No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
DSVPN Configuration Commands

DSVPN Configuration Commands

NOTE:

The AR502G-L-D-H and AR502GR-L-D-H do not support DSVPN.

display nhrp peer

Function

The display nhrp peer command displays NHRP mapping entries.

Format

display nhrp peer { interface tunnel interface-number [ dynamic | static | ip-address ] | ip-address }

display nhrp peer { dynamic | static } [ ip-address ]

display nhrp peer all

Parameters

Parameter

Description

Value

interface tunnel interface-number

Displays NHRP mapping entries on the specified interface.interface-number specifies the interface number.

-

dynamic

Displays dynamic NHRP mapping entries.

-

static

Displays static NHRP mapping entries.

-

ip-address

Specifies the IP address for an NHRP mapping entries.

-

all

Displays all NHRP mapping entries.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Run the display nhrp peer command on the Hub to check whether a Spoke has successfully registered. Run the display nhrp peer command on a Spoke to help locate a communications fault between two Spokes.

Example

# Display all NHRP mapping entries.

<Huawei> display nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
172.10.1.1      32    202.1.1.10      172.10.1.1      static       hub
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:39:32
Expire time     : --
-------------------------------------------------------------------------------
Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
192.168.2.1     32    202.1.3.10      172.10.1.3      dynamic      route network
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Before NAT NBMA-addr: 10.2.2.2
Created time    : 00:00:13
Expire time     : 01:59:47
-------------------------------------------------------------------------------
Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
172.10.1.3      32    202.1.3.10      172.10.1.3      dynamic      route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Before NAT NBMA-addr: 10.2.2.2
Created time    : 00:00:13
Expire time     : 01:59:47
-------------------------------------------------------------------------------
Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag
-------------------------------------------------------------------------------
192.168.1.1     32    10.1.1.1        172.10.1.2      dynamic      local
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time    : 00:00:13
Expire time     : 01:59:47

Number of nhrp peers: 4
Table 10-10  Description of the display nhrp peer all command output

Item

Description

Protocol-addr

Subnet address or tunnel interface address of the NHRP peer.

Mask

Subnet address mask or tunnel interface address mask of the NHRP peer.

NBMA-addr

Public address of the NHRP peer, which corresponds to the source tunnel interface address of the NHRP peer.

NextHop-addr

Address of the next hop pointing to the protocol address.

Type

Type of the NHRP peer table.
  • dynamic: indicates that the NHRP peer table is dynamically generated by the device.
  • static: indicates that the NHRP peer table is configured by the administrator manually.

Flag

NHRP peer type:
  • hub: indicates that the entry displays address information about a hub.
  • local: indicates that the entry displays address information about the NHRP peer on the local subnet.
  • route tunnel: indicates that the entry displays address information about the remote tunnel interface.
  • route network: indicates that the entry displays address information about the NHRP peer on the remote subnet. The source spoke can dynamically learn this information about the destination spoke subnet when spokes save only summarized routes to the hub.

Tunnel interface

Tunnel interface number.

Before NAT NBMA-addr

NBMA address before NAT is implemented.

Created time

Time when an NHRP mapping entry is created.

Expire time

Time when an NHRP mapping entry expires.

display nhrp peer maximum-history

Function

The display nhrp peer maximum-history command displays history statistics on NHRP peer entries.

Format

display nhrp peer maximum-history

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to view history statistics on NHRP peer entries.

Example

# Display history statistics on NHRP peer entries.

<Huawei> display nhrp peer maximum-history
 ------------------------------------------------------------------------------
  Maximum of total peers in history           :    0                            
  Begin time of total peers                   :    2013-10-18 20:22:30          
  Maximum time of total peers                 :    2013-10-18 20:22:30          
  ------------------------------------------------------------------------------
Table 10-11  Description of the display nhrp peer maximum-history command output

Item

Description

Maximum of total peers in history

Maximum number of NHRP peer entries in the history.

Begin time of total peers

Time when collection of statistics on NHRP peer entries begins.

Maximum time of total peers

Time when the number of NHRP peer entries reaches the maximum value.

display nhrp statistics

Function

The display nhrp statistics command displays NHRP packet statistics.

Format

display nhrp statistics interface tunnel interface-number

Parameters

Parameter

Description

Value

interface tunnel interface-number

Displays NHRP packet statistics on the specified interface.interface-number specifies the interface number.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

This command displays NHRP packet statistics to help locate DSVPN-related faults.

