No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

S1720, S2700, S5700, and S6720 V200R011C10

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SVF Configuration Commands

SVF Configuration Commands

Command Support

Commands provided in this section and all the parameters in the commands are supported by all switch models by default, unless otherwise specified. For details, see specific commands.

arp anti-attack check user-bind enable (network enhanced profile view)

Function

The arp anti-attack check user-bind enable command configures dynamic ARP inspection (DAI) in a network enhanced profile.

The undo arp anti-attack check user-bind enable command disables DAI in a network enhanced profile.

By default, DAI is not configured in a network enhanced profile.

NOTE:

This command can only be executed on a parent switch.

Format

arp anti-attack check user-bind enable

undo arp anti-attack check user-bind enable

Parameters

None

Views

Network enhanced profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After creating a network enhanced profile, you can configure DAI in the profile. After the profile is bound to an AS port, DAI is automatically enabled on the port. The following configuration is generated on the AS port:
#
 arp anti-attack rate-limit enable
 arp anti-attack rate-limit packet 5 interval 1
 arp anti-attack check user-bind enable
 arp anti-attack check user-bind alarm enable
#

You can configure DAI to prevent Man in The Middle (MITM) attacks and theft on authorized user information. When a device receives an ARP packet, it compares the source IP address, source MAC address, interface number, and VLAN ID of the ARP packet with DHCP snooping binding entries. If the ARP packet matches a binding entry, the device allows the packet to pass through. If the ARP packet does not match any binding entry, the device discards the packet.

Prerequisites

DHCP snooping has been enabled in the network enhanced profile using the dhcp snooping enable command.

Example

# Enable DAI in a network enhanced profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-enhanced-profile name profile_1
[HUAWEI-um-net-enhanced-profile_1] dhcp snooping enable
[HUAWEI-um-net-enhanced-profile_1] arp anti-attack check user-bind enable

as-admin-profile (AS group view)

Function

The as-admin-profile command binds an AS administrator profile to an AS group.

The undo as-admin-profile command unbinds an AS administrator profile from an AS group.

By default, no AS administrator profile is bound to an AS group.

NOTE:

This command can only be executed on a parent switch.

Format

as-admin-profile profile-name

undo as-admin-profile

Parameters

Parameter Description Value
profile-name

Specifies the name of an AS administrator profile.

The value must have an existing AS administrator profile name.

Views

AS group view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can bind an AS administrator profile to an AS group to deliver the configurations in the profile to all the member ASs in the AS group.

Prerequisites

The AS administrator profile has been created.

Precautions

AS groups can only be bound to AS administrator profiles. Each AS group can be bound to only one AS administrator profile.

Example

# Bind an AS administrator profile to an AS group.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as-admin-profile name profile_1
[HUAWEI-um-as-admin-profile_1] quit
[HUAWEI-um] as-group name group_1
[HUAWEI-um-as-group-group_1] as-admin-profile profile_1

as-admin-profile name

Function

The as-admin-profile name command creates an AS administrator profile.

The undo as-admin-profile name command deletes an AS administrator profile.

By default, no AS administrator profile is configured.

NOTE:

This command can only be executed on a parent switch.

Format

as-admin-profile name profile-name

undo as-admin-profile name profile-name

Parameters

Parameter Description Value
profile-name

Specifies the name of an AS administrator profile.

The value is a string of 1 to 31 case-sensitive characters without spaces. The value can contain letters, digits, and underscores (_).

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In an AS administrator profile, you can configure AS administrator information and the rate limit for outgoing ARP and DHCP packets on an uplink fabric port.

Precautions

You can create a maximum of 16 AS administrator profiles.

Example

# Create an AS administrator profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as-admin-profile name profile_1

as-auth

Function

The as-auth command displays the AS authentication view.

NOTE:

This command can only be executed on a parent switch.

Format

as-auth

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

After entering the AS authentication view, you can configure the AS authentication mode, blacklist, and whitelist.

Example

# Enter the AS authentication view.

<HUAWEI> system-view
[HUAWEI] as-auth

as-group name

Function

The as-group name command creates an AS group or displays the AS group view.

The undo as-group name command deletes an AS group.

By default, no AS group is created.

NOTE:

This command can only be executed on a parent switch.

Format

as-group name group-name

undo as-group name group-name

Parameters

Parameter Description Value
group-name

Specifies the name of an AS group.

The value is a string of 1 to 31 case-sensitive characters without spaces. The value can contain letters, digits, and underscores (_).

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

An AS group contains one or more ASs, which facilitates AS batch configuration.

Follow-up Procedure

Run the as name as-name or as name-include string command to add ASs to an AS group.

Precautions

You can create a maximum of 16 AS groups.

AS groups can only be bound to AS administrator profiles. Each AS group can be bound to only one AS administrator profile.

Example

# Create an AS group.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as-group name group_1

as access dtls psk

Function

The as access dtls psk command configures a pre-shared key for Datagram Transport Layer Security (DTLS) encryption on an access switch (AS).

The undo as access dtls psk command deletes a pre-shared key used for DTLS encryption.

The default pre-shared key for DTLS encryption is huawei_seccwp.

NOTE:

This command can only be executed on an AS.

Format

as access dtls psk psk-value

undo as access dtls psk

Parameters

Parameter Description Value
psk-value

Specifies a pre-shared key.

The value is a string of 6 to 32 case-sensitive characters without spaces. The pre-shared key must be in plain text and contain at least two of the following: letters, digits, and special characters.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To encrypt CAPWAP-encapsulated packets between the parent and an AS, configure the same pre-shared key on the parent and AS. You can run the as access dtls psk command to configure a pre-shared key for DTLS encryption on the AS.

Precautions

  • The default pre-shared key has security risks. You are advised to change the pre-shared key.
  • After an AS has connected to an SVF system, configuring or deleting the pre-shared key for DTLS encryption is not allowed on the AS.

Example

# Set the pre-shared key for DTLS encryption to test@1234.

<HUAWEI> as access dtls psk test@1234

as access manage-mac

Function

The as access manage-mac command configures the management MAC address of an AS.

The undo as access manage-mac command restores the default management MAC address of an AS.

By default, an AS uses the system MAC address as the management MAC address.

NOTE:

This command can only be executed on an AS.

Format

as access manage-mac mac-address

undo as access manage-mac

Parameters

Parameter Description Value
mac-address

Specifies the management MAC address of an AS.

The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits.

The value cannot be all 0s, all Fs, or a multicast MAC address.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In a Super Virtual Fabric (SVF) system, each AS has a unique management MAC address to identify itself. By default, an AS uses its system MAC address as the management MAC address to connect to an SVF system. When the management MAC address of an AS conflicts with that of another AS, you can run the as access manage-mac command to change the management MAC address so as to prevent MAC address conflicts.

Precautions

  • Use of this command is not recommended when no MAC address conflict occurs, as an improper management MAC address may affect service operations.

  • This command can be used only before an AS connects an SVF system. If an AS has connected to an SVF system, use of this command is not allowed.

  • Before using this command to change the management MAC address of an AS, you must run the undo as access manage-mac command to delete the existing management MAC address.

Example

# Configure the management MAC address of an AS.

<HUAWEI> as access manage-mac 4cb1-6c91-52a0

as auto-replace enable

Function

The as auto-replace enable command enables AS automatic replacement.

The undo as auto-replace enable command disables AS automatic replacement.

By default, AS automatic replacement is disabled.

NOTE:

This command can only be executed on a parent switch.

Format

as auto-replace enable

undo as auto-replace enable

Parameters

None

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In an SVF system, each AS is identified by its MAC address by default. When a new device is used to replace an AS, the SVF system considers the new device as a new AS because their MAC addresses are different. As a result, the new AS does not inherit services on the previous AS.

You can enable AS automatic replacement to solve this problem. When an AS is replaced by a new device connected to the same fabric port, the SVF system replaces the AS MAC address with the MAC address of the new device in the configuration. Consequently, the new device can inherit services on the AS.

Precautions

  • An AS can only be replaced by a device of the same model. If the new device is a different model, the SVF system considers it as a new AS, which then cannot inherit services on the previous AS.

  • Only a standalone AS can be replaced, and a stacked AS cannot be replaced.

  • AS automatic replacement is not supported when an AS connects to the parent through a network.

  • To ensure that a replacement AS can be successfully authenticated, run the auth-mode none command to set the AS authentication mode to none, or run the whitelist mac-address command to add the management MAC address of the replacement AS to the whitelist. If the replacement AS has no management MAC address configured, its system MAC address is used as the management MAC address.

Example

# Enable AS automatic replacement.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as auto-replace enable
Related Topics

as-mode disable

Function

The as-mode disable command changes the device working mode to the parent mode.

The undo as-mode disable command restores the device working mode to the AS mode.

By default, the device works in AS mode.

NOTE:

This command is only supported by S6720SI, S6720S-SI, S6720EI, and S6720S-EI.

Format

as-mode disable

undo as-mode disable

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The S6720SI, S6720S-SI, S6720EI, and S6720S-EI can function as the parent or AS in an SVF system. By default, the device works in AS mode and functions only as an AS. To use the device as the parent, run the as-mode disable command. This command will change the device working mode to the parent mode.

Precautions

After the working mode of a device is changed, the device does not use any configuration file at the next startup.

Example

# Change the device working mode to the parent mode.

<HUAWEI> system-view
[HUAWEI] as-mode disable
Warning: Switching the AS mode will clear current configuration and reboot the s
ystem. Continue? [Y/N]:y

as all (AS group view)

Function

The as all command adds all ASs to an AS group.

The undo as all command deletes all ASs from an AS group.

By default, no AS is added to an AS group.

NOTE:

This command can only be executed on a parent switch.

Format

as all

undo as all

Parameters

None

Views

AS group view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating an AS group, you need to add the ASs that require the same configuration to the AS group. This command adds all ASs to the same AS group.

Precautions

An AS can be added to only one AS group. For example, if you run the as all command in group_1 and then in group_2, the system displays a message, saying that the ASs need to be deleted from the previous AS group before they can be added to the new AS group.

Example

# Add all ASs to the AS group group_1.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as-group name group_1
[HUAWEI-um-as-group-group_1] as all
Related Topics

as name (AS group view)

Function

The as name command adds an AS with a specified name to an AS group.

The as name-include command adds an AS of which the name contains a specified string to an AS group.

The undo as name command deletes an AS with a specified name from an AS group.

The undo as name-include command deletes an AS of which the name contains a specified string from an AS group.

By default, no AS is added to an AS group.

NOTE:

This command can only be executed on a parent switch.

Format

as name as-name

as name-include string

undo as name as-name

undo as name-include string

Parameters

Parameter Description Value
as-name

Specifies the name of an AS.

The value must have an existing AS name.

string

Specifies the string contained in an AS name.

The value is a string of 1 to 31 case-insensitive characters without spaces.

Views

AS group view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating an AS group, add the ASs that need to be configured in a batch to the AS group. You can only add created ASs to an AS group.

Precautions

An AS can be added to one only AS group.

After an AS is added to an AS group, to change the AS group, run the as name command to add the AS to another AS group.

