No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MFF Configuration Commands

MFF Configuration Commands

NOTE:
CE6880EI does not support MFF.

display mac-forced-forwarding

Function

The display mac-forced-forwarding command displays the MFF configuration.

Format

display mac-forced-forwarding { network-port | vlan vlan-id | user-isolate-port }

Parameters

Parameter Description Value
network-port Displays network interface information. -
vlan vlan-id Displays the MFF configuration in a specified VLAN. The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command.
user-isolate-port Displays isolated interface information. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The display mac-forced-forwarding command displays the MFF network interface information, isolated interface information, and MFF configuration in a specified VLAN.

Example

# Display information about the MFF network interface.

<HUAWEI> display mac-forced-forwarding network-port
-------------------------------------------------------------------------------- 
VLAN                      Network Ports                                          
-------------------------------------------------------------------------------- 
  10                      10GE1/0/2
Table 16-66  Description of the display mac-forced-forwarding network-port command output

Item

Description

VLAN

ID of the VLAN that the network interface belongs to.

Network Ports

Network interface.

# Display information about the MFF isolated interface in VLAN 10.

<HUAWEI> display mac-forced-forwarding user-isolate-port
--------------------------------------------------------------------------------
VLAN                     User Isolate Ports
--------------------------------------------------------------------------------
  10                     10GE1/0/4
Table 16-67  Description of the display mac-forced-forwarding user-isolate-port command output

Item

Description

VLAN

ID of the VLAN that the isolated interface belongs to.

User Isolate Ports

Isolated interface.

# Display the MFF configuration in VLAN 10.

<HUAWEI> display mac-forced-forwarding vlan 10
Flags: S - static, D - dynamic      
---------------------------------------------------------------------------     
Gateway detect         : enable                                                 
Dynamic user learning  : enable                                                 
User-detect transparent: enable                                                 
Static gateway         : 10.1.1.1                                                      
Max user               : -                                                      
Servers                : 10.1.1.2
                 
---------------------------------------------------------------------------
Gateway IP      Gateway MAC
---------------------------------------------------------------------------
10.1.1.1       3867-9a11-0110  
10.1.1.2       3867-9a11-0111  
---------------------------------------------------------------------------
                                 
---------------------------------------------------------------------------
User IP         User MAC        Gateway IP      Interface             Flags 
---------------------------------------------------------------------------
10.1.1.10      0001-0001-0002   10.1.1.1        10GE1/0/19            D 
---------------------------------------------------------------------------
MFF host total count = 1
Table 16-68  Description of the display mac-forced-forwarding vlan command output

Item

Description

Flags

User type:
  • S: The Switch obtains user information using the static or dynamic DHCP snooping binding table.
  • D: The Switch dynamically obtains information using ARP snooping.

Gateway detect

Timed gateway detection status:
  • enable: Timed gateway detection is enabled.
  • disable: Timed gateway detection is disabled.

To enable timed gateway detection, run the mac-forced-forwarding gateway-detect command.

Dynamic user learning

Dynamic user learning status:
  • enable: Dynamic user learning is enabled.
  • disable: Dynamic user learning is disabled.

To disable dynamic user learning, run the mac-forced-forwarding learning dynamic-user disable command.

User-detect transparent

Transparent transmission of ARP request packets:
  • enable: Transparent transmission of ARP request packets is enabled.
  • disable: Transparent transmission of ARP request packets is disabled.

To enable transparent transmission of ARP request packets, run the mac-forced-forwarding user-detect transparent command.

Static gateway

Static gateway.

To set the Static gateway, run the mac-forced-forwarding static-gateway command.

Max user

Maximum number of users.

To set the maximum number of users, run the mac-forced-forwarding max-user command.

Servers

Server IP addresses.

To configure the server IP addresses, run the mac-forced-forwarding server command.

Gateway IP

Gateway IP address.

NOTE:

The displayed gateway IP address may be a dynamically learned gateway IP address, a manually configured gateway IP address, or a server IP address.

Gateway MAC

Gateway MAC address.

User IP

IP address of the access user.

User MAC

MAC address of the access user.

Interface

Access interface.

MFF host total count

Total number of MFF users.

mac-forced-forwarding enable

Function

The mac-forced-forwarding enable command enables MFF.

The undo mac-forced-forwarding enable command disables MFF.

By default, MFF is disabled.