Example

# Display NHRP packet statistics on tunnel interface 0/0/0.

<Huawei> display nhrp statistics interface tunnel 0/0/0
RegisterRequestSendSuccess        :0
RegisterRequestSendFail           :0
RegisterRequestCorrectRecv        :1024
RegisterRequestErrRecv            :0
RegisterRequestTransf             :0
RegisterReplySendSuccess          :1024
RegisterReplySendFail             :0
RegisterReplyCorrectRecv          :0
RegisterReplyErrRecv              :0
RegisterReplyTransf               :0
ResolutionRequestSendSuccess      :0
ResolutionRequestSendFail         :0
ResolutionRequestCorrectRecv      :0
ResolutionRequestErrRecv          :0
ResolutionRequestTransf           :0
ResolutionReplySendSuccess        :0
ResolutionReplySendFail           :0
ResolutionReplyCorrectRecv        :0
ResolutionReplyErrRecv            :0
ResolutionReplyTransf             :0
PurgeRequestSendSuccess           :0
PurgeRequestSendFail              :0
PurgeRequestCorrectRecv           :0
PurgeRequestErrRecv               :0
PurgeRequestTransf                :0
PurgeReplySendSuccess             :0
PurgeReplySendFail                :0
PurgeReplyCorrectRecv             :0
PurgeReplyErrRecv                 :0
PurgeReplyTransf                  :0
RedirectIndicationSendSuccess     :0
RedirectIndicationSendFail        :0
RedirectIndicationCorrectRecv     :0
RedirectIndicationErrRecv         :0
RedirectIndicationTransf          :0
ErrIndicationSendSuccess          :0
ErrIndicationSendFail             :0
ErrIndicationCorrectRecv          :0
ErrIndicationErrRecv              :0
ErrIndicationTransf               :0
AuthenticationFail                :0
LoopdetectFail                    :0
   
Table 10-12  Description of the display nhrp statistics command output

Item

Description

RegisterRequestSendSuccess

Number of NHRP Registration Request packets that are sent successfully.

RegisterRequestSendFail

Number of NHRP Registration Request packets that fail to be sent.

RegisterRequestCorrectRecv

Number of NHRP Registration Request packets that are received successfully.

RegisterRequestErrRecv

Number of NHRP Registration Request packets that fail to be received.

RegisterRequestTransf

Number of NHRP Registration Request packets that are forwarded.

RegisterReplySendSuccess

Number of NHRP Registration Reply packets that are sent successfully.

RegisterReplySendFail

Number of NHRP Registration Reply packets that fail to be sent.

RegisterReplyCorrectRecv

Number of NHRP Registration Reply packets that are received successfully.

RegisterReplyErrRecv

Number of NHRP Registration Reply packets that fail to be received.

RegisterReplyTransf

Number of NHRP Registration Reply packets that are forwarded.

ResolutionRequestSendSuccess

Number of NHRP Resolution Request packets that are sent successfully.

ResolutionRequestSendFail

Number of NHRP Resolution Request packets that fail to be sent.

ResolutionRequestCorrectRecv

Number of NHRP Resolution Request packets that are received successfully.

ResolutionRequestErrRecv

Number of NHRP Resolution Request packets that fail to be received.

ResolutionRequestTransf

Number of NHRP Resolution Request packets that are forwarded.

ResolutionReplySendSuccess

Number of NHRP Resolution Reply packets that are sent successfully.

ResolutionReplySendFail

Number of NHRP Resolution Reply packets that fail to be sent.

ResolutionReplyCorrectRecv

Number of NHRP Resolution Reply packets that are received successfully.

ResolutionReplyErrRecv

Number of NHRP Resolution Reply packets that fail to be received.

ResolutionReplyTransf

Number of NHRP Resolution Reply packets that are forwarded.

PurgeRequestSendSuccess

Number of NHRP Purge Request packets that are sent successfully.

PurgeRequestSendFail

Number of NHRP Purge Request packets that fail to be sent.

PurgeRequestCorrectRecv

Number of NHRP Purge Request packets that are received successfully.

PurgeRequestErrRecv

Number of NHRP Purge Request packets that fail to be received.

PurgeRequestTransf

Number of NHRP Purge Request packets that are forwarded.

PurgeReplySendSuccess

Number of NHRP Purge Reply packets that are sent successfully.

PurgeReplySendFail

Number of NHRP Purge Reply packets that fail to be sent.

PurgeReplyCorrectRecv

Number of NHRP Purge Reply packets that are received successfully.