Example

# Add the AS as_1 to the AS group group_1.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as-group name group_1
[HUAWEI-um-as-group-group_1] as name as_1
Related Topics

as name interface (port group view)

Function

The as name interface command adds ports on the AS with a specified name to a port group.

The as name-include interface command adds ports on the AS of which the name contains a specified string to a port group.

The undo as name interface command deletes ports on the AS with a specified name from a port group.

The undo as name-include interface command deletes ports on the AS of which the name contains a specified string from a port group.

By default, no ports on an AS are added to a port group.

NOTE:

This command can only be executed on a parent switch.

Format

as name as-name interface { { interface-type interface-number1 [ to interface-number2 ] } &<1-10> | all }

as name-include string interface all

undo as name as-name interface { { interface-type interface-number1 [ to interface-number2 ] } &<1-10> | all }

undo as name-include string interface all

Parameters

Parameter Description Value
as-name

Specifies the name of an AS.

The value must have an existing AS name.

string

Specifies the string contained in an AS name.

The value is a string of 1 to 31 case-insensitive characters without spaces.

interface-type interface-number1 [ to interface-number2 ]
Specifies the type and number of AS interfaces.
  • interface-type specifies the interface type. The interface type can be Eth-Trunk interface.
  • interface-number1 specifies the first interface number.
  • interface-number2 specifies the last interface number.

-

all

Indicates all downlink service ports on an AS.

-

Views

Port group view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating a port group, add the AS ports that need to be configured in a batch to the port group.

Precautions

A port can be added to only one port group.

After ports on an AS are added to a port group, to change the port group, run the as name interface command to add the ports to another port group.

Example

# Add ports on the AS as1 to the port group group_1.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] port-group name group_1
[HUAWEI-um-portgroup-group_1] as name as1 interface gigabitethernet 0/0/1 to 0/0/5
Related Topics

as name (uni-mng view)

Function

The as name command configures an AS name or displays the AS view.

The undo as name command deletes an AS.

By default, system default name-device MAC address is used as the AS name, for example, huawei-000a-123d-2200.

NOTE:

This command can only be executed on a parent switch.

Format

as name as-name [ model as-model mac-address mac-address ]

undo as { all | name as-name }

Parameters

Parameter Description Value
as-name

Specifies the name of an AS.

The value is a string of 1 to 31 case-insensitive characters without spaces.

model as-model

Specifies the device model of an AS.

The value is an enumerated type. You can enter a question mark (?) and select a value from the displayed value range.

mac-address mac-address

Specifies the management MAC address of an AS.

The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address.

all

Deletes all ASs.

-

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can configure a name for an AS and use the name to uniquely identify the AS. This configuration facilitates AS identification and management.

If no AS name is configured, system default name-device MAC address is used as the AS name after the AS connects to an SVF system.

You can change the name of an AS that has connected to an SVF system when the following conditions are met:
  1. The AS is not bound to any service profile.
  2. The AS is not added to any AS group.
  3. Ports of the AS are not added to any port group.

Precautions

  • If the model as-model mac-address mac-address parameter is not specified, the AS view is displayed. You can enter the view of an AS only when the AS has been created.

  • If an AS has connected to an SVF system, the AS leaves the SVF system and restarts after being deleted.

Example

# Configure an AS name.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as name as1 model S5700-28P-LI-AC mac-address 0200-0000-0022
Related Topics

as reset

Function

The as reset command restarts an AS.

NOTE:

This command can only be executed on a parent switch.

Format

as reset { all | name as-name }

Parameters

Parameter Description Value
all

Restarts all ASs.

-

name as-name

Restarts an AS with a specified name.

The value must have an existing AS name.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

When an AS is upgraded or working abnormally, you can restart the AS.

Example

# Restart the AS as1.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as reset name as1
Related Topics

as service-vlan igmp-snooping

Function

The as service-vlan igmp-snooping command enables IGMP snooping for a service VLAN on an AS.

The undo as service-vlan igmp-snooping command disables IGMP snooping for a service VLAN on an AS.

By default, IGMP snooping is disabled for service VLANs on an AS.

NOTE:

This command can only be executed on a parent switch.

Format

as service-vlan igmp-snooping { vlan-id1 [ to vlan-id2 ] } &<1-16>

undo as service-vlan igmp-snooping { vlan-id1 [ to vlan-id2 ] } &<1-16>

Parameters

Parameter Description Value
vlan-id1 [ to vlan-id2 ] Specifies range of service VLANs:
  • vlan-id1 specifies the start VLAN ID.

  • vlan-id2 specifies the end VLAN ID.

    vlan-id2 must be greater than or equal to vlan-id1. vlan-id1 and vlan-id2 define a range together.

  • If the parameter to vlan-id2 is not specified, only the VLAN specified by vlan-id1 is a service VLAN ID.

The vlan-id1 and vlan-id2 are integers ranging from 1 to 4094.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

By default, IGMP snooping is disabled for service VLANs on an AS. If IGMP snooping needs to be enabled on an AS, run the as service-vlan igmp-snooping command to deliver the configuration to the AS. After the configuration is delivered successfully, the igmp-snooping enable configuration will be generated in the corresponding VLAN view of the AS.

Precautions

This VLAN cannot be a stack reserved VLAN, SVF management VLAN, super VLAN, or RRPP/SEP/ERPS control VLAN.

Example

# Enable IGMP snooping for the service VLAN 10 on an AS.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as service-vlan igmp-snooping 10

as service-vlan authorization

Function

The as service-vlan authorization command creates service VLANs on ASs.

The undo as service-vlan authorization command deletes service VLANs on ASs.

By default, all interfaces on an AS belong to the default VLAN, that is, VLAN 1.

NOTE:

This command can only be executed on a parent switch.

Format

as service-vlan authorization { vlan-id1 [ to vlan-id2 ] } &<1-16>

undo as service-vlan authorization { vlan-id1 [ to vlan-id2 ] } &<1-16>

Parameters

Parameter Description Value
vlan-id1 [ to vlan-id2 ]

Specifies service VLAN IDs in a batch:

  • vlan-id1 specifies the first VLAN ID.

  • vlan-id2 specifies the last VLAN ID.

    vlan-id2 must be larger than or equal to vlan-id1. vlan-id1 and vlan-id2 together determine a VLAN range.

  • If you do not specify to vlan-id2, only one service VLAN is specified by vlan-id1.

Values of vlan-id1 and vlan-id2 are integers in a range of 1 to 4094.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the as service-vlan authorization command to deliver service VLANs to ASs in a batch. After these service VLANs are delivered successfully, corresponding VLANs are created on these ASs.

Precautions

This VLAN cannot be a stack reserved VLAN, SVF management VLAN, super VLAN, or RRPP/SEP/ERPS control VLAN.

Example

# Create the service VLAN 10 for ASs.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as service-vlan authorization 10

as type

Function

The as type command specifies the file to be loaded during the upgrade of an AS of a specified device type.

The undo as type command deletes the file to be loaded during the upgrade of an AS of a specified device type.

By default, the file to be loaded is not specified during the upgrade of an AS of a specified device type.

NOTE:

This command can only be executed on a parent switch.

Format

as type as-type { system-software system-software | patch patch } *

undo as type as-type [ system-software | patch ]

Parameters

Parameter Description Value
as-type

Specifies the device type of an AS.

The value is an enumerated type. You can enter a question mark (?) and select a value from the displayed value range.

system-software system-software

Specifies the name of the system software file to be loaded on an AS.

The value is a string of 4 to 48 case-insensitive characters without spaces or special characters, including ~ * : ' " ? < > | [ ] % \ /.
patch patch

Specifies the name of the patch file to be loaded on an AS.

The value is a string of 5 to 48 case-insensitive characters without spaces or special characters, including ~ * : ' " ? < > | [ ] % \ /.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When an AS is automatically upgraded after going online, the AS is upgraded using the file specified using the as type command. If no file is specified, the system searches the root directory unimng/ of the parent for a system software file applicable to the AS.

Precautions

You can run the as type command multiple times to specify different files for different types of ASs.

Example

# Specify the file to be loaded on the AS of the S5700-P-LI type.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as type s5700-p-li system-software s5700-p-li-v200r011c10.cc
Related Topics

attach as

Function

The attach as command allows you to log in to an AS from the parent.

NOTE:

This command can only be executed on a parent switch.

Format

attach as name as-name

Parameters

Parameter Description Value
name as-name

Specifies the name of an AS for login.

The value must have an existing AS name.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In addition to local login through a console port, you can log in to an AS from the parent. This login mode is supported in two service configuration modes: centralized mode and independent mode.

After you log in to an AS in centralized mode, you can configure only commands related to file management and service diagnosis for fault location.

After you log in to an AS in independent mode, you can use more commands to configure services on the AS.

Prerequisites

In centralized mode, an AS administrator profile has been bound to the AS, and an AS user name and password have been configured.

In independent mode, an AS user name and password have been configured in the uni-mng view using the independent-as-admin command.

Precautions

After an AS user name and password are configured, you need to enter the correct user name and password when logging in to an AS through the console port. When you log in to an AS from the parent using the attach as command, you can log in to the AS without entering the user name or password.

In versions earlier than V200R011C10, at most one VTY user can log in to an AS at a time. In V200R011C10 and later versions, at most four VTY users can log in to an AS at a time.

Example

# In centralized mode, log in to the AS as1 from the parent.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as-admin-profile name profile_1
[HUAWEI-um-as-admin-profile_1] user asuser password Pwd@123456
[HUAWEI-um-as-admin-profile_1] quit
[HUAWEI-um] as-group name group_1
[HUAWEI-um-as-group-group_1] as name as1
[HUAWEI-um-as-group-group_1] as-admin-profile profile_1
[HUAWEI-um-as-group-group_1] quit
[HUAWEI-um] commit as all
Info: Commiting the configuration will take a long time. Are you sure you want to commit the configuration? [Y/N]: y
[HUAWEI-um] attach as name as1

# In independent mode, log in to the AS as1 from the parent. Before the login, the independent mode needs to be enabled on the fabric-port connected to the AS as1. The following uses a level-1 AS as the AS as1.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] independent-as-admin user asuser password Pwd@123456
[HUAWEI-um] interface fabric-port 1
[HUAWEI-um-fabric-port-1] port connect independent-as
[HUAWEI-um-fabric-port-1] quit
[HUAWEI-um] attach as name as1

authentication access-user maximum (user access profile view)

Function

The authentication access-user maximum command configures the maximum number of access users in a user access profile.

The undo authentication access-user maximum command deletes the maximum number of access users in a user access profile.

By default, the maximum number of access users is not configured in a user access profile.

NOTE:

This command can only be executed on a parent switch.

Format

authentication access-user maximum max-num

undo authentication access-user maximum

Parameters

Parameter Description Value
max-num

Specifies the maximum number of access users in a user access profile.

The value is an integer that ranges from 1 to 512. After the value is delivered to an AS, the effective value depends on the AS specifications. For details, see authentication access-point max-user.

Views

User access profile view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating a user access profile, you can configure the maximum number of access users in the profile. When the profile is bound an AS port, the maximum number of access users is automatically configured for the port. The following configuration is generated on the AS port:
#
 authentication access-point max-user max-num
#

Precautions

The authentication access-user maximum command configuration takes effect only for new users.

