No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Basic IPv6 Configuration Commands

Basic IPv6 Configuration Commands

NOTE:

Among the AR510 series routers, AR502G-L-D-H, AR502GR-L-D-H do not support IPv6 function.

The AR510 series routers do not support IPv6 function.

control-packet-ipv6 output car bypass

Function

The control-packet-ipv6 output car bypass command configures the IPv6 control packets generated by the device not to support traffic policing function.

The undo control-packet-ipv6 output car bypass command configures the IPv6 control packets generated by the device to support traffic policing function.

By default, IPv6 control packets generated by the device do not support traffic policing function.

Format

control-packet-ipv6 { bgp4plus | icmpv6 | dns6 | snmp | ssh | telnet | udp } * output car bypass

control-packet-ipv6 all output car bypass

undo control-packet-ipv6 { bgp4plus | icmpv6 | dns6 | snmp | ssh | telnet | udp } * output car bypass

undo control-packet-ipv6 all output car bypass

Parameters

Parameter Description Value
bgp4plus Indicates BGP4+ control packets. -
icmpv6 Indicates ICMPv6 control packets. -
dns6 Indicates IPv6 DNS control packets. -
snmp Indicates IPv6 SNMP control packets. -
ssh Indicates IPv6 SSH control packets. -
telnet Indicates IPv6 TELNET control packets. -
udp Indicates IPv6 UDP control packets. -
all Indicates all IPv6 control packets. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the enhanced forwarding function is enabled for IPv6 control packets generated by the device, you can run the undo control-packet-ipv6 output car bypass command to configures IPv6 control packets generated by the device to support traffic policing function to apply QoS policies to different control packets.

Follow-up Procedures

After IPv6 control packets generated by the device are configured to support traffic policing function, configure QoS policies to process different control packets. For details about traffic policing configuration, see Configuring Traffic Policing in Huawei AR Series IOT Gateway Configuration Guide-QoS.

Precautions

  • Before configuring IPv6 control packets generated by the device to support traffic policing function, enable the enhanced forwarding function for IPv6 control packets generated by the device (using the ipv6 soft-forward enhance enable command). After IPv6 control packets generated by the device are configured to support traffic policing function, control packets may be discarded, affecting user services.

  • When bgp4plus, dns6, icmpv6, snmp, ssh, telnet, UDP are specified in the undo control-packet-ipv6 car bypass commands, the device generates a configuration file of the undo control-packet-ipv6 all output car bypass command. If the control-packet-ipv6 output car bypass command is then executed to configure a specified type of IPv6 control packets generated by the device not to support traffic policing function, the device does not generate the configuration file of the undo control-packet-ipv6 all output car bypass command but generates the configuration files of the control packets that are configured to support traffic policing function. For example, if BGP4+ packets, IPv6 DNS packets, ICMPv6 packets, IPv6 SNMP packets, IPv6 SSH packets, IPv6 UDP packets generated by the device are configured not to support traffic policing function, the device generates the configuration files of the undo control-packet-ipv6 telnet output car bypass commands.

Example

# Configure BGP4+ packets generated by the device to support traffic policing function.

<Huawei> system-view
[Huawei] undo control-packet-ipv6 bgp4plus output car bypass

control-packet-ipv6 output filter bypass

Function

The control-packet-ipv6 output filter bypass command configures the device not to discard generated IPv6 control packets when the traffic policy and ACL-based simplified traffic policy contain the deny action.

The undo control-packet-ipv6 output filter bypass command configures the device to discard generated IPv6 control packets when the traffic policy and ACL-based simplified traffic policy contain the deny action.

By default, the device does not discard generated IPv6 control packets when the traffic policy and ACL-based simplified traffic policy contain the deny action.

Format

control-packet-ipv6 { bgp4plus | icmpv6 | dns6 | snmp | ssh | telnet | udp } * output filter bypass

control-packet-ipv6 all output filter bypass

undo control-packet-ipv6 { bgp4plus | icmpv6 | dns6 | snmp | ssh | telnet | udp } * output filter bypass

undo control-packet-ipv6 all output filter bypass

Parameters

Parameter Description Value
bgp4plus Indicates BGP4+ control packets. -
dns6 Indicates IPv6 DNS control packets. -
icmpv6 Indicates ICMPv6 control packets. -
snmp Indicates IPv6 SNMP control packets. -
ssh Indicates IPv6 SSH control packets. -
telnet Indicates IPv6 TELNET control packets. -
udp Indicates IPv6 UDP control packets. -
all Indicates all IPv6 control packets. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the enhanced forwarding function is enabled for IPv6 control packets generated by the device, the device does not discard the control packets when the traffic policy and ACL-based simplified traffic policy contain the deny action. After the undo control-packet-ipv6 output filter bypass command is executed, the device is configured to discard generated IPv6 control packets when the traffic policy and ACL-based simplified traffic policy contain the deny action and apply QoS policy to the control packets to meet different service requirements.

Follow-up Procedures

The packet filter action in the traffic policy or ACL-based simplified traffic policy has been set to deny.

Precautions

  • Before configuring the device to discard generated IPv6 control packets when the traffic policy and ACL-based simplified traffic policy contain the deny action, enable the enhanced forwarding function for IPv6 control packets generated by the device (using the ipv6 soft-forward enhance enable command). After the device is configured to discard generated IPv6 control packets when the traffic policy and ACL-based simplified traffic policy contain the deny action, user services may be affected.

  • When bgp4plus, dns6, icmpv6, snmp, ssh, , UDP and telnet are specified in the undo control-packet-ipv6 output filter bypass commands, the device generates a configuration file of the undo control-packet-ipv6 all output filter bypass command. If the control-packet-ipv6 output filter bypass command is then executed to configure the device not to discard a specified type of control packets, the device does not generate the configuration file of the undo control-packet-ipv6 all output filter bypass command but generates the configuration files of the control packets that the device is configured to discard. For example, if the device is configured not to discard BGP4+ packets, IPv6 DNS packets, ICMPv6 packets, IPv6 SNMP packets, , IPv6 UDP packets and IPv6 SSH packets, the device generates the configuration files of the undo control-packet-ipv6 telnet output filter bypass commands.

Example

# Configure the device to discard generated BGP4+ packets when the traffic policy and ACL-based simplified traffic policy contain the deny action.

<Huawei> system-view
[Huawei] undo control-packet-ipv6 bgp4plus output filter bypass

control-packet-ipv6 output queue bypass

Function

The control-packet-ipv6 output queue bypass command configures the IPv6 control packets generated by the device not to support QoS queue functions (such as traffic shaping, congestion management, and congestion avoidance).

The undo control-packet-ipv6 output queue bypass command configures the IPv6 control packets generated by the device to support QoS queue functions (such as traffic shaping, congestion management, and congestion avoidance).

By default, IPv6 control packets generated by the device do not support QoS queue functions.

Format

control-packet-ipv6 { bgp4plus | icmpv6 | dns6 | snmp | ssh | telnet | udp } * output queue bypass

control-packet-ipv6 all output queue bypass

undo control-packet-ipv6 { bgp4plus | icmpv6 | dns6 | snmp | ssh | telnet | udp } * output queue bypass

undo control-packet-ipv6 all output queue bypass

Parameters

Parameter Description Value
bgp4plus Indicates BGP4+ control packets. -
icmpv6 Indicates ICMPv6 control packets. -
dns6 Indicates IPv6 DNS control packets. -
snmp Indicates IPv6 SNMP control packets. -
ssh Indicates IPv6 SSH control packets. -
telnet Indicates IPv6 TELNET control packets. -
udp Indicates IPv6 UDP control packets. -
all Indicates all IPv6 control packets. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the enhanced forwarding function is enabled for IPv6 control packets generated by the device, you can run the undo control-packet-ipv6 output queue bypass command to configures IPv6 control packets generated by the device to support QoS queue functions (such as traffic shaping, congestion management, and congestion avoidance) to apply QoS policies to different control packets.

Follow-up Procedures

After IPv6 control packets generated by the device are configured to support QoS queue functions, configure QoS policies to process different control packets.

Precautions

  • Before configuring IPv6 control packets generated by the device to support QoS queue functions, enable the enhanced forwarding function for IPv6 control packets generated by the device (using the ipv6 soft-forward enhance enable command). After IPv6 control packets generated by the device are configured to support QoS queue functions, control packets may be discarded, affecting user services.

  • When bgp4plus, dns6, icmpv6, snmp, ssh, , UDP and telnet are specified in the undo control-packet-ipv6 output queue bypass commands, the device generates a configuration file of the undo control-packet-ipv6 all output queue bypass command. If the control-packet-ipv6 output queue bypass command is then executed to configure a specified type of control packets generated by the device not to support QoS queue functions, the device does not generate the configuration file of the undo control-packet-ipv6 all output queue bypass command but generates the configuration files of the control packets that are configured to support QoS queue functions. For example, if BGP4+ packets, IPv6 DNS packets, ICMPv6 packets, IPv6 SNMP packets, , IPv6 UDP packets and IPv6 SSH packets generated by the device are configured not to support QoS queue functions, the device generates the configuration files of the undo control-packet-ipv6 telnet output queue bypass commands.

Example

# Configure BGP4+ packets generated by the device to support QoS queue functions.

<Huawei> system-view
[Huawei] undo control-packet-ipv6 bgp4plus output queue bypass

display default-parameter tcp6

Function

The display default-parameter tcp6 command displays the default values of all configurable parameters on the TCP6 module.

Format

display default-parameter tcp6

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display the default values of all configurable parameters on the TCP6 module.

<Huawei> display default-parameter tcp6
---------------------------------
  SYN Timeout Value(sec) : 75
  FIN Timeout Value(sec) : 600
  Window Size(KBytes)    : 8
---------------------------------
Table 7-77  Description of the display default-parameter tcp6 command output

Item

Description

SYN Timeout Value(sec)

TCP SYN-WAIT timer value.

To configure this parameter, run the tcp ipv6 timer syn-timeout command.

FIN Timeout Value(sec)

TCP FIN-WAIT timer value.

To configure this parameter, run the tcp ipv6 timer fin-timeout command.

Window Size(KBytes)

TCP6 slide window size.

To configure this parameter, run the tcp ipv6 window command.

display icmpv6 statistics

Function

The display icmpv6 statistics command displays ICMPv6 traffic statistics.

Format

display icmpv6 statistics [ interface interface-type interface-number ]

Parameters

Parameter Description Value
interface interface-type interface-number Displays ICMPv6 traffic statistics on a specified interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

If no interface is specified, ICMPv6 traffic statistics on all interfaces are displayed.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display icmpv6 statistics command to view ICMPv6 packet statistics, including statistics about received and sent ICMPv6 error packets and statistics about four types of ICMPv6 packets (RS, RA, NS, and NA packets) used in the neighbor discovery mechanism.

When you ping an IPv6 address from a device, run the display icmpv6 statistics command on the device to check whether the total number of sent and received packets is correct.

Precautions

The total number of packets received by the device includes the number of packets forwarded, number of packets delivered to upper-layer network devices, and number of packets discarded.

Example

# Display ICMPv6 traffic statistics on the device.

<Huawei> display icmpv6 statistics
ICMPv6 protocol:
  Sent packets:
    Total              : 0
    Unreached          : 0              Prohibited         : 0
    Hop count exceeded : 0              Parameter problem  : 0
    Too big            : 0              Echoed             : 0
    Echo replied       : 0              Router solicit     : 0
    Router advert      : 0              Neighbor solicit   : 2
    Neighbor advert    : 0              Redirected         : 0
    Rate limited       : 0                             
  Received packets:
    Total              : 0              Format error       : 0
    Checksum error     : 0              Too short          : 0
    Bad code           : 0              Bad length         : 0
    Unknown info type  : 0              Unknown error type : 0 
    Unreached          : 0              Prohibited         : 0
    Hop count exceeded : 0              Parameter problem  : 0
    Too big            : 0              Echoed             : 0 
    Echo replied       : 0              Router solicit     : 0
    Router advert      : 0              Neighbor solicit   : 0
    Neighbor advert    : 0              Redirected         : 0
    Rate limited       : 0
Table 7-78  Description of the display icmpv6 statistics command output
Item Description

ICMPv6 protocol

ICMPv6 packet statistics.

Sent packets

Statistics about sent ICMPv6 packets.

Total

Total number of sent packets.

Unreached

Total number of sent ICMPv6 Destination Unreachable packets.

Prohibited

Total number of sent ICMPv6 Administratively Prohibited Unreachable packets.

Hop count exceeded

Total number of sent ICMPv6 packets whose hops exceed the limit.

Parameter problem

Total number of sent ICMPv6 Parameter Problem packets.

Too big

Total number of sent ICMPv6 Packet Too Big packets.

Echoed

Total number of sent ICMPv6 Echo Request packets.

Echo replied

Total number of sent ICMPv6 Echo Reply packets.

Router solicit

Total number of sent Router Solicitation (RS) packets.

Router advert

Total number of sent Router Advertisement (RA) packets.

Neighbor solicit

Total number of sent Neighbor Solicitation (NS) packets.

Neighbor advert

Total number of sent Neighbor Advertisement (NA) packets.

Redirected

Total number of sent ICMPv6 Redirect packets.

Rate limited

Total number of ICMPv6 packets that fail to be sent because of the rate limit.

Received packets

Statistics about received ICMPv6 packets.

Total

Total number of received packets.

Format error

Total number of received ICMPv6 packets with format errors.

Checksum error

Total number of received ICMPv6 packets with checksum errors.

Too short

Total number of received ICMPv6 packets that are too short.

Bad code

Total number of received ICMPv6 packets with code errors.

Bad length

Total number of received ICMPv6 packets with packet length errors.

Unknown info type

Total number of received ICMPv6 packets with an unknown information type.

Unknown error type

Total number of received ICMPv6 packets with an unknown error type.

Unreached

Total number of received ICMPv6 Destination Unreachable packets.

Prohibited

Total number of received ICMPv6 Administratively Prohibited Unreachable packets.

Hop count exceeded

Total number of received ICMPv6 packets whose hops exceed the limit.

Parameter problem

Total number of received ICMPv6 Parameter Problem packets.

Too big

Total number of received ICMPv6 packets that are oversized.

Echoed

Total number of received ICMPv6 Echo Request packets.

Echo replied

Total number of received ICMPv6 Echo Reply packets.

Router solicit

Total number of received RS packets.

Router advert

Total number of received RA packets.

Neighbor solicit

Total number of received NS packets.

Neighbor advert

Total number of received NA packets.

Redirected

Total number of received ICMPv6 Redirect packets.

Rate limited

Total number of ICMPv6 packets that fail to be received because of the rate limit.

display ipv6 address-policy

Function

The display ipv6 address-policy command displays address selection policy entries.

Format

display ipv6 address-policy [ vpn-instance vpn-instance-name ] { all | ipv6-address prefix-length }

Parameters

Parameter Description Value
vpn-instance vpn-instance-name Displays address selection policy entries of a specified VPN instance. The value must be an existing VPN instance.
all Displays all address selection policy entries. -
ipv6-address Specifies an IPv6 address prefix. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
prefix-length Specifies the prefix length of an IPv6 address. The value is an integer that ranges from 0 to 128.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

When using this command, pay attention to the following points:

  • If the all parameter is specified, all address selection policy entries including the default ones are displayed.

  • If the ipv6-address prefix-length parameter is specified, address selection policy entries of the specific prefix are displayed.

Precautions

If no address selection policy entry is configured, this command displays only the default address selection policy entries. These entries are prefixed with ::1, ::, 2002::, FC00::, and ::FFFF:0.0.0.0.

Example

# Display address selection policy entries of VPN instance R1_VPN6.

<Huawei> display ipv6 address-policy vpn-instance R1_VPN6 all
Policy Table :
             Total:5
-------------------------------------------------------------------------------
Prefix     : ::                                      PrefixLength  : 0
Precedence : 40                                      Label         : 1
Default    : Yes

Prefix     : ::1                                     PrefixLength  : 128
Precedence : 50                                      Label         : 0
Default    : Yes

Prefix     : ::FFFF:0.0.0.0                          PrefixLength  : 96
Precedence : 10                                      Label         : 4
Default    : Yes

Prefix     : 2002::                                  PrefixLength  : 16
Precedence : 30                                      Label         : 2
Default    : Yes

Prefix     : FC00::                                  PrefixLength  : 7
Precedence : 20                                      Label         : 3
Default    : Yes
-------------------------------------------------------------------------------
Table 7-79  Description of the display ipv6 address-policy command output

Item

Description

Policy Table

Address selection policy entries.

Total

Number of address selection policy entries.

Prefix

IPv6 address prefix.

PrefixLength

Length of the IPv6 address prefix.

Precedence

Priority of an IPv6 address when the address is the destination address.

Label

Priority of an IPv6 address when the address is the source address.

Default

Whether an address selection policy entry is the default policy entry:

  • Yes: The policy entry is the default policy entry.
  • No: The policy entry is not the default policy entry.
Related Topics

display ipv6 attack-source overlapping-fragment

Function

The display ipv6 attack-source overlapping-fragment displays source information about overlapping fragment attacks.