PurgeReplyErrRecv

Number of NHRP Purge Reply packets that fail to be received.

PurgeReplyTransf

Number of NHRP Purge Reply packets that are forwarded.

RedirectIndicationSendSuccess

Number of NHRP Redirect Indication packets that are sent successfully.

RedirectIndicationSendFail

Number of NHRP Redirect Indication packets that fail to be sent.

RedirectIndicationCorrectRecv

Number of NHRP Redirect Indication packets that are received successfully.

RedirectIndicationErrRecv

Number of NHRP Redirect Indication packets that fail to be received.

RedirectIndicationTransf

Number of NHRP Redirect Indication packets that are forwarded.

ErrIndicationSendSuccess

Number of NHRP Error Indication packets that are sent successfully.

ErrIndicationSendFail

Number of NHRP Error Indication packets that fail to be sent.

ErrIndicationCorrectRecv

Number of NHRP Error Indication packets that are received successfully.

ErrIndicationErrRecv

Number of NHRP Error Indication packets that fail to be received.

ErrIndicationTransf

Number of NHRP Error Indication packets that are forwarded.

AuthenticationFail

Number of packets that fail to be authenticated.

LoopdetectFail

Number of loopback packets.

Related Topics

nhrp authentication

Function

The nhrp authentication command configures an NHRP authentication string.

The undo nhrp authentication command deletes an NHRP authentication string.

By default, no NHRP authentication string is configured.

Format

nhrp authentication { simple string | cipher cipher-string }

undo nhrp authentication

Parameters

Parameter Description Value
simple

Indicates the plain text password. You can enter a plain text password. When you want to view the configuration file, the password is displayed in plain text mode.

NOTICE:

If simple is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text.

-
string

Specifies the NHRP authentication string.

The value is a string of 1 to 8 case-sensitive characters. The value can contain special characters except the question mark (?) and space.
NOTE:
To improve security, it is recommended that the NHRP authentication string contains at least two types of lowercase letters, uppercase letters, digits, and special characters, and contains at least 6 characters.
cipher

Indicates the cipher text password. You can enter a plain or cipher text password. When you want to view the configuration file, the password is displayed in cipher text mode.

-
cipher-string

Specifies the NHRP authentication string. The value is a string of encrypted or unencrypted characters.

An unencrypted password is a string of 1 to 8 case-sensitive characters, and an encrypted password is a string of 32 case-sensitive characters. The value can contain special characters except the question mark (?) and space.
NOTE:
To improve security, it is recommended that the NHRP authentication string contains at least two types of lowercase letters, uppercase letters, digits, and special characters, and contains at least 6 characters.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

This command configures the NHRP authentication string on a Spoke and the Hub. This command enables the Hub to reject the illegal registration of a Spoke.

Prerequisites

The following operations have been performed:

  1. Run the interface tunnel command to create a tunnel interface and enter the tunnel interface view.
  2. Run the tunnel-protocol gre p2mp command to set the tunnel encapsulation mode to Multipoint GRE (mGRE).

Configuration Impact

After this command is executed on a Spoke and the Hub, the Spoke sends an NHRP Registration Request packet to the Hub, and the Hub decides whether to process this packet based on the NHRP authentication string in the packet. If this NHRP authentication string is different from that configured on the Hub, the Hub does not process this packet. If the two NHRP authentication strings are the same, the Hub processes this packet.

Precautions

If the NHRP authentication string is configured on the Spoke but not on the Hub, the NHRP authentication string cannot be used for authentication.

Example

# Set the NHRP authentication string to huawei@1.
<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/0] nhrp authentication cipher huawei@1

nhrp entry

Function

The nhrp entry command adds static NHRP mapping entries to the local NHRP mapping table.

The undo nhrp entry command deletes static NHRP mapping entries from the local NHRP mapping table.

By default, no static NHRP mapping entry is added to the local NHRP mapping table.

Format

nhrp entry protocol-address { dns-name | nbma-address } [ register ] [ track apn apn-name ]

undo nhrp entry protocol-address { dns-name | nbma-address } [ register ] [ track apn apn-name ]

Parameters

Parameter Description Value
protocol-address

Specifies the tunnel interface address of an NHRP peer device.

-
dns-name

Specifies the domain name of the NHRP peer device.

The value is a string of 1 to 255 case-sensitive characters.
nbma-address

Specifies the NBMA address of the NHRP peer device.

-
register

Configures a Spoke to register with the Hub to generate NHRP mapping entries on the Hub.