Example

# Set the maximum number of access users to 100 in the user access profile profile_1.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] user-access-profile name profile_1
[HUAWEI-um-user-access-profile_1] authentication access-user maximum 100

auth-mode none

Function

The auth-mode none command sets the AS authentication mode to no authentication.

The undo auth-mode command restores the default AS authentication mode.

By default, authentication is required when an AS connects to an SVF system.

NOTE:

This command can only be executed on a parent switch.

Format

auth-mode none

undo auth-mode

Parameters

None

Views

AS authentication view

Default Level

3: Management level

Usage Guidelines

By default, an AS needs to be authenticated using a blacklist or whitelist before connecting to an SVF system. You can also configure no authentication for ASs. In no authentication mode, an AS can connect to an SVF system regardless of whether it is in a blacklist or whitelist.

Example

# Configure no authentication for ASs to connect to an SVF system.

<HUAWEI> system-view
[HUAWEI] as-auth
[HUAWEI-as-auth] auth-mode none
Related Topics

authentication-profile (user access profile view)

Function

The authentication-profile command binds an authentication profile to a user access profile.

The undo authentication-profile command deletes the authentication profile bound to a user access profile.

By default, no authentication profile is bound to a user access profile.

NOTE:

This command can only be executed on a parent switch.

Format

authentication-profile authentication-profile-name

undo authentication-profile

Parameters

Parameter Description Value
authentication-profile-name

Specifies the name of an authentication profile.

The value is a string of 1-31 case-sensitive characters, which cannot be configured to - and --. It cannot contain spaces and the following symbols: / \ : * ? " < > | @ ' %.

Views

User access profile view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating a user access profile, you can bind an authentication profile to the user access profile. When the user access profile is bound to an AS port, the user access authentication mode specified in the authentication profile is automatically configured on the AS port.

NAC provides three user authentication modes: 802.1X authentication, MAC address authentication, and Portal authentication. To implement user access authentication, run the dot1x-access-profile name access-profile-name, mac-access-profile name access-profile-name, and portal-access-profile name access-profile-name commands in the system view to create an access profile, bind one or multiple of the three user authentication modes to the authentication profile, and then bind the authentication profile to the user access profile in an SVF system.

Precautions

  • If Portal authentication is deployed in an SVF system, you must run the web-auth-server server-name command to specify the Portal server profile used in Portal authentication in the Portal access profile view. Additionally, only one Portal server profile can be configured in a Portal access profile.

  • If the Portal authentication mode has been set to layer3 in the portal-access-profile bound to the authentication profile, it is not allowed to bind this authentication profile to the user access profile. If an authentication profile has been bound to the user access profile, it is now allowed to set the Portal authentication mode to layer3.

  • Different user access profiles must be bound to the same authentication profile.

  • The authentication-profile and mac-limit maximum max-num as well as authentication-profile and traffic-limit inbound { arp | dhcp } cir cir-value commands are mutually exclusive and cannot be configured together in a user access profile.

  • If many users are connected to the port to which a user access profile is bound, the authentication configuration in the profile may need to take a certain period of time to complete.

  • Before changing the authentication profile on the parent, run the undo authentication-profile command to delete the existing authentication profile and then run the commit as { name as-name | all } command to commit the configuration. You can then create a new authentication profile on the parent.

  • After bidirectional flow control is configured in an authentication profile using the authentication control-direction all command, this authentication profile cannot be bound to a user access profile.

Example

# Bind an authentication profile to the user access profile.

<HUAWEI> system-view
[HUAWEI] mac-access-profile name 1
[HUAWEI-mac-access-profile-1] quit
[HUAWEI] authentication-profile name test
[HUAWEI-authen-profile-test] mac-access-profile 1
[HUAWEI-authen-profile-test] quit
[HUAWEI] uni-mng
[HUAWEI-um] user-access-profile name huawei
[HUAWEI-um-user-access-huawei] authentication-profile test

blacklist mac-address

Function

The blacklist mac-address command adds a specified MAC address to the blacklist.

The undo blacklist mac-address command deletes a MAC address from the blacklist.

By default, no MAC address is added to the blacklist. A maximum of 128 MAC addresses can be added to the blacklist.

NOTE:

This command can only be executed on a parent switch.

Format

blacklist mac-address mac-address1 [ to mac-address2 ]

undo blacklist mac-address { mac-address1 [ to mac-address2 ] | all }

Parameters

Parameter Description Value
mac-address1 [ to mac-address2 ]

Specifies the MAC address to be added to the blacklist.

The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address.

all

Deletes all the MAC addresses in the blacklist.

-

Views

AS authentication view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When an SVF system needs to authenticate an AS, the SVF system allows the AS to connect to if the MAC address of the AS is in the whitelist and disallows the AS to connect to if the MAC address is in the blacklist.

Precautions

  • A MAC address cannot exist in both the whitelist and blacklist.

  • By default, if the MAC address of an AS is neither in the whitelist nor in the blacklist, the AS fails the authentication. You can run the confirm { all | mac-address mac-address } command to allow all ASs or a specified AS to pass the authentication.

  • If the MAC address of an AS that has connected to an SVF system is added to the blacklist, the AS restarts and exits from the SVF system.

Example

# Add the MAC address 0025-9e07-8281 to the blacklist.

<HUAWEI> system-view
[HUAWEI] as-auth
[HUAWEI-as-auth] blacklist mac-address 0025-9e07-8281
Related Topics

broadcast-suppression (network enhanced profile view)

Function

The broadcast-suppression command configures broadcast traffic suppression in a network enhanced profile.

The undo broadcast-suppression command cancels broadcast traffic suppression in a network enhanced profile.

By default, broadcast traffic suppression is not configured in a network enhanced profile. By default, the percentage of broadcast traffic that can pass through an AS port is 50%.

NOTE:

This command can only be executed on a parent switch.

Format

broadcast-suppression packets packets-per-second

undo broadcast-suppression

Parameters

Parameter Description Value
packets packets-per-second

Specifies the packet rate of an interface.

The value is an integer that ranges from 0 to 14881000, in packets per second (PPS).

If the configured packet rate on the parent switch is larger than the maximum value on the AS port, the maximum value takes effect on the AS port.

Views

Network enhanced profile view

Default Level

3: Management level

Usage Guidelines

After creating a network enhanced profile, you can configure broadcast traffic suppression in the profile. After the profile is bound to an AS port, broadcast traffic suppression is automatically configured on the port. The following configuration is generated on the AS port:
#
 broadcast-suppression packets packets-per-second
#

To prevent broadcast storms, you can run the broadcast-suppression command to configure the maximum number of broadcast packets that can pass through a port. When the broadcast traffic rate reaches the maximum value, the system discards excess broadcast packets to control the traffic volume within a proper range.

Example

# Configure broadcast traffic suppression in a network enhanced profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-enhanced-profile name profile_1
[HUAWEI-um-net-enhanced-profile_1] broadcast-suppression packets 148810

clear direct-command

Function

The clear direct-command command deletes commands to be directly delivered to an AS from the parent.

NOTE:

This command can only be executed on a parent switch.

Format

clear direct-command [ slot slot-id ]

Parameters

Parameter Description Value
slot slot-id

Specifies the stack ID of a member device in an AS.

The value is an integer that ranges from 0 to 4.

Views

AS view

Default Level

3: Management level

Usage Guidelines

After you run the direct-command command to directly deliver commands to an AS, you can run the clear direct-command command to delete the commands from the parent.

You can delete directly delivered commands only when the AS is offline. Do not run the clear direct-command command when the parent is delivering the commands to an AS.

Example

# Delete the commands to be directly delivered to AS1 from the parent.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as name as1
[HUAWEI-um-as-as1] clear direct-command
Related Topics

commit as

Function

The commit as command delivers the service configuration to ASs.

NOTE:

This command can only be executed on a parent switch.

Format

commit as { name as-name | all }

Parameters

Parameter Description Value
name as-name

Delivers the service configuration to an AS with a specified name.

The value must have an existing AS name.

all

Delivers the service configuration to all ASs.

-

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

After configuring or changing services (including service profiles and user authentication-free rules) on the parent, you need to run the commit as command to deliver the configuration to ASs to make the configuration take effect.

Example

# Deliver the service configuration to all ASs.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] commit as all

confirm

Function

The confirm command confirms that unauthenticated ASs pass the authentication.

NOTE:

This command can only be executed on a parent switch.

Format

confirm { all | mac-address mac-address }

Parameters

Parameter Description Value
all

Confirms that all ASs pass the authentication.

-

mac-address mac-address

Confirms that an AS with a specified MAC address passes the authentication.

The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address.

Views

AS authentication view

Default Level

3: Management level

Usage Guidelines

When an AS needs to be authenticated before connecting to an SVF system, the AS fails the authentication if its MAC address is neither in the whitelist nor in the blacklist. You can run the confirm command to allow all ASs or a specified AS to pass the authentication.

You can run the display as unauthorized record command to check information about the ASs that fail the authentication.

Example

# Confirm that the AS with the MAC address 0025-9e07-8280 passes the authentication.

<HUAWEI> system-view
[HUAWEI] as-auth
[HUAWEI-as-auth] confirm mac-address 0025-9e07-8280

description (Fabric port view)

Function

The description command configures the description of a fabric port.

The undo description command deletes the description of a fabric port.

By default, no description is configured for a fabric port.

NOTE:

This command can only be executed on a parent switch.

Format

description description

undo description

Parameters

Parameter Description Value
description

Specifies the description.

The value is a string of 1 to 64 case-sensitive characters with spaces supported.

Views

Fabric port view

Default Level

2: Configuration level

Usage Guidelines

To facilitate fabric port management and identification, you can configure descriptions for fabric ports. For example, you can describe the name of an AS that connects to a fabric port.

Example

# Configure the description of a fabric port.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] interface fabric-port 1
[HUAWEI-um-fabric-port-1] description To_as1
Related Topics

description (port group view)

Function

The description command configures the description of a port group.

The undo description command deletes the description of a port group.

By default, a port group does not have a description.

NOTE:

This command can only be executed on a parent switch.

Format

description description

undo description

Parameters

Parameter Description Value
description

Specifies the description.

The value is a string of 1 to 15 case-sensitive characters with spaces supported.

Views

Port group view

Default Level

2: Configuration level

Usage Guidelines

To facilitate identification and management of terminals connected to a port group in the web system, configure the description of the port group.

Example

# Configure the description of a specified port group.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] port-group name 1
[HUAWEI-um-portgroup-1] description switch
Related Topics

dhcp snooping enable (network enhanced profile view)

Function

The dhcp snooping enable command configures DHCP snooping in a network enhanced profile.

The undo dhcp snooping enable command cancels DHCP snooping in a network enhanced profile.

By default, DHCP snooping is not configured in a network enhanced profile.

NOTE:

This command can only be executed on a parent switch.

Format

dhcp snooping enable

undo dhcp snooping enable

Parameters

None

Views

Network enhanced profile view

Default Level

3: Management level

Usage Guidelines

After creating a network enhanced profile, you can configure DHCP snooping in the profile. After the profile is bound to an AS port, DHCP snooping is automatically enabled on the AS and AS port. The following configuration is generated on the AS:
#
dhcp enable
#
dhcp snooping enable
#
interface GigabitEthernet0/0/1
 dhcp snooping enable
#

In the preceding configuration, GigabitEthernet0/0/1 is used for reference only. The actual configuration depends on the profile configuration.