Format

display ipv6 attack-source overlapping-fragment

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

When suffering from overlapping fragment attacks, you can use this command to view source information about attack packets. Source information includes the source and destination IP addresses of the packets, interface receiving the packets, source VLAN, source CE VLAN, and VPN to which the packets belongs. You can take proper actions on the attack source.

Example

# Display source information about overlapping fragment attacks.
<Huawei> display ipv6 attack-source overlapping-fragment
Attack-source overlapping fragment table:

-----------------------------------------------------------------------------
  Source IP           : FC00::1
  Destination IP      : FC00::2
  Interface name      : Eth0/0/0
  VPN name            :
  VLAN                : 0                                CEVLAN: 0
  Attacked time       : 2011-09-29 01:01:28
-----------------------------------------------------------------------------

Total: 1

Table 7-80  Description of the display ipv6 attack-source overlapping-fragment command output

Item

Description

Source IP

Source IPv6 address of an overlapping fragment attack packet.

Destination IP

Destination IPv6 address of the overlapping fragment attack packet.

Interface name

Interface that receives the overlapping fragment attack packet.

VPN name

Name of the VPN to which the overlapping fragment attack packet belongs.

VLAN

VLAN to which the overlapping fragment attack packet belongs.

CEVLAN

CE VLAN to which the overlapping fragment attack packet belongs.

Attacked time

Duration of the overlapping fragment attack.

Total

Number of pieces of source information about overlapping fragment attacks.

display ipv6 fast-forwarding table clear

Function

The display ipv6 fast-forwarding table clear command clears the IPv6 fast forwarding tables generated on the device.

Format

display ipv6 fast-forwarding table clear

Parameters

None

Views

All views

Default Level

2: Configuration level

Usage Guidelines

When the device needs to regenerate IPv6 fast forwarding tables, you can run the display ipv6 fast-forwarding table clear command to clear the original IPv6 fast forwarding tables generated on the device. This command is not recommended in normal cases.

Example

# Clear the IPv6 fast forwarding tables generated on the device.

<Huawei> display ipv6 fast-forwarding table clear

display ipv6 fast-forwarding table number

Function

The display ipv6 fast-forwarding table number command displays the number of IPv6 fast forwarding tables generated on the device.

Format

display ipv6 fast-forwarding table number

Parameters

None

Views

All views

Default Level

2: Configuration level

Usage Guidelines

After fast forwarding is enabled on interfaces using the ip fast-forwarding enable command, you can run the display ipv6 fast-forwarding table number command to check the number of IPv6 fast forwarding tables generated on the device.

Example

# Display the number of IPv6 fast forwarding tables generated on the device.

<Huawei> display ipv6 fast-forwarding table number
Ipv6 FastForward Table(The latest used 100 tables to show) 
SIP             DIP             SPort DPort Pro Dscp VpnId Linkinfo
FC00::1         2::2            0     0     0   0    0     010000
Ipv6 FastForward Table : 1
Table 7-81  Description of the display ipv6 fast-forwarding table number command output

Item

Description

SIP

Source IPv6 address.

DIP

Destination IPv6 address.

SPort

Source port number.

DPort

Destination port number.

Pro

Priority.

Dscp

DSCP.

VpnId

VPN index.

Linkinfo

Linkinfo address.

Ipv6 FastForward Table

Number of IPv6 fast forwarding tables generated on the device.

display ipv6 interface

Function

The display ipv6 interface command displays IPv6 information on an interface.

Format

display ipv6 interface [ interface-type interface-number | brief ]

Parameters

Parameter Description Value
interface-type interface-number Displays IPv6 information on a specified interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

If no interface is specified, IPv6 information on all interfaces configured with IPv6 addresses is displayed.

-
brief Displays brief information about the interface. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Before running this command, ensure that the interface is configured with an IPv6 address. If no IPv6 address is assigned to the interface, no interface information is displayed.

Example

# Display IPv6 information on GE0/0/1.

<Huawei> display ipv6 interface gigabitethernet 0/0/1
GigabitEthernet0/0/1 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::200:1FF:FE04:5D00 
  Global unicast address(es):
    FC00::1, subnet is FC00::/64 
  Joined group address(es):
    FF02::1:FF00:1
    FF02::1:FF04:5D00
    FF02::2
    FF02::1
  MTU is 1500 bytes
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  ND retransmit interval is 1000 milliseconds
  ND stale time is 1200 seconds 
  Hosts use stateless autoconfig for addresses
Table 7-82  Description of the display ipv6 interface command output

Item

Description

link-local address

Link-local address configured on the interface.

To configure a link-local address for an interface, run the ipv6 address link-local command.

Global unicast address(es)

Global unicast address configured on the interface.

To configure a global unicast address for an interface, run the ipv6 address command.

Joined group address(es)

Addresses of all multicast groups that the interface joins.

MTU

MTU of the interface.

ND DAD is enabled

NS packets are sent when the system performs Duplicate Address Detection (DAD).

number of DAD attempts

Number of times duplicate address detection is performed.

ND reachable time

Neighbor reachable time.

ND retransmit interval

Retransmission interval.

Hosts use stateless autoconfig for addresses

Hosts obtain IPv6 addresses using stateless autoconfiguration.

ND stale time

Time period for the neighbor to keep the STALE state.

Related Topics

display ipv6 interface tunnel

Function

The display ipv6 interface tunnel command displays IPv6 information on a tunnel interface.

Format

display ipv6 interface tunnel interface-number

Parameters

Parameter Description Value
interface-number Displays the tunnel interface number. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display IPv6 information on Tunnel0/0/1.

<Huawei> display ipv6 interface tunnel 0/0/1
Tunnel0/0/1 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::201:102 [TENTATIVE]
  Global unicast address(es):
    ::2.1.1.2, subnet is ::/96 [TENTATIVE]
  Joined group address(es):
    FF02::1:FF01:102
    FF02::2
    FF02::1
  MTU is 1500 bytes
  ND reachable time is 30000 milliseconds
  ND retransmit interval is 1000 milliseconds
  Hosts use stateless autoconfig for addresses
Table 7-83  Description of the display ipv6 interface tunnel command output

Item

Description

Tunnel0/0/1 current state

Current status of the tunnel interface:
  • UP: enabled

  • DOWN: disabled

When working properly, an IPv6 over IPv4 tunnel is in Up state.

IPv6 protocol current state

Current status of the link layer protocol:
  • UP: enabled

  • DOWN: disabled

When working properly, an IPv6 over IPv4 tunnel is in Up state.

IPv6 is enabled

IPv6 is enabled.

link-local address

Link-local address.

To configure a link-local address, run the ipv6 address link-local command.

Global unicast address(es)

IPv6 global unicast address.

To configure an IPv6 global unicast address, run the ipv6 address command.

Joined group address(es)

Addresses of multicast groups that the interface joins.

MTU

MTU of the interface.

ND reachable time

Interval for ND unreachability detection.

ND retransmit interval

Interval for retransmitting ND packets.

Hosts use stateless autoconfig for addresses

Hosts obtain IPv6 addresses through stateless address autoconfiguration.

display ipv6 neighbors

Function

The display ipv6 neighbors command displays information about neighbor entries.

Format

display ipv6 neighbors [ ipv6-address | [ vid vid ] interface-type interface-number | vpn-instance vpn-instance-name ]

display ipv6 neighbors interface-type interface-number [ vid vid [ cevid cevid ] ]

Parameters

Parameter Description Value
ipv6-address Displays neighbor entries of a specified IPv6 address. The value is a 32-digit hexadecimal number, in the format X:X:X:X:X:X:X:X.
vid vid Displays neighbor entries of a specified VLAN. The value is an integer that ranges from 1 to 4094.
interface-type interface-number Displays neighbor entries on a specified interface. -
vpn-instance vpn-instance-name

Displays neighbor entries of a specified VPN instance.

The value must be an existing VPN instance.
cevid cevid Specifies the inner VLAN ID. The value is an integer that ranges from 1 to 4094.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The display ipv6 neighbors command displays information about dynamic and static ND entries. The information helps you:

  • Check whether the local routing device has learned MAC addresses from neighbors.
  • Check the neighbor status of the local routing device, including neighbor unreachable, neighbor reachable, or unknown.

You can run one of the following commands as required:

  • To view neighbor entries based on the neighbor IPv6 address, run the display ipv6 neighbors [ ipv6-address ] command.

  • To view neighbor entries based on the neighbor interface number, run the display ipv6 neighbors interface-type interface-number command.

    To view neighbor entries on a VLANIF interface, run the display ipv6 neighbors [ [ vid vlan-id ] interface-type interface-number ] command or the display ipv6 neighbors [ interface-type interface-number [ vid vid ] ] command.

  • To view neighbor entries on a QinQ or Dot1q termination sub-interface, run the display ipv6 neighbors [ interface-type interface-number [ vid vid [ cevid cevid ] ] ] command.

If no parameter is specified, the display ipv6 neighbors command displays all neighbor entries.

Example

# Display neighbor entries on GE1/0/0.

<Huawei> display ipv6 neighbors gigabitethernet 0/0/1
-----------------------------------------------------------------------------
IPv6 Address : FC00::1
Link-layer   : 0000-1201-0102           State : REACH 
Interface    : GE5/0/3                  Age   : 0
VLAN         : -                        CEVLAN: -                     
VPN name     :                          Is Router: FALSE
Secure FLAG  : UN-SECURE 

IPv6 Address : FE80::82FB:6FF:FE35:45B6                                         
Link-layer   : 80fb-0635-45b6                     State : STALE                 
Interface    : GE0/0/2                            Age   : 53                    
VLAN         : -                                  CEVLAN: -                     
VPN name     :                                    Is Router: TRUE               
Secure FLAG  : UN-SECURE 
-----------------------------------------------------------------------------
Total: 2        Dynamic: 2        Static: 0

# Display neighbor entries of IPv6 address FC00::2.

<Huawei> display ipv6 neighbors fc00::2
-----------------------------------------------------------------------------
IPv6 Address : FC00::2
Link-layer   : 00e0-fc89-fe6e           State : STALE
Interface    : GE1/0/0                  Age   : 7
VLAN         : -                        CEVLAN: -                     
VPN name     :                          Is Router: FALSE  
Secure FLAG  : UN-SECURE 
-----------------------------------------------------------------------------
Total: 1        Dynamic: 1          Static: 0

# Display neighbor entries of IPv6 VPN instance vpnA.

<Huawei> display ipv6 neighbors vpn-instance vpnA
-----------------------------------------------------------------------------
IPv6 Address : FE80::2E0:FCFF:FE8C:417D
Link-layer   : 00e0-fc8c-417d           State : STALE
Interface    : Eth4/2/0                 Age   : #
VLAN         : -                        CEVLAN: -                     
VPN name     : vpnA                     Is Router: FALSE  
Secure FLAG  : UN-SECURE 

IPv6 Address : FE80::2E0:FCFF:FE95:DD66  
Link-layer   : 00e0-fc95-dd66           State : STALE
Interface    : Eth4/2/0                 Age   : #
VLAN         : -                        CEVLAN: -                     
VPN name     : vpnA                     Is Router: FALSE  
-----------------------------------------------------------------------------
Total: 2        Dynamic: 2         Static: 0
Table 7-84  Description of the display ipv6 neighbors command output

Item

Description

IPv6 Address

IPv6 address of a neighbor.

Link-layer

Link layer address (MAC address) of a neighbor.

State

Status of a neighbor entry:
  • INCMP: indicates that the neighbor is unreachable. When the address is being resolved, the link layer address of the neighbor is not detected. If resolution succeeds, the neighbor entry is in REACH state.
  • REACH: indicates that the neighbor is reachable within a specified period. By default, the period is 30s. If the period expires and this entry is unused, the entry enters the Stale state.

  • STALE: indicates that whether the neighbor is reachable is unknown. That is, the entry is unused within a specified period. By default, the period is 30s. In this case, reachability of the neighbor is not detected unless a packet is sent to the neighbor.

  • DELAY: indicates that whether the neighbor is reachable is unknown. A device has sent a packet to a neighbor. If the device does not receive any response from the neighbor within the specified period, the neighbor entry is in PROBE state.
  • PROBE: indicates that whether the neighbor is reachable is unknown. A device has sent a packet to a neighbor to detect whether the neighbor is reachable. If the device receives a response from the neighbor within a specified period, the neighbor entry is in REACH state. Otherwise, the neighbor entry is in INCMP state.

Interface

Name of the interface to which the neighbor entry belongs.

Age

Aging time of the neighbor entry:
  • The aging time of static entries is displayed as "-".
  • The aging time of dynamic entries is the time elapsed since the neighbor becomes reachable, in minutes. If the neighbor is always unreachable, "#" is displayed (only for dynamic entries).

VLAN

ID of the VLAN to which the neighbor belongs.

VPN name

Name of a VPN instance to which the neighbor belongs.

CEVLAN

Inner VLAN ID.

Is Router

Whether an NA packet carries the R flag:
  • If the NA packet carries the R flag, "TRUE" is displayed.

    In this case, the neighbor is a routing device.

  • If the NA packet carries no R flag, "FALSE" is displayed.

    In this case, the neighbor may be a PC or a routing device that sends an NA packet carrying no R flag.

Secure FLAG

Whether the neighbor entry is secure:
  • If the neighbor entry is static or the neighbor has the neighbor security function enabled, "SECURE" is displayed.
  • If the neighbor entry is dynamic and the neighbor has no neighbor security function enabled, "UN-SECURE" is displayed.

Total

Total number of neighbor entries.

Dynamic

Number of dynamic neighbor entries.

Static

Number of static neighbor entries.

Related Topics

display ipv6 pathmtu

Function

The display ipv6 pathmtu command displays information about PMTU entries.

Format

display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-address | all | dynamic | static }

Parameters

Parameter Description Value
vpn-instance vpn-instance-name Displays PMTU entries of a specified IPv6 VPN instance. The value must be an existing VPN instance.
ipv6-address Displays PMTU entries of a specified IPv6 address. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
all Displays all PMTU entries. -
dynamic Displays all dynamic PMTU entries. -
static Displays all static PMTU entries. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The path MTU (PMTU) discovery mechanism determines the maximum size of packets that can be transmitted on a path.

The display ipv6 pathmtu command displays information about dynamic and static PMTU entries. The device then fragments packets into a size smaller than the PMTU and forwards the fragmented packets.

Precautions

If no PMTU is set using the ipv6 pathmtu command, no static PMTU entry is displayed after the display ipv6 pathmtu command is run.

Example

# Display all PMTU entries.

<Huawei> display ipv6 pathmtu all
IPv6 Destination Address                 ZoneID  PathMTU  LifeTime(M)  Type  
FC00::1                                  0       1500     -            Static
-----------------------------------------------------------------------------
Total: 1        Dynamic: 0      Static: 1

# Display PMTU entries of VPN instance vpn1.

<Huawei> display ipv6 pathmtu vpn-instance vpn1 all
IPv6 Destination Address                 ZoneID  PathMTU  LifeTime(M)  Type  
FC00::1                                  1       1600     -            Static
-----------------------------------------------------------------------------
Total: 1        Dynamic: 0      Static: 1
Table 7-85  Description of the display ipv6 pathmtu command output

Item

Description

Total

Total number of PMTU entries.

Dynamic

Total number of dynamic PMTU entries.

Static

Total number of static PMTU entries.

IPv6 Destination Address

Destination IPv6 address.

ZoneID

Zone ID.

PathMTU

PMTU of an IPv6 address.

LifeTime(M)

Remaining lifetime of dynamic PMTU entries, in minutes. This field displays "-" for static entries.

Type

Type of the PMTU entry:

  • Dynamic: dynamic entries
  • Static: static entries

display ipv6 socket

Function

The display ipv6 socket command displays information about IPv6 sockets.

If no parameter is specified, this command displays information about all types of sockets.

Format

display ipv6 [ ha ] socket [ socktype socket-type | task-id task-id socket-id socket-id ]

Parameters

Parameter Description Value
ha Displays IPv6 socket information on the slave main control board. -
socktype socket-type Specifies the type of a socket. The value can be:
  • 1: indicates SOCK_STREAM, corresponding to the TCP-based socket.
  • 2: indicates SOCK_DGRAM, corresponding to the UDP-based socket.
  • 3: indicates SOCK_RAW, corresponding to the RawIP-based socket.
The value is an integer that ranges from 1 to 3.
socket-id socket-id Specifies the socket ID. The value is an integer that ranges from 1 to 131072.
task-id task-id Specifies the task ID. The value is an integer that ranges from 1 to 350.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To locate a fault, you can use this command to view detailed information about sockets of all types or a specified type.

Precautions

If there is no socket information, no information is displayed.

Example

# Display information about a socket with a specified socket type, socket ID, and task ID.

<Huawei> display ipv6 socket
SOCK_STREAM:
Task = VTYD (14), socketid = 4, Proto = 6,
LA = ::->22, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC
SOCK_DGRAM:
Task = VTYD (14), socketid = 3, Proto = 6,
LA = ::->23, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC

# Display information about the socket with socket type 1.

<Huawei> display ipv6 socket socktype 1
SOCK_STREAM:
Task = VTYD(14), socketid = 4, Proto = 6,
LA = ::->22, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC
      
Task = VTYD(14), socketid = 3, Proto = 6,
LA = ::->23, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_REUSEPORT SO_SENDVPNID,
socket state = SS_PRIV SS_ASYNC
Table 7-86  Description of the display ipv6 socket command output

Item

Description

SOCK_STREAM

One type of socket. Sockets are classified into the following types:
  • SOCK_STREAM

  • SOCK_DGRAM

  • SOCK_RAW

Task = VTYD(14)

Type and ID of the task that invokes the socket. For example, Task = VTYD(14) shows that the task named VTYD uses the socket, with task ID 14.

socketid = 4

Socket ID.