-
track apn

Binds NHRP peer information with the APN profile.

-
apn-name

Specifies the APN profile name.

The value is the name of an existing APN profile.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

This command configures mapping between the tunnel interface address of the NHRP peer device (the Hub) and the NBMA address or mapping between the tunnel interface address and the host name.

When the Spoke registers with the Hub, the Hub generates mapping between the tunnel interface address of the Spoke and the NBMA address, so that the Spoke and the Hub communicate with each other through a VPN tunnel.

You can bind NHRP peer information with the APN profile configured on the cellular interface if the source interface of the mGRE tunnel is a cellular interface. The NHRP peer information takes effect when the associated APN profile is in use. This flexibly controls mGRE tunnel setup.

Prerequisites

The following operations have been performed:

  1. Run the interface tunnel command to create a tunnel interface and enter the tunnel interface view.
  2. Run the tunnel-protocol gre p2mp command to set the tunnel encapsulation mode to Multipoint GRE (mGRE).

Configuration Impact

After this command is executed on the Spoke, a local NHRP mapping entry is generated and takes effects regardless of whether the Hub receives Registration Request packets or not. If the Spoke forwards packets based on this entry but the Hub cannot receive the packets, a black hole is generated.

Precautions

The Domain Name Server (DNS) provides static mappings between domain names and IP addresses. When IP addresses change, DNS cannot dynamically update mappings. Therefore, administrators should configure the nhrp peer or shutdown and undo shutdown command to specify the next mGRE interface.

If NHRP peer information is associated with the APN profile, whether the NHRP mapping entry takes effect depends on the APN status. If the APN is valid, the NHRP mapping entry takes effect; otherwise, the configuration is saved but the NHRP mapping entry does not take effect.

Example

# Configure mapping between tunnel interface address 10.10.10.10 and NBMA address 202.1.1.1.
<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/0] nhrp entry 10.10.10.10 202.1.1.1
# Configure mapping between tunnel interface address 10.10.10.10 and domain name www.huawei.com.
<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/0] nhrp entry 10.10.10.10 www.huawei.com

nhrp entry holdtime

Function

The nhrp entry holdtime command sets the aging time of NHRP mapping entries.

The undo nhrp entry holdtime command restores the aging time of NHRP mapping entries to the default value.

By default, the aging time of NHRP mapping entries is 7200 seconds.

Format

nhrp entry holdtime seconds seconds

undo nhrp entry holdtime seconds

Parameters

Parameter

Description

Value

seconds seconds

Specifies the aging time of NHRP mapping entries.

The value is an integer that ranges from 5 to 31845, in seconds.

The default value is 7200 seconds.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

This command sets the aging time. The aging time is notified by the local device to the remote end so that the remote end can learn how long local NHRP mapping entries can be retained. When a network exception occurs, the remote end deletes local NHRP mapping entries based on the configured aging time. After the network recovers, a Spoke registers with the Hub to generate new NHRP mapping entries.

Prerequisites

The following operations have been performed:

  1. Run the interface tunnel command to create a tunnel interface and enter the tunnel interface view.
  2. Run the tunnel-protocol gre p2mp command to set the tunnel encapsulation mode to Multipoint GRE (mGRE).

Configuration Impact

When you run this command to change the aging time of NHRP mapping entries:
  • If the value is too large, the device cannot delete NHRP mapping entries in time.
  • If the value is too small, a smaller interval for sending Registration packets must be configured on the peer device. This results in frequent sending of Registration packets, wasting network resources.

Precautions

The value of the parameter seconds configured by this command must be equal to or larger than the interval configured by the nhrp registration interval command.

Example

# Set the aging time of NHRP mapping entries to 1800 seconds.
<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/0] nhrp entry holdtime seconds 1800

nhrp entry multicast dynamic

Function

The nhrp entry multicast dynamic command enables the central office Hub to add dynamically registered branch Spokes to the NHRP multicast member table.

The undo nhrp entry multicast dynamic command disables the central office Hub to add dynamically registered branch Spokes from the NHRP multicast member table.

By default, no dynamically registered Spoke is added to the NHRP multicast member table.

Format

nhrp entry multicast dynamic

undo nhrp entry multicast dynamic

Parameters

None

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the RIP or OSPF protocol is deployed on the DSVPN network, run the nhrp entry multicast dynamic command to enable the Hub to add dynamically registered Spokes to the multicast member table. This allows Spokes to learn routes from each other. After receiving routing multicast packets sent from Spokes, the Hub copies these routing multicast packets and forwards them to the destination Spoke based on the NHRP multicast member table. This allows routing multicast packets to be exchanged between Spokes.