You can run the dhcp snooping enable command to enable DHCP snooping on a port so as to improve DHCP security.

Precautions

Before running the undo dhcp snooping enable command, ensure that the network enhanced profile view is not configured with IPSG or DAI. To disable IPSG and DAI, run the undo ip source check user-bind enable (network enhanced profile view) and undo arp anti-attack check user-bind enable (network enhanced profile view) commands respectively.

The dhcp snooping enable command configured in the network enhanced profile can only configure a DHCP dynamic binding table but not a DHCP static binding table.

Example

# Configure DHCP snooping in a network enhanced profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-enhanced-profile name profile_1
[HUAWEI-um-net-enhanced-profile_1] dhcp snooping enable

direct-command

Function

The direct-command command configures ASs on the parent. The parent directly delivers the configuration to the ASs, and you do not need to run the commit as command.

The undo direct-command command cancels the configuration for ASs on the parent.

The following table lists service configurations that can be delivered using this command. If no configuration dependency and restriction are provided for a command, see the details in the command reference.

NOTE:

This command can only be executed on a parent switch.

Format

direct-command view { system | interface-type interface-number | stack-port member-id/port-id } command command-text

undo direct-command view { system | interface-type interface-number | stack-port member-id/port-id } command command-text

Parameters

Parameter Description Value
view { system | interface-type interface-number }

Specifies the view in which a command is executed.

  • system: system view
  • interface-type interface-number: interface view. It cannot be an Eth-Trunk interface view.
  • stack-port member-id/port-id: stack interface view
-
command command-text

Specifies the command to be delivered to ASs.

The value is a string of 1 to 64 characters.

Views

AS view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following lists the commands that can be directly delivered to ASs. You can run the undo direct-command view { system | interface-type interface-number } command command-text command to cancel the configuration or restore default settings. The command-text parameter specifies the commands listed in the following table.

Service Category

Format

View

Function

Configuration Dependency and Restriction

Energy-saving management

port-auto-sleep enable

Interface view

Enables the port sleeping function on an electrical interface.

This command cannot be configured on combo interfaces.

PoE

poe force-power

Interface view

Enables forcible PoE power supply on an interface.

-

poe legacy enable

Interface view

Enables an interface to check compatibility of PDs.

-

poe priority { critical | high | low }

Interface view

Sets the power supply priority of a PoE interface.

-

poe af-inrush enable slot slot-id

System view

Configures the IEEE 802.3at-compliant device to provide power in accordance with IEEE 802.3af.

-

poe high-inrush enable slot slot-id

System view

Configures a device to allow high inrush current during power-on.

-

undo poe enable (supported in V200R011C10 and later versions)

Interface view

Disables the PoE function on an interface.

-

Ethernet interfaces

undo negotiation auto

Interface view

Configures an interface to work in non-auto-negotiation mode.

After you run the undo direct-command command, the interface works in auto negotiation mode.

  • This command cannot be configured on combo interfaces.
  • Do not cancel the undo negotiation auto command when speed { 10 | 100 | 1000 } or duplex { full | half } is specified.

speed { 10 | 100 | 1000 }

Interface view

Sets the rate in non-auto-negotiation mode.

  • This command cannot be configured on combo interfaces.

  • Ensure that the interface works in non-auto-negotiation mode before configuring this command.

speed auto-negotiation

Interface view

Enables auto-negotiation on a GE optical interface.

  • Support for this command varies depending on switch models. For details, see the speed auto-negotiation command in the Command Reference - Interface Management Commands - Ethernet Interface Configuration Commands.

  • Ensure that the interface works in auto-negotiation mode before configuring this command.

duplex { full | half }

Interface view

Sets the duplex mode for an electrical interface in non-auto-negotiation mode.

  • This command cannot be configured on combo interfaces.

  • Ensure that the interface works in non-auto-negotiation mode before configuring this command.

  • When the working rate of a GE electrical interface is 1000 Mbit/s, the interface supports only the full duplex mode.

loopback internal

Interface view

Configures a loopback detection mode on an interface.

-

description description (supported in V200R011C10 and later versions)

Interface view

Configures the description for an interface.

The description contains a maximum of 52 characters.

Port bridge

port bridge enable

Interface view

Enables the bridging function on an interface.

-

Voice VLAN

voice-vlan mac-address mac-address mask mask (supported in V200R011C10 and later versions)

System view

Configures the OUI address of the voice VLAN.

-

LBDT

loopback-detect enable

Interface view

Enables loopback detection on an interface.

-

loopback-detect packet vlan vlan-id

Interface view

Enables loopback detection for a specified VLAN.

If you configure this command multiple times, loopback detection is enabled for multiple VLANs.

ARP rate limiting

arp speed-limit source-mac maximum maximum

System view

Configures ARP rate limiting based on source MAC addresses.

  • Only the S5720EI, S6720S-EI, and S6720EI support this command.

  • This function takes effect only for ARP packets sent to the CPU.

arp speed-limit source-ip maximum maximum

System view

Configures ARP rate limiting based on source IP addresses.

This function takes effect only for ARP packets sent to the CPU.

Stack

port interface { interface-type interface-number1 [ to interface-type interface-number2 ] } enable (supported in V200R010 and later versions)

Stack interface view:

stack-port member-id/port-id

Configures a service interface as a physical member port and adds it to a stack port.

Before restoring the physical member ports that are added to a stack port in direct configuration mode as common service interfaces, you do not need to run the shutdown interface command in the stack interface view.

stack slot slot-id priority priority (supported in V200R010 and later versions)

System view

Sets a stack priority for a member switch in a stack.

-

stack slot slot-id renumber new-slot-id (supported in V200R011C10 and later versions)

System view

Changes the stack ID of a specified member switch in a stack.

NOTICE:
If there are services running, delivering this command may cause service interruptions and configuration loss. Therefore, you are advised to deliver this command when an AS is unconfigured.
A stack ID cannot be changed in the following situations:
  • The switch is a standalone switch that does not join any stack.
  • The newly configured stack ID is an existing stack ID of a specified member switch in a stack.
  • Ports with the specified slot-id have been configured as member ports of an uplink fabric port.
  • Ports with the specified slot-id have been configured as member ports of a downlink fabric port.

Precautions

  • When you configure a directly delivered command on the parent, enter the complete and correct command instead of the abbreviated form. No info message is displayed for confirming your input.
  • A directly delivered command supports the help and typeahead functions but not real-time check during input. The system checks the input only after you complete typing a command and press Enter. No detailed description is provided in help information. If you fail to configure a command for an AS, an info message is displayed.
  • When you configure a directly delivered command, the AS to which the command is to be delivered must be online. If you need to specify a port or slot-id in a command, the corresponding member device must be available. If the AS is offline, run the clear direct-command command to delete the completed configuration on the parent.
  • If a port has the configuration directly delivered using commands, the port cannot be configured as a member port of the Eth-Trunk to which a fabric port is bound. If a port has been configured as a member port of the Eth-Trunk to which a fabric port is bound, the configuration cannot be directly delivered to the port using commands.
  • Directly delivering configuration using commands and delivering configuration using service profiles are mutually exclusive and cannot be performed simultaneously.
  • A maximum of 4096 commands can be configured.

Example

# Configure the parent to deliver the loopback-detect enable command to GigabitEthernet0/0/1 on as1 to enable loopback detection on GigabitEthernet0/0/1.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as name as1
[HUAWEI-um-as-as1] direct-command view gigabitethernet 0/0/1 command loopback-detect enable
Related Topics

display as

Function

The display as command displays information about access switches (ASs).

NOTE:

This command can only be executed on a parent switch.

Format

display as { all | name as-name | mac-address mac-address | vpn-instance information }

Parameters

Parameter Description Value
all

Displays information about all ASs.

-

name as-name

Specifies the name of an AS.

The value must have an existing AS name.

mac-address mac-address

Specifies the MAC address of an AS.

The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address.

vpn-instance information

Displays VPN instance information.

The value must be an existing VPN instance name.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display as command to view information about ASs in an SVF system, including the AS device type, VPN instance information, and access status.

Example

# Display information about all ASs.

<HUAWEI> display as all
Total: 1, Normal: 1, Fault: 0, Idle: 0, Version mismatch: 0
--------------------------------------------------------------------------------
No.  Type           MAC            IP              State        Name
--------------------------------------------------------------------------------
0    S5700-P-LI     aaaa-bbbb-cc92 192.168.11.254  normal       as1
--------------------------------------------------------------------------------
Table 3-100  Description of the display as all command output

Item

Description

Total

Total number of ASs.

Normal

Number of ASs that are running normally.

Fault

Number of ASs in abnormal running status.

Idle

Number of ASs that have been configured but no gone online.

Version mismatch

Number of ASs of which the software versions do not match the software version of the parent.

No.

Sequence number.

Type

Device type of an AS.

MAC

Management MAC address of an AS.

IP

IP address of an AS.

State

Status of an AS:
  • idle: The AS is in initial state.

  • normal: The AS has gone online and connected to an SVF system.

  • fault: The AS does not connect to an SVF system.

  • version mismatch: The V, R, or C versions of the AS and parent are inconsistent.

Name

Name of an AS.

# Display information about the AS as1.

<HUAWEI> display as name as1
------------------------------------------------------------------------------
Management-mac       : aaaa-bbbb-cc92
System MAC           : aaaa-bbbb-cc92
ESN                  : 2102353173107C800132
Name                 : as1
Model                : S5700-28P-LI-AC
Device Type          : S5700-P-LI
State                : normal
Mode                 : centralized 
Slot                 : 0
As group             : group1
Port group           : group2
------------------------------------------------------------------------------
Table 3-101  Description of the display as name command output

Item

Description

Management-mac

Management MAC address of an AS. In a Super Virtual Fabric (SVF) system, each AS has a unique management MAC address to identify itself. To set a management MAC address for an AS, run the as access manage-mac command. If no management MAC address is configured for an AS, the system MAC address of the AS is used as the management MAC address.

System MAC

System MAC address of an AS, which is the physical MAC address of this AS.

ESN

Sequence number of an AS.

Name

Name of an AS.

Model

Device model of an AS.

Device Type

Device type of an AS.

State

Status of an AS:
  • idle: The AS is in initial state.

  • normal: The AS has gone online and connected to an SVF system.

  • fault: The AS does not connect to an SVF system.

  • version mismatch: The V, R, or C versions of the AS and parent are inconsistent.

Mode

Service configuration mode of an AS:

  • centralized: indicates the centralized mode.
  • independent: indicates the independent mode.

Slot

Stack ID of an AS in a stack.

As group

AS group to which an AS belongs.

Port group

Port group to which an AS port belongs.

# Display VPN instance information of ASs.

<HUAWEI> display as vpn-instance information
Total: 5                                                                        
--------------------------------------------------------------------------------
No.  VPN-Instance                     AS Name                                   
--------------------------------------------------------------------------------
0    VPN1                             e-10005(1-1)                              
1    --                               t-10018(2-2)                              
2    VPN2                             s-10021(1-1)                              
3    --                               6-10023(2-1)                              
4    --                               11-t-16(x-s)                              
--------------------------------------------------------------------------------
Table 3-102  Description of the display as vpn-instance information command output

Item

Description

Total

Number of ASs.