Proto = 6

Protocol ID.

LA = ::->22, FA = ::->0

  • LA: indicates the local address and local port number.

  • FA: indicates the remote address and remote port number.

sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,

  • sndbuf: indicates the upper limit of the send buffer, in bytes.

  • rcvbuf: indicates the upper limit of the receive buffer, in bytes.

  • sb_cc: indicates the total number of sent bytes.

  • rb_cc: indicates the total number of received bytes.

socket option

Socket option that has been set.

socket state

Socket status.

display ipv6 statistics

Function

The display ipv6 statistics command displays IPv6 traffic statistics.

Format

display ipv6 statistics [ interface interface-type interface-number ]

Parameters

Parameter Description Value
interface interface-type interface-number Displays IPv6 traffic statistics on a specified interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.
-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display ipv6 statistics command to view statistics on received and sent IPv6 packets.

During packet transmission, if the source node has fragmented packets, you can run this command to view the total number of IPv6 packets that are successfully fragmented and the total number of fragmented packets that have been sent, and then check whether the number of fragmented packets received by the destination node is correct.

Precautions

The total number of packets received by the device includes the number of forwarded packets, number of packets delivered by the routing device to the upper layer, and number of discarded packets.

Example

# Display IPv6 traffic statistics on the device.

<Huawei> display ipv6 statistics
IPv6 Protocol:
  Sent packets:
    Total                : 2
    Local sent out       : 2           Forwarded            : 0
    Raw packets          : 0           Discarded            : 0
    Fragmented           : 0           Fragments            : 0
    Fragments failed     : 0           Multicast            : 2
  Received packets:
    Total                : 0           Local host           : 0
    Hop count exceeded   : 0           Header error         : 0
    Too big              : 0           Routing failed       : 0
    Address error        : 0           Protocol error       : 0
    Truncated            : 0           Option error         : 0
    Fragments            : 0           Reassembled          : 0
    Reassembly timeout   : 0           Multicast            : 0
    Fragments overlap    : 0 
    Extension header:         
      Hop-by-hop options   : 0               Mobility header       : 0          
                                                                                
      Destination options  : 0               Routing header        : 0          
                                                                                
      Fragment header      : 0               Authentication header : 0          
                                                                                
      Encapsulation header : 0               No header             : 0          
                                                                                
      TLV length error     : 0               Header length error   : 0          
                                                                                
      Unknown header type  : 0               Unknown TLV type      : 0          
Table 7-87  Description of the display ipv6 statistics command output
Item Description

Sent packets

Statistics about sent packets.

Total

Total number of sent packets.

Local sent out

Total number of packets sent by the local device.

Forwarded

Number of forwarded packets.

Raw packets

Total number of packets sent through the raw socket, such as ping or tracert packets.

Discarded

Total number of discarded packets.

Fragmented

Total number of IPv6 packets that are successfully fragmented.

Fragments

Total number of sent fragmented packets.

Fragments failed

Total number of IPv6 packets that fail to be fragmented.

Multicast

Total number of sent multicast packets.

Received packets

Statistics about received packets.

Total

Total number of received packets.

Local host

Total number of packets received by the local device.

Hop count exceeded

Total number of packets whose hops exceed the upper limit.

Header error

Total number of packets with incorrect packet header.

Too big

Total number of received packets that fail to be forwarded because of excessive size.

Routing failed

Total number of packets that fail to be routed.

Address error

Total number of packets with incorrect IP addresses.

Protocol error

Total number of packets with the incorrect protocol.

Truncated

Total number of packets discarded because the actual packet length is shorter than that specified in the packet length field.

Option error

Total number of packets that carry incorrect options.

Fragments

Total number of received fragmented packets.

Reassembled

Total number of packets that are successfully reassembled.

Reassembled timeout

Total number of packets that fail to be reassembled due to timeout.

Multicast

Total number of received multicast packets.

Fragments overlap

Total number of received fragmented packets that are overlapped.

Extension Header

Total count of the IPv6 extension headers

Hop-by-Hop Options

Total count of the hop-by-hop options headers

Mobility Header

Total count of the mobility headers

Destination Options

Total count of the destination options headers

Routing Header

Total count of the routing options headers

Fragment Header

Total count of the fragment headers

Authentication Header

Total count of the authentication headers

Encapsulation Header

Total count of the encapsulation headers

No header

Total count of the packets without headers

TLV Length error

Total count of the extension headers in which the TLV length field is wrong

Header Length error

Total count of the extension headers in which the length field is wrong.

Unknown header type

Total count of the unknown extension header types

Unknown TLV type

Total count of the unknown TLV types

Related Topics

display rawip ipv6 statistics

Function

The display rawip ipv6 statistics command displays Raw IPv6 packet statistics.

Format

display rawip ipv6 statistics

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display rawip ipv6 statistics command to view Raw IPv6 packet statistics, including:

  • Statistics about received and sent Raw IPv6 packets

  • Statistics about discarded Raw IPv6 packets

Example

# Display Raw IPv6 packet statistics.

<Huawei> display rawip ipv6 statistics
 Received packets:
     total: 20
     packets sent for external pre processing: 0
     packets for which checksum has to be calculated: 0
     packets with invalid checksum : 0
     dropped packets due to socket buffer is full: 0
     dropped packets due to no matching socket: 20
     dropped multicast packets due to no matching socket: 0
 Sent packets:
     total (excluding ICMP6 packets): 0
Table 7-88  Description of the display rawip ipv6 statistics command output

Item

Description

total

Total number of received and sent packets.

packets sent for external pre processing

Number of received Raw IPv6 packets for external preprocessing.

packets for which checksum has to be calculated

Number of received Raw IPv6 packets for which checksum has been calculated.

packets with invalid checksum

Number of discarded Raw IPv6 packets with checksum errors.

dropped packets due to socket buffer is full

Number of Raw IPv6 packets that are discarded because the socket buffer is full.

dropped packets due to no matching socket

Number of discarded Raw IPv6 packets that do not match the receiving socket.

dropped multicast packets due to no matching socket

Number of discarded Raw IPv6 packets destined to a multicast address that do not match the receiving socket.

display tcp ipv6 authentication-statistics

Function

The display tcp ipv6 authentication-statistics command displays authentication statistics of a specified TCP6 connection.

Format

display tcp ipv6 authentication-statistics src-ip src-ip src-port src-port dest-ip dest-ip dest-port dest-port

Parameters

Parameter Description Value
src-ip src-ip Specifies the source IPv6 address. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
src-port src-port Specifies the source port. The value is an integer that ranges from 0 to 65535.
dest-ip dest-ip Specifies the destination IPv6 address. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
dest-port dest-port Specifies the destination port. The value is an integer that ranges from 0 to 65535.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display tcp ipv6 authentication-statistics command to view authentication statistics of a specified TCP6 connection, including:

  • Number of TCP6 packets with MD5 Option

  • Number of TCP6 packets with Enhanced Authentication Option

Example

# Display authentication statistics of a specified TCP6 connection.

<Huawei> display tcp ipv6 authentication-statistics src-ip fc00::1 src-port 3456 dest-ip fc00::5 dest-port 5678
MD5 Signature Option (MSO)is enabled |
 Enhanced Authentication Option (EAO)is enabled
Received packets:
     total: 0
     packets received with MSO: 0
     packets received with EAO: 0    
     packets dropped due to MD5 authentication failure: 0
     packets dropped due to absence of MSO: 0
     packets dropped due to presence of MSO: 0
     packets dropped due to MAC authentication failure: 0
     packets dropped due to absence of active receive key: 0
     packets dropped due to invalid receive algorithm id: 0
     packets dropped due to absence of EAO: 0
     
Sent packets:
     total: 0
     packets sent with MSO: 0
     packets sent with EAO: 0
     packets not sent due to absence of active send key: 0
Table 7-89  Description of the display tcp ipv6 authentication-statistics command output

Item

Description

packets received with MSO

Total number of received TCP6 packets with MD5 Option.

packets received with EAO

Total number of received TCP6 packets with Enhanced Authentication Option.

packets dropped due to MD5 authentication failure

Total number of TCP6 packets discarded due to MD5 authentication failure.

packets dropped due to absence of MSO

Total number of TCP6 packets discarded due to absence of MD5 Option.

packets dropped due to presence of MSO

Total number of TCP6 packets discarded due to presence of MD5 Option.

packets dropped due to MAC authentication failure

Total number of TCP6 packets discarded due to MAC authentication failure.

packets dropped due to absence of active receive key

Total number of TCP6 packets discarded due to absence of active receive key.

packets dropped due to invalid receive algorithm id

Total number of TCP6 packets discarded due to invalid receive algorithm ID.

packets dropped due to absence of EAO

Total number of TCP6 packets discarded due to absence of Enhanced Authentication Option.

packets sent with MSO

Total number of sent TCP6 packets with MD5 Option.

packets sent with EAO

Total number of sent TCP6 packets with Enhanced Authentication Option.

packets not sent due to absence of active send key

Total number of TCP6 packets discarded due to absence of active send key.

display tcp ipv6 statistics

Function

The display tcp ipv6 statistics command displays IPv6 TCP traffic statistics.

Format

display tcp ipv6 statistics

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can check the network connection status according to the items in the command output:
  • Established connections: You can view information about "Established connections" to check whether the number of connections exceeds the upper limit, and then determine whether to continue deploying services or adjust the load.

  • Duplicate ACK packets: You can view information about "Duplicate ACK packets" to check whether the device is attacked by unknown ACK packets. If the device receives a large number of unknown ACK packets, the device may be attacked.

  • Out-of-order packets: You can view information about "Out-of-order packets" to check network performance. If the network is in poor condition, a lot of out-of-order packets are generated.

Precautions

  • The total number of received packets includes the number of forwarded packets, number of packets delivered to the upper layer, and number of discarded packets.

  • Before running this command to view IPv6 TCP statistics within a specified period, run the reset tcp ipv6 statistics command to clear existing statistics.

Example

# Display IPv6 TCP packet statistics.

<Huawei> display tcp ipv6 statistics
Received packets:                                                               
     total: 0                                                                   
     total(64bit high-capacity counter): 0                                      
     packets in sequence: 0 (0 bytes)                                           
     window probe packets: 0                                                    
     window update packets: 0                                                   
     checksum error: 0                                                          
     offset error: 0                                                            
     short error: 0                                                             
     duplicate packets: 0 (0 bytes)                                             
     partially duplicate packets: 0 (0 bytes)                                   
     out-of-order packets: 0 (0 bytes)                                          
     packets with data after window: 0 (0 bytes)                                
     packets after close: 0                                                     
     ACK packets: 0 (0 bytes)                                                   
     duplicate ACK packets: 0                                                   
     too much ACK packets: 0                                                    
     packets dropped due to MD5 authentication failure: 0                       
     packets dropped due to absence of MSO: 0                                   
     packets dropped due to presence of MSO: 0                                  
     packets received with MD5 Signature Option: 0                              
     packets dropped due to MAC authentication failure: 0                       
     packets dropped due to absence of active receive key: 0                    
     packets dropped due to invalid receive algorithm id: 0                     
     packets dropped due to absence of Enhanced Authentication Option: 0        
     packets received with Enhanced Authentication Option: 0                    
                                                                                
Sent packets:                                                                   
     total: 0                                                                   
     urgent packets: 0                                                          
     total(64bit high-capacity counter): 0                                      
     control packets: 0 (including 0 RST)                                       
     window probe packets: 0                                                    
     window update packets: 0                                                   
     data packets: 0 (0 bytes)                                                  
     data packets retransmitted: 0 (0 bytes)                                    
     ACK only packets: 0 (0 delayed)                                            
     packets sent with MD5 Signature Option: 0                                  
     packets sent with Enhanced Authentication Option: 0                        
     packets not sent due to absence of active send key: 0                      
                                                                                
Other Statistics:                                                               
     retransmitted timeout: 0                                                   
     connections dropped in retransmitted timeout: 0                            
     keepalive timeout: 0                                                       
     keepalive probe: 0                                                         
     keepalive timeout, so connections disconnected: 0                          
     initiated connections: 0                                                   
     accepted connections: 0                                                    
     established connections: 0                                                 
     closed connections: 0 (dropped: 0, initiated dropped: 0)                   
                                                                     
Table 7-90  Description of the display tcp ipv6 statistics command output

Item

Description

Received packets:

total: 0

Total number of received packets.

total(64bit high-capacity counter)

Total number of received or sent packets counted by the 64-bit high-capacity counter.

packets in sequence

Number of packets received in sequence.

window probe packets

Number of received window probe packets.

window update packets

Number of received window update packets.

checksum error

Number of received packets with invalid checksum.

offset error

Number of received packets with incorrect TCP header length.

short error

Number of received packets with total length shorter than the set value in the packet header.

duplicate packets

Number of received duplicate packets.

partially duplicate packets

Number of received partially duplicate packets.

out-of-order packets

Number of received out-of-order packets.

packets with data after window

Number of received packets exceeding the receive window.

packets after close

Number of packets received after the connection is closed.

ACK packets

Number of received ACK packets.

duplicate ACK packets

Number of received duplicate ACK packets.

too much ACK packets

Number of received ACK packets with too large ACK values.

packets dropped due to MD5 authentication failure

Number of packets discarded due to MD5 authentication failure.

packets dropped due to absence of MSO

Number of packets discarded due to absence of MD5 Signature Option.

packets dropped due to presence of MSO

Number of packets discarded due to presence of MD5 Signature Option.

packets received with MD5 Signature Option

Number of received packets with MD5 Signature Option.

packets dropped due to MAC authentication failure

Number of packets discarded due to MAC authentication failure.

packets dropped due to absence of active receive key

Number of packets discarded due to absence of active receive key.

packets dropped due to invalid receive algorithm id

Number of packets discarded due to invalid receive algorithm ID.

packets dropped due to absence of Enhanced Authentication Option

Number of packets discarded due to absence of Enhanced Authentication Option.

packets received with Enhanced Authentication Option

Number of received packets with Enhanced Authentication Option.

Sent packets:

total: 0

Total number of sent packets.

urgent packets

Number of sent packets with the urgent pointer.

control packets

Number of sent control packets.

window probe packets

Number of sent window probe packets.

window update packets

Number of sent window update packets.

data packets

Number of sent data packets.

data packets retransmitted

Number of retransmitted data packets.

ACK only packets

Number of sent ACK only packets.

packets sent with MD5 Signature Option

Number of sent packets with MD5 Signature Option.

Other Statistics:

Other statistics.

retransmitted timeout

Number of retransmission timeout packets.

connections dropped in retransmitted timeout

Number of disconnected connections during the retransmission timeout.

keepalive timeout

Number of Keepalive timeouts.

keepalive probe

Number of Keepalive probes.

keepalive timeout, so connections disconnected

Number of connections disconnected due to Keepalive timeout.

initiated connections

Number of initiated connections.

accepted connections

Number of accepted connections.

established connections

Number of established connections.

closed connections

Number of closed connections.

dropped

Number of disconnected connections.

initiated dropped

Number of initiated and disconnected connections.

display tcp ipv6 status

Function

The display tcp ipv6 status command displays the status of all IPv6 TCP connections.

Format

display tcp ipv6 status [ local-ip ipv6-address ] [ local-port local-port ] [ remote-ip ipv6-address ] [ remote-port remote-port ]

display tcp ipv6 status [ task-id task-id [ sock-id sock-id ] ]

Parameters

Parameter Description Value
local-ip ipv6-address Displays the IPv6 TCP connection status of the specified IPv6 address. ipv6-address specifies the IPv6 address of the local device. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
local-port local-port Displays the IPv6 TCP connection status of the specified port number. local-port specifies the port number of the local device. The value is an integer that ranges from 0 to 65535.
remote-ip ipv6-address Displays the IPv6 TCP connection status of the specified IPv6 address. ipv6-address specifies the IPv6 address of the remote device. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
remote-port remote-port Displays the IPv6 TCP connection status of the specified port number. remote-port specifies the port number of the remote device. The value is an integer that ranges from 0 to 65535.
task-id task-id Displays the status of the IPv6 TCP connection with the specified task ID. task-id specifies the task ID. The value is an integer that ranges from 1 to 200.
sock-id sock-id Displays the status of the IPv6 TCP connection with the specified socket ID. The value is an integer that ranges from 1 to 1310720.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display tcp ipv6 status command to view all valid IPv6 TCP control blocks, including the following information:

  • IPv6 TCP socket ID
  • APP CID
  • Local IPv6 address and port number
  • Remote IPv6 address and port number
  • IPv6 TCP connection status
  • VPN ID

To view the status of all valid IPv6 TCP connections, run the display tcp ipv6 status [ local-ip ipv6-address ] [ local-port local-port-number ] [ remote-ip ipv6-address ] [ remote-port remote-port-number ] command.