Prerequisites

The following operations have been performed:

  1. Run the interface tunnel command to create a tunnel interface and enter the tunnel interface view.
  2. Run the tunnel-protocol gre p2mp command to set the tunnel encapsulation mode to Multipoint GRE (mGRE).

Configuration Impact

When a network has multiple Spokes and the Hub learns all the routes to these Spokes, the Hub consumes large CPU resources. In this case, you can configure a Shortcut Scenario of DSVPN and the route summarization function to allow Spokes to directly communicate with each other.

Precautions

NOTE:

Run this command on the Hub in both the shortcut and non-shortcut scenarios.

Example

# Add Tunnel0/0/0 to the NHRP multicast member table.
<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/0] nhrp entry multicast dynamic

nhrp network-id

Function

The nhrp network-id command specifies the NHRP domain for a local mGRE interface.

The undo nhrp network-id command restores the default NHRP domain of the local mGRE interface.

By default, the local mGRE interface belongs to NHRP domain 0.

Format

nhrp network-id number

undo nhrp network-id

Parameters

Parameter

Description

Value

number

Specifies an NHRP domain. This domain takes effects only on the local device.

The value is an integer ranging from 1 to 4294967295.

The default value is 0.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The nhrp network-id command specifies NHRP domains for mGRE interfaces to isolate various mGRE interfaces into different NHRP domains. A VPN tunnel is set up between two devices to forward NHRP packets. The network IDs of the inbound and outbound mGRE interfaces determine whether to set up a tunnel.

Prerequisites

The following operations have been performed:

  1. Run the interface tunnel command to create a tunnel interface and enter the tunnel interface view.
  2. Run the tunnel-protocol gre p2mp command to set the tunnel encapsulation mode to Multipoint GRE (mGRE).

Configuration Impact

If the inbound and outbound interfaces for NHRP packets are both mGRE interfaces, compare the network IDs of the two interfaces. The configuration impact on different types of NHRP packets is as follows:
  • NHRP Registration Request packet and NHRP Registration Reply packet

    The NHRP module does not forward NHRP Registration packets. Therefore, it has no impact on the NHRP registration process.

  • NHRP Resolution Request packet

    If the inbound and outbound mGRE interfaces for the NHRP packets have different network IDs, the NHRP module discards the packet and sends an NHRP Resolution Reply packet to the source peer device.

  • NHRP Resolution Reply packet, Purge Request packet, Purge Reply packet and Redirect packet

    If the inbound and outbound mGRE interfaces for the NHRP packets have different network IDs, the NHRP module discards the packet.

Precautions

After network IDs are changed, the NHRP peer learned by the device is not affected and the existing IPSec tunnel will not be changed.

Example

# Set the network ID of an NHRP domain to 100.
<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/0] nhrp network-id 100

nhrp redirect

Function

The nhrp redirect command enables the NHRP redirect function.

The undo nhrp redirect command disables the NHRP redirect function.

By default, the NHRP redirect function is disabled.

Format

nhrp redirect

undo nhrp redirect

Parameters

None

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In the shortcut scenario, enable the NHRP redirect function on the Hub. The Hub sends NHRP Redirect packets to the source Spoke while forwarding data flows within the NHRP domian. After receiving the NHRP Redirect packets, the source Spoke sends NHRP Resolution Request packets and then establishes a tunnel to communicate with the destination Spoke.

Prerequisites

The following operations have been performed:

  1. Run the interface tunnel command to create a tunnel interface and enter the tunnel interface view.
  2. Run the tunnel-protocol gre p2mp command to set the tunnel encapsulation mode to Multipoint GRE (mGRE).

Configuration Impact

After you run this command on the Hub, it takes effect no matter the NHRP shortcut function is enabled on a Spoke or not. When you disable the NHRP shortcut function on Spoke, the Hub sends an NHRP Redirect packet whenever a data packet is received, this cause the wasting of CPU and network resources. Enabling the NHRP shortcut function on a Spoke solves this problem.

Precautions

To allow two branches to directly communicate by establishing a tunnel, you must also enable the nhrp shortcut function on Spokes.

Example

# Enable the NHRP redirect function on Tunnel0/0/0.
<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/0] nhrp redirect

nhrp registration interval

Function

The nhrp registration interval command sets the interval at which a Spoke registers with the Hub.