No.

AS number.

VPN-Instance

VPN instance name.

AS Name

AS name.

display as access configuration

Function

The display as access configuration command displays the access configuration of ASs.

NOTE:

Only the switches that function as ASs support this command.

Format

display as access configuration

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display as access configuration command on an AS to check the access configuration of the AS.

Example

# Display the access configuration of an AS.

<HUAWEI> display as access configuration
    AS mode                             : centralized
    Access interface                    : vlanif11
    Access controller configuration     : --
    Current connected access controller : 192.168.11.1(dynamic)
    Access management MAC               : 0200-0000-0022
    Access system MAC                   : 0200-0000-0022
    Current connected state             : normal
Table 3-103  Description of the display as access configuration command output

Item

Description

AS mode

AS mode:

  • disable: The device works in parent mode. To change the device working mode, run the as-mode disable command. This field is only supported on S6720SI, S6720S-SI, S6720EI, and S6720S-EI.
  • enable: The device works in AS mode, but it does not have the SVF function enabled using the uni-mng command.
  • centralized: The device works in AS mode and the service configuration mode is centralized mode.
  • independent: The device works in AS mode and the service configuration mode is independent mode.

Access interface

VLANIF interface for the management VLAN of an AS.

Access controller configuration

Parent IP address configured using the as access controller ip-address command. If this IP address is configured, the Current connected access controller field value contains configured.

Current connected access controller

IP address of the parent to which an AS is connected. If this field contains dynamic, the IP address is obtained through DHCP or in broadcast mode. If this field contains configured, the IP address is statically configured.

Access management MAC

Configured management MAC address of an AS.

Access system MAC

System MAC address of an AS.

Current connected state

Connection status of an AS:
  • idle: The AS is in initial state.

  • normal: The AS has gone online and connected to an SVF system.

  • fault: The AS does not connect to an SVF system.

  • version mismatch: The V, R, or C versions of the AS and parent are inconsistent.

display as blacklist

Function

The display as blacklist command displays blacklist information of an AS.

NOTE:

This command can only be executed on a parent switch.

Format

display as blacklist

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display as blacklist command to check blacklist information of an AS.

Example

# Display blacklist information of an AS.

<HUAWEI> display as blacklist
------------------------------------------------------------------------------
ID     MAC
------------------------------------------------------------------------------
0      0025-9e07-8281
------------------------------------------------------------------------------
Total: 1
Table 3-104  Description of the display as blacklist command output

Item

Description

ID

ID of a blacklist.

MAC

MAC address added to the blacklist.

To add a MAC address to a blacklist, run the blacklist mac-address command. If no MAC address is specified, no information is displayed.

display as run-info

Function

The display as run-info command displays running status information of an AS.

NOTE:

This command can only be executed on a parent switch.

Format

display as { name as-name | mac-address mac-address } run-info

Parameters

Parameter Description Value
name as-name

Specifies the name of an AS.

The value must have an existing AS name.

mac-address mac-address

Specifies the MAC address of an AS.

The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display as run-info command to check running status information of an AS, including the AS access status, CPU usage, and memory usage.

Example

# Display running status information of an AS.

<HUAWEI> display as name as1 run-info
Info: This operation may take a few seconds. Please wait...  
------------------------------------------------------------------------------
Software version     : Version 5.160 V200R011C10
Hardware version     : VER.A
Patch version        : V200R011SPH001    
Patch state          : running    
IP address           : 192.168.1.154                                                                                                  
IP mask              : 255.255.255.0                                                                                                
Gateway              : 192.168.1.1                                                                                                    
VPN-Instance         : --                                                                                                           
State                : normal                                                                                                       
Online time          : 1 day, 18 hours, 40 minutes, 0 second                                                                        
CPU usage            : 12%                                                                                                          
Memory usage         : 52%                                                                                                          
Slot 0               : present  
------------------------------------------------------------------------------
Table 3-105  Description of the display as run-info command output

Item

Description

Software version

Software version running on an AS.

Hardware version

Hardware version running on an AS.

Patch version

Patch version.

This field displays-- when the patch package is not installed.

Patch state

Patch status.

  • Running: The patch is running.
  • not running: The patch is not running.

This field displays-- when the Patch version field displays --.

IP address

IP address of an AS.

IP mask

Subnet mask.

Gateway

Gateway of an AS.

VPN-Instance

Name of a VPN instance.

State

Status of an AS:
  • idle: The AS is in initial state.

  • normal: The AS has gone online and connected to an SVF system.

  • fault: The AS does not connect to an SVF system.

  • version mismatch: The V, R, or C versions of the AS and parent are inconsistent.

Online time

Online time of an AS.

CPU usage

CPU usage of an AS.

Memory usage

Memory usage of an AS.

Slot 0

Whether an AS member device is present:
  • present

  • absent

display as unauthorized record

Function

The display as unauthorized record command displays information about the ASs that fail the authentication.

NOTE:

This command can only be executed on a parent switch.

Format

display as unauthorized record

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display as unauthorized record command to check information about the ASs that fail the authentication.

Example

# Display information about the ASs that fail the authentication.

<HUAWEI> display as unauthorized record
Unauthorized AS record:
--------------------------------------------------------------------------------
AS type        : S5720-SI
Host name      : huawei-000b-0987-d5aa
AS MAC address : 000b-0987-d5aa
AS IP address  : 192.168.1.253
Record time    : 2015-05-20 16:06:10 DST
--------------------------------------------------------------------------------
Total: 1 
Table 3-106  Description of the display as unauthorized record command output

Item

Description

AS type

Device type of an AS.

Host name

Name of the AS.

AS MAC address

MAC address of the AS.

AS IP address

IP address of the AS.

Record time

Time when the AS is authenticated.

display as whitelist

Function

The display as whitelist command displays whitelist information of an AS.

NOTE:

This command can only be executed on a parent switch.

Format

display as whitelist

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display as whitelist command to check whitelist information of an AS.

Example

# Display whitelist information of an AS.

<HUAWEI> display as whitelist
------------------------------------------------------------------------------
ID     MAC
------------------------------------------------------------------------------
0      0025-9e07-8282
------------------------------------------------------------------------------
Total: 1
Table 3-107  Description of the display as whitelist command output

Item

Description

ID

ID of a whitelist.

MAC

MAC address added to the whitelist.

display snmp-agent trap feature-name asmngtrap all

Function

display snmp-agent trap feature-name asmngtrap all command displays the status of all traps for the ASMNGTRAP module.

NOTE:

This command can only be executed on a parent switch.

Format

display snmp-agent trap feature-name asmngtrap all

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name asmngtrap all command to check the status of all traps of the ASMNGTRAP module. You can use the snmp-agent trap enable feature-name asmngtrap command to enable the trap function of the ASMNGTRAP module.

Prerequisites

SNMP has been enabled. For details, see snmp-agent.

Example

# Display all the traps of the ASMNGTRAP module.

<HUAWEI>display snmp-agent trap feature-name asmngtrap all
------------------------------------------------------------------------------                                                      
Feature name: ASMNGTRAP                                                                                                             
Trap number : 23                                                                                                                    
------------------------------------------------------------------------------                                                      
Trap name                       Default switch status   Current switch status                                                       
hwAsFaultNotify                 on                      on                                                                          
hwAsNormalNotify                on                      on                                                                          
hwAsAddOffLineNotify            on                      on                                                                          
hwAsDelOffLineNotify            on                      on                                                                          
hwAsPortStateChangeToDownNotify                                                                                                     
                                on                      on                                                                          
hwAsPortStateChangeToUpNotify   on                      on                                                                          
hwAsModelNotMatchNotify         on                      on                                                                          
hwAsVersionNotMatchNotify       on                      on                                                                          
hwAsNameConflictNotify          on                      on                                                                          
hwAsSlotModelNotMatchNotify     on                      on                                                                          
hwAsFullNotify                  on                      on                                                                          
hwUnimngModelNotMatchNotify     on                      on                                                                          
hwAsBoardAdd                    on                      on                                                                          
hwAsBoardDelete                 on                      on                                                                          
hwAsBoardPlugIn                 on                      on                                                                          
hwAsBoardPlugOut                on                      on                                                                          
hwAsInBlacklist                 on                      on                                                                          
hwAsUnconfirmed                 on                      on                                                                          
hwAsComboPortTypeChange         on                      on                                                                          
hwAsOnlineFailNotify            on                      on                                                                          
hwAsSlotIdInvalidNotify         on                      on                                                                          
hwAsSysmacSwitchCfgErrNotify    on                      on                                                                          
hwAsSlotOnlineFailNotify        on                      on                
Table 3-108  Description of the display snmp-agent trap feature-name asmngtrap all command output

Item

Description

Feature name

Name of the module that the trap belongs to.

Trap number

Number of traps.

Trap name

Trap name of the module:

  • hwAsFaultNotify: An AS goes offline.

  • hwAsNormalNotify: An AS goes online.

  • hwAsAddOffLineNotify: An AS has been added offline.

  • hwAsDelOffLineNotify: An AS has been deleted offline.

  • hwAsPortStateChangeToDownNotify: An AS port goes Down.

  • hwAsPortStateChangeToUpNotify: An AS port goes Up.

  • hwAsModelNotMatchNotify: The actual AS model does not match the configured one.

  • hwAsVersionNotMatchNotify: The AS version does not match.

  • hwAsNameConflictNotify: The AS name conflicts.

  • hwAsSlotModelNotMatchNotify: An AS has a different SVF enabling status than the parent.

  • hwAsFullNotify: The number of ASs reaches the maximum value.

  • hwUnimngModelNotMatchNotify: The model of a new device in the AS stack system differs from the configured model.

  • hwAsBoardAdd: An AS slot has been added.

  • hwAsBoardDelete: An AS slot has been deleted.

  • hwAsBoardPlugIn: A new member has joined an AS stack system.

  • hwAsBoardPlugOut: A member has left an AS stack system.

  • hwAsInBlacklist: An AS is in the blacklist.

  • hwAsUnconfirmed: An AS fails authentication.

  • hwAsComboPortTypeChange: The AS interface type has changed.

  • hwAsOnlineFailNotify: An AS fails to go online.

  • hwAsSlotIdInvalidNotify: An AS slot ID is invalid.

  • hwAsSysmacSwitchCfgErrNotify: The MAC address switching mode of the AS stack system is not set to non-switching.

  • hwAsSlotOnlineFailNotify: When an AS is a stack, some member switches in the stack fail to go online.

Default switch status

Default status of the trap function:
  • on: The trap function is enabled.

  • off: The trap function is disabled.

Current switch status

Status of the trap function:

  • on: The trap function is enabled.

  • off: The trap function is disabled.

display snmp-agent trap feature-name unimbrtrap all

Function

display snmp-agent trap feature-name unimbrtrap all command displays the status of all traps on the UNIMBRTRAP module.

NOTE:

This command can only be executed on a parent switch.

Format

display snmp-agent trap feature-name unimbrtrap all

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name unimbrtrap all command to check the status of all traps of UNIMBRTRAP. You can use the snmp-agent trap enable feature-name unimbrtrap command to enable the trap function of UNIMBRTRAP.

