item Description
Switch-Name the name of PVC used for switching
Interface The first denotes local interface and the second denotes remote
interface
DLCI local and remote VC identifier
State Linkage status

display qos policy Syntax


interface display qos policy interface [ interface-type interface-number [ dlci dlci-number [
outbound ] | inbound | outbound ] ]
1092 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

View
Any view

Parameter

interface-type: Interface type.

interface-number: Interface number.

dlci dlci-number: Information about the specified DLCI applying CBQ.

inbound: Information about inbound interface applying CBQ.

outbound: Information about outbound interface applying CBQ.

Description
Using the display qos policy interface command, you can view information
about CBQ application on the interface.

Example
# Display the information about CBQ application of the virtual circuit with DLCI of
10 on Serial1/0/0.
<3Com> display qos policy interface serial 1/0/0 dlci 100

MFR4/0/0, DLCI 25

Direction: Outbound

Policy: xujin

Class: default-class

Matched : 1/133 (Packets/Bytes)

Rule(s) : if-match any

Behavior:

Default Queue:

Flow Based Weighted Fair Queueing

Max number of hashed queues: 256

Matched : 0/0 (Packets/Bytes)

Enqueued : 0/0 (Packets/Bytes)

Discarded: 0/0 (Packets/Bytes)

Discard Method: Tail

Class: xujin

Matched : 0/0 (Packets/Bytes)

Operator: Logic AND

Rule(s): if-match acl 1


Frame Relay QoS 1093

Behavior:

Assured Forwarding:

Bandwidth 10 (Kbps)

Matched : 0/0 (Packets/Bytes)

Enqueued : 0/0 (Packets/Bytes)

Discarded: 0/0 (Packets/Bytes)

ebs Syntax
ebs [ inbound | outbound ] excess-burst-size
undo ebs [ inbound | outbound ]

View
Frame relay class view

Parameter

inbound: Sets inbound excess burst size of the packet, valid only when FRTP is
enabled on the interface.

outbound: Sets outbound excess burst size of the packet, valid only when FRTS is
enabled on the interface.

excess-burst-size: Excess burst size, in bit, ranging from 0 to 16000000. By


default, it is 0 bit.

Description
Using the ebs command, you can set excess burst size of frame relay virtual circuit.
Using the undo ebs command, you can restore the default value.

Excess burst size (EBS) is the maximum of the part that packet traffic exceeds the
committed burst size (CBS) within an interval of Tc. When congestion occurs on
the network, this part of excess traffic will be first discarded.

When this command is used, the set EBS value will be valid in both inbound and
outbound directions if the parameters inbound and outbound are not specified.

For the related commands, see cbs, cir allow, and cir.

Example
# Set the excess burst size of the frame relay class named test1 as 32000 bits.
[3Com] fr class test1

[3Com-fr-class-test1] ebs 32000

fifo queue-length Syntax


fifo queue-length queue-size
undo fifo queue-length
1094 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

View
Frame relay class view

Parameter
queue-size: FIFO queue length, namely, the maximum number of packets that can
be held by the queue, ranging from 1 to 1024. By default, it is 40.

Description
Using the fifo queue-length command, you can set the FIFO queue length of
frame relay virtual circuit. Using the undo fifo queue-length command, you can
restore the default value.

When the router serves as DCE for switching, the FIFO queue length of DLCI can
be set if FRTS has been applied to DLCI.

For the related command, see fr class.

Example
#Set the FIFO queue of the frame relay class named test1 to hold 80 packets at
most.
[3Com] fr class test1

[3Com-fr-class-test1] fifo queue-length 80

[3Com] fr del 1 protocol ip

fr class Syntax
fr class class-name
undo fr class class-name

View
System view

Parameter
class-name: Class name, with 30 characters at most.

Description
Using the fr class command, you can create a frame relay class and enter frame
relay class view. Using the undo fr class command, you can delete a specified
frame relay class.

By default, no frame relay class is created.

Only after associating a frame relay class with an interface or virtual circuit and
enabling the frame relay QoS function on the corresponding interface, can the set
frame relay class parameter take effect.

When a frame relay class is deleted, the association between all interfaces or DLCIs
and the frame relay class will be released.

For the related command, see fr-class.


Frame Relay QoS 1095

Example
# Create a frame relay class named test1.
[3Com] fr class test1

[3Com-fr-class-test1]

fr congestion-threshold Syntax
fr congestion-threshold { de | ecn } queue-percentage
undo fr congestion-threshold { de | ecn }

View
Frame relay interface view, MFR interface view

Parameter

de: Discards the frame relay packet whose DE flag bit is 1 when congestion
occurs.

ecn: Processes the BECN and FECN flag bits of frame relay packets when
congestion occurs.

queue-percentage: Network congestion threshold, being the occupation ratio of


the interface queue, equal to the percentage of current queue length to the total
queue length of the interface, ranging from 1 to 100. By default, it is 100.

Description
Using the fr congestion-threshold command, you can enable congestion
management function of a frame relay interface. Using the undo fr
congestion-threshold command, you can disable this function.

By default, the congestion management function of a frame relay interface is


disabled.

This command is similar to the congestion-threshold command. The difference


is that this command is applied to frame relay interfaces, while the
congestion-threshold command is applied to frame relay virtual circuit.

The command can only be used for frame relay DCE interfaces or NNI interfaces.

For the related command, see congestion-threshold.

Example
# Set to begin to process the flag bit of a frame relay packet when the interface
queue length exceeds 80% of the total length.
[3Com-Serial4/1/2] fr congestion-threshold de 80

fr de del Syntax
fr de del list-number dlci dlci-number
undo fr de del list-number dlci dlci-number
1096 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

View
Frame relay interface view, MFR interface view

Parameter

list-number: DE rule list number, ranging from 1 to 10.

dlci-number: Frame relay virtual circuit number, ranging from 16 to 1007.

Description
Using the fr de del command, you can apply a DE rule list to the specified frame
relay virtual circuit. Using the undo fr de del command, you can delete a DE rule
list from virtual circuit.

By default, no DE rule list is applied to frame relay virtual circuit.

After a DE rule list is applied to frame relay virtual circuit, those packets that match
the rule list will have their DE flag set to 1.

For the related commands, see fr del inbound-interface and fr del protocol.

Example
# Apply DE rule list 3 to the DLCI 100 of the interface Serial 4/1/2.
[3Com-Serial4/1/2] fr de del 3 dlci 100

fr del inbound-interface Syntax


fr del list-number inbound-interface interface-type interface-number
undo fr del list-number inbound-interface interface-type interface-number

View
System view

Parameter

list-number: Number of DE rule list, ranging from 1 to 10.

interface-type: Interface type.

interface-number: Interface number, in 3-dimension form (slot number/card


number/interface number).

Description
Using the fr del inbound-interface command, you can configure an
interface-based DE rule list. For the packet received from the specified interface, if
it is forwarded from the router as a frame relay packet, its DE flag bit will be set as
1 before being forwarded. Using the undo fr del inbound-interface command,
you can delete the specified DE rule from a DE rule list.

By default, no DE rule list is created.


Frame Relay QoS 1097

New rules can be added to a DE rule list by using this command repeatedly. At
most, 100 rules can be configured in a DE rule list. To delete a DE rule list, you
should first delete all DE rules in it.

For the related commands, see fr de del and fr del protocol.

Example
# Add a rule to DE rule list 1. For the packet received from the interface Serial
4/1/2, if it is needed to be forwarded by encapsulating frame relay protocol, flag
the DE flag bit of the packet as 1 before forwarding.
[3Com] fr del 1 inbound-interface serial 4/1/2

fr del protocol ip Syntax


fr del list-number protocol ip [ fragments | acl acl-number | less-than bytes |
greater-than bytes | tcp ports | udp ports ]
undo fr del list-number protocol ip [ fragments | acl acl-number | less-than bytes |
greater-than bytes | tcp ports | udp ports ]

View
System view

Parameter

list-number: DE rule list number, ranging from 1 to 10.

protocol ip: IP.

fragments: All fragmented IP packets.

acl acl-number: IP packets meeting ACL matching requirement. acl-number


ranges from 1 to 199.

less-than bytes: IP packets whose length is less than bytes. bytes ranges from 0 to
65535.

greater-than bytes: IP packets whose length is greater than bytes. bytes ranges
from 0 to 65535.

tcp ports: IP packets whose source or destination TCP port number are ports.

udp ports: IP packets whose source or destination UDP port number are ports.

If optional parameters are not used, it represents all IP packets.

Description
Using the fr del protocol ip command, you can configure an IP-based DE rule list.
The DE flag bit of the frame relay packet encapsulated with an IP packet matching
the specified rule will be flagged as 1. Using the undo fr del protocol ip
command, you can delete the specified DE rule from a DE rule list.

By default, no DE rule list is created.


1098 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

New rules can be added to a DE rule list by using this command repeatedly. At
most, 100 rules can be configured in a DE rule list. The undo form of this
command can once delete one DE rule only. To delete a DE rule list, you must
delete all DE rules in it.

For the related commands, see fr de del and fr del inbound-interface.

Example
# Add a rule to DE rule list 1. For all frame relay packets encapsulated with IP
packets, flag their DE flag bits as 1.
[3Com] fr del 1 protocol ip

fr pvc-pq Syntax
fr pvc-pq [ top-limit middle-limit normal-limit bottom-limit ]
undo fr pvc-pq

View
Frame relay interface view, MFR interface view

Parameter

top-limit: Length of top priority queue, ranging from 0 to 1024. By default, it is


20.

middle-limit: Length of middle priority queue, ranging from 0 to 1024. By default,


it is 40.

normal-limit: Length of normal priority queue, ranging from 0 to 1024. By default,


it is 60.

bottom-limit: Length of bottom priority queue, ranging from 0 to 1024. By


default, it is 80.

Description
Using the fr pvc-pq command, you can set the queue type of a frame relay
interface as PVC PQ (PVC Priority Queueing) and set queue length, i.e. the
maximum number of packets that can be held by a queue for each queue. Using
the undo fr pvc-pq command, you can restore the queue type of the interface
into FIFO.