The undo nhrp registration interval command restores the interval to the default value.

By default, a Spoke registers with the Hub at an interval of 1800 seconds.

Format

nhrp registration interval seconds

undo nhrp registration interval

Parameters

Parameter

Description

Value

seconds

Specifies the interval at which a Spoke registers with the Hub.

The value is an integer that ranges from 5 to 31845, in seconds.

The default value is 1800 seconds.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the tunnel address and public network address of a Spoke change or the NHRP mapping entry of the Hub ages, the Hub may fail to update the NHRP mapping entry in time. In this case, run the nhrp registration interval command on the Spoke to set the interval at which a Spoke registers with the Hub to a value smaller than the aging time of NHRP mapping entries.

Prerequisites

The following operations have been performed:

  1. Run the interface tunnel command to create a tunnel interface and enter the tunnel interface view.
  2. Run the tunnel-protocol gre p2mp command to set the tunnel encapsulation mode to Multipoint GRE (mGRE).

Configuration Impact

When you run this command to change the interval at which a Spoke registers with the Hub:
  • If the interval is too long, the Spoke fails to immediately inform the Hub of the latest branch information.
  • If the interval is too short, the Spoke frequently registers with the Hub, wasting network resources.

Precautions

The value of the parameter seconds cannot be larger than the aging time of NHRP mapping entries configured by using the nhrp entry holdtime command.

Example

# Configure a Spoke to register with the Hub at an interval of 600 seconds.
<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/0] nhrp registration interval 600

nhrp registration no-unique

Function

The nhrp registration no-unique command configures the device to override conflicting NHRP mapping entries during NHRP registration.

The undo nhrp registration no-unique command restores the device to the default configuration.

By default, the device does not override conflicting NHRP mapping entries during NHRP registration.

Format

nhrp registration no-unique

undo nhrp registration no-unique

Parameters

None

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a Spoke registers with the Hub, the Hub generates NHRP mapping entries of the Spoke. When the public network address of the Spoke changes, it re-registers with the Hub. The Hub saves the latest NHRP mapping entries of the Spoke. In this case, you can run the nhrp registration no-unique command to enable the Hub to override conflicting NHRP mapping entries.

Prerequisites

The following operations have been performed:

  1. Run the interface tunnel command to create a tunnel interface and enter the tunnel interface view.
  2. Run the tunnel-protocol gre p2mp command to set the tunnel encapsulation mode to Multipoint GRE (mGRE).

Configuration Impact

The following situations occur when the Spoke re-registers with the Hub after the public address of the Spoke is changed:
  • If the nhrp registration no-unique command is used on the Spoke, the device overrides existing NHRP mapping entries with new NHRP mapping entries.
  • If the nhrp registration no-unique command is not used on the Spoke, new NHRP mapping entries do not replace existing NHRP mapping entries and are discarded.

Example

# Configure the device to override conflicting NHRP mapping entries during NHRP registration.
<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/0] nhrp registration no-unique

nhrp shortcut

Function

The nhrp shortcut command enables the NHRP shortcut function.

The undo nhrp shortcut command disables the NHRP shortcut function.

By default, the NHRP shortcut function is disabled.

Format

nhrp shortcut

undo nhrp shortcut

Parameters

None

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The Hub sends NHRP Redirect packets to the source Spoke while forwarding data flows within the NHRP domain. Run the nhrp shortcut command on the Spoke to allow it to send NHRP Resolution Request packets to the destination Spoke after it receives NHRP Redirect packets sent from the Hub. A tunnel is directly established between two branches.

Prerequisites

The following operations have been performed:

  1. Run the interface tunnel command to create a tunnel interface and enter the tunnel interface view.
  2. Run the tunnel-protocol gre p2mp command to set the tunnel encapsulation mode to Multipoint GRE (mGRE).

Precautions

The NHRP shortcut function must work with the NHRP redirect function. Therefore, the NHRP redirect function must be enabled on the Hub using the nhrp redirect command.

Example

# Enable the NHRP shortcut function on Tunnel0/0/0.
<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/0] nhrp shortcut

reset nhrp peer maximum-history

Function

The reset nhrp peer maximum-history command clears the history statistics on NHRP peer entries.

Format

reset nhrp peer maximum-history

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

You can run this command to clear the history statistics on NHRP peer entries.

Example

# Clear the history statistics on NHRP peer entries.

<Huawei> reset nhrp peer maximum-history

reset nhrp statistics

Function

The reset nhrp statistics command clears NHRP packet statistics on a specified tunnel interface.