Prerequisites

SNMP has been enabled. For details, see snmp-agent.

Example

# Display all the traps of the UNIMBRTRAP module.

<HUAWEI>display snmp-agent trap feature-name unimbrtrap all
------------------------------------------------------------------------------                                                      
Feature name: UNIMBRTRAP                                                                                                            
Trap number : 30
------------------------------------------------------------------------------                                                      
Trap name                       Default switch status   Current switch status                                                       
hwASBrdTempAlarm                on                      on                                                                          
hwASBrdTempResume               on                      on                                                                          
hwASBoardFail                   on                      on                                                                          
hwASBoardFailResume             on                      on                                                                          
hwASBoardInvalid                on                      on                                                                          
hwASBoardInvalidResume          on                      on                                                                          
hwASOpticalInvalid              on                      on                                                                          
hwASOpticalInvalidResum         on                      on                                                                          
hwASPowerRemove                 on                      on                                                                          
hwASPowerInsert                 on                      on                                                                          
hwASPowerInvalid                on                      on                                                                          
hwASPowerInvalidResum           on                      on                                                                          
hwASFanRemove                   on                      on                                                                          
hwASFanInsert                   on                      on                                                                          
hwASFanInvalid                  on                      on                                                                          
hwASFanInvalidResume            on                      on                                                                          
hwASCommunicateError            on                      on                                                                          
hwASCommunicateResume           on                      on                                                                          
hwASCPUUtilizationRising        on                      on                                                                          
hwASCPUUtilizationResume        on                      on                                                                          
hwASMemUtilizationRising        on                      on                                                                          
hwASMemUtilizationResume        on                      on                                                                          
hwASMadConflictDetect           on                      on                                                                          
hwASMadConflictResume           on                      on                                                                          
hwUniMbrLinkStateChange         on                      on                                                                          
hwUniMbrASDiscoverAttack        on                      on                                                                          
hwUniMbrConnectError            on                      on                                                                          
hwUniMbrIllegalFabricConfig     on                      on                                                                          
hwUniMbrFabricPortMemberDelete  on                      on                                                                          
hwUniMbrAsServiceAbnormal       on                      on       
Table 3-109  Description of the display snmp-agent trap feature-name unimbrtrap all command output

Item

Specification

Feature name

Name of the module that the trap belongs to.

Trap number

Number of traps.

Trap name

Trap name. Traps of the UNIMBRTRAP module include:

  • hwASBoardFail: An AS becomes unavailable partially.

  • hwASBoardFailResume: An AS becomes available.

  • hwASBoardInvalid: An AS is invalid.

  • hwASBoardInvalidResume: An AS is valid.

  • hwASBrdTempAlarm: The AS temperature is out of the normal range.

  • hwASBrdTempResume: The AS temperature restores to the normal range.

  • hwASCommunicateError: A communication fault occurs.

  • hwASCommunicateResume: A communication fault is rectified.

  • hwASCPUUtilizationResume: The AS CPU usage falls below the threshold.

  • hwASCPUUtilizationRising: The AS CPU usage exceeds the threshold.

  • hwASFanInsert: An AS fan module is installed.

  • hwASFanInvalid: An AS fan module becomes unavailable completely.

  • hwASFanInvalidResume: An AS fan module becomes available.

  • hwASFanRemove: An AS fan module is removed.

  • hwASMadConflictDetect: A MAD conflict is detected.

  • hwASMadConflictResume: A MAD conflict is resolved.

  • hwASMemUtilizationResume: The AS memory usage restores to the normal range.

  • hwASMemUtilizationRising: The AS memory usage exceeds the threshold.

  • hwASOpticalInvalid: The AS optical module is invalid.

  • hwASOpticalInvalidResum: The AS optical module is valid.

  • hwASPowerInsert: An AS power module is installed.

  • hwASPowerInvalid: An AS power module is invalid.

  • hwASPowerInvalidResum: An AS power module is valid.

  • hwASPowerRemove: An AS power module is removed.

  • hwUniMbrASDiscoverAttack: An AS discovers attacks.

  • hwUniMbrConnectError: Cable connection of a fabric port is incorrect.

  • hwUniMbrFabricPortMemberDelete: A member port of a fabric port is removed.

  • hwUniMbrIllegalFabricConfig: The fabric port configuration is invalid.

  • hwUniMbrLinkStateChange: The connection status changes.

  • hwUniMbrAsServiceAbnormal: Services on an AS become abnormal.

Default switch status

Default status of the trap function:
  • on: indicates that the trap function is enabled by default.

  • off: indicates that the trap function is disabled by default.

Current switch status

Status of the trap function:

  • on: indicates that the trap function is enabled.

  • off: indicates that the trap function is disabled.

display snmp-agent trap feature-name uni-topomng all

Function

display snmp-agent trap feature-name uni-topomng all command displays the status of all traps on the UNI-TOPOMNG module.

NOTE:

This command can only be executed on a parent switch.

Format

display snmp-agent trap feature-name uni-topomng all

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name uni-topomng all command to check the status of all traps of UNI-TOPOMNG. You can use the snmp-agent trap enable feature-name uni-topomng command to enable the trap function of UNI-TOPOMNG.

Prerequisites

SNMP has been enabled. For details, see snmp-agent.

Example

# Display all the traps of the UNI-TOPOMNG module.

<HUAWEI>display snmp-agent trap feature-name uni-topomng all
------------------------------------------------------------------------------                                                      
Feature name: uni-topomng                                                                                                           
Trap number : 2                                                                                                                     
------------------------------------------------------------------------------                                                      
Trap name                       Default switch status   Current switch status                                                       
hwTopomngLinkNormal             on                      on                                                                          
hwTopomngLinkAbnormal           on                      on 
Table 3-110  Description of the display snmp-agent trap feature-name uni-topomng all command output

Item

Specification

Feature name

Name of the module that the trap belongs to.

Trap number

Number of traps.

Trap name

Trap name. Traps of the UNI-TOPOMNG module include:

  • hwTopomngLinkNormal: The connection status becomes normal.

  • hwTopomngLinkAbnormal: A connection fault occurs.

Default switch status

Default status of the trap function:
  • on: indicates that the trap function is enabled by default.

  • off: indicates that the trap function is disabled by default.

Current switch status

Status of the trap function:

  • on: indicates that the trap function is enabled.

  • off: indicates that the trap function is disabled.

display snmp-agent trap feature-name uni-tplm all

Function

display snmp-agent trap feature-name uni-tplm all command displays the status of all traps on the UNI-TPLM module.

NOTE:

This command can only be executed on a parent switch.

Format

display snmp-agent trap feature-name uni-tplm all

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name uni-tplm all command to check the status of all traps of UNI-TPLM. You can use the snmp-agent trap enable feature-name uni-tplm command to enable the trap function of UNI-TPLM.

Prerequisites

SNMP has been enabled. For details, see snmp-agent.

Example

# Display all the traps of the UNI-TPLM module.

<HUAWEI>display snmp-agent trap feature-name uni-tplm all
------------------------------------------------------------------------------                                                      
Feature name: uni-tplm                                                                                                              
Trap number : 3                                                                                                                     
------------------------------------------------------------------------------                                                      
Trap name                       Default switch status   Current switch status                                                       
hwTplmCmdExecuteFailedNotify    on                      on                                                                          
hwTplmCmdExecuteSuccessfulNotify                                                                                                    
                                on                      on                                                                          
hwTplmDirectCmdRecoverFail      on                      on
Table 3-111  Description of the display snmp-agent trap feature-name uni-tplm all command output

Item

Specification

Feature name

Name of the module that the trap belongs to.

Trap number

Number of traps.

Trap name

Trap name. Traps of the UNI-TPLM module include:

  • hwTplmCmdExecuteFailedNotify: The command fails to be executed on the AS.

  • hwTplmCmdExecuteSuccessfulNotify: The command is executed successfully on the AS.

  • hwTplmDirectCmdRecoverFail: Configurations of the commands directly configured on the parent for the AS fail to be restored.

Default switch status

Default status of the trap function:
  • on: indicates that the trap function is enabled by default.

  • off: indicates that the trap function is disabled by default.

Current switch status

Status of the trap function:

  • on: indicates that the trap function is enabled.

  • off: indicates that the trap function is disabled.

display snmp-agent trap feature-name uni-vermng all

Function

display snmp-agent trap feature-name uni-vermng all command displays the status of all traps on the UNI-VERMNG module.

NOTE:

This command can only be executed on a parent switch.

Format

display snmp-agent trap feature-name uni-vermng all

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name uni-vermng all command to check the status of all traps of UNI-TPLM. You can use the snmp-agent trap enable feature-name uni-vermng command to enable the trap function of UNI-TPLM.

Prerequisites

SNMP has been enabled. For details, see snmp-agent.

Example

# Display all the traps of the UNI-VERMNG module.

<HUAWEI>display snmp-agent trap feature-name uni-vermng all
------------------------------------------------------------------------------                                                      
Feature name: uni-vermng                                                                                                            
Trap number : 1                                                                                                                     
------------------------------------------------------------------------------                                                      
Trap name                       Default switch status   Current switch status                                                       
hwVermngUpgradeFail             on                      on 
Table 3-112  Description of the display snmp-agent trap feature-name uni-vermng all command output

Item

Specification

Feature name

Name of the module that the trap belongs to.

Trap number

Number of traps.

Trap name

Trap name. Traps of the UNI-VERMNG module include:

  • hwVermngUpgradeFail: An AS fails to be upgraded.

Default switch status

Default status of the trap function:
  • on: indicates that the trap function is enabled by default.

  • off: indicates that the trap function is disabled by default.

Current switch status

Status of the trap function:

  • on: indicates that the trap function is enabled.

  • off: indicates that the trap function is disabled.

display uni-mng as-discover packet statistics

Function

The display uni-mng as-discover packet statistics command displays AS Discovery packet statistics on a fabric port.

NOTE:

This command can be used on the parent or an AS. After running this command, you can check AS Discovery packet statistics on a fabric port of the local device.

Format

display uni-mng as-discover packet statistics interface fabric-port port-id

Parameters

Parameter Description Value
interface fabric-port port-id

Specifies the number of a fabric port.

The value is an integer that ranges from 0 to 63 on an AS and the value range on the parent varies depending on the switch model:
  • S12700: 0 to 255
  • S7712 (SRUE/SRUH)/S7706 (SRUE/SRUH): 0 to 255
  • S9312 (SRUE/SRUH)/S9310/S9306(SRUE/SRUH)/S9310X: 0 to 255
  • Other switch models: 0 to 63

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng as-discover packet statistics command to check AS Discovery packet statistics on a fabric port.

Example

# Display AS Discovery packet statistics on a fabric port.

<HUAWEI> display uni-mng as-discover packet statistics interface fabric-port 1
The statistics of AS Discover packet on Fabric-port1:

PortName     Packet-type                  Receive         Send
--------------------------------------------------------------------------------
GE9/0/19     AS Discover Request          0               2
             AS Discover ACK              1               0
             AS Discover ParaSyn Req      0               1
             AS Discover ParaSyn ACK      1               0
             AS Discover HeartBeat Req    0               210
             AS Discover HeartBeat ACK    210             0
             AS Discover NAK              0               0
             AS Discover FabricCfg Req    0               0
             AS Discover FabricCfg ACK    0               0
--------------------------------------------------------------------------------
Table 3-113  Description of the display uni-mng as-discover packet statistics command output

Item

Description

PortName

Name of a member port in a fabric port.