To view the status of the IPv6 TCP connection with a specified socket ID, run the display tcp ipv6 status [ task-id task-id [ sock-id sock-id ] ] command.

Precautions

If there is no TCP connection, no information is displayed.

Example

# Display the status of IPv6 TCP connections.

<Huawei> display tcp ipv6 status
* - MD5 Authentication is enabled.                                              
# - Keychain Authentication is enabled.                                         
TCP6CB   TID/SoID  Local Address        Foreign Address      State        VPNID 
19490ba4 9/2       ::->23               ::->0                Listening    23553 
Table 7-91  Description of the display tcp ipv6 status command output

Item

Description

TCP6CB

Address of an IPv6 TCP control block, in hexadecimal notation.

TID/SoID

Task ID and socket ID.

Local Address

Local IPv6 address and port number.

Foreign Address

Remote IPv6 address and port number.

State

Status of an IPv6 TCP connection:
  • Closed: indicates that the TCP connection is closed.

  • Listening: indicates that the TCP connection is being listened on.

  • Syn_Rcvd: indicates that a TCP packet with the SYN flag is received.

  • Syn_Sent: indicates that a TCP packet with the SYN flag is sent.

  • Established: indicates that the TCP connection has been set up.

  • Close_Wait: indicates that a user host sends a packet with the FIN flag to the server, requesting the server to close the TCP connection in Established state. The server then sends an ACK packet to the user host after receiving the packet and enters the Close_Wait state.

  • Fin_Wait1: indicates that a user host sends a packet with the FIN flag to the server, requesting the server to close the TCP connection and enters the Fin_Wait1 state.

  • Fin_Wait2: indicates that a user host receives an ACK packet in a response to the sent packet with the FIN flag and enters the Fin_Wait2 state.

  • Time_Wait: indicates that TCP enters this state after the TCP connection is closed. When TCP has been in Time_Wait state two times the longest packet lifetime, records about the closed connection are deleted.

  • Closing: indicates that the two ends close the TCP connection simultaneously.

  • LAST_ACK: indicates that the local end waits for acknowledging the TCP connection teardown request sent to the remote end.

VPNID

VPN interface ID.

display this ipv6 interface

Function

The display this ipv6 interface command displays IPv6 information on the current interface.

Format

display this ipv6 interface

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

After an IPv6 address is configured in the interface view, you can run the display this ipv6 interface command to check IPv6 information on the interface.

Example

# Display IPv6 information on GE0/0/1.

<Huawei> system-view
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] display this ipv6 interface
GigabitEthernet0/0/1 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:4AFF:FE3D:9801
  Global unicast address(es):
    2001::1, subnet is 2001::/64
  Joined group address(es):
    FF02::1:FF00:1
    FF02::1:FF3D:9801
    FF02::2
    FF02::1
  MTU is 1500 bytes
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  ND retransmit interval is 1000 milliseconds
  ND stale time is 1200 seconds 
  Hosts use stateless autoconfig for addresses
Table 7-92  Description of the display this ipv6 interface command output

Item

Description

GigabitEthernet0/0/1 current state

Current physical status of GE0/0/1.

IPv6 protocol current state

Current protocol status of the interface.

link-local address

Link-local address configured on the interface.

Global unicast address(es)

Global unicast address configured on the interface.

Joined group address(es)

Addresses of all multicast groups that the interface joins.

MTU

MTU of the interface.

number of DAD attempts

Number of times duplicate address detection is performed.

ND reachable time

Neighbor reachable time.

ND retransmit interval

Retransmission interval.

Hosts use stateless autoconfig for addresses

Hosts obtain addresses using stateless autoconfiguration.

ND stale time

Time period for the neighbor to keep the STALE state.

display udp ipv6 statistics

Function

The display udp ipv6 statistics command displays IPv6 UDP packet statistics.

Format

display udp ipv6 statistics

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The User Datagram Protocol (UDP) is a simple protocol that exchanges packets on the Internet. You can run the display udp ipv6 statistics command to view statistics about sent and received IPv6 UDP packets.

Precautions

The total number of packets received by the device includes the number of forwarded packets, number of packets delivered by the device to the upper layer, and number of discarded packets.

Example

# Display IPv6 UDP packet statistics.

<Huawei> display udp ipv6 statistics
Received packets:                                                               
     total: 0                                                                   
     total(64bit high-capacity counter): 0                                      
     checksum error: 0                                                          
     shorter than header: 0                                                     
     invalid message length: 0                                                  
     no socket on port: 0                                                       
     no multicast port: 0                                                       
     not delivered, input socket full: 0                                        
     input packets missing pcb cache: 0                                         
     packets sent for external pre processing: 0                                
                                                                                
Sent packets:                                                                   
     total: 0                                                                   
     total(64bit high-capacity counter): 0   
Table 7-93  Description of the display udp ipv6 statistics command output

Item

Description

Received packets

Number of received packets.

total

Total number of received and sent packets.

checksum error

Total number of packets with invalid checksum.

shorter than header

Total number of IPv6 UDP packets with the length shorter than the packet header.

invalid message length

Total number of packets whose data length is longer than the packet length.

no socket on port

Number of packets without corresponding sockets on the interface.

no multicast port

Number of received packets carrying nonexistent multicast interfaces.

not delivered, input socket full

Number of unprocessed packets when the buffer is full.

input packet missing pcb cache

Number of received packets failing to find the PCB cache.

packets sent for external pre processing

Number of received packets for external preprocessing.

Sent packets

Number of sent packets.

ipv6

Function

The ipv6 command enables the device to forward IPv6 unicast packets, including sending and receiving local IPv6 packets.

The undo ipv6 command disables the device from forwarding IPv6 unicast packets.

By default, a device is disabled from forwarding IPv6 unicast packets.

Format

ipv6

undo ipv6

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

You must run the ipv6 command in the system view before performing IPv6 configurations.

Example

# Enable the device to forward IPv6 unicast packets.

<Huawei> system-view
[Huawei] ipv6

# Disable the device from forwarding IPv6 unicast packets.

<Huawei> system-view
[Huawei] undo ipv6
Warning: This operation will interrupt all IPv6 services. Continue?[Y/N]:y

ipv6 address

Function

The ipv6 address command configures a global unicast address for an interface.

The ipv6 address dhcpv6-prefix command configures an IPv6 address bound to the DHCPv6 PD prefix for an interface.

The undo ipv6 address command deletes a global unicast address from an interface.

The undo ipv6 address dhcpv6-prefix command deletes the IPv6 address bound to the DHCPv6 PD prefix for an interface.

By default, no global unicast address is configured for an interface.

By default, no IPv6 address bound to the DHCPv6 PD prefix is configured for an interface.

Format

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

ipv6 address dhcpv6-prefix { ipv6-address prefix-length | ipv6-address/prefix-length }

undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ]

undo ipv6 address dhcpv6-prefix

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 address of an interface. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
prefix-length

Specifies the prefix length of an IPv6 address.

The value is an integer that ranges from 1 to 128.
dhcpv6-prefix Specifies the prefix assigned to a DHCPv6 PD client. The value is a string of 1to 63 characters.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A global unicast address is similar to an IPv4 public network address. Global unicast addresses are used on the links that can be summarized, and are provided for the Internet Service Providers (ISPs). These addresses allow route prefix summarization, limiting global routing entries. A global unicast address consists of a 48-bit route prefix managed by carriers, a 16-bit subnet ID managed by local nodes, and a 64-bit interface ID.

The device is required to function as a DHCPv6 PD client and obtain an IPv6 address prefix from the DHCPv6 PD server. You can run the ipv6 address dhcpv6-prefix { ipv6-address prefix-length | ipv6-address/prefix-length } command to configure an IPv6 address is bound to the DHCPv6 PD prefix.After you run this command, the device uses the prefix assigned to the DHCPv6 PD client and the IPv6 address to form an RA prefix for the interface only when the device functions as a DHCPv6 PD client and obtains a prefix. The prefix must be a 64-digit number. If not, the host cannot use this prefix for automatic assignment of IPv6 addresses.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

IPv6 addresses on overlapped network segments cannot be configured for interfaces on the same device.

A maximum of 10 global unicast addresses can be configured for an interface.

An IPv6 address with a 128-bit prefix can be configured only on a loopback interface.

After the ipv6 address command is run to configure a global unicast address for an interface, the system generates a link-local address for the interface, if no link-local address is configured for the interface.

If no parameter (IPv6 address or prefix length) is specified in the undo ipv6 address command, all IPv6 addresses configured for the interface are deleted after the command is run.

Example

# Configure global unicast address 2001::1/64 for GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 address 2001::1 64

# Configure an IPv6 address bound to the DHCPv6 PD prefix for GE1/0/0.

<Huawei> system-view
[Huawei] interface gigabitethernet 1/0/0
[Huawei-GigabitEthernet1/0/0] ipv6 enable
[Huawei-GigabitEthernet1/0/0] ipv6 address prefix1 ::1:0:0:0:1/64

ipv6 address anycast

Function

The ipv6 address anycast command configures an IPv6 anycast address.

The undo ipv6 address command deletes an IPv6 anycast address.

By default, no IPv6 anycast address is configured.

Format

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast

undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ]

Parameters

Parameter Description Value
ipv6-address

Specifies an IPv6 address.

The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
prefix-length

Specifies the prefix length of an IPv6 address.

The value is an integer that ranges from 1 to 128.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An anycast address identifies a group of interfaces, which usually belong to different nodes. Packets sent to an anycast address are delivered to the nearest interface that is identified by the anycast address, depending on the routing protocols.

To implement communication between a 6to4 network and a local (native) IPv6 network using a 6to4 tunnel, configure an anycast address with prefix 2002:c058:6301:: for the tunnel interface of a 6to4 relay agent.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

If no parameter is specified in the undo ipv6 address command, all IPv6 addresses except link-local addresses are deleted.

An anycast address cannot be used as the source address of a packet. Therefore, a global unicast address must be configured when a device needs to send packets.

An IPv6 address with a 128-bit prefix can be configured only on a loopback interface.

Example

# Configure anycast address fc00:c058:6301::/48 for Tunnel0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 6to4
[Huawei-Tunnel0/0/1] ipv6 enable
[Huawei-Tunnel0/0/1] ipv6 address fc00:c058:6301:: 48 anycast

ipv6 address auto global

Function

The ipv6 address auto global command enables a device to generate an IPv6 global address through stateless autoconfiguration.

The undo ipv6 address auto global command disables a device from generating an IPv6 global address through stateless autoconfiguration.

By default, the device is disabled from generating an IPv6 global address through stateless autoconfiguration.

Format

ipv6 address auto global local-identifier [ default ]

undo ipv6 address auto global

Parameters

Parameter Description Value
default

Indicates that the device learns the default route.

-

local-identifier

Indicates the interface identifier of a local link address based on which a global address is generated.

-

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the ipv6 address auto global command is run, a device automatically generates an IPv6 global unicast address on the interface that receives a RA packet. The generated IPv6 address contains the address prefix in the received RA packet and interface identifier of the device. If the device does not receive RA packets, the device can only automatically configures a link-local address to interconnect with local nodes.

  • If the local-identifier parameter is not specified, an interface identifier is generated in EUI-64 mode, and this identifier works together with the prefix in RA packets to composite a global address.
  • If the local-identifier parameter is not specified, the interface identifier of the local link address is used to work together with the prefix in RA packets to composite a global address.
A local link address can be generated either statically or dynamically. If the local link address is generated dynamically, this mode equals the EUI-64 mode, and the global address generated in this way is the same as that with the local-identifier parameter is specified. If the local link address is statically configured, the interface identifier of the global address is from the configuration of the local link address, which is different from the result with the local-identifier parameter not specified. You can choose the generation mode as required.

After the ipv6 address auto global default command is run, a device generates an IPv6 address based on the received RA packet and learns the source address in the RA packet. The device then uses the source IPv6 address as the next hop address of the default IPv6 route.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

After the ipv6 address auto global command is run, if an interface receives a new RA packet, a new IPv6 address is generated for the interface based on the received RA packet, but the default routes learned by the interface are not deleted.

If an interface has been configured with an IPv6 address, the original IPv6 address is not deleted after the interface receives an RA packet and generates a new IPv6 address. If the interface receives no RA packet and the generated IPv6 address expires, the interface deletes the generated IPv6 address and uses the original IPv6 address.

A device learns a maximum of three default routes based on RA packets. New routes cannot override the existing three routes, and extra routes will be discarded. If multiple default routes have the same priority, packets are forwarded in load balancing mode.

Example

# Enable a device to generate an IPv6 global address through stateless autoconfiguration on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 address auto global local-identifier

ipv6 address eui-64

Function

The ipv6 address eui-64 command configures a global unicast address in EUI-64 format for an interface.

The undo ipv6 address eui-64 command deletes a global unicast address in EUI-64 format from an interface.

By default, no global unicast address in EUI-64 format is configured for an interface.

Format

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 address of an interface. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
prefix-length Specifies the prefix length of an IPv6 address. The value is an integer that ranges from 1 to 128. In EUI-64 format, the value must be smaller than 64.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In IPv6, any IPv6 unicast address needs an interface identifier. The interface identifier is globally unique, similar to a 48-bit MAC address.

The interface identifier of an IPv6 host address uses the IEEE EUI-64 format. A 64-bit interface identifier is generated based on an existing MAC address; therefore, such an interface identifier is globally unique. These 64-bit interface identifiers are globally valid for addressing and uniquely identify each network interface. An interface automatically configures an IPv6 address based on the network prefix obtained from an RA packet and the interface identifier in EUI-64 format.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

IPv6 addresses on overlapped network segments cannot be configured for interfaces on the same device.

A maximum of 10 global unicast addresses can be configured for an interface.

The ipv6 address eui-64 command applies to GE interfaces and sub-interfaces, Eth-Trunk interfaces and sub-interfaces, loopback interfaces, and tunnel interfaces.

After the ipv6 address eui-64 command is run to configure an IPv6 address in EUI-64 format for an interface, the system generates a link-local address for the interface, if no link-local address is configured for the interface.

The following IPv6 addresses in EUI-64 format cannot be configured for an interface:
  • Loopback address (::1/128)

  • Unspecified address (::/128)

  • Multicast address

  • Anycast address

The ipv6 address command is used to specify a 128–bit IP address. Using the ipv6 address eui-64 command, you can specify the high-order 64 bits of an IPv6 address. The low-order 64 bits of an IP address are automatically generated in the EUI-64 format. Even when the low-order 64 bits are manually specified, the automatically generated ones will override them.

Example

# Configure IPv6 address 2001::1/64 in EUI-64 format for GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 address 2001::1 64 eui-64

ipv6 address-policy

Function

The ipv6 address-policy command configures address selection policies.

The undo ipv6 address-policy command deletes address selection policies.

By default, the system has only default address selection policy entries. These entries are prefixed with ::1, ::, 2002::, FC00::, and ::FFFF:0.0.0.0.

Format

ipv6 address-policy [ vpn-instance vpn-instance-name ] ipv6-address prefix-length precedence label

undo ipv6 address-policy [ vpn-instance vpn-instance-name ] ipv6-address prefix-length

Parameters

Parameter Description Value
vpn-instance vpn-instance-name Specifies the name of a VPN instance. The value must be an existing VPN instance.
ipv6-address Specifies an IPv6 address. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
prefix-length Specifies the prefix length of an IPv6 address. The value is an integer that ranges from 0 to 128.
precedence Specifies the priority of an IPv6 address when the address is used as a destination address. The value is an integer that ranges from 0 to 4294967295.
label Specifies the priority of an IPv6 address when the address is used as a source address. The value is an integer that ranges from 0 to 4294967295.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When source and destination addresses need to be specified and planned, you can use this command to define a group of policies for selecting addresses. These address selection policies form a policy table. This table is similar to a routing table, allowing you to perform a longest match lookup on address selection policy. An address is selected based on the source and destination addresses.

  • A source address is selected based on the label parameter. The address whose label value is the same as the label value of the destination address is preferred as the source address.
  • A destination address is selected based on the label and precedence parameters. If label values of the candidate addresses are the same, the address with the largest precedence value is preferred as the destination address.

Precautions

The system supports a maximum of 50 address selection policy entries.

The default policy entries are those prefixed with ::1, ::, 2002::, FC00::, and ::FFFF:0.0.0.0.

Default policy entries cannot be created using a command.

Example

# Set the priorities of IPv6 address FC00:1::/64 to 15 and 20 respectively when the address is used as a source address and a destination address.

<Huawei> system-view
[Huawei] ipv6 address-policy vpn-instance one fc00:1:: 64 15 20

ipv6 enable (interface view)

Function

The ipv6 enable command enables the IPv6 function on an interface.

The undo ipv6 enable command disables the IPv6 function on an interface.

By default, the IPv6 function is disabled on an interface.

Format

ipv6 enable

undo ipv6 enable

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can perform IPv6 configurations on an interface only when the interface has the IPv6 function enabled.

Prerequisites

The ipv6 command has been run in the system view.