Format

reset nhrp statistics interface tunnel interface-number

Parameters

Parameter

Description

Value

interface tunnel interface-number

Specifies number of an interface.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

This command clears NHRP packet statistics on a specified tunnel interface. This helps you locate DSVPN faults quickly.

Configuration Impact

This command clears NHRP packet statistics on a specified tunnel interface.

Precautions

Statistics cannot be restored after being cleared. Therefore, confirm the action before you run the command.

Example

# Clear NHRP packet statistics on Tunnel0/0/0.

<Huawei>reset nhrp statistics interface tunnel 0/0/0

source

Function

The source command configures the source address or source interface of the tunnel.

The undo source command deletes the configured source address or source interface.

The source address and source interface of a tunnel are not specified by default.

Format

source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number }

undo source

Parameters

Parameter

Description

Value

vpn-instance vpn-instance-name Specifies the name of the VPN instance that the source address of a tunnel belongs to.
NOTE:
You can specify the parameter only when the encapsulation mode of a tunnel interface is set to IPSec or mGRE.
The value is the name of an existing VPN instance.

source-ip-address

Specifies the source address of a tunnel interface. If a tunnel interface works in IPv4-IPv6 mode, specify an IPv6 address as the source address of the tunnel interface.

The IPv4 address is in dotted decimal notation.

The IPv6 address is a 32-digit hexadecimal number, in the format X:X:X:X:X:X:X:X.

interface-type interface-number

Specifies the type and the number of the source interface of the tunnel.

-

Views

Tunnel interface view, Tunnel-Template interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When configuring a tunnel, you must create a tunnel interface. After a tunnel interface is created, run the source command to specify the source IP address for the tunnel interface.

Prerequisites

A tunnel interface has been created using the interface tunnel command, and the encapsulation mode is set to GRE, IPSec, IPv4 over IPv6, or IPv6 over IPv4 of manual mode using the tunnel-protocol command.

Precautions

Two tunnel interfaces with the same encapsulation mode, source address, and destination address cannot be configured simultaneously.

IPv6 over IPv4, IPv4 over IPv6, and GRE tunnels are bidirectional tunnels. The source address of the local tunnel interface is the destination address of the remote tunnel interface by the destination command, and the destination address of the local tunnel interface is the source address of the remote tunnel interface.

Two or more tunnel interfaces that use the same encapsulation protocol cannot be configured with the same source and destination addresses.Two or more GRE tunnel interfaces in a system can have the same source address and same destination address. The system uses GRE keys to identify these GRE tunnel interfaces.When two or more tunnel interfaces on a P2MP tunnel are configured with the same source address, run the gre key command to set the key number of each tunnel interface.

You can also specify VPN instance parameters while specifying the source address for an IPSec tunnel or an mGRE tunnel in IPSec/mGRE over VPN scenarios.

Example

# Set the tunnel type of Tunnel0/0/1 to IPv6 over IPv4 manual tunnel and configure the source IP address of Tunnel0/0/1 as 10.1.1.1.
<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol ipv6-ipv4
[Huawei-Tunnel0/0/1] source 10.1.1.1
# Configure Tunnel0/0/2 of mGRE and use Loopback0 address as the interface address.
<Huawei> system-view
[Huawei] interface loopback 0
[Huawei-LoopBack0] ip address 10.2.1.1 32
[Huawei-LoopBack0] quit
[Huawei] interface tunnel 0/0/2
[Huawei-Tunnel0/0/2] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/2] source loopback 0

tunnel-protocol

Function

The tunnel-protocol command configures the tunnel protocol on a tunnel interface.

The undo tunnel-protocol command restores the tunnel protocol to the default configuration.

By default, no tunnel protocol is used on a tunnel interface.

Format

tunnel-protocol { gre [ p2mp ] | ipsec | ipv6-ipv4 [ 6to4 | auto-tunnel | isatap ] | ipv4-ipv6 | svpn [ p2p | p2mp ] | none }

undo tunnel-protocol

Parameters

Parameter Description Value
gre

Indicates that the GRE tunnel protocol is configured on a tunnel interface.

-
gre p2mp

Indicates that the mGRE tunnel protocol is configured on a tunnel interface. If this parameter is not used, the tunnel protocol configured on a tunnel interface is a traditional point-to-point GRE.

-
ipsec

Indicates that the IPSec tunnel protocol is configured on a tunnel interface.