By default, the queue type of a frame relay interface is FIFO.

After FRTS is enabled on an interface, the queue type of the interface can only be
FIFO or PVC PQ.

PVC PQ is a new queue mechanism of FRTS. Similar to PQ, it also has four queue
types: top, middle, normal and bottom, with queue priority decreasing in turn.
Configure the queue of PVC PQ that DLCI enters in frame relay class. When
congestion occurs on an interface, different DLCIs enter different PVC PQs. When
sending data, according to queue priority, data in higher priority queues will be
sent before lower priority queues.
Frame Relay QoS 1099

For the related command, see pvc-pq.

Example
# Set the queue type of the interface Serial 2/0/0 as PVC PQ.
[3Com-Serial2/0/0] fr pvc-pq

fr traffic-policing Syntax
fr traffic-policing
undo fr traffic-policing

View
Frame relay interface view, MFR interface view

Parameter
None

Description
Using the fr traffic-policing command, you can enable FRTP function. Using the
undo fr traffic-policing command, you can disable FRTP function.

FRTP function is applied to the inbound interface of frame relay packets on a


router. Furthermore, it is only used at the DCE end of a frame relay network.

When configuring traffic policing for an inbound interface, you must first set the
DCE as a frame relay switching by using the fr switching command.

For the related command, see fr class.

Example
# Enable the traffic policing function on the interface Serial 2/0/0.
[3Com-Serial2/0/0] fr traffic-policing

fr traffic-shaping Syntax
fr traffic-shaping
undo fr traffic-shaping

View
Frame relay interface view, MFR interface view

Parameter
None

Description
Using the fr traffic-shaping command, you can enable FRTS function. Using the
undo fr traffic-shaping command, you can disable FRTS function.

By default, FRTS function is disabled.


1100 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

The FRTS function is applied to the outbound interface of a router, generally used
at the DTE end of a frame relay network.

For the related commands, see fr class, fr-class, and fr dlci.

Example
# Enable FRTS on the serial interface Serial 2/0/0.

[3Com-Serial2/0/0] fr traffic-shaping

fragment Syntax
fragment [ fragment-size ]
undo fragment [ fragment-size ]

View
Frame relay class view

Parameter
fragment-size: Size of a fragment, in byte, ranging from 16 to 1600. By default,
the fragment size is of 45 bytes.

Description
Using the fragment command, you can enable the fragmentation function on
frame relay virtual circuit. Using the undo fragment command, you can disable
this function.

By default, the fragmentation function on frame relay virtual circuit is disabled.

For the related command, see fr class.

Example
# Configure fragment size as 128 in the frame relay class named test1.
[3Com] fr class test1

[3Com-fr-class-test1] fragment 128

fr-class Syntax
fr-class class-name
undo fr-class class-name

View
Frame relay interface view, DLCI view

Parameter
class-name: Name of a frame relay class, in the form of character string, with a
length ranging from 1 to 30.
Frame Relay QoS 1101

Description
Using the fr-class command, you can associate a frame relay class with the current
frame relay virtual circuit or frame relay interface. Using the undo fr-class
command, you can remove the association between a frame relay class and the
frame relay virtual circuit or frame relay interface.

By default, there is no association between a frame relay class and the frame relay
virtual circuit or frame relay interface.

If the specified frame relay class does not exist, the command will first create a
frame relay class before associating the frame relay class with the current virtual
circuit or interface. If the specified frame relay class does exist, the command will
associate the frame relay class with the current virtual circuit or interface without
creating a new frame relay class.

The undo form of this command only removes the association between a
specified frame relay class and a virtual circuit or an interface rather than deleting
the real frame relay class. To delete a frame relay class, use the undo fr class
command.

After a frame relay class is associated with an interface, all virtual circuits on the
interface will inherit the frame relay QoS parameter of this frame relay class.

For the related commands, see fr class and fr dlci.

Example
# Associate the frame relay class named test1 with the frame relay virtual circuit
whose DLCI is 200.
[3Com] interface serial 4/0/1

[3Com-Serial4/0/1] fr dlci 200

[3Com-fr-dlci-Serial4/0/1-200] fr-class test1

pq Syntax
pq pql list-number
undo pq

View
Frame relay class view

Parameter
pql list-number: Group number of Priority Queueing, ranging from 1 to 16.

Description
Using the pq command, you can set the queue type of frame relay virtual circuit as
Priority Queueing. Using the undo pq command, you can restore the queue type
of virtual circuit to FIFO.

By default, the queue type of frame relay virtual circuit is FIFO.

For the related commands, see cq,and pvc-pq.


1102 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Example
# Apply the group10 of Priority Queueing to the frame relay class named test1.
[3Com] fr class test1

[3Com-fr-class-test1] pq pql 10

pvc-pq Syntax
pvc-pq { top | middle | normal | bottom }
undo pvc-pq

View
Frame relay class view

Parameter

top: Sets the top PVC PQ , namely, top priority queue, to accept the packets from
the VC.

middle: Sets the middle PVC PQ , namely, middle priority queue, to accept the
packets.

normal: Sets the normal PVC PQ , namely, normal priority queue, to accept the
packets.

bottom: Sets the normal PVC PQ , namely, normal priority queue, to accept the
packets.

Description
Using the pvc-pq command, you can set the type of the PVC PQ that packets sent
by frame relay virtual circuit enter. Using the undo pvc-pq command, you can
restore the default PVC PQ type.

By default, the packets sent by frame relay virtual circuit enter into the normal
PVC PQ.

PVC PQ falls into four groups, top, middle, normal and bottom. PVC PQ is relative
to DLCI. After the queue of an interface is set as PVC PQ, packets on each virtual
circuit can enter only one type of PVC PQ.

For the related command, see fr pvc-pq.


Frame Relay QoS 1103

Example
# Set packets sent by virtual circuit which is associated with the frame relay class
named test1 to enter top PVC PQ.
[3Com-fr-class-one] pvc-pq top

rtpq Syntax
rtpq start-port min-dest-port end-port max-dest-port bandwidth bandwidth
undo rtpq

Parameter

min-dest-port: Lower limit of a destination UDP port, ranging from 2000 to


65535.

max-dest-port: Upper limit of a destination UDP port, ranging from 2000 to


65535.

bandwidth bandwidth: Bandwidth of a RTP queue, in kbit/s, ranging from 0 to


2000.

View
Frame relay class view

Description
Using the rtpq command, you can configure to apply Realtime Transport Protocol
Priority Queue (RTP Priority Queue). Using the undo rtpq command, you can
remove the application.

The application of a frame relay class configured with RTPQ to a PVC results in the
creation of a strict priority queue on the PVC. Packets in the port range specified
by RTPQ of the destination UDP port will enter RTPQ. When congestion occurs in
the virtual circuit the packets in the queue will be sent with preference without
exceeding the configured bandwidth. When congestion does not occur in the
virtual circuit, the RTP packets in the specified port range can occupy the available
bandwidth on the virtual circuit. Generally, the UDP port range used by VoIP can
be configured as from 16384 to 32767.

Example
# Configure RTP priority queue on the frame relay class named test1 with a
bandwidth of 20kbit/s.
[3Com] fr class test1

[3Com-fr-class-test1] rtpq start-port 16383 end-port 16384 bandwidth 20

traffic-shaping Syntax
adaptation traffic-shaping adaptation { becn percentage | interface-congestion number }
undo traffic-shaping adaptation { becn | interface-congestion }

View
FR class view
1104 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Parameter

becn: Adjusts the packets with the BECN flag.

percentage: Adjustment percentage, ranging from 1 to 30 percent. The default


value is 25 percent.

interface-congestion: Traffic shaping according to the number of the packets in


the outbound queue.

number: Number of packet in the queue, ranging from 1 to 40.

Description
Using the traffic-shaping adaptation command, you can enable the adaptive
traffic shaping function of FR. Using the undo traffic-shaping adaptation
command, you can disable this function.

By default, the traffic-shaping adaptation function is disabled.

Related commands are fr traffic-shaping, cir allow, and cir.

Example
# Enable the FR traffic shaping function, by adjusting the packets with the BECN
flag.
[3Com] fr class test1

[3Com-fr-class-test1] traffic-shaping adaptation becn 20

wfq Syntax
wfq [ congestive-discard-threshold [ dynamic-queues ] ]
undo wfq

View
FR class view

Parameter

congestive-discard-threshold: The maxium number of packets allowed in the


queue. Packets exceeding this limitation will be discarded. The permitted value
ranges from 1 to 1024, with a default of 64.

dynamic-queues: Total number of queues, the value can be one of 16, 32, 64,
128, 256, 512, 1024, 2048 and 4096, with the defaut of 256.

Description
Using the wfq command, you can set the queue type of the VC to be WFQ. Using
the undo wfq command, you can restore the queue type to FIFO.

For the related commands, see cq, pq, and fr pvc-pq.

Example
# Apply WFQ to the FR class test1.
MPLS QoS Configuration Commands 1105

[3Com] fr class test1

[3Com-fr-class-test1] wfq 128 512

MPLS QoS if-match mpls-exp


Configuration
Commands Syntax
if-match [ not ] mpls-exp { mpls-experimental-value }
undo if-match [ not ] mpls-exp

View
Class view

Parameter
mpls-experimental-value: EXP value in the range of 0 to 7.

Description
Using the if-match mpls-exp command, you can configure the rule of exp
domain matching MPLS. Using the undo if-match mpls-exp command, you can
delete the rule of exp domain matching MPLS.

Multiple exp-values can be specified in the command. The maximum number is 8.


If multiple exp-values of the same value are specified, the system only takes one.
Relation between different values is “or”. If this command is frequently configured
under one class, the last configuration will overwrite the previous ones. After this
command is configured, the exp-value will be sorted automatically in ascending
order.

For the related command, see traffic classifier.

Example
# Define the class to match the packet whose exp is 3 or 4.
[3Com-classifier-database] if-match mpls-exp 3 4

qos cql protocol Syntax


mpls-exp qos cql cql-index protocol mpls-exp queue-number { mpls-experimental-number }
undo qos cql cql-index protocol mpls-exp queue-number { mpls-experimental-number }

View
System view

Parameter

cql-index: Group number of precedence list in the range of 1 to 16.

queue-number: Queue number in the range of 0 to 16.

mpls-experimental-number: EXP domain of MPLS packet in the range of 0 to 7.