Precautions

After the IPv6 function is disabled on an interface, IPv6 configurations on the interface are deleted. In addition, IS-IS IPv6 and RIPng are disabled on the interface. That is, the isis ipv6 enable and ripng enable commands become ineffective.

When the ipv6 enable command is run in the interface view, IPv6 is enabled on the interface. You can then perform IPv6 configurations on the interface. To configure an interface to forward IPv6 data, you must run the ipv6 command in the system view to enable IPv6 forwarding. To enable an interface to forward IPv6 packets, you must enable IPv6 packet forwarding in the system view and interface view.

The IPv6 function cannot be enabled on the interface bound to a VPN instance.

Example

# Enable the IPv6 function on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
Related Topics

ipv6 icmp blackhole unreachable send

Function

The ipv6 icmp blackhole unreachable send command enables the BRAS to send a Destination Unreachable ICMP packet to an initiator when a tracert packet matches an IPv6 blackhole route.

The undo ipv6 icmp blackhole unreachable send command disables the BRAS from sending a Destination Unreachable ICMP packet to an initiator when a tracert packet matches an IPv6 blackhole route.

By default, the BRAS is disabled from sending a Destination Unreachable ICMP packet to an initiator when a tracert packet matches an IPv6 blackhole route.

Format

ipv6 icmp blackhole unreachable send

undo ipv6 icmp blackhole unreachable send

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If static IPv6 blackhole routes are configured on the BRAS and a user goes offline, only the IPv6 blackhole route corresponding to the user's address segment exists on the BRAS. When a tracert packet matches the IPv6 blackhole route, the BRAS discards the packet. As a result, an initiator cannot detect that the user has gone offline.

After you run the ipv6 icmp blackhole unreachable send command, the BRAS sends a Destination Unreachable ICMP packet to an initiator, notifying the initiator that the user has gone offline if a user goes offline and a tracert packet matches the IPv6 blackhole route.

Pre-configuration Tasks

Static IPv6 blackhole routes have been configured on the BRAS.

Example

# Enable the BRAS to send a Destination Unreachable ICMP packet to an initiator when a tracert packet matches an IPv6 blackhole route.

<Huawei> system-view
[Huawei] ipv6 icmp blackhole unreachable send

ipv6 icmp redirect send

Function

The ipv6 icmp redirect send command enables the system to send ICMPv6 Redirect packets.

The undo ipv6 icmp redirect send command disables the system from sending ICMPv6 Redirect packets.

By default, the system sends ICMPv6 Redirect packets.
NOTE:

The device does not support this function.

Format

ipv6 icmp redirect send

undo ipv6 icmp redirect send

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When detecting that the inbound interface and outbound interface of a packet are the same, a industrial switch router sends an ICMPv6 Redirect packet. However, frequently sending ICMPv6 Redirect packets degrades network performance. To improve network performance and security, run the undo ipv6 icmp redirect send command to disable the system from sending ICMPv6 Redirect packets.

Example

# Enable the system to send ICMPv6 Redirect packets.

<Huawei> system-view
[Huawei] ipv6 icmp redirect send

ipv6 icmp-error

Function

The ipv6 icmp-error command sets the rate limit for sending ICMPv6 error packets.

The undo ipv6 icmp-error command restores the default rate limit for sending ICMPv6 error packets.

By default, the size of the token buckets is 10 and the limit rate is 100 milliseconds.

Format

ipv6 icmp-error { bucket bucket-size | ratelimit interval } *

undo ipv6 icmp-error

Parameters

Parameter Description Value
bucket bucket-size Specifies the maximum number of tokens the bucket can hold. The value is an integer that ranges from 1 to 200. The default value is 10, which is recommended.
ratelimit interval Specifies the interval for placing tokens into the bucket. The value is an integer that ranges from 0 to 2147483647, in milliseconds. The default value is 100, which is recommended.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If a network is not attacked, a routing device can correctly send ICMPv6 error packets to notify other devices of exceptions in packet transmission. If an attacker frequently sends ICMPv6 packets to network devices, the network devices will be busy responding with ICMPv6 packets. This affects system throughput and CPU usage. To prevent the system from sending a great number of ICMPv6 packets, run the ipv6 icmp-error command to limit the rate at which ICMPv6 packets are sent.

In the token bucket algorithm, one token represents an ICMPv6 packet. The system places tokens into the virtual bucket at a certain interval until the number of tokens in the bucket reaches the upper limit. When an ICMPv6 error packet is sent, a token is taken out of the token bucket. When there is no token, excess ICMPv6 error packets are discarded. You can limit the rate at which ICMPv6 packets are sent by setting the bucket size and the interval for placing tokens into the bucket.

Precautions

If you run the ipv6 icmp-error command multiple times, only the latest configuration takes effect.

If the interval for placing tokens into the bucket is 0, there is no limit on the interval.

Example

# Set the rate limit for sending ICMPv6 error packets to 100.

<Huawei> system-view
[Huawei] ipv6 icmp-error ratelimit 100

# Set the bucket size of ICMPv6 to 50.

<Huawei> system-view
[Huawei] ipv6 icmp-error bucket 50

# Set the rate limit for sending ICMPv6 error packets to 100 and the bucket size to 50.

<Huawei> system-view
[Huawei] ipv6 icmp-error bucket 50 ratelimit 100

ipv6 icmp port-unreachable send

Function

The ipv6 icmp port-unreachable send command enables an interface to send ICMPv6 Port Unreachable messages.

The undo ipv6 icmp port-unreachable send command disables the function.

By default, the enabling status of the function that the interface sends ICMPv6 Port Unreachable messages is the same as that of the function that the system sends ICMPv6 Port Unreachable messages.

Format

ipv6 icmp port-unreachable send

undo ipv6 icmp port-unreachable send

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a router receives a TCP6/UDP6 packet but cannot find the corresponding socket entry, the router replies with an ICMPv6 Port Unreachable message. This ICMPv6 error message carries the IPv6 address of the router as its source IPv6 address, which exposes the IPv6 address of the router and brings security risks. If the router is attacked by flooding packets, the router keeps replying with ICMPv6 Port Unreachable messages, causing high CPU usage and affecting device performance. To address this problem, run the undo ipv6 icmp port-unreachable send command on the inbound interface of ICMPv6 packets to disable the transmission of ICMPv6 Port Unreachable message.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Example

# Enable GE 1/0/0 to send ICMPv6 Port Unreachable messages.
<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 1/0/0
[Huawei-GigabitEthernet1/0/0] ipv6 enable
[Huawei-GigabitEthernet1/0/0] ipv6 icmp port-unreachable send

ipv6 icmp hop-limit-exceeded send

Function

The ipv6 icmp hop-limit-exceeded send command enables an interface to send ICMPv6 Hop Limit Exceeded messages.

The undo ipv6 icmp hop-limit-exceeded send command disables the function.

By default, the enabling status of the function that the interface sends ICMPv6 Hop Limit Exceeded messages is the same as that of the function that the system sends ICMPv6 Hop Limit Exceeded messages.

Format

ipv6 icmp hop-limit-exceeded send

undo ipv6 icmp hop-limit-exceeded send

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

If a router receives a packet with a hop limit of 1, it replies with an ICMPv6 Hop Limit Exceeded message. This ICMPv6 error message carries the IPv6 address of the router as its source IPv6 address, which exposes the IPv6 address of the router and brings security risks. If the router is attacked by flooding packets, the router keeps replying with ICMPv6 Hop Limit Exceeded messages, causing high CPU usage and affecting device performance. To address this problem, run the undo ipv6 icmp hop-limit-exceeded send command on the inbound interface of ICMPv6 packets to disable the transmission of ICMPv6 Hop Limit Exceeded messages.

Example

# Disable GE 1/0/0 from sending ICMPv6 Hop Limit Exceeded messages.
<Huawei> system-view
[Huawei] interface gigabitethernet 1/0/0
[Huawei-GigabitEthernet1/0/0] undo ipv6 icmp hop-limit-exceeded send

ipv6 icmp receive

Function

The ipv6 icmp receive command enables the system to receive ICMPv6 packets.

The undo ipv6 icmp receive command disables the system from receiving ICMPv6 packets.

By default, the system receives ICMPv6 packets.

Format

ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } receive

undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } receive

Parameters

Parameter Description Value
icmpv6-type Specifies the type of ICMPv6 packets.

The value is an integer that ranges from 0 to 255.

icmpv6-code Specifies the code of ICMPv6 packets.

The value is an integer that ranges from 0 to 255.

icmpv6-name Specifies the name of ICMPv6 packets. ICMPv6 packets are classified into the following types:
  • echo: Echo packet
  • echo-reply: Echo Reply packet
  • err-header-field: Packet with an error header
  • frag-time-exceeded: Fragmentation Timeout packet
  • hop-limit-exceeded: Packet whose hop count exceeds the limit
  • host-admin-prohib: Packet that is rejected by a host
  • host-unreachable: ICMPv6 Host Unreachable packet
  • neighbor-advertisement: Neighbor Advertisement packet
  • neighbor-solicitation: Neighbor Solicitation packet
  • network-unreachable: ICMPv6 Network Unreachable packet
  • packet-too-big: Packet Too Big packet
  • port-unreachable: ICMPv6 Port Unreachable packet
  • redirect: Redirected packets
  • router-advertisement: Router Advertisement packet
  • router-solicitation: Router Solicitation packet
  • unknown-ipv6-opt: Error packet with unknown options
  • unknown-next-hdr: Error packet with unknown next header
all Indicates all ICMPv6 packets.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the network is in good performance, devices can receive a proper number of ICMPv6 packets. However, when network traffic load is heavy, host unreachable or port unreachable events frequently occur, the devices receive a large number of ICMPv6 packets, which burdens the network and degrades device performance. In addition, attackers may use ICMPv6 error packets to probe the internal network topology.

To improve network performance and security, run the undo ipv6 icmp receive command to disable the system from receiving ICMPv6 Echo Reply packets, Host Unreachable packets, and Port Unreachable packets.

Precautions

When the network is in good performance again, you can run the ipv6 icmp receive command to enable the system to receive ICMPv6 packets.

After the undo ipv6 icmp receive command is run, a main interface is disabled from processing ICMPv6 packets, and the system does not collect statistics about ICMP Echo Reply packets, Host Unreachable packets, and Port Unreachable packets. Only statistics about discarded packets are collected.

Example

# Disable the system from receiving ICMPv6 Echo packets.

<Huawei> system-view
[Huawei] undo ipv6 icmp echo receive

ipv6 icmp send

Function

The ipv6 icmp send command enables the system to send ICMPv6 packets.

The undo ipv6 icmp send command disables the system from sending ICMPv6 packets.

By default, the system is enabled to send ICMPv6 packets.

Format

ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } send

undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } send

Parameters

Parameter Description Value
icmpv6-type Specifies the type of ICMPv6 packets.

The value is an integer that ranges from 0 to 255.

icmpv6-code Specifies the code of ICMPv6 packets.

The value is an integer that ranges from 0 to 255.

icmpv6-name Specifies the name of ICMPv6 packets. ICMPv6 packets are classified into the following types:
  • echo: Echo packet
  • echo-reply: Echo Reply packet
  • err-header-field: Packet with an error header
  • frag-time-exceeded: Fragmentation Timeout packet
  • hop-limit-exceeded: Packet whose hop count exceeds the limit
  • host-admin-prohib: Packet that is rejected by a host
  • host-unreachable: ICMPv6 Host Unreachable packet
  • neighbor-advertisement: Neighbor Advertisement packet
  • neighbor-solicitation: Neighbor Solicitation packet
  • network-unreachable: ICMPv6 Network Unreachable packet
  • packet-too-big: Packet Too Big packet
  • port-unreachable: ICMPv6 Port Unreachable packet
  • redirect:ICMPv6 redirect message.
  • router-advertisement: Router Advertisement packet
  • router-solicitation: Router Solicitation packet
  • unknown-ipv6-opt: Error packet with unknown options
  • unknown-next-hdr: Error packet with unknown next header
all Indicates all ICMPv6 packets.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the network is in good performance, routing devices can send or receive ICMPv6 packets. However, when network traffic load is heavy, host unreachable or port unreachable events frequently occur, the routing devices send a large number of ICMPv6 packets, which burdens the network and degrades the performance of the routing devices. In addition, attackers may use ICMPv6 error packets to probe the internal network topology.

To improve network performance and security, run the undo ipv6 icmp send command to disable the system from sending ICMPv6 packets.

Precautions

When the network is in good performance again, you can run the ipv6 icmp send command to enable the system to send ICMPv6 packets.

Example

# Disable the system from sending all ICMPv6 packets packets.

<Huawei> system-view
[Huawei] undo ipv6 icmp all send

ipv6 icmp too-big-rate-limit

Function

The ipv6 icmp too-big-rate-limit command enables a device to limit oversized ICMPv6 error packets.

The undo ipv6 icmp too-big-rate-limit command disables a device from limiting oversized ICMPv6 error packets.

By default, a device limit oversized ICMPv6 error packets.

Format

ipv6 icmp too-big-rate-limit

undo ipv6 icmp too-big-rate-limit

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When a host sends a large number of packets in a path with a small MTU, it may receive a large number of ICMPv6 error packets, affecting the processing of valid packets. This command limits the number of ICMPv6 error packets, ensuring host performance.

Example

# Enable the device to limit oversized ICMPv6 error packets.

<Huawei> system-view
[Huawei] ipv6 icmp too-big-rate-limit

ipv6 mtu

Function

The ipv6 mtu command sets the MTU on the interface for sending IPv6 packets.

The undo ipv6 mtu command restores the default MTU of IPv6 packets on an interface.

By default, the MTU of IPv6 packets on an interface is 1500 bytes.

NOTE:
For AR503GW-LM7, AR503GW-LcM7, AR509GW-L-D-H, and AR509G-L-D-H, the default value on the tunnel interface of the IPv6 over IPv4 tunnel is 1480 bytes.

Format

ipv6 mtu mtu

undo ipv6 mtu

Parameters

Parameter Description Value
mtu Specifies the MTU value.

The value is an integer. The value of VE, VT, Dialer, GE, and Eth interfaces ranges from 1280 to 1610. The value of Eth and GE sub-interfaces ranges from 1280 to 1606. The value of G.SHDSL and VDSL interfaces in the PTM mode ranges from 1280 to 1576. The value of Serial, Cellular, Tunnel, VLANIF, and Eth-Trunk interfaces ranges from 1280 to 1500, in bytes. The default value is 1500.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

After the MTU value is changed using this command, run the shutdown and undo shutdown or restart (interface view) commands to restart the interface to make the changed MTU take effect.

It is recommended that the MTU of IPv6 packets on an interface should not exceed the MTU of IPv4 packets on an interface. (You can run the mtu command to configure the MTU of IPv4 packets on an interface.)

NOTE:
  • When deploying PPPoE services through VT or the dialer interface, you are advised to configure the IPv6 MTU on an interface smaller than 1568.
  • When deploying MPoE services through VT or the dialer interface, you are advised to configure the IPv6 MTU on an interface smaller than 1572.

Example

# Set the MTU of IPv6 packets on GE0/0/1 to 1280 bytes.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 mtu 1280

ipv6 nd autoconfig managed-address-flag

Function

The ipv6 nd autoconfig managed-address-flag command sets the M flag of stateful autoconfiguration in an RA packet.

The undo ipv6 nd autoconfig managed-address-flag command deletes the M flag of stateful autoconfiguration in an RA packet.

By default, the "managed address configuration" flag (M flag) is not set in the RA message.

Format

ipv6 nd autoconfig managed-address-flag

undo ipv6 nd autoconfig managed-address-flag

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

  • If the M flag is set, a host obtains an IPv6 address through stateful autoconfiguration.
  • If the M flag is not set, a host uses stateless autoconfiguration to obtain an IPv6 address, that is, the host generates an IPv6 address based on the prefix information in the RA packet.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

The ipv6 nd autoconfig managed-address-flag command applies to GE interfaces and sub-interfaces, Eth-Trunk interfaces and sub-interfaces, and tunnel interfaces.

After the ipv6 nd autoconfig managed-address-flag command is run, a host can obtain configurations (excluding an IPv6 address) such as the router lifetime, neighbor reachable time, retransmission interval, and PMTU by means of stateful autoconfiguration even if the ipv6 nd autoconfig other-flag command is not run.

After the display ipv6 interface command is run, the command output shows that the attached hosts obtain IPv6 addresses through stateful autoconfiguration or stateless autoconfiguration.

The interface on the device cannot use stateful address autoconfiguration and stateless address autoconfiguration simultaneously to obtain IPv6 addresses.

Example

# Set the M flag of stateful autoconfiguration on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 nd autoconfig managed-address-flag

ipv6 nd autoconfig other-flag

Function

The ipv6 nd autoconfig other-flag command sets the "other configuration" flag (O flag) of stateful autoconfiguration in an RA packet.

The undo ipv6 nd autoconfig other-flag command deletes the O flag of stateful autoconfiguration in an RA packet.

By default, the O flag is not set in the RA packet.