Format

mac-forced-forwarding enable

undo mac-forced-forwarding enable

Parameters

None

Views

System view, VLAN view, VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Many networks require that the gateway monitor data traffic and isolate users. MFF isolates users at Layer 2 and connects users at Layer 3 on the same network segment. MFF enables traffic to be forwarded through the gateway. This implements traffic monitoring and accounting and ensures network security.

Precautions

You can run the mac-forced-forwarding enable command in the VLAN view and perform other configurations only after you enable MFF globally in the system view.

After MFF is disabled in the system view, other MFF configurations are automatically deleted.

MFF cannot be enabled in a VLAN where the Super VLAN, sub-VLAN, MUX VLAN, TRILL VLAN, TRILL CE VLAN, VLANIF interface, ARP fast reply, or EAI is configured.

When the protocol packet transparent transmission in a VLAN is enabled together with the MFF function, the protocol packet transparent transmission function does not take effect.

Example

# Enable MFF in VLAN 100.

<HUAWEI> system-view
[~HUAWEI] mac-forced-forwarding enable
[*HUAWEI] vlan 100
[*HUAWEI-vlan100] mac-forced-forwarding enable

mac-forced-forwarding gateway-detect

Function

The mac-forced-forwarding gateway-detect command enables timed gateway detection.

The undo mac-forced-forwarding gateway-detect command disables timed gateway detection.

By default, timed gateway detection is disabled.

Format

mac-forced-forwarding gateway-detect

undo mac-forced-forwarding gateway-detect

Parameters

None

Views

VLAN view, VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On a practical network, services may be interrupted for a long time because the MFF-enabled device cannot immediately detect the gateway MAC address change. Timed gateway detection can solve this problem. After the detection function is enabled, the MFF-enabled device scans recorded gateway information every 30 seconds. For each gateway recorded, the MFF-enabled device uses user information to construct an ARP request packet and sends it to the network interface. The MFF-enabled device then learns the gateway MAC address from the ARP reply packet. If the gateway MAC address changes, the MFF-enabled device immediately updates the gateway information and broadcasts gratuitous ARP packets to users. Users can update the gateway address.

Prerequisites

MFF has been enabled in a VLAN using the mac-forced-forwarding enable command.

Precautions

When detecting multiple gateway addresses, the MFF-enabled device sends an ARP reply packet with the first gateway address by default.

After MFF is enabled, timed gateway detection does not take effect if no ARP request packet is received from the user or gateway or if no user is authorized by the DHCP server to access the network.

Example

# Enable timed gateway detection in VLAN 10.

<HUAWEI> system-view
[~HUAWEI] vlan 10
[*HUAWEI-vlan10] mac-forced-forwarding enable
[*HUAWEI-vlan10] mac-forced-forwarding gateway-detect

mac-forced-forwarding learning dynamic-user disable

Function

The mac-forced-forwarding learning dynamic-user disable command disables dynamic user learning in a VLAN.

The undo mac-forced-forwarding learning dynamic-user disable command enables dynamic user learning in a VLAN.

By default, dynamic user learning is enabled in a VLAN.

Format

mac-forced-forwarding learning dynamic-user disable

undo mac-forced-forwarding learning dynamic-user disable

Parameters

None

Views

VLAN view, VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In MFF networking, the Switch may dynamically learn user information using ARP snooping. If users forge ARP request packets, the Switch learns incorrect user information. This wastes device resources, and the Switch fails to learn information about authorized users and to process their legitimate services. To prevent such attacks, run the mac-forced-forwarding learning dynamic-user disable command to disable dynamic user learning.

Prerequisites

Global MFF has been enabled using the mac-forced-forwarding enable command.

Precautions

Before disabling dynamic user learning, the Switch has dynamically learned users through DHCP snooping or users in entries of the static DHCP snooping binding table.

Example

# Disable dynamic user learning in VLAN 10.

<HUAWEI> system-view
[~HUAWEI] vlan 10
[*HUAWEI-vlan10] mac-forced-forwarding enable
[*HUAWEI-vlan10] mac-forced-forwarding learning dynamic-user disable

mac-forced-forwarding max-user

Function

The mac-forced-forwarding max-user command sets the maximum number of users in a VLAN.

The undo mac-forced-forwarding max-user command restores the default maximum number of users in a VLAN.

By default, the maximum number of users in a VLAN is not set.

Format

mac-forced-forwarding max-user max-user-number

undo mac-forced-forwarding max-user

Parameters

Parameter Description Value
max-user-number Specifies the maximum number of users. The value is an integer that ranges from 10 to 2000.