Packet-type

Packet type:
  • AS Discover Request: neighbor discovery request packet
  • AS Discover Request: neighbor discovery request packet
  • AS Discover ParaSyn Req: neighbor discovery parameter synchronization packet
  • AS Discover ParaSyn ACK: neighbor discovery parameter synchronization response packet
  • AS Discover HeartBeat Req: neighbor discovery heart packet
  • AS Discover HeartBeat ACK: neighbor discovery heart response packet
  • AS Discover NAK: neighbor discovery error packet
  • AS Discover FabricCfg Req: neighbor discovery AS fabric port configuration packet
  • AS Discover FabricCfg ACK: neighbor discovery AS fabric port configuration response packet

Receive

Statistics about received packets.

Statistics about AS Discover HeartBeat Req and AS Discover HeartBeat ACK packets will be cleared and start from 0 after an active/standby switchover is performed on the device.

Send

Statistics about sent packets.

Statistics about AS Discover HeartBeat Req and AS Discover HeartBeat ACK packets will be cleared and start from 0 after an active/standby switchover is performed on the device.

display uni-mng as-group

Function

The display uni-mng as-group command displays information about AS groups.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng as-group [ name group-name | verbose ]

Parameters

Parameter Description Value
name group-name

Specifies the name of an AS group.

The value must be an existing an AS group name.

verbose

Displays detailed information about an AS group.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng as-group command to check information about created AS groups.

Example

# Display brief information about all AS groups.

<HUAWEI> display uni-mng as-group

-------------------------------------------------------------------------------
 Number                       AS-group Name
-------------------------------------------------------------------------------
 1                            asgroup
-------------------------------------------------------------------------------
Table 3-114  Description of the display uni-mng as-group command output

Item

Description

Number

Sequence number.

AS-group Name

AS group name.

# Display detailed information about all AS groups.

<HUAWEI> display uni-mng as-group verbose

AS-group name: asgroup
-------------------------------------------------------------------------------
AS name list: (Total number = 1)
 as1
-------------------------------------------------------------------------------
AS-admin profile name: admin
-------------------------------------------------------------------------------
Table 3-115  Description of the display uni-mng as-group verbose command output

Item

Description

AS-group name

AS group name.

AS name list

List of ASs added to an AS group.

AS-admin profile name

Name of the bound AS administrator profile.

display uni-mng as index

Function

The display uni-mng as index command displays the index of an AS.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng as index

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng as index command to check the index, management MAC address, and name of an AS.

Example

# Display the index of an AS.

<HUAWEI> display uni-mng as index
------------------------------------------------------------------------------
Index     MAC-Current         MAC-Saved         Name
------------------------------------------------------------------------------
1         aaaa-bbbb-cc92      aaaa-bbbb-cc92    as1
------------------------------------------------------------------------------
Total: 1
Table 3-116  Description of the display uni-mng as index command output

Item

Description

Index

Index of an AS.

MAC-Current

Management MAC address.
MAC-Saved MAC address saved in the flash memory.
This field indicates the MAC address saved in the flash memory using the save command after an AS goes online or the as name (uni-mng view) command is configured.
  • If this field displays --, the save command is not executed after an AS goes online or the as name (uni-mng view) command is configured.
  • When MAC-Current and MAC-Saved are inconsistent, the save command is not executed after an AS is replaced or the as name (uni-mng view) command is configured.

Name

Name of an AS.

display uni-mng as interface brief

Function

The display uni-mng as interface brief command displays brief information about AS ports.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng as name as-name interface brief

Parameters

Parameter Description Value
name as-name

Specifies the name of an AS.

The value must have an existing AS name.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng as interface brief command to check brief information about AS ports.

When an AS is offline or its version is inconsistent with the parent version, this command displays default attributes of ports on this AS.

Example

# Display brief information about AS ports.

<HUAWEI> display uni-mng as name as1 interface brief
PHY: Physical                                                                                                                       
*down: administratively down  
--------------------------------------------------------------------------------
Interface                 Type            PHY      Online       MSTP state 
--------------------------------------------------------------------------------
Eth-Trunk1                Fabric Port     up       present      forwarding
Eth-Trunk40               Service Port    down     present      discarding
GigabitEthernet0/0/1      Service Port    down     present      discarding
GigabitEthernet0/0/2      Service Port    up       present      forwarding
GigabitEthernet0/0/3      Service Port    down     present      discarding
GigabitEthernet0/0/4      Service Port    down     present      discarding
GigabitEthernet0/0/5      Service Port    down     present      discarding
GigabitEthernet0/0/6      Service Port    down     present      discarding
GigabitEthernet0/0/7      Service Port    down     present      discarding
GigabitEthernet0/0/8      Service Port    down     present      discarding
GigabitEthernet0/0/9      Service Port    down     present      discarding
GigabitEthernet0/0/10     Service Port    down     present      discarding
GigabitEthernet0/0/11     Service Port    down     present      discarding
GigabitEthernet0/0/12     Service Port    down     present      discarding
GigabitEthernet0/0/13     Service Port    down     present      discarding
GigabitEthernet0/0/14     Service Port    down     present      discarding
GigabitEthernet0/0/15     Service Port    down     present      discarding
GigabitEthernet0/0/16     Service Port    down     present      discarding
GigabitEthernet0/0/17     Service Port    down     present      discarding
GigabitEthernet0/0/18     Service Port    down     present      discarding
GigabitEthernet0/0/19     Service Port    down     present      discarding
GigabitEthernet0/0/20     Service Port    down     present      discarding
GigabitEthernet0/0/21     Service Port    down     present      discarding
GigabitEthernet0/0/22     Service Port    down     present      discarding
GigabitEthernet0/0/23     Service Port    down     present      discarding
GigabitEthernet0/0/24     Service Port    down     present      discarding
GigabitEthernet0/0/25     Fabric Port     down     present      discarding
GigabitEthernet0/0/26     Fabric Port     up       present      forwarding
GigabitEthernet0/0/27     Fabric Port     down     present      discarding
GigabitEthernet0/0/28     Fabric Port     up       present      discarding
------------------------------------------------------------------------------
Table 3-117  Description of the display uni-mng as interface brief command output

Item

Description

Interface

Interface number.

Type

Interface type:
  • Service Port: indicates a service port.

  • Stack Port: indicates a physical stack member port.

  • Fabric Port: indicates a member port of a fabric port.

PHY

Interface status:
  • up: The interface is Up.

  • down: The interface is Down.

  • *down: The administrator shuts down the interface.

Online

Whether the card where the interface resides is present:
  • present

  • absent

MSTP state

STP forwarding status of the interface:
  • disabled

  • discarding

  • learning

  • forwarding

  • --: The interface is absent or a physical stack member port.

If the interface is an Eth-Trunk member port, this field displays the forwarding state of the Eth-Trunk.

display uni-mng as interface eth-trunk

Function

The display uni-mng as interface eth-trunk command displays information about an Eth-Trunk interface of an AS.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng as name as-name interface eth-trunk eth-trunk-id

Parameters

Parameter Description Value
name as-name

Specifies the name of an AS.

The value must have an existing AS name.

eth-trunk-id

Specifies the ID of an Eth-Trunk.

The value is an integer and the minimum value is 1. The maximum value varies according to the switch model. For a specific switch model, the maximum value is the same as that described in interface eth-trunk.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After you use the uni eth-trunk command to create an Eth-Trunk on an AS, you can run the display uni-mng as interface eth-trunk command to view information including the Eth-Trunk working mode, member interface, and member interface status.

Example

# Display information about Eth-Trunk 40 on AS as1.

<HUAWEI> display uni-mng as name as1 interface eth-trunk 40
Eth-Trunk40's state information is:                                                                                                 
WorkingMode: NORMAL                                                                                                                 
Operate status: down                                                                                                                
--------------------------------------------------------------------------------                                                    
PortName                  Status                                                                                                    
GigabitEthernet0/0/10     down                                                                                                      
GigabitEthernet0/0/11     down                                                                                                      
--------------------------------------------------------------------------------                                                    
The Number of Ports in Trunk : 2                                                                                                    
The Number of UP Ports in Trunk : 0    
Table 3-118  Description of the display uni-mng as interface eth-trunk command output

Item

Description

Eth-Trunk40's state information is

State information of Eth-Trunk 40.

WorkingMode

Working mode of the Eth-Trunk interface:
  • NORMAL: manual mode
  • LACP: LACP mode. To set the LACP mode, specify the mode lacp parameter when running the uni eth-trunk command to create an Eth-Trunk.

Operate status

Status of the Eth-Trunk interface:
  • down: The interface is Down.

  • up: The interface is Up.

PortName

Eth-Trunk member interface name.

To add or delete an Eth-Trunk member interface, run the port eth-trunk trunkmember command.

Status

Eth-Trunk member interface status:
  • down: The member interface is Down.

  • up: The member interface is Up.

The Number of Ports in Trunk

Number of Eth-Trunk member interfaces.

The Number of UP Ports in Trunk

Number of Eth-Trunk member interfaces in Up state.

display uni-mng commit-result

Function

The display uni-mng commit-result command displays the configuration delivery result.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng commit-result { profile | free-rule | as-direct-config }

Parameters

Parameter Description Value
profile

Displays the delivery result of the service profile configuration.

-

free-rule

Displays the delivery result of user authenticate-free rules.

-

as-direct-config

Displays the direct configuration recovery result after an AS goes online.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng commit-result command to check the result of delivering the configuration to an AS, including the service profiles configured on the parent, user authentication-free rules, and configurations directly delivered to ASs. This command displays only the latest result but not historical information.

Example

# Display the result of delivering the service profile configuration to an AS.

<HUAWEI> display uni-mng commit-result profile
Result of profile:
--------------------------------------------------------------------------------
 AS Name                         Commit Time               Commit/Execute Result
--------------------------------------------------------------------------------
 as1                             2014-09-16 14:38:03       Success/Success
--------------------------------------------------------------------------------
Table 3-119  Description of the display uni-mng commit-result profile command output

Item

Description

AS Name

Name of an AS.

Commit Time

Time when the configuration is delivered.

Commit/Execute Result

Commit Result indicates the configuration delivery result:
  • Success: The configuration is delivered successfully.

  • Failed: The configuration fails to be delivered.

  • Committing: The configuration is being delivered.

Execute Result indicates the execution result of the delivered configuration:
  • Success: The configuration is executed successfully.

  • Failed: The configuration fails to be executed.

  • Executing: The configuration is being executed.

display uni-mng global

Function

The display uni-mng global command displays the global configuration of SVF.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng global

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng global command to view the globally configured service functions of SVF.