Format

ipv6 nd autoconfig other-flag

undo ipv6 nd autoconfig other-flag

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

  • If the O flag is set, a host uses stateful autoconfiguration to obtain other configuration parameters (excluding an IPv6 address), including the router lifetime, neighbor reachable time, retransmission interval, and PMTU.
  • If the O flag is not set, a host uses stateless autoconfiguration to obtain other configuration parameters, including the router lifetime, neighbor reachable time, retransmission interval, and PMTU. That is, the host obtains other configuration parameters through the RA packet advertised by routers.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

The ipv6 nd autoconfig other-flag command applies to GE interfaces and sub-interfaces, Eth-Trunk interfaces and sub-interfaces, and tunnel interfaces.

After the ipv6 nd autoconfig managed-address-flag command is run, a host can obtain other configurations (excluding IPv6 addresses) using stateful autoconfiguration even if the ipv6 nd autoconfig other-flag command is not run.

The interface on the device cannot use stateful autoconfiguration and stateless autoconfiguration simultaneously to obtain other configuration parameters excluding IPv6 addresses.

Example

# Set the O flag of stateful autoconfiguration on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 nd autoconfig other-flag

ipv6 nd dad attempts

Function

The ipv6 nd dad attempts command sets the number of times NS packets are sent when the system performs Duplicate Address Detection (DAD).

The undo ipv6 nd dad attempts command restores the default value.

By default, the number of times NS packets are sent when the system performs DAD is 1.

Format

ipv6 nd dad attempts value

undo ipv6 nd dad attempts

Parameters

Parameter Description Value
value Specifies the number of times NS packets are sent when the system performs DAD. The value is an integer that ranges from 0 to 600. The default value is 1, which is recommended.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When you configure an IPv6 address (a global unicast address or a link-local address) for an interface, check whether other interfaces connected to this interface have used the IPv6 address to be configured to prevent address conflicts.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

The ipv6 nd dad attempts command applies to the following interfaces: Ethernet interfaces and sub-interfaces, GE interfaces and sub-interfaces, VT interfaces, Eth-Trunk interfaces and sub-interfaces, VLANIF interfaces, and tunnel interfaces.

If the number of times NS packets are sent when the system performs DAD is set 0, DAD is prohibited.

If the physical link connected to an interface fails, DAD cannot be performed on the interface.

Example

# Set the number of times NS packets are sent when the system performs DAD to 20 on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 nd dad attempts 20

ipv6 nd hop-limit

Function

The ipv6 nd hop-limit command sets hop limit for IPv6 unicast packets initially sent by a device.

The undo ipv6 nd hop-limit command restores the hop limit for IPv6 unicast packets to the default value.

By default, the IPv6 unicast packets initially sent by a routing device can travel 64 hops.

Format

ipv6 nd hop-limit limit

undo ipv6 nd hop-limit

Parameters

Parameter Description Value
limit Specifies the hop limit. The value is an integer that ranges from 1 to 255. The default value is 64, which is recommended.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A hop limit on a device provides the following functions:

  • Limiting the number of hops through which IPv6 unicast packets are allowed to travel.

  • Functioning as a parameter in an RA packet to help a host automatically configure a hop limit (a limit on the number of hops through which IPv6 unicast packets initially sent by a host are allowed to travel).

Precautions

The hop limit for unicast packets is set using the ipv6 nd hop-limit command in the system view.

The hop limit for RA packets depends on the configuration of the ipv6 nd hop-limit command in the system view and the configuration of the ipv6 nd ra hop-limit command in the interface view.
  • If the hop limit for RA packets is not set in the interface view or in the system view, the hop limit for RA packets is 64 by default.
  • If the hop limit for RA packets is not set in the interface view, the value set using the ipv6 nd hop-limit command in the system view is used as the hop limit for RA packets.
  • If the ipv6 nd ra hop-limit command is run in the interface view, the configuration in the interface view takes effect, no matter whether the hop limit is set in the system view.

The hop limit set for IPv6 unicast packets is the same as that set for RA packets. In the following cases, however, the hop limit for IPv6 unicast packets is 64, while the hop limit for RA packets is 0.

  • No hop limit is set for IPv6 unicast packets. The default value takes effect.
  • The undo ipv6 nd hop-limit command is run to restore the default hop limit set for IPv6 unicast packets.

After a host receives an RA packet with the hop limit of 0, it sets its hop limit to the default value 64, consistent with the default hop limit on the device.

Example

# Set the hop limit for IPv6 unicast packets initially sent by a device to 100 in the system view.

<Huawei> system-view
[Huawei] ipv6 nd hop-limit 100

ipv6 nd learning strict

Function

The ipv6 nd learning strict command enables IPv6 neighbor discovery (ND) strict learning.

The undo ipv6 nd learning strict command disables IPv6 ND strict learning.

By default, IPv6 ND strict learning is disabled.

Format

In the system view:

ipv6 nd learning strict

undo ipv6 nd learning strict

In the interface view:

ipv6 nd learning strict { force-disable | force-enable | trust }

undo ipv6 nd learning strict

Parameters

Parameter Description Value
force-disable Disables IPv6 ND strict learning forcibly. -
force-enable Enables IPv6 ND strict learning forcibly. -
trust Inherits the global setting of IPv6 ND strict learning. -

Views

VLANIF interface view, Eth-trunk interface view, Eth-Trunk sub-interface view, system view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A device uses neighbor advertisement (NA) packets to establish neighbor entries, which does not comply with RFC. To comply with RFC 4861, run the ipv6 nd learning strict command to enable IPv6 ND strict learning. After you enable IPv6 ND strict learning on a device, the device uses NA packets only in response to neighbor solicitation (NS) packets to establish neighbor entries.

The ipv6 nd learning strict and undo ipv6 nd learning strict commands apply only to VLANIF interfaces, Eth-Trunk interfaces, and Eth-Trunk sub-interfaces.

Precautions

Before running this command in an Eth-Trunk view, run the undo portswitch command to switch the Eth-Trunk to a Layer 3 interface.

After you run the ipv6 nd learning strict command on a device, the device synchronizes fake entries. Synchronizing a large number of fake entries affects device performance. Therefore, you are advised to use the command only for protocol consistency tests.

Example

# Enable IPv6 ND strict learning globally.

<Huawei> system-view
[Huawei] ipv6 nd learning strict

# Enable IPv6 ND strict learning on VLANIF 100 forcibly.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface vlanif 100
[Huawei-Vlanif100] ipv6 enable
[Huawei-Vlanif100] ipv6 nd learning strict force-enable

ipv6 nd neighbor-limit

Function

The ipv6 nd neighbor-limit command configures the maximum number of dynamic neighbor entries that can be learned by an interface.

The undo ipv6 nd neighbor-limit command restores the default maximum number of dynamic neighbor entries that can be learned by an interface.

By default, an interface can learn a maximum of 1024 dynamic neighbor entries.

Format

ipv6 nd neighbor-limit limit-number

undo ipv6 nd neighbor-limit

Parameters

Parameter Description Value
limit-number The maximum number of dynamic neighbor entries that can be learned by a specified interface.

The value is an integer in the range 2 to 4000.

Views

VLANIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If an interface learns too many neighbor entries, the processing load for the device will be increased and the performance of the device will be degraded. You can run the ipv6 nd neighbor-limit command to configure the maximum number of dynamic neighbor entries that can be learned by a specified interface.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command.

Example

# Set the maximum number of dynamic neighbor entries that can be learned by the VLANIF100 interface to 10.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface vlanif 100
[Huawei-Vlanif100] ipv6 enable
[Huawei-Vlanif100] ipv6 nd neighbor-limit 10

ipv6 nd ns multicast-enable

Function

The ipv6 nd ns multicast-enable command enables a QinQ or a dot1q termination sub-interface to send NS multicast packets.

The undo ipv6 nd ns multicast-enable command disables a QinQ or a dot1q termination sub-interface from sending NS multicast packets.

By default, a QinQ or a dot1q termination sub-interface is disabled from sending NS multicast packets.

Format

ipv6 nd ns multicast-enable

undo ipv6 nd ns multicast-enable

Parameters

None

Views

Ethernet sub-interface view, GE sub-interface view, Eth-Trunk sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A QinQ or a dot1q termination sub-interface on a routing device can send NS multicast packets to actively learn ND entries or respond to NS packets to passively learn ND entries.

When a QinQ or a dot1q termination sub-interface needs to send multicast NS packets to learn ND entries but there is no corresponding ND entry, you need to run this command to enable a QinQ or a dot1q termination sub-interface to send NS multicast packets.

Precautions

  • If this command is not run on the termination sub-interface, the system discards the NS multicast packets.

  • If this command is run on the termination sub-interface, the system tags an NS multicast packet and forwards it through the termination sub-interface.

Sending multicast NS packets consumes CPU resources. Therefore, when the CPU performance of the system is rather low, you are advised not to enable a termination sub-interface to send NS multicast packets to actively learn ND entries but to respond to NS packets to passively learn ND entries.

Example

# Enable the QinQ termination sub-interface GE2/0/0.1 to send NS multicast packets.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 2/0/0.1
[Huawei-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[Huawei-GigabitEthernet2/0/0.1] ipv6 enable
[Huawei-GigabitEthernet2/0/0.1] ipv6 nd ns multicast-enable

ipv6 nd ns retrans-timer

Function

The ipv6 nd ns retrans-timer command sets the interval for sending NS packets.

The undo ipv6 nd ns retrans-timer command restores the interval for sending NS packets to the default value.

By default, the interval for sending NS packets is 1000 ms.

Format

ipv6 nd ns retrans-timer interval

undo ipv6 nd ns retrans-timer

Parameters

Parameter Description Value
interval Specifies the interval for sending NS packets. The value is an integer that ranges from 1000 to 4294967295, in milliseconds. The default value is 1000 milliseconds, which is recommended.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Setting the interval for sending NS packets provides the following functions:

  • Controlling the interval at which a local routing device detects neighbor reachability.

  • Controlling the interval at which a local routing device performs DAD.

  • Functioning as a parameter in an RA packet to instruct hosts to specify this interval as their own interval for sending NS packets.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

The ipv6 nd ns retrans-timer command applies to GE interfaces and sub-interfaces, Eth-Trunk interfaces and sub-interfaces, and tunnel interfaces.

Frequently sending NS packets causes high CPU usage, which affects the system performance. Therefore, you are advised to set the interval for sending NS packets to a larger value. The default interval, 1000 milliseconds, is recommended.

If you run the ipv6 nd ns retrans-timer command multiple times, only the latest configuration takes effect.

The interval for sending NS packets is the same as that for sending RA packets. In the following cases, however, the interval for sending NS packets is the default value1000 ms, while the interval for sending RA packets is 0 ms.

  • No interval for sending NS packets is set. The default value takes effect.
  • The undo ipv6 nd ns retrans-timer command is run to restore the interval for sending NS packets to the default value.

After a host receives an RA packet of which the sending interval is 0 ms from a device, the host sets the interval for sending NS packet to 1000 ms, the same as that on the device.

Example

# Set the interval for sending NS packets to 10000 milliseconds on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 nd ns retrans-timer 10000

ipv6 nd nud reachable-time

Function

The ipv6 nd nud reachable-time command sets the IPv6 neighbor reachable time.

The undo ipv6 nd nud reachable-time command restores the IPv6 neighbor reachable time to the default value.

By default, the IPv6 neighbor reachable time is 1200000 ms.

Format

ipv6 nd nud reachable-time value

undo ipv6 nd nud reachable-time

Parameters

Parameter Description Value
value Specifies the IPv6 neighbor reachable time. The value is an integer that ranges from 1 to 3600000, in milliseconds. The default value is 1200000 ms, which is recommended.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Setting the IPv6 neighbor reachable time provides the following functions:

  • Controlling the aging time of neighbor entries on a local routing device.

  • Being a parameter in an RA packet to enable a host to configure the neighbor reachable time.

Each RA packet sent by a routing device carries the neighbor reachable time. This allows all nodes along the same link to use the same neighbor reachable time.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

A shorter neighbor reachable time enables a routing device to detect neighbor reachability more quickly. However, this consumes more network bandwidth and CPU resources. Therefore, a short neighbor reachable time is not recommended on an IPv6 network. The default value, 1200000 ms, is recommended.

If you run the ipv6 nd nud reachable-time command multiple times, only the latest configuration takes effect.

The ipv6 nd nud reachable-time command applies to GE interfaces and sub-interfaces, Eth-Trunk interfaces and sub-interfaces, and tunnel interfaces.

The neighbor reachable time set on a routing device is the same as that carried in an RA packet. In the following cases, however, the neighbor reachable time set on a routing device is the default value 1200000 ms while the neighbor reachable time carried in the RA packet is 0 millisecond:

  • No neighbor reachable time is set on the routing device. The default value takes effect.
  • The undo ipv6 nd nud reachable-time command is run to restore the neighbor reachable time to the default value.

After a host receives an RA packet in which the neighbor reachable time is 0 ms, the host sets the neighbor reachable time to 1200000 ms, the same as that on the device.

Example

# Set the neighbor reachable time to 10000 ms on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 nd nud reachable-time 10000

ipv6 nd ra

Function

The ipv6 nd ra command sets the interval for sending Router Advertisement packets.

The undo ipv6 nd ra command restores the interval for sending RA packets to the default value.

By default, the maximum interval is 600s and the minimum interval is 200s.

Format

ipv6 nd ra { max-interval maximum-interval | min-interval minimum-interval }

undo ipv6 nd ra { max-interval | min-interval }

Parameters

Parameter Description Value
max-interval maximum-interval Specifies the maximum interval for sending RA packets. The value is an integer that ranges from 4 to 1800, in seconds. The default value is 600 seconds, which is recommended. The maximum interval cannot be less than the minimum interval.
min-interval minimum-interval Specifies the minimum interval for sending RA packets. The value is an integer that ranges from 3 to 1350, in seconds.

The default value is 200 seconds, which is recommended.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A routing device periodically sends RA packets. An RA packet carries both the IPv6 address prefix and the flag of stateful address autoconfiguration.

You can run the ipv6 nd ra command to change the interval for sending RA packets.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

Running the ipv6 nd ra command changes the interval for sending RA packets during DAD. Therefore, you are advised to use the default interval, that is, the maximum value is 600s and the minimum value is 200s.

If the ipv6 nd ra command is run multiple times, the latest configuration takes effect.

The ipv6 nd ra command applies to GE interfaces and sub-interfaces, Eth-Trunk interfaces and sub-interfaces, and tunnel interfaces.

The interval for sending RA packets cannot be longer than the lifetime of the RA packets. The default lifetime of the RA packets is 1800s and, you can run the ipv6 nd ra router-lifetime command to change the value.

The actual interval for sending RA packets is a random value between min-interval and max-interval.

Example

# Set the maximum interval for sending RA packets to 1000s on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 nd ra max-interval 1000

# Set the minimum interval for sending RA packets to 300s on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 nd ra min-interval 300

ipv6 nd ra halt

Function

The ipv6 nd ra halt command disables the system from sending RA packets.

The undo ipv6 nd ra halt command enables the system to send RA packets.

By default, the system is disabled from sending RA packets.

Format

ipv6 nd ra halt

undo ipv6 nd ra halt

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

  • When a device is connected to a host, it periodically sends RA packets to the host. An RA packet carries the IPv6 address prefix and flag information of stateful autoconfiguration. You can run the undo ipv6 nd ra halt command to enable the device to send RA packets.
  • When a device is connected to another device, that is, there is no host on the network, sending RA packets is not required. The default configuration is recommended.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

After the ipv6 nd ra halt command is run, the device does not send RA packets. In such a case, the hosts on the network cannot periodically receive information about updated IPv6 prefixes.

The ipv6 nd ra halt command applies to GE interfaces and sub-interfaces, Eth-Trunk interfaces and sub-interfaces, and tunnel interfaces.

By default, the device is disabled from sending RA packets. You can run the display icmpv6 statistics command to check whether a local device has sent RA packets.

Example

# Disable GE0/0/1 from sending RA packets.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 nd ra halt

ipv6 nd ra hop-limit

Function

The ipv6 nd ra hop-limit command sets the hop limit for RA packets.

The undo ipv6 nd ra hop-limit command restores the hop limit for RA packets to the default value.

By default, the hop limit for RA packets is 64.

Format

ipv6 nd ra hop-limit limit

undo ipv6 nd ra hop-limit

Parameters

Parameter Description Value
limit Specifies the hop limit for RA packets. The value is an integer that ranges from 0 to 255. The default value is 64, which is recommended.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

As a parameter in an RA packet, the hop limit enables a host to automatically configure a hop limit (a limit on the number of hops through which IPv6 unicast packets initially sent by a host are allowed to travel).

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

After this command is run on the industrial switch router, the device discards the RA packet whose hop limit is different from its configuration.

  • If the ipv6 nd ra hop-limit command is run on an interface, the hop limit for RA packets is determined by the interface configuration.

  • If the ipv6 nd ra hop-limit command is not run on an interface, the hop limit for RA packets is determined by the hop limit configured using the ipv6 nd hop-limit command.

Example

# Set the hop limit for RA packets sent by GE0/0/1 to 126.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 nd ra hop-limit 126

ipv6 nd ra preference

Function

The ipv6 nd ra preference command sets the priority of the default router in an RA packet.

The undo ipv6 nd ra preference command restores the priority of the default router in an RA packet to the default value.