-
ipv4-ipv6

Indicates that the IPv4 to IPv6 tunnel protocol is configured on a tunnel interface.

-
ipv6-ipv4

Configures the tunnel protocol of the tunnel interface as ipv6-ipv4 and uses a manual IPv6 over IPv4 tunnel.

-
ipv6-ipv4 6to4

Indicates that the IPv6 to IPv4 tunnel protocol is configured on a tunnel interface using 6to4.

-
ipv6-ipv4 auto-tunnel

Configures the tunnel protocol of the tunnel interface as ipv6-ipv4 and uses an automatic IPv6 over IPv4 tunnel.

-
ipv6-ipv4 isatap

Indicates that the IPv6 to IPv4 tunnel protocol is configured on a tunnel interface using isatap.

-
svpn [ p2p | p2mp ]

Indicates that the SVPN tunnel protocol is configured on a tunnel interface.

  • p2p: indicates the P2P SVPN tunnel protocol.
  • p2mp: indicates the P2MP SVPN tunnel protocol.
-
none

Indicates that no tunnel protocol is configured on a tunnel interface.

-

Views

Tunnel interface view, Tunnel-Template interface view

NOTE:

The tunnel template interface view supports the ipsec and none parameters only.

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After creating a tunnel interface using the interface tunnel command, run the tunnel-protocol command to configure the tunnel encapsulation mode for the tunnel interface.

The following tunnel encapsulation modes are available:
  • GRE: encapsulates packets of some network layer protocols such as IP or IPX to enable these encapsulated packets to be transmitted on networks running other protocols such as IP. When the p2mp parameter is specified following gre, you can set the tunnel encapsulation mode to P2MP GRE. The destination address of a P2MP GRE tunnel does not need to be manually configured. Instead, the destination address of this tunnel can either be defined by a protocol (for example, NHRP in a DSVPN scenario) or be dynamically learned.
  • IPSec: protects the security of data transmitted on the Internet by establishing tunnels using the IPSec protocol.
  • IPv4-IPv6: creates tunnels on the IPv6 networks to connect IPv4 isolated sites so that IPv4 isolated sites can access other IPv4 networks through the IPv6 public network.
  • IPv6-IPv4: creates tunnels on the IPv4 networks to connect IPv6 isolated sites so that IPv6 packets can be transmitted on IPv4 networks.
  • SVPN: binds multiple WAN access lines to provide high bandwidth and highly reliable networks for customers.

    • When the SVPN mode is set to Hub-Spoke, specify p2p on the Spoke and p2mp on the hub when configuring a tunnel protocol.
    • When the SVPN mode is set to Lone Ranger, you must not specify p2p or p2mp.

Precautions

  • The none mode indicates the initial configuration, that is, no tunnel encapsulation mode is configured. In practice, you must select another tunnel encapsulation mode.
  • You must configure the tunnel encapsulation mode before setting the source IP address or other parameters for a tunnel interface. Changing the encapsulation mode of a tunnel interface deletes other parameters of the tunnel interface. When an SVPN proposal is bound to a tunnel interface, you cannot modify the tunnel encapsulation mode.

Example

# Set the tunnel encapsulation mode of Tunnel0/0/2 to mGRE.
<Huawei> system-view
[Huawei] interface tunnel 0/0/2
[Huawei-Tunnel0/0/2] tunnel-protocol gre p2mp
# Set the tunnel encapsulation mode of Tunnel0/0/2 to GRE.
<Huawei> system-view
[Huawei] interface tunnel 0/0/2
[Huawei-Tunnel0/0/2] tunnel-protocol gre
Related Topics

undo nhrp peer

Function

The undo nhrp peer command deletes dynamically negotiated NHRP mapping entries.

Format

undo nhrp peer [ protocol-address [ mask ] ]

Parameters

Parameter Description Value
protocol-address [ mask ]

Specifies the network layer protocol address and mask.

-

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

This command deletes dynamically negotiated NHRP mapping entries before the entries age out. This prevents the existing NHRP mapping entries from affecting the diagnosis result.

Configuration Impact

Dynamically negotiated NHRP mapping entries are deleted from the local device and no entry will be generated before the peer device registers with the local device.

Precautions

  • Deleting dynamically negotiated NHRP mapping entries may result in communication interruption.

  • Run this command only on the mGRE interface.

Example

# Delete an NHRP mapping entry with an IP address 10.10.10.10 and a 24-bit mask.
<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/0] undo nhrp peer 10.10.10.10 24
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 89791

Downloads: 122

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next