1106 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS

Description
Using the qos cql protocol mpls-exp command, you can configure classification
rule based on the MPLS protocol, Using the undo qos cql protocol mpls-exp
command, you can delete the corresponding classification rule.

The system matches packets in the sequence that rules are configured. When the
packet is found to match a rule, the entire searching process comes to an end.

For the same group-number, this command can be used repeatedly to establish
multiple types of classification rules for IP packets.

For the related command, see qos cq.

Example
# Configure classification rule based on the MPLS protocol and sets EXP value of
MPLS to 1.
[3Com] qos cql 10 protocol mpls-exp 1 experimental 1

qos pql protocol Syntax


mpls-exp qos pql pql-index protocol mpls-exp { top | middle | normal | bottom } {
mpls-experimental-value }
undo qos pql pql-index protocol mpls-exp { top | middle | normal | bottom } {
mpls-experimental-value }

View
System view

Parameter

pql-index: Group number of priority list in the range of 1 to 16.

mpls-experimental-value: EXP domain of MPLS packet in the range of 0 to 7.

Description
Using the qos pql protocol mpls-exp command, you can establish the
classification rule based on MPLS protocol. Using the undo qos pql protocol
mpls-exp command, you can delete corresponding classification rules.

The system matches packets in the sequence that rules are configured. When the
packet is found to match a rule, the entire searching process comes to an end.

For the same group-number, this command can be used repeatedly to establish
several types of classification rules for IP packets.

For the related command, see qos pql protocol.

Example
# Establish the classification rule based on MPLS protocol and sets the EXP value of
MPLS to 5.
[3Com] qos pql 10 protocol mpls-exp top 5
MPLS QoS Configuration Commands 1107

remark mpls-exp Syntax


remark mpls-exp mpls-experimental-value
undo remark mpls-exp

View
Traffic behavior view

Parameter
mpls-experimental-value: Preset exp value of MPLS in the range of 0 to 7.

Description
Using the remark mpls-exp command, you can configure or delete MPLS EXP
value to identify matched packets, Using the undo remark mpls-exp command,
you can delete configuration.

For the related commands, see traffic classifier, qos policy, and classifier
behavior.

Example
# Configure a policy named as 3Com, configures traffic behavior named database
in policy and set value of MPLS EXP 0.
[3Com] qos policy 3Com

[3Com] traffic behavior database

[3Com-behavior-database] remark mpls-exp 0


1108 CHAPTER 11: TRAFFIC POLICING AND SHAPING CONFIGURATION COMMANDS
BACKUP CENTER CONFIGURATION
12 COMMANDS

Backup Center
Configuration
Commands

debugging standby Syntax


event
debugging standby event

undo debugging standby event

View
User view

Parameter
event: Enables the event information debugging.

Description
Using the debugging standby event command, you can enable the information
debugging of backup center. Using the undo debugging standby event
command, you can disable the information debugging of backup center.

Example
# Enable the event debugging of backup center.
[3Com] debugging standby event

display standby flow Syntax


display standby flow

View
Any view

Description
Using the display standby flow command, you can display the traffic statistics of
the main interface participating in standby load balancing.

Example
# Set Serial1/0/0, Serial0/0/0 and Logic-channel0 to the standby interfaces of
Serial3/0/0.

# Configure standby load balancing on Serial3/0/0.


1110 CHAPTER 12: BACKUP CENTER CONFIGURATION COMMANDS

[3Com] interface serial3/0/0

[3Com-Serial3/0/0] standby interface serial1/0/0 10

[3Com-Serial3/0/0] standby interface serial0/0/0 30

[3Com-Serial3/0/0] standby interface logic-channel0

[3Com-Serial3/0/0] standby threshold 80 50

[3Com-Serial3/0/0] standby timer flow-check 100

[3Com-Serial3/0/0] standby bandwidth 9

# Display the traffic statistics of the main interface participating standby load
balancing.

[3Com-Serial3/0/0] display standby flow

Interfacename :Serial3/0/0

Flow-interval(s) : 100

LastInOctets : 868168

LastOutOctets : 1818667

InFlow(Octets) : 50070

OutFlow(Octets) : 100088

BandWidth(b/s) :9000

UsedBandWidth(b/s) : 8000

The contents of the display information are explained in the following table:
Table 1 Output information description of the display standby flow command

Field Description
Flow-interval(s) Interval at which traffic of the main interface is checked
LastInOctets Accumulated octets received on the main interface until the time
of last check.
LastOutOctets Accumulated octets sent on the main interface until the time of
last check.
InFlow(Octets) Accumulated octets received on the main interface during last
interval.
OutFlow(Octets) Accumulated octets sent on the main interface during last interval.
BandWidth(b/s) Bandwidth of the main interface
UsedBandWidth(b/s) Actual bandwidth of the interface during last interval

display standby state Syntax


display standby state

View
Any view
Backup Center Configuration Commands 1111

Description
Using the display standby state command, you can display the interface state
and standby state of the main interface and standby interfaces, and the priority,
standby state flag and standby load state of the standby interfaces.

The interface state of the main interface includes UP and DOWN.

The interface state of a standby interface includes UP, DOWN and STANDBY.

The standby state of the main interface includes MUP, MUPDELAY, MDOWN,
MDOWNDELAY and MDESERT.

The standby state of a standby interface includes UP, UPDELAY, DOWN,


DOWNDELAY, STANDBY and DESERT.

Standby state flag:

■ M---MAIN: the interface is a main interface.


■ B---BACKUP: the interface is a standby interface.
■ V---MOVED: the interface or its main interface or all standby interfaces of
the interface has (have) been removed.
■ U---USED: the interface is in use as a main interface or a standby interface.
■ D---LOAD: the interface participates in standby load balancing as a main
interface.
■ P---PULLED: the interface card where this interface is located has been
removed.
■ G---LOGICCHANNEL: the interface is a logic channel interface.

Standby load state includes WAKE, TO-HYPNOTIZE, TO-WAKE and STABLE.

Example
# Set Serial1/0/0, Serial0/0/0 and Logic-channel0 to the standby interfaces of
Serial3/0/0.

# Configure standby load balancing on Serial3/0/0.

[3Com] interface Serial3/0/0

[3Com-Serial3/0/0] standby interface serial1/0/0 10

[3Com-Serial3/0/0] standby interface serial0/0/0 30

[3Com-Serial3/0/0] standby interface logic-channel0

[3Com-Serial3/0/0] standby threshold 80 50

# Display the interface state and standby state of the main interface and standby
interfaces, and the priority, standby state flag and standby load state of the
standby interfaces.

[3Com-Serial3/0/0] display standby state

Interface Interfacestate Backupstate Backupflag Pri Loadstate


1112 CHAPTER 12: BACKUP CENTER CONFIGURATION COMMANDS

Serial3/0/0 UP MUP MUD TO-HYPNOTIZE

Serial0/0/0 DOWN DOWN BU 30

Logic-channel0 UP UPDELAY BU 20

Serial1/0/0 STANDBY STANDBY BU 10

Backup-flag meaning:

M---MAIN B---BACKUP V---MOVED U---USED

D---LOAD P---PULLED G---LOGICCHANNEL

standby bandwidth Syntax


standby bandwidth number

undo standby bandwidth

View
Interface view

Parameter
number: Interface bandwidth ranging from 0 to 4000000KB. By default, it is 0.

Description
When the main interface participates in standby load balancing, the backup center
will use the main interface's standby bandwidth configured by the user
preferentially. If not found, it gets the main interface bandwidth provided by the
system automatically. If it fails, it will ask the user to configure a standby
bandwidth for the main interface.

Before executing this command, the standby interface (specifying a physical


interface or a logic channel as the standby interface of the main interface)
command must have been executed.

Example
# Set Serial1/0/0 to the standby interface of Serial0/0/0.

# Configure the standby bandwidth of the main interface on Serial0/0/0.

[3Com] interface serial0/0/0

[3Com-Serial0/0/0] standby interface serial1/0/0 50

[3Com-Serial0/0/0] standby bandwidth 10000

[3Com-Serial0/0/0] standby threshold 80 50

standby interface Syntax


standby interface type number [ priority ]

undo standby interface type number


Backup Center Configuration Commands 1113

View
Interface view

Parameter

type: Interface type.

number: Interface number.

priority: Priority of a standby interface, ranging from 0 to 255, being 0 by default.


The greater the value is, the higher the priority is.

Description
Using the standby interface command, you can configure a certain physical
interface as a standby interface for the main interface. Using the undo standby
interface command, you can cancel a specified standby interface.

By default, no standby interface is specified.

A certain physical interface can be specified as a standby interface. One main


interface can have multiple standby interfaces which will be used according to
their priorities in case backup is needed, that is, the standby interface with higher
priority is preferred to being used first.

Example
# Specify Serial 1/0/0 whose priority value is 50 as the standby interfaces for Serial
0/0/0.
[3Com-Serial0/0/0] standby interface serial1/0/0 50

standby threshold Syntax


standby threshold enable-threshold disable-threshold

undo standby threshold

View
Interface view

Parameter

enable-threshold: Upper limit percentage of enabling standby interfaces and logic


channels. This value ranges from 1 to 99.

disable-threshold: Lower limit percentage of disabling standby interfaces and logic


channels. This value ranges from 1 to 99.

Description
Using the standby threshold command, you can configure the standby load
balancing for an interface or a logic channel. Using the undo standby threshold
command, you can cancel the standby load balancing of an interface or a logic
channel.

By default, no standby load balancing is configured.


1114 CHAPTER 12: BACKUP CENTER CONFIGURATION COMMANDS

This command should be configured on the main interface of the backup center.
When the traffic on all the active interfaces of the backup center reaches the set
upper limit, the available standby interface with the highest priority will be
enabled. When the total traffic on all the active interfaces of the backup center is
lower than the set lower limit, the standby interface with the lowest priority will be
disabled.

The enable-threshold must not be less than disable-threshold.