By default, the priority of the default router in an RA packet is medium.

Format

ipv6 nd ra preference { high | medium | low }

undo ipv6 nd ra preference

Parameters

Parameter Description Value
high Sets the default router priority to high. -
medium Sets the default router priority to medium. -
low Sets the default router priority to low. -

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When multiple industrial switch routers exist on the link where a host resides, the host chooses the forwarding industrial switch router based on the destination address of the packet. Each industrial switch router sends an RA packet that contains the default router priority and route information to the host, which helps the host choose the proper industrial switch router based on the destination address.

The host updates its routing table after receiving the RA packet. To forward packets to other devices, the host checks the routing table to choose the proper route.

When the default router list of the host includes multiple entries, run this command to configure the industrial switch router with the highest priority on the local link as the default industrial switch router (gateway) of the host.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

By default, the industrial switch router does not send RA packets. You need to run the undo ipv6 nd ra halt command to enable the industrial switch router to send RA packets to the host.

Precautions

If the interface is being unbound from the VPN instance that has IPv6 address family enabled, the system displays a message, indicating that this command cannot be run.

Example

# Set the priority of the default router in an RA packet to high on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] undo ipv6 nd ra halt
[Huawei-GigabitEthernet0/0/1] ipv6 nd ra preference high

ipv6 nd ra prefix

Function

The ipv6 nd ra prefix command configures the prefix in an RA packet.

The undo ipv6 nd ra prefix command deletes the prefix in an RA packet.

By default, an RA packet carries only the address prefix configured using the ipv6 address command.

Format

ipv6 nd ra prefix { ipv6-address prefix-length | ipv6-address/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig ] [ off-link ]

undo ipv6 nd ra prefix { ipv6-address prefix-length | ipv6-address/prefix-length }

ipv6 nd ra prefix default no-advertise

undo ipv6 nd ra prefix default no-advertise

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 address carried in the RA packet. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
prefix-length Specifies the prefix length of an IPv6 address. The value is an integer that ranges from 1 to 128. You can calculate the IPv6 prefix carried in the RA packet based on the IPv6 address and prefix length.
valid-lifetime Specifies the valid lifetime of the prefix. The value is an integer that ranges from 0 to 4294967295, in seconds.
preferred-lifetime Specifies the preferred lifetime of the prefix. The value is an integer that ranges from 0 to 4294967295, in seconds. The preferred lifetime cannot be larger than the valid lifetime.
no-autoconfig Deletes the A-Flag. If this parameter is configured, a configured prefix cannot be used in stateless address allocation. -
off-link Specifies the O-Flag. If off-link is specified, the prefix carried in the RA packet cannot be allocated to the local link. When the host sends a packet to the address specified by this prefix, the packet is forwarded through a default router. -
default no-advertise Specifies that RA packets do not carry the default prefix generated based on the interface IPv6 address. -

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To enable a routing device to advertise only a specified prefix, run the ipv6 nd ra prefix command to configure the prefix.

If a prefix has been configured using the ipv6 nd ra prefix command, the device advertises both prefixes configured using the ipv6 nd ra prefix and ipv6 address commands.

By default, RA packets carry the default prefix generated based on the interface IPv6 address. If the default setting is not required, run the ipv6 nd ra prefix default no-advertise command.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

After a host receives the RA packet with the prefix configured using the ipv6 nd ra prefix command, the host updates the local prefix information.

The ipv6 nd ra prefix command applies to the following interfaces: GE interfaces and sub-interfaces, Eth-Trunk interfaces and sub-interfaces, and tunnel interfaces.

The prefix configured using the ipv6 nd ra prefix command cannot be fe80:: (prefix of a link-local address), ff00:: (prefix of a multicast address), :: (prefix of an unspecified address), or the prefix that has been used by another interface (including the interface address prefix and prefix carried in RA packets).

Example

# Configure the prefix in the RA packet on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] undo ipv6 nd ra halt
[Huawei-GigabitEthernet0/0/1] ipv6 nd ra prefix fc00:1::100 128 1000 400 no-autoconfig
[Huawei-GigabitEthernet0/0/1] ipv6 nd ra prefix fc00:2::100 64 1000 400 off-link

# Configure RA packets on GE0/0/1 not to carry the default prefix.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] undo ipv6 nd ra halt
[Huawei-GigabitEthernet0/0/1] ipv6 nd ra prefix default no-advertise
Related Topics

ipv6 nd ra route-information

Function

The ipv6 nd ra route-information command configures route option information in an RA packet.

The undo ipv6 nd ra route-information command deletes route option information in an RA packet.

By default, no route option information is configured in an RA packet.

Format

ipv6 nd ra route-information ipv6-address prefix-length lifetime route-lifetime [ preference { high | medium | low } ]

undo ipv6 nd ra route-information ipv6-address prefix-length

Parameters

Parameter Description Value
ipv6-address Specifies the prefix of an IPv6 address. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
prefix-length Specifies the prefix length of an IPv6 address. The value is an integer that ranges from 0 to 128.
lifetime route-lifetime Specifies the route lifetime. The value is an integer that ranges from 0 to 4294967295, in seconds.
preference Specifies the route priority. -
high Sets the route priority to high. -
medium Sets the route priority to medium. -
low Sets the route priority to low. -

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An RA packet contains route options. The industrial switch router sends the specified routes to the hosts on the local network segment by using these route options. The hosts can send packets by using these routes.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

By default, the industrial switch router does not send RA packets. You need to run the undo ipv6 nd ra halt command to enable the industrial switch router to send RA packets to the host.

Precautions

The host updates its routing table after receiving the RA packet that carries route option information. To forward packets to other devices, the host checks the routing table to choose the proper route.

A maximum of 17 route options are supported on each interface.

Route option information cannot be configured for a loopback address.

Example

# Configure route information of RA packets on GE0/0/1: setting the lifetime of the route with the destination address of FC00:1::1/64 to 1550s, and the priority of this route to high.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] undo ipv6 nd ra halt
[Huawei-GigabitEthernet0/0/1] ipv6 nd ra route-information fc00:1::1 64 lifetime 1550 preference high

ipv6 nd ra router-lifetime

Function

The ipv6 nd ra router-lifetime command sets the lifetime of RA packets.

The undo ipv6 nd ra router-lifetime command restores the lifetime of RA packets to the default value.

By default, the lifetime for RA messages is three times of the maximum interval for advertising RA messages.

Format

ipv6 nd ra router-lifetime ra-lifetime

undo ipv6 nd ra router-lifetime

Parameters

Parameter Description Value
ra-lifetime Specifies the lifetime of RA packets. The value is an integer and can be 0 or ranges from 4 to 9000, in seconds.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A device adds the lifetime value to an RA packet before sending the RA packet to the host on the local network segment. The lifetime of RA packet indicates the time that a router functions as the default gateway for a host.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

If a host receives an RA packet with the lifetime field being 0, the host does not add the address of the industrial switch router to its default router table.

The ipv6 nd ra router-lifetime command applies to GE interfaces and sub-interfaces, Eth-Trunk interfaces and sub-interfaces, and tunnel interfaces.

The lifetime of the RA packets cannot be smaller than the interval for sending RA packets. By default, the maximum interval for sending RA packets is 600s and the minimum interval is 200s. You can run the ipv6 nd ra command to set the interval. If the set lifetime value of the RA packets is smaller than the set interval for sending RA packets, the system displays an error. In such a case, you need to reset the lifetime value.

Example

# Set the lifetime of the RA packets on GE0/0/1 to 1000s.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 nd ra router-lifetime 1000

ipv6 nd stale-timeout

Function

The ipv6 nd stale-timeout command sets the aging time of ND entries in STALE state.

The undo ipv6 nd stale-timeout command restores the aging time of ND entries in STALE state to the default value.

By default, the aging time of ND entries in STALE state is 1200s in the system view and is not set in the interface view.

Format

ipv6 nd stale-timeout timeout-value

undo ipv6 nd stale-timeout

Parameters

Parameter Description Value
timeout-value Specifies the aging time of ND entries in STALE state. The value is an integer that ranges from 60 to 172800, in seconds. The default value is 1200s, which is recommended.

Views

System view and Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The STALE state of an ND entry indicates that whether the neighbor is reachable is unknown. A device does not detect the neighbor reachability unless packets need to be sent to a neighbor.

The aging time of ND entries in STALE state is configurable. To quickly clear invalid ND entries, set the aging time to a smaller value using the ipv6 nd stale-timeout command. This speeds up entry aging.

Prerequisites

The device is enabled to forward IPv6 packets using the ipv6 command in the system view.

IPv6 has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

After the ipv6 nd stale-timeout command is run, the status of ND entries can be updated after the aging time of ND entries in STALE state expires.

The system checks the validity of ND entries after the aging time of ND entries in STALE state expires. If the neighbor is reachable, the ND entry status changes to REACH; otherwise, the ND entry is deleted.

When the aging time is not set on interfaces, the aging time set in the system is used. When the aging time is set on interfaces, the setting on the interfaces takes effect with priority.

Example

# Set the aging time of ND entries in STALE state to 3600s on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 nd stale-timeout 3600

ipv6 neighbor

Function

The ipv6 neighbor command configures static neighbor entries.

The undo ipv6 neighbor command deletes static neighbor entries.

By default, no static neighbor entry is configured.

Format

ipv6 neighbor ipv6-address mac-address

ipv6 neighbor ipv6-address mac-address vid vlan-id interface-type interface-number

ipv6 neighbor ipv6-address mac-address vid vlan-id [ cevid cevid ]

undo ipv6 neighbor ipv6-address

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 address of a neighbor. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
mac-address Specifies the MAC address of a static neighbor. The value is a 48-digit number in H-H-H format.
vid vlan-id Specifies the ID of the VLAN to which the VLANIF interface belongs. The value is an integer that ranges from 1 to 4094.
cevid cevid Specifies the inner VLAN ID. The value is an integer that ranges from 1 to 4094.
interface-type interface-number Specifies the interface type and number of a physical interface. -

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The ipv6 neighbor command applies to GE interfaces and sub-interfaces, and Eth-Trunk interfaces and sub-interfaces. You can run the ipv6 neighbor command to configure the mapping between the IPv6 address and MAC address for a neighbor. A neighbor entry indicates the mapping between an IPv6 address and a MAC address.

To filter invalid packets, you can create static neighbor entries, binding the destination IPv6 addresses of these packets to nonexistent MAC addresses.

Run the following commands based on the interface type:
  • To configure static neighbor entries for Layer 3 interfaces, run the ipv6 neighbor ipv6-address mac-address command.
  • To configure static neighbor entries for VLANIF interfaces, run the ipv6 neighbor ipv6-address mac-address vid vlan-id interface-type nterface-number command.
  • To configure static neighbor entries for QinQ termination sub-interfaces or a dot1q termination sub-interfaces, run the ipv6 neighbor ipv6-address mac-address vid vlan-id [ cevid cevid ] command.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

A neighbor entry enters the REACHABLE state after being created, indicating that the interface connected to this neighbor is Up. If the interface connected to this neighbor becomes Down, the neighbor entry needs to be deleted.

The static neighbor entries overwrite the neighbor entries dynamically learnt by device. That is, static neighbor entries are of higher priorities than dynamically learnt neighbor entries.

If the IPv6 address or MAC address specified in the ipv6 neighbor command is incorrect, communication with this neighbor fails.

Example

# Configure static neighbor entries on GE0/0/1.

<Huawei> system-view
[Huawei] ipv6
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ipv6 enable
[Huawei-GigabitEthernet0/0/1] ipv6 neighbor fc00::1 0019-7459-3301 

ipv6 pathmtu

Function

The ipv6 pathmtu command sets the PMTU for a specified destination IPv6 address.

The undo ipv6 pathmtu command deletes the PMTU for a specified destination IPv6 address.

Format

ipv6 pathmtu ipv6-address [ vpn-instance vpn-instance-name ] [ path-mtu ]

undo ipv6 pathmtu ipv6-address [ vpn-instance vpn-instance-name ]

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 address for which a PMTU is to be set. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
vpn-instance vpn-instance-name Specifies the name of an IPv6 VPN instance for which a PMTU is to be set. The value must be an existing VPN instance.
path-mtu Specifies the path MTU, that is, the maximum size of IPv6 packets allowed to be sent along the path. The value is an integer that ranges from 1280 to 10000, in bytes. The default value is 1500, which is recommended.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A PMTU is used to determine the proper size of packets to be transmitted along the path from a source to a destination. Usually, a device fragments and forwards packets based on the dynamically learnt PMTU. Packets that are sent using this PMTU do not need to be fragmented during transmission. This reduces pressure on routing devices and optimizes network resource utilization to obtain the maximum throughput.

In some special cases, however, to protect devices on the network and avoid large-size packet attacks, you can run the ipv6 pathmtu command to set a static PMTU for the specified destination IPv6 address to control the maximum size of packets that can be transmitted between the source and the destination.

Precautions

On the path along which packets are transmitted, a node discards the received packets if its MTU is smaller than the PMTU of the received packets. Therefore, in most cases, dynamic PMTU learning is recommend unless there are security vulnerabilities on the network. You can use the default PMTU value instead of running the ipv6 pathmtu command to set a static PMTU.

Example

# Set the PMTU of a specified IPv6 destination address to 1300 bytes.

<Huawei> system-view
[Huawei] ipv6 pathmtu fc00::12 1300

# Set the PMTU of the address fc00::1 of the IPv6 VPN instance to 1600 bytes.

<Huawei> system-view
[Huawei] ipv6 pathmtu fc00::1 vpn-instance vpn6 1600

ipv6 pathmtu age

Function

The ipv6 pathmtu age command sets the aging time of dynamic PMTU entries.

The undo ipv6 pathmtu age command restores the aging time of dynamic PMTU entries to the default value.

By default, the aging time of dynamic PMTU entries is 10 minutes.

Format

ipv6 pathmtu age age-time

undo ipv6 pathmtu age

Parameters

Parameter Description Value
age-time Specifies the aging time of dynamic specified PMTU entries. The value is an integer that ranges from 10 to 100, in minutes. The default value is 10 minutes, which is recommended.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The lifetime of a dynamic PMTU entry can be changed by setting an aging time for dynamic PMTU entries.

To slow down PMTU aging, run the ipv6 pathmtu age command to set the aging time of dynamic PMTU entries to a larger value.

Precautions

This command changes only the aging time of dynamic PMTUs but not static PMTUs because static PMTU entries never age.

The priority of a static PMTU is higher than that of a dynamic PMTU. If the static PMTU exists, the dynamic PMTU does not take effect.

The aging time for the PMTU is valid only for the dynamic PMTU entries generated after this configuration, instead of the PMTU entries generated before this configuration.

Example

# Set the aging time of dynamic PMTU entries to 40 minutes.

<Huawei> system-view
[Huawei] ipv6 pathmtu age 40

ipv6 soft-forward enhance enable

Function

The ipv6 soft-forward enhance enable command enables the enhanced forwarding function for IPv6 control packets generated by the device.

The undo ipv6 soft-forward enhance enable command disables the enhanced forwarding function for IPv6 control packets generated by the device.

By default, the enhanced forwarding function is enabled for IPv6 control packets generated by the device.

Format

ipv6 soft-forward enhance enable

undo ipv6 soft-forward enhance enable

Parameters

None.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can configure forwarding policies (such as QoS policies) for data packets to implement differentiated services. In some scenarios, you may need to manage control packets generated by the device to process different control packets. For example, carriers have limited the bandwidth of data packets through QoS policies and also want to limit the bandwidth of control packets. In this situation, QoS policies take effect only for data packets. You can configure the enhanced forwarding function to make QoS policies take effect for control packets. Currently, the enhanced forwarding function is valid only for the control packets generated by the device but not for the control packets forwarded by other devices.

You can run the ipv6 soft-forward enhance enable command to enable the enhanced forwarding function for IPv6 control packets generated by the device.

Follow-up Procedures

After enabling the enhanced forwarding function on the device, you can perform some configurations on the IPv6 control packets generated by the device. For example, you can configure different QoS policies for different types of IPv6 control packets generated by the device.

Example

# Disable the enhanced forwarding function for IPv6 control packets generated by the device.
<Huawei> system-view
[Huawei] undo ipv6 soft-forward enhance enable

reset ipv6 address-policy

Function

The reset ipv6 address-policy command deletes policy entries for selecting addresses.

Format

reset ipv6 address-policy [ vpn-instance vpn-instance-name ]

Parameters

Parameter Description Value
vpn-instance vpn-instance-name Deletes policy entries for selecting the address of a specified VPN instance. vpn-instance-name specifies the name of a VPN instance. The value must be an existing VPN instance.

Views

User view

Default Level

3: Management level

Usage Guidelines

The reset ipv6 address-policy command deletes policy entries for selecting addresses. Therefore, confirm your action before running this command.

This command does not delete policy entries for selecting default addresses.

Example

# Delete policy entries for selecting addresses.

<Huawei> reset ipv6 address-policy

reset ipv6 attack-source overlapping-fragment

Function

The reset ipv6 attack-source overlapping-fragment command clears statistics on overlapping fragment attack packets.