Views

VLAN view, VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In MFF networking, the Switch may dynamically learn user information using ARP snooping. If these users forge ARP request packets, the Switch learns incorrect user information. This wastes device resources, and the Switch fails to learn information about authorized users and to process their legitimate services. To prevent such attacks, you can set the maximum number of users in a VLAN because the number of DHCP or static users is often fixed.

Prerequisites

Global MFF has been enabled using the mac-forced-forwarding enable command.

Example

# Set the maximum number of users in VLAN 100 to 100.

<HUAWEI> system-view
[~HUAWEI] vlan 100
[*HUAWEI-vlan100] mac-forced-forwarding enable
[*HUAWEI-vlan100] mac-forced-forwarding max-user 100

mac-forced-forwarding network-port

Function

The mac-forced-forwarding network-port command configures an interface as a network interface.

The undo mac-forced-forwarding network-port command restores the interface to be a user interface.

By default, an interface is a user interface.

Format

mac-forced-forwarding network-port

undo mac-forced-forwarding network-port

Parameters

None

Views

Eth-Trunk interface view, GE interface view, 10GE interface view, 25GE interface view, 40GE interface view, 100GE interface view, port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To make MFF in a VLAN effective, ensure that at least one network interface belongs to the VLAN. Therefore, configure network interfaces for MFF.

The interface that is connected to the gateway and other network devices is configured as a network interface.

Precautions

MFF has been enabled in the system view using the mac-forced-forwarding enable command. Regardless of whether MFF is enabled in the VLAN that an interface belongs to, the interface can be configured as a network interface.

The MFF network interface and isolated interface (specified by the mac-forced-forwarding user-isolate-port command) cannot be configured simultaneously.

Multiple interfaces can be configured as network interfaces.

Example

# Configure 10GE1/0/1 as a network interface.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] mac-forced-forwarding network-port

mac-forced-forwarding server

Function

The mac-forced-forwarding server command configures the IP address for a server on the MFF network.

The undo mac-forced-forwarding server command deletes the configured IP address of a server.

By default, no IP address is configured for servers.

Format

mac-forced-forwarding server server-ip &<1–16>

undo mac-forced-forwarding server { server-ip | all }

Parameters

Parameter Description Value
server-ip Specifies the IP address for a server. The value is in dotted decimal notation.
all Specifies IP addresses for all servers. -

Views

VLAN view, VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In addition to the gateway, application servers such as the DHCP, multicast, or another server may be deployed on a network. When users access an application server whose IP address is not specified on the MFF-enabled device, the MFF-enabled device forwards the traffic to the gateway. The gateway then forwards it to the application server. This increases uplink traffic, consumes bandwidth, and wastes forwarding resources on the gateway.

To address this problem, specify IP addresses of accessible application servers on the MFF-enabled device. MFF provides a mechanism that is similar to ARP proxy to process such traffic, so users can correctly access all the specified application servers and directly communicate with application servers at Layer 2.

Prerequisites

MFF has been enabled in a VLAN using the mac-forced-forwarding enable command.

Precautions

When the number of configured servers reaches the upper limit 16, run the undo mac-forced-forwarding server { server-ip | all } command to delete unneeded servers before you configure new servers.

Example

# Configure IP address 192.168.1.2 for a server in VLAN 100.

<HUAWEI> system-view
[~HUAWEI] vlan 100
[*HUAWEI-vlan100] mac-forced-forwarding enable
[*HUAWEI-vlan100] mac-forced-forwarding server 192.168.1.2

mac-forced-forwarding static-gateway

Function

The mac-forced-forwarding static-gateway command configures a static gateway IP address in a VLAN.

The undo mac-forced-forwarding static-gateway command cancels the configuration.

By default, no static gateway IP address is configured in a VLAN.

Format

mac-forced-forwarding static-gateway ip-address

undo mac-forced-forwarding static-gateway

Parameters

Parameter Description Value
ip-address Specifies the static gateway IP address in a VLAN. The value is in dotted decimal notation.

Views

VLAN view, VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The static gateway is applicable when users are configured with static IP addresses. These users cannot dynamically obtain gateway information through DHCP packets. In this case, configure a static gateway address for each VLAN. After you run the mac-forced-forwarding static-gateway command, the users that are not authorized by the DHCP server can use the static gateway address to access the network. The users that are authorized by the DHCP server can still access the original gateway.

Prerequisites

Global MFF has been enabled using the mac-forced-forwarding enable command.