When undo standby threshold is being applied, if the existing standby


interfaces are enabled, the command will shut down all the standby interfaces,
and only the main interface works.

For the related command, see standby interface.

Example
# Configure standby load balancing on interface Serial 0/0/0.
[3Com-Serial0/0/0] standby threshold 80 50

standby timer delay Syntax


standby timer delay enable-delay disable-delay

undo standby timer delay

View
Interface view

Parameter

enable-delay: Delay for the standby interface to switch to the main interface. It
ranges from 0 to 65535 seconds.

enable-delay: Delay for the main interface to switch to a standby interface. It


ranges from 0 to 65535 seconds. By default, enable-delay and enable-delay are 0,
that is, immediate switchover.

Description
Using the standby timer delay command, you can set the delay for the
main/standby interface switchover. Using the undo standby timer delay
command, you can recover the default delay value.

It is recommended to set the switching delay to prevent frequent main/standby


interface switching due to the instability of the interface status.

Before executing this command, the standby interface (specifying a physical


interface or a logic channel as the standby interface of the main interface)
command must have been executed.

Example
# Specify Serial0/0/0 to use Serial1/0/0 as its standby interface and set the delay for
main/standby switchover to 10 seconds.
Backup Center Configuration Commands 1115

[3Com-Serial0/0/0] standby interface serial1/0/0

[3Com-Serial0/0/0] standby timer delay 10 10

standby timer Syntax


flow-check
standby timer flow-check interval-time

undo standby timer flow-check

View
Interface view

Parameter
interval-time: Interval at which the traffic is checked. It ranges from 30 seconds to
600 seconds and is defaulted to 30 seconds.

Description
Using the standby timer flow-check command, you can configure the interval at
which the main interface's traffic is checked. Using the undo standby timer
flow-check command, you can recover the default interval for traffic checking.

When the main interface participates in standby load balancing, the backup center
automatically checks the traffic of the main interface at the interval configured
with this command.

Before executing this command, the standby interface (specifying a physical


interface or a logic channel as the standby interface of the main interface)
command must have been executed.

Example
# Set Serial1/0/0 to the standby interface of Serial0/0/0.

# Configure the standby bandwidth of the main interface on Serial0/0/0.

[3Com] interface serial 0/0/0

[3Com-Serial0/0/0] standby interface serial10/0/0 50

[3Com-Serial0/0/0] standby bandwidth 10000

[3Com-Serial0/0/0] standby threshold 80 50

[3Com-Serial0/0/0] standby timer flow-check 60


1116 CHAPTER 12: BACKUP CENTER CONFIGURATION COMMANDS

VRRP Configuration
Commands

debugging vrrp Syntax


debugging vrrp { packet | state }

undo debugging vrrp { packet | state }

View
User view

Parameter

packet: Enable the VRRP packet debugging.

state: Enable the VRRP state debugging.

Description
Using the debugging vrrp command, you can enable debugging for VRRP. Using
the undo debugging vrrp command, you can disable VRRP debugging.

By default, VRRP debugging is disabled.

Example
# Enable the VRRP packet debugging.
[3Com] debugging vrrp packet

display vrrp Syntax


display vrrp [ interface interface-name [ virtual-router-ID ] ]

View
Any view

Parameter
interface-name: Interface name that must be an Ethernet Interface.
virtual-router-ID: Standby group number.

Description
Using the display vrrp command, you can view the status information of VRRP.

This command is used to view the status information and configuration


parameters of current VRRP. If the interface name and standby group number are
not specified, the status information of all the standby groups on the router will be
displayed. If the interface name is specified, the status information of all the
standby groups on the interface will be displayed. If both parameters are specified,
the status information of the standby group will be displayed.
VRRP Configuration Commands 1117

Example
# Display all standby group information of the router.
<3Com> display vrrp

Ethernet0/2/0 | Virtual Router 1

state : Master

Virtual IP : 202.38.160.111

Priority : 150

Preempt : YES Delay Time : 0

Timer : 1

Auth type : NONE

Ethernet0/2/0 | Virtual Router 2

state : Backup

Virtual IP : 202.38.160.100

Priority : 100

Preempt : YES Delay Time : 0

Timer : 1

Auth type : NONE

Ethernet1/2/0 | Virtual Router 1

state : Backup

Virtual IP : 10.10.10.10

10.10.10.11

Priority : 150

Preempt : YES Delay Time : 0

Timer : 1

Auth type : SIMPLE TEXT Auth Key : 3Com

Track IF : Ethernet0/2/0 Priority Reduced : 60

# Display the information of all the standby groups on the interface.

<3Com> display vrrp interface ethernet0/2/0

Ethernet0/2/0 | Virtual Router 1

state : Master

Virtual IP : 202.38.160.111

Priority : 150

Preempt : YES Delay Time : 0


1118 CHAPTER 12: BACKUP CENTER CONFIGURATION COMMANDS

Timer : 1

Auth type : NONE

Ethernet0/2/0 | Virtual Router 2

state : Backup

Virtual IP : 202.38.160.100

Priority : 100

Preempt : YES Delay Time : 0

Timer : 1

Auth type : NONE

# Display the information of a specified standby group on the interface.


<3Com> display vrrp interface ethernet0/2/0 1

Ethernet0/2/0 | Virtual Router 1

state : Master

Virtual IP : 202.38.160.111

Priority : 150

Preempt : YES Delay Time : 0

Timer : 1

Auth type : NONE

vrrp Syntax
authentication-mode
vrrp authentication-mode { md5 key | simple key }

undo vrrp authentication-mode

View
Interface view

Parameter

SIMPLE: Simple character authentication.

MD5: AH authentication using MD5 algorithm.

key: Authentication key. The length of the authentication key is 8 bytes or smaller.

Description
Using the vrrp authentication-mode command, you can configure
authentication type and authentication key of VRRP standby group. Using the
undo vrrp authentication-mode command, you can cancel the VRRP
authentication.

By default, no authentication is set.


VRRP Configuration Commands 1119

This command is used to set the authentication type and authentication key for all
the VRRP standby groups on an interface, as the protocol requires the standby
groups of an interface to use the same authentication type and authentication key.
In addition, the members of a standby group should have the same authentication
type and authentication key.

Authentication type and authentication key are insensitive to case.

Example
# Set the authentication types and authentication keys of all VRRP standby groups
on interface Ethernet 0/2/0.
[3Com-Ethernet0/2/0] vrrp authentication-mode simple 3Com

vrrp vrid preempt-mode Syntax


vrrp vrid virtual-router-ID preempt-mode [ timer delay delay-value ]

undo vrrp vrid virtual-router-ID preempt-mode

View
Interface view

Parameter

virtual-router-ID: Virtual Router ID, namely, VRRP standby group number, ranging
from 1 to 255.

delay-value: Delay time in seconds with a value ranging from 0 to 255. By default,
a router is in preemption mode with the delay as 0.

Description
Using the vrrp vrid preempt-mode command, you can configure the
preemption mode and delay time of routers in a standby group. Using the undo
vrrp vrid preempt-mode command, you can cancel the preemption mode and
delay time of routers in a standby group.

If a router with a higher priority is needed to actively preempt as the MASTER, the
router should be set to preemption mode. If a longer time is needed for
preemption, the delay time can be set. When a router is set to non-preemption
mode, the delay value will be set to 0 automatically.

Example
# Set a standby group to preemption mode.
[3Com-Ethernet0/2/0] vrrp vrid 1 preempt-mode

# Set the preemption delay.


[3Com-Ethernet0/2/0] vrrp vrid 1 preempt-mode timer delay 5

# Cancel the preemption mode.

[3Com-Ethernet0/2/0] undo vrrp vrid 1 preempt-mode


1120 CHAPTER 12: BACKUP CENTER CONFIGURATION COMMANDS

vrrp vrid priority Syntax


vrrp vrid virtual-router-ID priority priority-value

undo vrrp vrid virtual-router-ID priority

View
Interface view

Parameter

virtual-router-ID: VRRP standby group number, ranging from 1 to 255.

priority-value: Priority value of the router in standby group, in the range from 1 to
254. By default, the priority is 100.

Description
Using the vrrp vrid priority command, you can configure the priority of a router
in the standby group. Using the undo vrrp vrid priority command, you can
restore the default value of priority.

Priority determines the position of a router in the standby group. A higher priority
means that the router has more possibility to become MASTER. Priority 0 is
reserved for some special usage by the system and 255 is reserved for IP address
owner.

Example
# Set the priority of a router in standby group 1 to 150.
[3Com-Ethernet0/2/0] vrrp vrid 1 priority 150

vrrp vrid timer-advertise Syntax


vrrp vrid virtual-router-ID timer advertise adver-interval

undo vrrp vrid virtual-router-ID timer advertise

View
Interface view

Parameter

virtual-router-ID: VRRP standby group number, ranging from 1 to 255.

adver-interval: Interval that MASTER in standby group sends VRRP packet in


seconds with a value ranging from 1 to 255. By default, the seconds is 1 second.

Description
Using the vrrp vrid timer-advertise command, you can configure the timer of
the standby group. Using the undo vrrp vrid timer-advertise command, you
can restore the default value of the timer.

This command can be used to set the interval at which the MASTER sends VRRP
packets.
VRRP Configuration Commands 1121

Example
# Set the interval at which the MASTER in standby group 1 sends VRRP packet to 5
seconds.
[3Com-Ethernet0/2/0] vrrp vrid 1 timer advertise 5

vrrp vrid track Syntax


vrrp vrid virtual-router-ID track interface-name [ reduced value-reduced ]

undo vrrp vrid virtual-router-ID track [ interface-name ]

View
Interface view

Parameter

virtual-router-ID: VRRP standby group number, ranging from 1 to 255.

interface-name: Interface being monitored.

value-reduced: Value by which the priority is reduced. It ranges from 1 to 255 and
is defaulted to 10.

Description
Using the vrrp vrid track command, you can configure an interface to be
tracked. Using the undo vrrp vrid track command, you can cancel the tracking.