Format

reset ipv6 attack-source overlapping-fragment

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

After overlapping fragment attack packets are processed manually, run the reset ipv6 attack-source overlapping-fragment command to clear statistics on overlapping fragment attack packets.

Example

# Clear statistics on IPv6 overlapping fragment attack packets.

<Huawei> reset ipv6 attack-source overlapping-fragment 

reset ipv6 neighbors

Function

The reset ipv6 neighbors command clears neighbor entries.

Format

reset ipv6 neighbors { all | dynamic | static | vid vlan-id [ interface-type interface-number ] | interface-type interface-number [ dynamic | static ] }

Parameters

Parameter Description Value
all Clears neighbor entries on all interfaces. -
dynamic

The first dynamic indicates that dynamic neighbor entries on all interfaces are cleared.

The second dynamic indicates that dynamic neighbor entries on the current interface are cleared.

-
static

The first static indicates that static neighbor entries on all interfaces are cleared.

The second static indicates that static neighbor entries on the current interface are deleted.

-
vid vlan-id Clears neighbor entries of a specified VLAN. The value is an integer that ranges from 1 to 4094.
interface-type interface-number Clears all neighbor entries on a specified interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.
-

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the number of neighbor entries exceeds the upper limit, run the reset ipv6 neighbors command to clear excessive neighbor entries.

Precautions

The reset ipv6 neighbors command clears specified neighbor entries, which affects IPv6 packet forwarding. Therefore, confirm your action before running this command.

Example

# Clear all neighbor entries on all interfaces.

<Huawei> reset ipv6 neighbors all
Warning: This operation will delete all static and dynamic IPv6 ND entries and the configurations of all static IPv6 ND. Continue?[Y
/N]:y

# Clear all neighbor entries on GE0/0/1.

<Huawei> reset ipv6 neighbors gigabitethernet 0/0/1

reset ipv6 pathmtu

Function

The reset ipv6 pathmtu command clears PMTU entries.

Format

reset ipv6 pathmtu [ vpn-instance vpn-instance-name ] { all | dynamic | static }

Parameters

Parameter Description Value
all Clears all PMTU entries in the cache. -
dynamic Clears all dynamic PMTU entries in the cache. -
static Clears all static PMTU entries in the cache. -
vpn-instance vpn-instance-name Clears all PMTU entries of a specified IPv6 VPN instance. The value must be an existing VPN instance.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

The reset ipv6 pathmtu command clears all PMTU entries. Therefore, confirm your action before running this command.

Example

# Clear all PMTU entries.

<Huawei> reset ipv6 pathmtu all
Warning: This operation will reset all static and dynamic IPv6 PMTU entries, and clear the configurations of all static IPv6 PMTU, c
ontinue?[Y/N]:y
Related Topics

reset ipv6 socket pktsort

Function

The reset ipv6 socket pktsort command clears statistics on the dual receive buffer of an IPv6 socket.

Format

reset ipv6 socket pktsort task-id task-id socket-id socket-id

Parameters

Parameter Description Value
task-id task-id Specifies the ID of a task. The value is an integer that ranges from 1 to 350.
socket-id socket-id Specifies the ID of a socket. The value is an integer that ranges from 1 to 131072.

Views

User view

Default Level

3: Management level

Usage Guidelines

This command clears statistics on the dual receive buffer of an IPv6 socket and the count restarts. Therefore, confirm your action before running this command.

Example

# Clear statistics on the dual receive buffer of the IPv6 socket with the task ID 2 and the socket ID 4.

<Huawei> reset ipv6 socket pktsort task-id 2 socket-id 4

reset ipv6 statistics

Function

The reset ipv6 statistics command clears IPv6 traffic statistics.

Format

reset ipv6 statistics

Parameters

None

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To collect IPv6 traffic statistics within a specified period, clear the existing IPv6 traffic statistics before running the display ipv6 statistics command to display IPv6 traffic statistics.

Precautions

The reset ipv6 statistics command clears the specified IPv6 traffic statistics. Therefore, confirm your action before running this command.

Example

# Clear IPv6 traffic statistics.

<Huawei> reset ipv6 statistics

reset rawip ipv6 statistics

Function

The reset rawip ipv6 statistics command clears all Raw IPv6 packet statistics.

Format

reset rawip ipv6 statistics

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

You need to run this command to clear the existing statistics on Raw IPv6 packets before running the display rawip ipv6 statistics command to view statistics on Raw IPv6 packets in a specified period.

The reset rawip ipv6 statistics command clears statistics on Raw IPv6 packets. Therefore, confirm your action before running this command.

Example

# Clear all Raw IPv6 packet statistics.

<Huawei> reset rawip ipv6 statistics

reset tcp ipv6 authentication-statistics

Function

The reset tcp ipv6 authentication-statistics command clears authentication statistics of a specified TCP6 connection.

Format

reset tcp ipv6 authentication-statistics src-ip src-ip src-port src-port dest-ip dest-ip dest-port dest-port

Parameters

Parameter Description Value
src-ip src-ip Specifies the source IPv6 address. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
src-port src-port Specifies the source port. The value is an integer that ranges from 0 to 65535.
dest-ip dest-ip Specifies the destination IPv6 address. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
dest-port dest-port Specifies the destination port. The value is an integer that ranges from 0 to 65535.

Views

User view

Default Level

3: Management level

Usage Guidelines

The reset tcp ipv6 authentication-statistics command clears authentication statistics of a TCP6 connection. Therefore, confirm your action before running this command.

Example

# Clear authentication statistics of a TCP6 connection.

<Huawei> reset tcp ipv6 authentication-statistics src-ip fc00:1::1 src-port 3456 dest-ip fc00:3::5 dest-port 5678

reset tcp ipv6 statistics

Function

The reset tcp ipv6 statistics command clears IPv6 TCP packet statistics.

Format

reset tcp ipv6 statistics

Parameters

None

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You need to clear the existing statistics on IPv6 TCP packets before running the display tcp ipv6 statistics command to view the statistics on IPv6 TCP packets in a specified period.

Precautions

The reset tcp ipv6 statistics command clears statistics on IPv6 TCP packets. Therefore, confirm your action before running this command.

The reset tcp ipv6 statistics command clears IPv6 TCP packet statistics on all in-service interface boards.

Example

# Clear IPv6 TCP packet statistics.

<Huawei> reset tcp ipv6 statistics

reset udp ipv6 statistics

Function

The reset udp ipv6 statistics command clears IPv6 UDP packet statistics.

Format

reset udp ipv6 statistics

Parameters

None

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You need to run this command to clear the existing IPv6 UDP packet statistics before running the display udp ipv6 statistics command to view IPv6 UDP packet statistics in a specified period.

Precautions

The reset udp ipv6 statistics command clears IPv6 UDP packet statistics. Therefore, confirm your action before running this command.

The reset udp ipv6 statistics command clears IPv6 UDP packet statistics on all in-service interface boards.

Example

# Clear IPv6 UDP packet statistics.

<Huawei> reset udp ipv6 statistics

set priority acl6 dscp

Function

The set priority acl6 dscp command configures the DSCP priority of IPv6 control packets generated by the device based on the ACL rule.

The undo set priority acl6 command restores the default DSCP priority of IPv6 control packets generated by the device.

By default, the DSCP priority of IPv6 control packets generated by the device is not specified based on the ACL rule.

Format

set priority acl6 acl6-number dscp dscp-value

undo set priority acl6 acl6-number

Parameters

Parameter

Description

Value

acl6-number

Specifies the number of an ACL rule.

The value is an integer that ranges from 3000 to 3999.

dscp-value

Specifies the DSCP priority of IPv6 control packets.

The value is as follows:

  • The value is an integer that ranges from 0 to 63.

  • The value can be ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, or default.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the ipv6 soft-forward enhance enable command is executed to enable the enhanced forwarding function of IPv6 control packets generated by the device, the same QoS policy will be applied to both the control packets and data packets. When the device maps packets based on DSCP priorities, it may send some control packets with low DSCP priorities generated on the device to low-priority queues, such as ICMPv6 and IPv6 Telnet packets. You can run the set priority acl6 dscp command to configure the DSCP priority of IPv6 control packets generated by the device based on the ACL rule, to prevent these IPv6 control packets from entering low-priority queues.

Precautions

If you run the set priority acl6 dscp command with the same value of acl6-number multiple times, only the latest configuration takes effect.

You can run the set priority protocol-type-ipv6 dscp command to specify the DSCP priority of IPv6 control packets based on the protocol type. If you specify the DSCP priority of IPv6 control packets based on both the protocol type and ACL rule, the protocol type configuration takes effect preferentially.

If you specify the DSCP priority of IPv6 control packets based on the ACL rule, you can configure a maximum of 16 ACL rules.

Example

# Set the DSCP priority of IPv6 control packets based on the ACL6 rule 3002 to 56.

<Huawei> system-view
[Huawei] set priority acl6 3002 dscp 56

set priority protocol-type-ipv6 dscp

Function

The set priority protocol-type-ipv6 dscp command configures the DSCP priority of IPv6 control packets generated by the device based on the protocol type.

The undo set priority protocol-type-ipv6 dscp command restores the default DSCP priority of IPv6 control packets generated by the device.

By default, the DSCP priority of IPv6 control packets generated by the device is 0.

Format

set priority protocol-type-ipv6 protocol-type dscp dscp-value

undo set priority protocol-type-ipv6 protocol-type dscp

Parameters

Parameter

Description

Value

protocol-type

Specifies the DSCP priority based on the IPv6 protocol type.

Enumerated type. The value can be bgp4plus, dns6, icmpv6, snmp, ssh, or telnet.

dscp-value

Specifies the DSCP priority of IPv6 control packets.

The value is as follows:

  • The value is an integer that ranges from 0 to 63.

  • The value can be ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, or default.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the ipv6 soft-forward enhance enable command is executed to enable the enhanced forwarding function of IPv6 control packets generated by the device, the same QoS policy will be applied to both the control packets and data packets. When the device maps packets based on DSCP priorities, it may send some control packets with low DSCP priorities generated on the device to low-priority queues, such as ICMPv6 and IPv6 Telnet packets. You can run the set priority protocol-type-ipv6 dscp command to configure the DSCP priority of IPv6 control packets generated by the device based on the protocol type, to prevent these IPv6 control packets from entering low-priority queues.

Precautions

If you run the set priority protocol-type-ipv6 dscp command with the same value of protocol-type-ipv6 multiple times, only the latest configuration takes effect.

To configure DSCP priorities of multiple IPv6 control packets, run the set priority protocol-type-ipv6 dscp command multiple times.

You can run the set priority acl6 dscp command to specify the DSCP priority of IPv6 control packets based on the ACL rule. If you specify the DSCP priority of IPv6 control packets based on both the protocol type and ACL rule, the protocol type configuration takes effect preferentially.

Example

# Set the DSCP priority of IPv6 Telnet packets to 56.

<Huawei> system-view
[Huawei] set priority protocol-type-ipv6 telnet dscp 56

tcp ipv6 max-mss

Function

The tcp ipv6 max-mss command sets the maximum value of Maximum Segment Size (MSS) for a TCP6 connection.

The undo tcp ipv6 max-mss command deletes the maximum MSS value of a TCP6 connection.

By default, the maximum MSS value is not configured for TCP6 connections.

Format

tcp ipv6 max-mss mss-value

undo tcp ipv6 max-mss

Parameters

Parameter Description Value
mss-value Specifies the maximum MSS value for a TCP6 connection. The value is an integer ranging from 32 to 9600, in bytes.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To establish a TCP6 connection, the MSS value is negotiated, which indicates the maximum length of packets that the local device can receive. If the path MTU is unavailable on one end of a TCP6 connection, this end cannot adjust the TCP6 packet size based on the MTU. As a result, this end may send TCP6 packets that are longer than the MTUs on intermediate devices, which will discard these packets. To prevent this problem, run the tcp ipv6 max-mss command on either end of a TCP6 connection to set the maximum MSS value of TCP6 packets. Then the MSS value negotiated by both ends will not exceed this maximum MSS value, and accordingly TCP6 packets sent from both ends will not be longer than this maximum MSS value and can travel through the intermediate network.

Precautions

The maximum MSS value configured using the tcp ipv6 max-mss command must be greater than the minimum MSS value configured using the tcp ipv6 min-mss command.

Example

# Set the maximum MSS value for a TCP6 connection to 1024 bytes.

<Huawei> system-view
[Huawei] tcp ipv6 max-mss 1024
Related Topics

tcp ipv6 min-mss

Function

The tcp ipv6 min-mss command sets the minimum value of maximum segment size (MSS) for a TCP6 connection.

The undo tcp ipv6 min-mss command restores the default minimum value of the MSS for a TCP6 connection.

The default minimum MSS value for a TCP6 connection is 216 bytes.

Format

tcp ipv6 min-mss mss-value

undo tcp ipv6 min-mss

Parameters

Parameter Description Value
mss-value Specifies the minimum MSS value for a TCP6 connection. The value ranges from 32 byte to 1500 bytes. By default, the value is 216 bytes.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To establish a TCP6 connection, the MSS value is negotiated, which indicates the maximum length of packets that the local device can receive. The TCP6 client on a network may send a request packet for establishing a TCP6 connection carrying a small MSS value. For example, the MSS value is 1. After the TCP6 server receives the request packet carrying the MSS value, the TCP6 connection is established. The TCP6 client then may send large numbers of requests to the server by an application, causing the TCP6 server to generate large numbers of reply packets. This may burden the TCP6 server or network, causing denial of service (DoS) attacks. To resolve this problem, run the tcp ipv6 min-mss command to set the minimum MSS value for a TCP6 connection. This configuration prevents a server from receiving packets carrying a small MSS value.

Precautions

If the tcp ipv6 min-mss command is run more than once in the same view, the latest configuration overrides the previous one.

Configure the parameters under the guidance of the technical personnel.

Example

# Set the minimum MSS value for a TCP6 connection to 512 bytes.

<Huawei> system-view
[Huawei] tcp ipv6 min-mss 512
Related Topics

tcp ipv6 timer fin-timeout

Function

The tcp ipv6 timer fin-timeout command sets the value of the TCP6 FIN-Wait timer.

The undo tcp ipv6 timer fin-timeout command restores the default value of the TCP6 FIN-Wait timer.

By default, the value of the TCP6 FIN-Wait timer is 675s.

Format

tcp ipv6 timer fin-timeout interval

undo tcp ipv6 timer fin-timeout

Parameters

Parameter Description Value
interval Specifies the value of the TCP6 FIN-Wait timer. The value is an integer that ranges from 76 to 3600, in seconds. The default value is 675s.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a TCP6 connection changes from FIN_WAIT_1 to FIN_WAIT_2, the TCP FIN-Wait timer is started. If the local device does not receive a packet with the FIN flag after the TCP6 FIN-Wait timer expires, the TCP6 connection is closed.

Precautions

If you run the tcp ipv6 timer fin-timeout command multiple times, only the latest configuration takes effect.

You are advised to use this command under the supervision of technical support personnel.

Example

# Set the value of the TCP6 FIN-Wait timer to 800s.

<Huawei> system-view
[Huawei] tcp ipv6 timer fin-timeout 800

tcp ipv6 timer syn-timeout

Function

The tcp ipv6 timer syn-timeout command sets the value of the TCP6 SYN-Wait timer.

The undo tcp ipv6 timer syn-timeout command restores the default value of the TCP6 SYN-Wait timer.

By default, the value of the TCP6 SYN-Wait timer is 75s.

Format

tcp ipv6 timer syn-timeout interval

undo tcp ipv6 timer syn-timeout

Parameters

Parameter Description Value
interval Specifies the value of the TCP6 SYN-Wait timer. The value is an integer that ranges from 2 to 600, in seconds. The default value is 75s.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When an SYN packet is sent, the TCP6 SYN-Wait timer is started. If no response packet is received when the TCP6 SYN-Wait timer expires, the TCP6 connection is closed.

Precautions

If you run the tcp ipv6 timer syn-timeout command multiple times, only the latest configuration takes effect.

You are advised to use this command under the supervision of technical support personnel.

Example

# Set the value of the TCP6 SYN-Wait timer to 100s.

<Huawei> system-view
[Huawei] tcp ipv6 timer syn-timeout 100

tcp ipv6 window

Function

The tcp ipv6 window command sets the size of the packet receive or send buffer of a connection-oriented socket.

The undo tcp ipv6 window command restores the default size of the packet receive or send buffer of a connection-oriented socket.

By default, the size of the packet receive or send buffer of a connection-oriented socket is 8K bytes.

Format

tcp ipv6 window window-size

undo tcp ipv6 window

Parameters

Parameter Description Value
window-size Specifies the size of the packet receive or send buffer of a connection-oriented socket. The value is an integer that ranges from 1 to 32, in K bytes. The default value is 8K bytes.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

This command changes the default size of the packet receive or send buffer. The device uses the default size to establish a TCP6 session.

Precautions

If you run the tcp ipv6 window command multiple times, only the latest configuration takes effect.

You are advised to use this command under the supervision of technical support personnel.

Example

# Set the size of the packet receive or send buffer of a connection-oriented socket to 4K bytes.

<Huawei> system-view
[Huawei] tcp ipv6 window 4
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 91520

Downloads: 124

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next