Precautions

If a static gateway IP address is changed, users may fail to access the network. The MAC address in the ARP table on the client belongs to the old gateway. After a new gateway is configured, the ARP entry on client is not updated immediately (that is, the MAC address in ARP table is not updated to the new gateway's MAC address). Therefore, the user cannot access the network.

Example

# Configure static gateway IP address 10.1.1.10 in VLAN 100.

<HUAWEI> system-view
[~HUAWEI] vlan 100
[*HUAWEI-vlan100] mac-forced-forwarding enable
[*HUAWEI-vlan100] mac-forced-forwarding static-gateway 10.1.1.10

mac-forced-forwarding user-detect transparent

Function

The mac-forced-forwarding user-detect transparent command enables transparent transmission of ARP request packets.

The undo mac-forced-forwarding user-detect transparent command disables transparent transmission of ARP request packets.

By default, transparent transmission of ARP request packets is disabled.

Format

mac-forced-forwarding user-detect transparent

undo mac-forced-forwarding user-detect transparent

Parameters

None

Views

VLAN view, VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In MFF networking, if the gateway performs accounting for users based on the online duration, the gateway must know whether a user is online at a specified moment. By default, the MFF-enabled device sends ARP reply packets in response to ARP request packets sent from the gateway. The MFF-enabled device can always send ARP reply packets as long as the MFF entry is not aged out. As a result, the gateway always considers users online even if they have gone offline.

To solve this problem, configure the MFF-enabled device to transparently transmit ARP request packets sent from the gateway to the user. Then the MFF-enabled device does not respond to the ARP packets. If the gateway does not receive the ARP reply packet from a user, the gateway considers that the user has gone offline. The gateway can monitor the user status in a timely manner and correctly perform accounting.

Prerequisites

Global MFF has been enabled using the mac-forced-forwarding enable command.

Precautions

In other scenarios, use the default configuration.

Example

# Enable transparent transmission of ARP request packets in VLAN 10.

<HUAWEI> system-view
[~HUAWEI] vlan 10
[*HUAWEI-vlan10] mac-forced-forwarding enable
[*HUAWEI-vlan10] mac-forced-forwarding user-detect transparent

mac-forced-forwarding user-isolate-port

Function

The mac-forced-forwarding user-isolate-port command configures an interface as an isolated interface.

The undo mac-forced-forwarding user-isolate-port command cancels the configuration.

By default, no isolated interface is configured.

Format

mac-forced-forwarding user-isolate-port

undo mac-forced-forwarding user-isolate-port

Parameters

None

Views

Eth-Trunk interface view, GE interface view, 10GE interface view, 25GE interface view, 40GE interface view, 100GE interface view, port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In MFF networking, different users connect to the same interface on the MFF-enabled device, and user services are isolated at Layer 2. If two users want to communicate, user packets must be forwarded at Layer 3. The MFF-enabled device checks interface information in ARP request packets sent by users. If the ARP request packets are sent from the same interface, the device discards the ARP request packets. As a result, the two users fail to communicate.

MFF provides an isolated interface to solve this problem. After the mac-forced-forwarding user-isolate-port command configures an isolated interface, the MFF-enabled device does not check interface information in ARP request packets sent by users. Instead, the MFF-enabled device directly responds to the ARP request packets.

Precautions

MFF has been enabled in the system view using the mac-forced-forwarding enable command. Regardless of whether MFF is enabled in the VLAN that an interface belongs to, the interface can be configured as an isolated interface.

The MFF network interface (specified by the mac-forced-forwarding network-port command) and isolated interface cannot be configured simultaneously.

Example

# Configure 10GE1/0/1 as an isolated interface.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] mac-forced-forwarding user-isolate-port

reset mac-forced-forwarding user

Function

The reset mac-forced-forwarding user command clears dynamic user entries of the MFF function.

Format

reset mac-forced-forwarding user vlan vlan-id [ ip ip-address | interface interface-type interface-number ]

Parameters

Parameter Description Value
vlan vlan-id

Specifies a VLAN ID.

The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command.
ip ip-address

Specifies the user IP address in a VLAN that configures the MFF function.

The value is in dotted decimal notation.

interface interface-type interface-number

Specifies the type and number of an interface.

-

Views

User view

Default Level

2: Configuration level

Usage Guidelines

After the MFF function is configured, this command can be used to clear dynamic user entries.

Example

# Clear MFF dynamic user entries in VLAN 10.

<HUAWEI> reset mac-forced-forwarding user vlan 10
Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166501

Views: 50703

Downloads: 337

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next