Interface monitoring function of VRRP better expands the backup function so that
the backup function can be provided not only when a router fails but also when
certain network interface is DOWN. After this command is configured, if the
monitored interface is DOWN, the priority of the router will reduce and the priority
of other member in the standby group will become the highest. As a result, the
router with the highest priority will become the new MASTER so as to achieve
backup function. Configuration of monitored interface for a router as IP address
owner is forbidden.

Example
# Set and monitor the interface Serial 0/0/0.
[3Com-Ethernet0/2/0] vrrp vrid 1 track serial0/0/0 reduced 50

# Cancel the tracking on Serial 0/0/0.

[3Com-Ethernet0/2/0] undo vrrp vrid 1 track serial0/0/0

vrrp vrid virtual-ip Syntax


vrrp vrid virtual-router-ID virtual-ip virtual-address

undo vrrp vrid virtual-router-ID virtual-ip [ virtual-address ]

View
Interface view
1122 CHAPTER 12: BACKUP CENTER CONFIGURATION COMMANDS

Parameter

virtual-router-ID: VRRP standby group number, ranging from 1 to 255.

virtual-address: Virtual IP address.

Description
Using the vrrp vrid virtual-ip command, you can add a virtual IP address. Using
the undo vrrp vrid virtual-ip command, you can cancel a virtual IP address.

By default, there is no standby group in the system.

This command is used to establish a standby group and can also be used to add
virtual IP address to an existing standby group. At most 16 virtual IP addresses can
be added to a standby group. The undo vrrp vrid virtual-ip command can be
used to delete an existing standby group or delete a certain virtual address in the
standby group. If the addresses of a standby group have all been deleted, the
system will automatically delete the standby group.

Example
# Create a standby group.
[3Com-Ethernet0/2/0] vrrp vrid 1 virtual-ip 10.10.10.10

# Add a virtual IP address to an existent standby group.

[3Com-Ethernet0/2/0] vrrp vrid 1 virtual-ip 10.10.10.11

# Delete a virtual IP address

[3Com-Ethernet0/2/0] undo vrrp vrid 1 virtual-ip 10.10.10.10

# Delete a standby group.

[3Com-Ethernet0/2/0] undo vrrp vrid 1 virtual-ip


DCC CONFIGURATION COMMANDS
13

DCC Configuration
Commands

debugging dialer Syntax


debugging dialer { event | packet | all}

View
Any view

Parameter

event: Enables DCC event debugging.

packet: Enables DCC packet debugging.

Description
Using the debugging dialer command, you can enable DCC debugging.

Example
None

dialer bundle Syntax


dialer bundle number
undo dialer bundle

View
Dialer interface view

Parameter
number: Number of dialer bundle, ranging from 1 to 255.

Description
Using the dialer bundle command, you can configure a dialer bundle used by a
dialer interface. Using the undo dialer bundle command, you can disassociate
the dialer bundle from the dialer interface.

By default, the Resource-Shared DCC is not enabled, and the dialer bundle is not
specified.

This command can be applied only on a dialer interface for configuring the dialer
bundle that the interface will use. Furthermore, a dialer interface can only use a
1124 CHAPTER 13: DCC CONFIGURATION COMMANDS

dialer bundle. This command can be used to specify a dialer bundle used by a
dialer interface, no matter what link-protocol, PPP or Frame Relay, runs on the
interface.

For related commands, see dialer bundle-member.

Example
# Configure the interface Dialer1 to use dialer bundle3, in which the interface
Serial0 is included.
[3Com-Dialer1] dialer bundle 3

[3Com-Serial0/0/0] dialer bundle-member 3

dialer bundle-member Syntax


dialer bundle-member number [ priority priority | max-link max-num | min-link
min-num]
undo dialer bundle-member number

View
Physical interface view

Parameter

number: Dialer bundle number ranging from 1 to 255.

priority: Priority of the physical interface in the dialer bundle, ranges from 1 to
255. The physical interface with higher priority will be used first. This is an optional
parameter. By default, priority is 1.

max-num: The maximum number of channels that can be used.

min-num: The minimum number of channels that can be used.

Description
Using the dialer bundle-member command, you can configure a physical
interface included in a dialer bundle in the Resource-Shared DCC application.
Using the undo dialer bundle-member command, you can remove the physical
interface from the dialer bundle.

By default, the physical interface is not assigned to any dialer bundle.

This command can only be applied to a physical interface, which can be assigned
to multiple dialer bundles.

To enable the B channel of ISDN interface (BRI or PRI) to configure its link layer
protocol dynamically in terms of the Dialer interface it belongs to, link layer
protocol that the interface uses should be specified as PPP.

For related command, see dialer bundle.


DCC Configuration Commands 1125

Example
# Make Bri1/0/0 a member of dialer bundle1 and dialer bundle2, and assigns it a
priority of 50.
[3Com] interface bri 1/0/0

[3Com-Bri1/0/0] dialer bundle-member 1 priority 50

[3Com-Bri1/0/0] dialer bundle-member 2 priority 50

dialer callback-center Syntax


dialer callback-center [ user ] [ dial-number ]
undo dialer callback-center

View
Physical or dialer interface view

Parameter

user: Calls back according to the parameter user hostname configured in the
dialer route command.

dial-number: Calls back according to the parameter telephone-number


configured in the local-user callback-number command.

Description
Using the dialer callback-center command, you can enable the callback server
function. Using the undo dialer callback-center command, you can disable the
callback server function of a router.

By default, PPP callback server is not configured.

This command must be configured at the server end when PPP is used to
implement callback.

The parameter user indicates that DCC will call back according to the parameter
configured in the dialer route command. The parameter dial-number indicates
that DCC will call back the remote end according to the callback-number
configured in the local-user command.

When both user and dial-number are applied concurrently, the router will first
attempt to place a return call according to the first parameter. If the callback
attempt fails, it will try the second parameter for callback.
For related commands, see ppp callback, ppp authentication-mode.

Example
# Configure a remote username and set the router to call the user back.
[3Com] local-user 3Comb password simple 3Comb

[3Com] interface serial0/0/0

[3Com-Serial0/0/0] dialer route ip 1.1.1.2 user 3Comb 8810052

[3Com-Serial0/0/0] dialer callback-center user


1126 CHAPTER 13: DCC CONFIGURATION COMMANDS

dialer call-in Syntax


dialer call-in remote-number [ callback ]
undo dialer call-in remote-number [ callback ]

View
Physical or dialer interface view

Parameter

remote-number: Used for matching the remote incoming call number. The
character “*” represents any character.

callback: When calling back the server end, the incoming number will match with
the dialer call-in command containing this keyword and originate a callback.

Description
Using the dialer call-in command, you can enable ISDN callback according to
ISDN caller ID. Using the undo dialer call-in command, you can cancel the
configuration.

By default, ISDN callback according to ISDN caller ID is not configured.

This command must be configured at the server end when ISDN caller ID is applied
for callback. In Resource-Shared DCC, because both PPP and frame relay protocols
are supported to be encapsulated on dialer interface, ISDN interface can
encapsulate link layer protocol dynamically according to corresponding dialer
interface.

The caller first searches the corresponding dialer interface by matching the caller
number with the dialer number command. The dialer call-in command is used
to preprocess the ISDN call-in number so as to determine whether the user with
this number can be permitted to access. If the PBX switch does not provide the
caller number, refuse the call directly.

For related command, see dialer callback-center.

Example
# Configure the router to call back the calling number 8810152.
[3Com-Bri0/0/0] dialer route ip 100.1.1.2 8810152

[3Com-Bri0/0/0] dialer call-in 8810152 callback

dialer circular-group Syntax


dialer circular-group number
undo dialer circular-group

View
Physical interface view
DCC Configuration Commands 1127

Parameter
number: Number of the dialer circular group, and a physical interface belongs to
this specified group, ranges from 0 to 1023. This number is defined through the
interface dialer command.

Description
Using the dialer circular-group command, you can add the physical interface to
a dialer circular group specified here. Using the undo dialer circular-group
command, you can cancel the configuration.

By default, the physical interface is not a member of any dialer circular group.

One physical interface can only be added to one dialer circular group, which may
contain multiple physical interfaces. When a call is originated on a dialer interface,
the highest priority physical interfaces in the circular group on the dialer interface
will place the call.

For related command, see interface dialer.

Example
# Assign Serial1/0/0 and Serial2/0/0 to dialer circular group1.
[3Com-Serial1/0/0] dialer circular-group 1

[3Com-Serial2/0/0] dialer circular-group 1

dialer enable-circular Syntax


dialer enable-circular
undo dialer enable-circular

View
Physical or dialer interface view

Parameter
None

Description
Using the dialer enable-circular command, you can enable Circular DCC. Using
the undo dialer enable-circular command, you can disable Circular DCC.

By default, Circular DCC is enabled on the ISDN interfaces and disabled on other
interfaces.

The user must use this command to enable it before using Circular DCC.

For related command, see dialer circular-group.


1128 CHAPTER 13: DCC CONFIGURATION COMMANDS

Example
# Enable Circular DCC on Serial 0/0/0.
[3Com-Serial0/0/0] dialer enable-circular

dialer isdn-leased Syntax


dialer isdn-leased number
undo dialer isdn-leased number

View
Physical or dialer interface view

Parameter
number: Number of the ISDN B channel configured to be a leased line. If the
channel is on a BRI interface, the range is from 1 to 2. If it is on a CE1/PRI
interface, the range is from 0 to 30. If it is on an E1/PRI interface, range is from 0
to 30. If it is on a CT1/PRI interface, range is from 0 to 23.

Description
Using the dialer isdn-leased command, you can configure an ISDN B channel
(can be either the channel on a BRI or PRI interface) to be the leased line. Using the
undo dialer isdn-leased command, you can cancel the setting.

By default, no ISDN B channel is configured to be leased line.

The user can configure any ISDN B channel to be the leased line without affecting
the settings of other B channels.

Example
# Configure the first B channel on the interface Bri0/0/0 to be the leased line.
[3Com-Bri0/0/0] dialer isdn-leased 1

dialer listen-group Syntax


dialer listen-group group-number
undo dialer listen-group group-number

View
Dialer interface view

Parameter
group-number: Dialer Listen group number, ranging from 1 to 255.

Description
Using the dialer listen-group command, you can enable the Dialer Listen
function on the AUX interface. Using the undo dialer listen-group command,
you can disable the Dialer Listen function on the AUX interface.

Example
# Enable Dialer Listen on Dialer0.
DCC Configuration Commands 1129

[3Com-Dialer0] dialer listen-group 12

dialer listen-rule Syntax


dialer listen-rule group-number ip ip-address address-mask
undo dialer listen-rule group-number

View
Dialer interface view

Parameter

group-number: Dialer Listen group number, ranging from 1 to 255.

ip-address: Destination network address to be monitored.

address-mask: Subnet mask of the destination.

Description
Using the dialer listen-rule command, you can configure the destination
network address to be monitored. Using the undo dialer listen-rule command,
you can delete a listen rule, together with the network address.

Example
# Configure the destination network address to be monitored on Dialer0.
[3Com-Dialer0] dialer listen-rule 12 ip 202.38.160.1 255.255.255.0

dialer number Syntax


dialer number dial-number
undo dialer number

View
Physical or dialer interface view

Parameter
dial-number: Dial number for calling a remote end.

Description
Using the dialer number command, you can configure a dial number for placing
a call to a single remote end. Using the undo dialer number command, you can
cancel the configured dial number.

By default, no dial number is set for calling the remote end.

This command is used when the dialer interface of Circular DCC serves as caller
end and the dialer originates calls to only one destination address or the default
address. This command is only valid after at least one of the following
requirements is satisfied:

■ The dialer route command is not configured on the interface.


1130 CHAPTER 13: DCC CONFIGURATION COMMANDS

■ Or the next hop address that sends packets cannot be found in the
corresponding dialer route command.

When dialer interfaces of Resource-Shared DCC run link protocol of PPP, the
remote user names, which are obtained via PPP authentication and configured
with dialer user respectively, will decide which dialer interface will receive the
incoming call. In this case, dialer user must be configured, and dialer number
can be configured optionally.

When dialer interfaces run link protocol of Frame Relay, the calling numbers,
which are received from the incoming call and configured with dialer number
respectively, will decide which dialer interface will receive the incoming call. In this
case, dialer number must be configured, and dialer user can be configured
optionally.

1) If dialer-group command is not configured, DCC will not dial even if dialer
number command is configured.
2) When using Resource-Shared DCC, the same dialer number can be configured
on different dialer interfaces at the calling side; but it is not the case at the called
side; otherwise, the call will fail. When using Circular DCC, the same dialer number
can be configured on different dialer interfaces at the calling side, and it is the
same to the called side.

For related command, see dialer route.

Example
# Set the dialer number for dialer1 calling the remote end to “11111”.
[3Com] interface dialer 1

[3Com-Dialer1] dialer number 11111

dialer priority Syntax


dialer priority priority
undo dialer priority

View
Physical interface view

Parameter
priority: Indicates the priority level for a physical interface which belongs to a dialer
circular group, ranging from 1 to 127. By default, the priority is 1.

Description
Using the dialer priority command, you can configure a priority for a physical
interface in a dialer circular group in the Circular DCC configuration. Using the
undo dialer priority command, you can restore the default priority.

This command sets the order in which the available physical interfaces in a dialer
circular group are used. The physical interfaces with higher priority will be used
first.
DCC Configuration Commands 1131

For related command, see dialer circular-group.

Example
# Set the priority of Serial 3/0/0 in dialer circular group0 to 5.
[3Com-Serial3/0/0] dialer circular-group 0

[3Com-Serial3/0/0] dialer priority 5

dialer queue-length Syntax


dialer queue-length packets
undo dialer queue-length

View
Physical or dialer interface view

Parameter
packets: Indicates the packet numbers buffered on this interface, ranging from 1
to 100. By default, the value of max-threshold is 30.

Description
Using the dialer queue-length command, you can configure the number of
packets, which comply with the "permit" statement, that can be buffered before
a link is set up. Using the undo dialer queue-length command, you can restore
the default number of the packets that can be buffered.

In the link establishing process, the packets which comply with the "permit"
statement are held in the buffer queue to wait for transmission as soon as the link
is set up. The setting of packets decides the queue length.

Example
# Configure that 10 packets are buffered on Serial1/0/0.
[3Com-Serial1/0/0] dialer queue-length 10

dialer route Syntax


dialer route protocol next-hop-address [ user hostname ] [ broadcast ] [ dial-number ] [
autodial ] [ logical-channel logic-channel-number ]
undo dialer route protocol next-hop-address [ user hostname ] [ broadcast ] [
dial-number ] [ autodial ] [ logical-channel logic-channel-number ]

View
Physical or dialer interface view

Parameter

protocol: Network protocol keyword, being ip or ipx.

next-hop-address: Remote network address.

user hostname: Remote user name, which is optionally specified for authentication
implemented when receiving calls.
1132 CHAPTER 13: DCC CONFIGURATION COMMANDS

broadcast: An optional parameter indicating that the broadcast packets can be


transmitted on this link.

dial-number: Dial number of the remote end.

autodial: If this parameter is defined in a dialer route, the router will automatically
attempt to dial according to the dialer route at a certain interval. The interval is set
in the dialer autodial-interval command, which is 300 seconds by default.

logical-channel logic-channel-number: Number of the specified logic channel of


the standby center.

Description
Using the dialer route command, you can configure to originate calls to one or
multiple remote ends or to receive calls from multiple remote ends on a DCC
interface. Using the undo dialer route command, you can cancel a dialer route.

By default, the system does not define dialer route.

To originate a call, the parameter dial-number should be used. If the user keyword
is used, PPP authentication should be configured.

The user can configure multiple dialer routes for a dial port or a destination
address.

If the dialer-group command is not configured, DCC will not dial.

For related commands, see dialer enable-circular, dialer autodial-interval.

Example
# Set the remote end to be called on Serial 0/0/0.
[3Com-Serial0/0/0] dialer route ip 131.108.2.5 user ZZZ 14155553434

dialer threshold Syntax


dialer threshold traffic-percentage [ in-out | in | out ]
undo dialer threshold

View
Dialer interface view

Parameter

traffic-percentage: Percentage of the actual traffic on the link over the bandwidth,
ranges from 1 to 99.

in-out: Calculates the larger one of the inbound traffic and the outbound traffic in
the actual traffic calculation.

in: Only the inbound traffic is calculated.

out: Only the outbound traffic is calculated.


DCC Configuration Commands 1133

Description
Using the dialer threshold command, you can configure the traffic threshold of a
link on the DCC interface so that another link can be enabled to call the same
destination address when the ratio of traffic on all connected links on the DCC
interface to the available bandwidth exceeds the preset percentage. Using the
undo dialer threshold command, you can restore the default value.

By default, traffic control is not enabled.

If the ratio of the traffic on a link of a DCC interface to the bandwidth exceeds a
defined threshold, the second link will be enabled to implement MP binding with
the first one. When the ratio of traffic on the two links to the bandwidth exceeds
a defined threshold, the third link will be enabled, so on and so forth. On the
contrary, when the ratio of the traffic on N (N is an integer greater than or equal to
2) links to the bandwidth of N-1 links is less than a defined threshold, a link will be
disabled. In Circular DCC, this command is used on the interfaces corresponding
to the dialer circular-group (including ISDN BRI/PRI interfaces and dialer
interfaces). In Resource-Shared DCC, this dialer threshold command is applied to
dialer interface only. In addition, this command must be used together with the
ppp mp command.

For related command, see ppp mp.

Example
# Set the traffic threshold on Dialer1 to 80%.
[3Com-Dialer1] dialer threshold 80

dialer timer autodial Syntax


dialer timer autodial seconds
undo dialer timer autodial

View
Physical or dialer interface view

Parameter
seconds: Interval before the next call attempt, ranging from 1 to 604800 in units
of second. The default interval is 300 seconds.

Description
Using the dialer timer autodial command, you can configure the automatic
dialing interval of DCC. Using the undo dialer timer autodial command, you
can resume the default interval.

This command should be used together with the auto-dial keyword in the dialer
route command. DCC will automatically attempt to dial every seconds secconds
until the connection is established. The automatic dialing function is independent
of the trigger with data packets. The established connection will not be
automatically cut for timeout. That is, the configuration of the dialer timer idle
command does not affect it.

For related command, see dialer route.


1134 CHAPTER 13: DCC CONFIGURATION COMMANDS

Example
# Set the DCC automatic calling interval on Serial0/0/0 to 60 seconds.
[3Com-Serial0/0/0] dialer timer autodial 60

dialer timer compete Syntax


dialer timer compete seconds
undo dialer timer compete

View
Physical or dialer interface view

Parameter
Seconds: Idle interval when contention occurs, ranges from 0 to 65535 seconds.
By default, the idle interval is 20 seconds.

Description
Using the dialer timer compete command, you can configure an idle interval for
an interface after call contention occurs on the interface. Using the undo dialer
timer compete command, you can restore the default interval.

Contention occurs if no free channel is available when DCC tries to originate a


call. Normally, after a link is set up, timer idle timing will take effect. However, if a
call to a different destination address is to be originated on this interface under the
contention circumastance, DCC replaces the timer idle timing with the timer
compete timing.

Example
# Set timer idle and timer compete respectively to 50 seconds and 10 seconds on
Serial 0/0/0.
[3Com-Serial0/0/0] dialer timer idle 50

[3Com-Serial0/0/0] dialer timer compete 10

dialer timer enable Syntax


dialer timer enable seconds
undo dialer timer enable

View
Physical or dialer interface view

Parameter
seconds: Interval for originating the next call, ranges from 5 to 65535 seconds. By
default, the interval is 20 seconds.

Description
Using the dialer timer enable command, you can configure an interval for the
next call attempt on an interface after the link is disconnected. Using the undo
dialer timer enable command, you can restore the default interval.
DCC Configuration Commands 1135

Example
# Set the interval for DCC to make the next call attempt to 5 seconds.
[3Com-Serial0/0/0] dialer timer enable 5

dialer timer idle Syntax


dialer timer idle seconds
undo dialer timer idle

View
Physical or dialer interface view

Parameter
seconds: Time that a link is allowed to be idle, ranges from 0 to 65535 seconds. By
default, seconds is 120 seconds.

Description
Using the dialer timer idle command, you can configure the interval that a link is
allowed to be idle (in other words, the interval, when there are no packets which
comply with the “permit” statements transmitted) after a call has been set up on
the interface. Using the undo dialer timer idle command, you can restore the
default duration.

After a link is set up, the timer idle timer will take effect. If no interesting packets
are transmitted on the link within the specified time, DCC will automatically
disconnect the link. If timer idle is set to 0, the link will never be disconnected,
regardless of whether there are no packets which comply with the “permit”
statements to be transmitted over the link or not.

Example
# Set the timer idle on the interface Serial 0/0/0 to 50 seconds.
[3Com-Serial0/0/0] dialer timer idle 50

dialer timer Syntax


listen-disable dialer timer listen-disable seconds
undo dialer timer listen-disable

View
Physical or dialer interface view

Parameter
seconds: Delay for disconnecting the backup interface, ranging from 0 to 65535 in
units of second. It defaults to 0 second (that is, cut the backup link without delay.)

Description
Using the dialer timer listen-disable command, you can set the delay for
disconnecting the backup interface. Using the undo dialer timer listen-disable
command, you can resume the default delay.
1136 CHAPTER 13: DCC CONFIGURATION COMMANDS

Example
# Set the delay for disconnecting the backup interface on Serial0/0/0 to 5 seconds.

[3Com-Serial0/0/0] dialer timer listen-disable 5

dialer timer wait-carrier Syntax


dialer timer wait-carrier seconds
undo dialer timer wait-carrier

View
Physical or dialer interface view

Parameter
seconds: Waiting time in seconds, ranges from 0 to 65535. By default, the time
waiting for a call connection is 60 seconds.

Description
Using the dialer timer wait-carrier command, you can configure the timeout
time of wait-carrier timer. Using the undo dialer timer wait-carrier command,
you can restore the default time of the timer.

Wait-carrier timer begins to time after the DCC call is initiated. If the call
connection fails to be set up within the timeout time of this timer, the call will be
terminated.

If the connection for a call is not established within the specified time, DCC will
terminate the call.

Example
# Set the maximum duration of the time that Serial 0/0/0 waits for call to establish
to be 100 seconds.
[3Com-Serial0/0/0] dialer timer wait-carrier 100

dialer user Syntax


dialer user username
undo dialer user

View
Dialer interface view

Parameter
username: Remote user name for PPP authentication, which is a string of 1 to 31
characters.

Description
Using the dialer user command, you can configure remote user name for
authenticating the requests when calls are received. Using the undo dialer user
command, you can cancel the remote user name.
DCC Configuration Commands 1137

By default, no remote user name is set.

This command is only valid on dialer interfaces of Resource-Shared DCC.

When dialer interfaces run link protocol of PPP, the remote user name, which are
obtained via PPP authentication and configured with dialer user respectively, will
decide which dialer interface will receive the incoming call.

When dialer interfaces run link protocol of Frame Relay, the calling number, which
are received from incoming call and configured with dialer number respectively,
will decide which dialer interface will receive the incoming call. In this case, dialer
number must be configured, and dialer user can be configured optionally.

For related commands, see ppp pap local-user, ppp chap user.

Example
# Set the remote username to “RouterB”.
[3Com-Dialer3] dialer user RouterB

dialer-group Syntax
dialer-group group-number
undo dialer-group

View
Physical or dialer interface view

Parameter
group-number: sequence number of dialer access number, ranges from 1 to 255.
This group is set through the dialer-rule command.

Description
Using the dialer-group command, you can configure access control on the
packets transmitted on a DCC interface and place the interface in an access
control group. Using the undo dialer-group command, you can cancel the
interface from united with the access control group.

By default, this command is not configured.

This command is used for associating a physical interface with an access control
group. Through the dialer-rule command, the user can associate an access
control group with the acl command. A DCC interface can only be the member of
an access control group. If it is configured to be a member of another access
control group, this configuration will replace the previous one.

In the default configuration of the interface, dialer-group is not configured. The


user must configure this command. Otherwise, DCC will be unable to transmit
packets.

For related command, see dialer-rule.

Example
# Add Serial0/0/0 interface to access control group 1.
1138 CHAPTER 13: DCC CONFIGURATION COMMANDS

[3Com] dialer-rule 1 acl 101

[3Com-Serial1/0/0] dialer-group 1

dialer-rule Syntax
dialer-rule dialer-group { protocol-name { permit | deny } | acl acl-number }
undo dialer-rule dialer-group

View
System view

Parameter

dialer-group: Indicates the number of access control group, which is related to the
parameter group-number in dialer-group command in the DCC interface view.

protocol-name: Network protocol, the value can be ip alike.

permit: Permits the packets of the specified protocol.

deny: Denies the packets of the specified protocol.

acl acl-number: Number of the access control list to which the access control
group corresponds.

Description
Using the dialer-rule command, you can configure the conditions of the data
packet that can trigger a DCC call. Using the undo dialer-rule command, you can
cancel the setting.

By default, no conditions of packet-triggering DCC calls are set for dial interfaces.

This command is used to set the DCC call packet-triggering control to which an
access control group corresponds. And a dial interface can be placed in an access
control group through the dialer-group command. Thereby, the DCC call’s
packet-triggering on the DCC interface can be controlled.

If an access control group cannot find the corresponding dialer-rule, DCC will
regard the packets as packets which do not comply with the “permit” conditions
in ACL rule and just drop them. No DCC call will be originated.

For related command, see dialer-group.

Example
# Set a dialer-rule.
[3Com] acl number 101

[3Com-acl-adv-101] rule permit ip source 0.0.0.0 255.255.255.255 destination 0.0.0.0


255.255.255.255

[3Com-acl-adv-101] quit

[3Com] dialer-rule 1 acl 101


DCC Configuration Commands 1139

[3Com] interface serial1/0/0

[3Com-Serial1/0/0] dialer-group 1

display dialer interface Syntax


display dialer interface [ interface-type interface-number ]

View
Any view

Parameter

interface-type: Interface type.

interface-number: Interface number.

Description
Using the display dialer interface command, you can view the information of
DCC interface.

By default, the information of all the DCC interfaces is displayed.

For related commands, see dialer timer idle, dialer timer compete, dialer
timer wait-for-carrier, dialer timer enable.

Example
# Display the information on the DCC interface Dialer 1.
[3Com] display dialer interface serial1/0/0

Dial Interface:Serial0/0

Dialer Route:

NextHop_address Dialer_Numbers

131.108.2.5 14155553434

Dialer Timers(Secs):

Auto-dial:300 Compete:10 Enable:5

Idle:50 Wait-for-Carrier:100

interface dialer Syntax


interface dialer number
undo interface dialer number

View
Any view

Parameter
number: Interface number in the range of 0 to 1023.
1140 CHAPTER 13: DCC CONFIGURATION COMMANDS

Description
Using the interface dialer command, you can create a dialer circular group for
the Circular DCC, or configure a dialer interface for the Resource-Shared DCC.
Using the undo interface dialer command, you can cancel the existing setting.

By default, no dialer interface is defined.

In Resource-Shared DCC, any dialer interface can use the services provided by
multiple physical interfaces, and individual physical interfaces can provide services
for multiple dialer interfaces at the same time. Therefore, authentication must be
configured on these physical interfaces, so as to use the user name of a dial-in
party to locate the corresponding dialer interface for the call. In this mode,
physical interfaces and dialer interfaces are dynamically bound. Furthermore, a
dialer interface can only call a destination address, which will be specified in the
dialer number command.

The physical interfaces in Circular DCC and Resource-Shared DCC do not use
individual network addresses. Instead, they use the addresses of the corresponding
dialer interfaces.

Example
# Define a dialer interface dialer 1.
[3Com] interface dialer 1

flow-interval Syntax
flow-interval interval
undo flow-interval

View
System view

Parameter
interval: Flow-interval, in second, ranging from 1 to 1500. By default, it is 20
seconds.

Description
Using the flow-interval command, you can configure flow interval. Using the
undo flow-interval command, you can restore the default value of flow interval.
This command takes effect only on DCC flow trigger dial-up.

Example
# Configure the flow-interval to 3 seconds.
[3Com] flow-interval 3

ppp callback Syntax


ppp callback { client | server }
undo ppp callback { client | server }
DCC Configuration Commands 1141

View
Physical or dialer interface view

Parameter

client: As the client end, sends callback requests.

server: As the server end, accepts callback requests.

Description
Using the ppp callback command, you can enable an interface to send or accept
PPP callback requests. Using the undo ppp callback command, you can disable
the interface to send or accept PPP callback requests.

By default, sending or receiving callback request is disabled.

The callback function can be used to save the communication cost for the calling
party in the case that the calling party pays the charge for calls.

For related command, see ppp callback ntstring.

Example
# Enable accepting callback request on Serial0/0/0 interface.
[3Com-Serial0/0/0] ppp callback server

ppp callback ntstring Syntax


ppp callback ntstring dial-number
undo ppp callback ntstring

View
Physical or dialer interface view

Parameter
dial-number: Dial number for a Windows NT server to call back the router.

Description
Using the ppp callback ntstring command, you can configure the dial number
required for a Windows NT server to call back the router. Using the undo ppp
callback ntstring command, you can cancel the configured callback dial number.

By default, no callback dial number is set for the Windows NT server.

When a router functions as the callback server to call a Windows NT server, this
command should be configured if the server needs the router to send the callback
number.

For related command, see ppp callback.

Example
# Set the dial number for a Windows NT server to call back the router to “2489”.
[3Com-Dialer1] ppp callback NTString 2489
1142 CHAPTER 13: DCC CONFIGURATION COMMANDS

Modem Configuration
Commands

debugging modem Syntax


debugging modem

View
User views

Parameter
None

Description
Using the debugging modem command, you can enable Modem debugging.

According to the information output after executing this command, the user can
make sure whether the correct Modem script has been specified for a particular
event.

Example
None

modem Syntax
Modern [both/call-in]
undo modern [both/call-in]

View
User-interface view

Parameter

both: Permits incoming and outgoing calls.

out: Permits only outgoing calls.

Description
Using the modem command, you can enable receiving incoming calls or sending
outgoing calls on the interface. Using the undo modem command, you can
disable receiving incoming calls or sending outgoing calls on the interface.

By default, both incoming and outgoing Modem calls are permitted on the
interfaces.

This command can be used to set the authority of Modem dial-in and dial-out on
an interface.

Example
# Enable receiving incoming Modem calls on interface u-tty1..
[3Com-ui-tty1] modem call-in
Modem Configuration Commands 1143

modem auto-answer Syntax


modem auto-answer
undo modem auto-answer

View
User interface view

Parameter
None

Description
Using the modem auto-answer command, you can configure the external
Modem connected to the asynchronous interface to operate in auto-answer
mode. Using the undo modem auto-answer command, you can restore the
external Modem connected to the asynchronous interface to operate in non-auto
answer mode.

By default, the system sets an external Modem to non-auto answer mode.

Execute this command according to the current answer state of the Modem
externally connected to the router. If the Modem is in auto-answer mode (AA LED
of the Modem lights), the modem auto-answer command must be executed in
the corresponding interface view. If it is in non-auto answer mode, execute the
undo modem auto-answer command.

Rather than changing the Modem state, the execution of this command only
shows the answer mode of Modem. The user should determine whether to
execute the modem auto-answer command according to the answer mode (AA
LED) of the current external Modem.

For related command, see modem.

Example
# Set the Modem externally connected to the asynchronous serial interface Serial0
to operate auto-answer mode.
[3Com-Serial0]modem auto-answer

script trigger connect Syntax


script trigger connect script-name
undo script trigger connect

View
User interface view

Parameter
script-name: Name of Modem script.
1144 CHAPTER 13: DCC CONFIGURATION COMMANDS

Description
Using the script trigger connect command, you can configure the Modem script
that will be executed once an incoming call connection is established. Using the
undo script trigger connect command, you can cancel this feature.

By default, no Modem script is configured.

If this command is configured, the specified script will be executed anytime when
an incoming call connection is established.

For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger logout, script trigger dial, script trigger init.

Example
# Specify the script “example” to be executed anytime an incoming call
connection is established.
[3Com-ui-tty1] script trigger connect example

script trigger dial Syntax


script trigger dial script-name
undo script trigger dial

View
User interface view

Parameter
script-name: Name of Modem script.

Description
Using the script trigger dial command, you can configure the Modem script that
is used for DCC dialing. Using the undo script trigger dial command, you can
cancel the feature.

By default, the system does not specify the script.

If this command is configured, the specified script will be executed for DCC
dialing.

For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger logout, script trigger init.

Example
# Specify the script “example” to be used for DCC dialing.
[3Com-ui-tty1] script trigger dial example

script trigger init Syntax


script trigger init script-name
undo script trigger init
Modem Configuration Commands 1145

View
User interface view

Parameter
script-name: Name of Modem script.

Description
Using the script trigger init command, you can configure the Modem script that
will be executed when the system is powered on or rebooted. Using the undo
script trigger init command, you can cancel this feature.

By default, the system does not specify the script.

If this command is configured, the specified Modem script will be executed for
initializing the asynchronous device connected to the interface when the system is
powered on or rebooted.

For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger dial, script trigger logout.

Example
# Set the system to execute “example” when the system is powered on or
rebooted.
[3Com-ui-tty1] script trigger init example

script trigger login Syntax


script trigger login script-name
undo script trigger login

View
User interface view

Parameter
script-name: Name of Modem script.

Description
Using the script trigger login command, you can configure the Modem script
that will be executed when an outgoing call connection is successfully established.
Using the undo script trigger login command, you can cancel this feature.

By default, no Modem script is configured.

If this command is configured, the specified script will start to be executed anytime
when an outgoing call connection is established. This script can be the registration
information on a remote system. For example, when a router is connected to a
remote UNIX server, we can log in to the remote UNIX server using this script
through sending login information and password to the UNIX server.

For related commands, see script-string, start-chat, script trigger connect,


script trigger logout, script trigger dial, script trigger init.
1146 CHAPTER 13: DCC CONFIGURATION COMMANDS

Example
# Specify the script “example” to be executed anytime an outgoing call
connection is established.
[3Com-ui-tty1] script trigger login example

script trigger logout Syntax


script trigger logout script-name
undo script trigger logout

View
User-interface view

Parameter
script-name: Name of Modem script.

Description
Using the script trigger logout command, you can configure the Modem script
that is executed when a link is reset. Using the undo script trigger logout
command, you can cancel this feature.

By default, no Modem script is configured.

If this command is configured, the specified Modem script will be executed when
a link is reset. For example, reset the Modem when the call on the interface is
down.

For related commands, see script-string, start-chat, script trigger login, script
trigger connect, script trigger dial, script trigger init.

Example
# Specify the Modem script that will be executed when the link is reset.
[3Com] script-string drop-line "" +++ OK ATH OK "ATS0=1" OK

[3Com-ui-tty1] script trigger logout drop-line

script-string Syntax
script-string script-name script-content
undo script-string script-name

View
System view

Parameter

script-name: Name of Modem script.

script-content: Script content.


Modem Configuration Commands 1147

Description
Using the script-string command, you can configure a Modem script. Using the
undo script-string command, you can cancel the Modem script.

By default, the system does not have a Modem script.

3Com series routers provide the Modem script, which is mainly used for:

■ Providing flexibility in controlling the Modems of different models. For


example, using different initialization strings can make the Modem of
different manufacturers or models to better interoperate with the 3Com
series routers.
■ And implementing the interactive login to remote systems. Interactive
negotiation of the scripts can enable the systems to enter different link
states. For example, after the asynchronous serial interfaces on the two
routers set up a connection via the Modems, the routers can negotiate the
protocol to be encapsulated with the physical link and its operating
parameters.

The Modem script format in common use is as follows:

send-string1 receive-string1 send-string2 receive-string2 ......

Among the above format are:

■ send-string indicates a sending string.


■ receive-string indicates a receiving string.
■ Normally, send-string and receive-string appear in pairs, and the script must
begin with a sending string. For example, send-string1 receive-string1 ……
represents the execution flow: Send send-string1 to the Modem and expect
to receive receive-string1. If the string matching receive-string1 is received
before timeout, the execution of the subsequent script, which will be
otherwise terminated, will continue.
■ If the last string is a sending string, it indicates that the execution of the
script will be terminated after the string is sent without waiting for any
receiving string.
■ If the beginning of the script needs no sending string, but need to wait for
receiving string directly, the first string can be set as “”, the meaning of
which will be explained later.
■ Except for ending with \c, the sending string will be automatically added
with a return to its end whenever it is sent.
■ A receiving string is matched via the location-independent matching
method. That is, a match is considered successful as long as the received
contents contain the expected string.
■ Concerning the match of receiving string, there can be multiple expected
receiving strings. The match operation on a receiving string will be
considered successful if the receiving string is matched with any expected
receiving strings which are separated by hyphens (“-“).
■ The default timeout time waiting for a receiving string is 5 seconds.
TIMEOUT seconds can be inserted into the script to adjust the timeout time
1148 CHAPTER 13: DCC CONFIGURATION COMMANDS

waiting for the receiving string, which is valid till a new TIMEOUT is set in
the same script. For its meanings, refer to the following table.
Table 1 Script keywords

Keyword Description
ABORT receive-string The string following ABORT will be compared with the string
sent from a Modem or a remote DTE device for a full match.
Multiple ABORT entries can be configured for a script, and all
of them take effect in the whole script execution period.
TIMEOUT seconds The digit following TIMEOUT is used to set the timeout
interval that the device waits for receiving strings. If no
expected strings are received within the interval, the execution
of the script will be failed. Once being set, the setting will be
valid till a new TIMEOUT is set.

■ All the strings and keywords in a script are case-sensitive.


■ Both strings and keywords are separated by spaces. If a space is contained
in a string, it should be put in the double quotation marks (" "). A pair of
empty quotation marks (that is, "") has two possible meanings. Being a
leading "" in a script, it means that no string needs to be sent and the
system will directly wait for the receiving string. If "" is put at any other
locations, the string content will be regarded to be "".
■ ABORT receive-string can be inserted anywhere in a script to change the
script execution flow. Its presence in the script indicates that the script
execution will be terminated if a received string is fully matched to the
receive-string set by ABORT receive-string. Multiple ABORT entries can be
defined in a script, and they will take effect concurrently. Once a received
string matches any of them, the script execution will be terminated.
Regardless of where the ABORT receive-string is placed, it will take effect in
the whole script execution process.
■ Escape characters can be inserted in a script for the purpose of better
controlling the script and increasing its flexibility. In addition, all the escape
characters are the delimiters in the string at the same time. Refer to the
following table for details.
Table 2 Script escape characters

Escape character Description


\c It means that only the specified string can be sent and the
character "Enter" will not be sent. The character of "\c" must be
at the end of the sending strings. Otherwise, it is invalid at other
location.
\d Represents pausing 2 seconds.
\n Represents the character "newline".
\r Represents the character "Enter".
\s Represents the character "Space".
\t Represents the character "Tab".
\\ Represents the character "\".
\T Represents telephone number

For related commands, see sendat, start-chat, script trigger login, script
trigger connect, script trigger logout, script trigger dial, script trigger init.
Modem Configuration Commands 1149

Example
# Define a Modem script.
[3Com]script-string example "" AT OK ATS0=1 OK

start-script Syntax
start-script script-namet-name

View
User view

Parameter

script-name: Name of Modem script.

number: Interface number of the script.

Description
Using the start-script command, you can configure executing the specified
Modem script on an interface.
This command provides the user with means of instantly executing the Modem
script. If another script is being executed on the corresponding interface, this
command will not be executed and an error will be reported.

For related command, see script-string.

Example
# Execute the specified Modem script “example” on the interface 1.
<3Com> start-script example 1
1150 CHAPTER 13: DCC CONFIGURATION COMMANDS

You might also like