Example

# Display the global configuration of SVF.

<HUAWEI> display uni-mng global
Forward-mode : Centralized 
Portal url encode : Disable 
IGMP snooping VLAN : 10 
Table 3-120  Description of the display uni-mng global command output

Item

Description

Forward-mode

SVF forwarding mode:

  • Distributed: distributed forwarding. In distributed forwarding, local traffic of an AS can be forwarded from the AS, and traffic between ASs is sent to the parent for forwarding.
  • Centralized: centralized forwarding. In centralized forwarding mode, both traffic forwarded by the local AS and traffic forwarded between ASs are sent to the parent for forwarding.

Portal url encode

Whether URL encoding is enabled:
  • Disable: URL encoding is disabled.
  • Enable: URL encoding is enabled.

To disable URL encoding, run the portal url-encode disable command.

IGMP snooping VLAN

Service VLAN in which IGMP snooping is enabled.

To configure a service VLAN in which IGMP snooping is enabled, run the as service-vlan igmp-snooping command. If no service VLAN is configured, this field is not displayed.

display uni-mng indirect configuration

Function

The display uni-mng indirect configuration command displays the indirect connection configuration on ASs.

NOTE:

This command can only be executed on an AS.

Format

display uni-mng indirect configuration

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can the display uni-mng indirect configuration command on an AS to check the indirect connection configuration on the AS.

Example

# Display the SVF indirect connection configuration on an AS.

<HUAWEI> display uni-mng indirect configuration
Uni-mng configuration information:                                                                                                  
 Current uni-mng status      : disable                                                                                              
 Next uni-mng status         : enable                                                                                               
 Current management VLAN     : --                                                                                                   
 Next management VLAN        : 100                                                                                                  
 Current fabric-port members :                                                                                                      
 Next fabric-port members    :                                                                                                      
  GigabitEthernet0/0/9           
Table 3-121  Description of the display uni-mng indirect configuration command output

Item

Description

Current uni-mng status Current manually configured client mode.
Next uni-mng status Next startup manually configured client mode.

To configure the client mode and management VLAN, run the uni-mng indirect mng-vlan command.

Current management VLAN Current management VLAN.

To configure the client mode and management VLAN, run the uni-mng indirect mng-vlan command.

Next management VLAN Next startup management VLAN.
Current fabric-port members Current member port configuration in a fabric port.

To configure member ports for a fabric port, run the uni-mng indirect fabric-port command.

Next fabric-port members Next startup member port configuration in a fabric port.

display uni-mng execute-failed-record

Function

The display uni-mng execute-failed-record command displays execution failure records after the configuration is delivered to an AS.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng execute-failed-record { profile | as-direct-config } as name as-name

Parameters

Parameter Description Value
profile Displays records of configurations delivered through profiles. -
as-direct-config Displays records of configurations directly delivered through commands. -
as name as-name

Specifies the name of an AS.

The value must have an existing AS name.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng execute-failed-record command to check execution failure records after the configuration is delivered to an AS.

Example

# Display execution failure records after the configuration is delivered to an AS.

<HUAWEI> display uni-mng execute-failed-record as-direct-config as name as1
Info: This operation may take a few seconds. Please wait....done.                                                          
--------------------------------------------------------------------------------                                                    
View name     : system                                                                                                              
Command       : arp speed-limit source-mac maximum 1                                                                                
Execute time  : 2015-01-19 15:09:23 DST                                                                                           
Failed reason : This device does not support this command.                                                                          
--------------------------------------------------------------------------------
Table 3-122  Description of the display uni-mng execute-failed-record as-direct-config command output

Item

Description

View name

View in which the configuration is executed.

Command

Command that failed to be executed.

Execute Time

Time the configuration is executed.

Failed reason

Cause of the execution failure.

display uni-mng interface fabric-port configuration

Function

The display uni-mng interface fabric-port configuration command displays the fabric port configuration.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng interface fabric-port configuration [ parent | as name as-name ]

Parameters

Parameter Description Value
parent

Display the parent-side fabric port configuration.

-

as name as-name

Display the AS-side fabric port configuration.

If parent and as-name are not specified, the configurations of all the fabric ports in an SVF system are displayed.

The value must have an existing AS name.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng interface fabric-port configuration command to check the fabric port configuration.

Example

# Display the fabric port configuration.

<HUAWEI> display uni-mng interface fabric-port configuration
Interface      Direction  Connect-type  Member-name  Location                                                                       
-------------------------------------------------------------------------------                                                     
Fabric-port0   Down       Direct        Eth-Trunk0   Parent                                                                         
Fabric-port1   Down       Direct        Eth-Trunk1   Parent                                                                         
Fabric-port3   Down       Direct        Eth-Trunk3   Parent                                                                         
Fabric-port5   Down       Direct        Eth-Trunk5   Parent                                                                         
Fabric-port6   Down       Direct        Eth-Trunk6   Parent                                                                         
Fabric-port7   Down       Direct        Eth-Trunk7   Parent                                                                         
Fabric-port8   Down       Direct        Eth-Trunk8   Parent                                                                         
Fabric-port9   Down       Indirect      Eth-Trunk9   Parent                                                                         
Fabric-port10  Down       Indirect      Eth-Trunk10  Parent                                                                         
Fabric-port11  Down       Direct        Eth-Trunk11  Parent                                                                         
Fabric-port15  Down       Direct        Eth-Trunk15  Parent                                                                         
-------------------------------------------------------------------------------                                                     
Total : 11 
Table 3-123  Description of the display uni-mng interface fabric-port configuration command output

Item

Description

Interface

Fabric port name.

Direction

Direction of a fabric port. Down indicates downlink and Up indicates uplink.

Connect-type

Connection mode of a fabric port. Direct indicates the direct connection mode, whereas Indirect indicates the indirect connection mode (connection through an intermediate network).

Member-name

Eth-Trunk to which a fabric port is bound.

Location

Device where a fabric port resides.

display uni-mng interface fabric-port state

Function

The display uni-mng interface fabric-port state command displays the fabric port status.

NOTE:

This command can be used on the parent or an AS. After running this command, you can check the fabric port status on the local device.

Format

display uni-mng interface fabric-port [ port-id ] state

Parameters

Parameter Description Value
port-id

Specifies the number of a fabric port.

If this parameter is not specified, the status of all fabric ports is displayed.

The value is an integer and must be set according to the device configuration.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng interface fabric-port state command to check the fabric port status.

  • If an AS connects to the parent through an intermediate network, peer fabric port information cannot be obtained and displays --.

  • If a fabric port is incorrectly connected, the system displays an error summary message to provide the cause of the error.

Example

# Display the fabric port status on the parent.

<HUAWEI> display uni-mng interface fabric-port state
--------------------------------------------------------------------------------                                                    
Fabric-port name             : Fabric-port1                                                                                         
Fabric-port direction        : Down                                                                                                 
Fabric-port member name      : Eth-Trunk1                                                                                           
                                                                                                                                    
Peer MAC                     : 0000-1382-4569                                                                                       
Peer AS name                 : as1                                                                                                  
Peer fabric-port member name : Eth-Trunk0                                                                                           
                                                                                                                                    
Physical member number       : 1                                                                                                    
Local-port    Peer-port     State     Detail                          Exptime(s)                                                    
XGE6/0/3      XGE0/0/1      Connected None                            32                                                            
-------------------------------------------------------------------------------- 
Table 3-124  Description of the display uni-mng interface fabric-port state command output

Item

Description

Fabric-port name

Fabric port name.

Fabric-port direction

Direction of a fabric port. Down indicates downlink and Up indicates uplink.

Fabric-port member name

Eth-Trunk to which a fabric port is bound.

Peer MAC

MAC address of the peer device.

Peer AS name

Name of the peer device.

Peer fabric-port member name

Eth-Trunk to which the peer fabric port is bound.

Physical member number

Number of member ports in a fabric port.

Local-port

Local member port.

Peer-port

Peer member port.

State

Port connection status:
  • Init: initialization state

  • Config: negotiation state

  • Error: negotiation error state

  • Connected: connected state

  • unknown: unknown state

Detail

Detailed information when the port connection state is Error.

For error reasons and solutions, see Table 3-125.

Exptime(s)

Timeout period of link heartbeat packets, in seconds.

Table 3-125  Error reasons indicated by the Detail field and solutions

Detail Field

Meaning

Solution

Startup cfg file exists

The AS has a startup configuration file.

Clear the startup configuration file and restart the AS.

Console input exists

Input exists on the console interface of an AS.

Restart the AS and do not log in to the console interface immediately after the AS is restarted.

VLAN for VCMP exists

The VLAN for VCMP exists on the AS.

Run the reset vcmp command on the AS to restart the AS.

Port not supported

The AS attempts to connect to the parent through an unsupported port.

Connect the AS to the parent through an uplink port or subcard port.

Fabric-port linked to multi-AS

Member ports of the same downlink fabric port connect to two ASs.

Member ports of a downlink fabric port can connect to only one AS, and different ASs must connect to different fabric ports.

Parent exists already

The AS connects to two parent switches.

Disconnect the AS from one parent switch.

Linked to multi fabric-port

The uplink port of the AS connects to multiple fabric ports of the parent.

Ensure that the AS connects to only one fabric port of the parent and disconnect the AS from other fabric ports.

Level-1 AS linked to level-1 AS

The downlink fabric port of a level-1 AS connects to another level-1 AS.

Disconnect the two level-1 ASs from each other.

Parent linked to level-2 AS

The parent directly connects to a level-2 AS.

Disconnect the parent from the level-2 AS.

Downstream fabric-port linked

A downlink fabric port of an AS connects to the parent.

Disconnect the fabric port of the AS from the parent.

No response received

The parent does not receive any response packet.

  • Ensure that the parent is a Huawei switch that supports the SVF function.
  • Ensure that the AS starts without configuration.

  • Ensure that physical ports that connect the AS to the parent are of the same type.

Failed to create Eth-Trunk

Failed to create an Eth-Trunk on an AS.

Disconnect the AS from the parent and then reconnect them.

Failed to bind trunk

Failed to add ports of an AS to an Eth-Trunk.

Disconnect the AS from the parent and then reconnect them.

Force Uni-mng mode

An AS has been configured to work in client mode.

On the parent, configure the indirect connection mode for the fabric port that connects to the AS. Alternative, run the undo uni-mng enable command on the AS and restart the AS to enable it exit from the client mode.

Parent linked to parent

The fabric port of the parent connects to another parent.

Disconnect the fabric port from the remote parent.

System is busy on AS

The system is busy on the AS.

Wait until the AS is idle.

Linked to AS with IPv4-hardware

When an S5700-10P-LI, S5700-10P-PWR-LI-AC, or S2750EI functions as an AS, Layer 3 hardware forwarding for IPv4 packets has been enabled using the assign forward-mode ipv4-hardware command.

Disable Layer 3 hardware forwarding for IPv4 packets.

Configurations exist on port

Configurations exist on the port of an AS.

Delete the configurations of the port.

Invalid stack config exists

Downlink service port of AS is configured as a stack port.

Clear the stack configuration of the downlink service port.

display uni-mng patch-delete info

Function

The display uni-mng patch-delete info command displays information about the operation of deleting patches on ASs.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng patch-delete info

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After patches on a specified AS are deleted using the patch delete as command, you can use the display uni-mng patch-delete info command to view information about the operation of deleting the patches.

Example

# Display information about the operation of deleting patches on ASs.
<HUAWEI> display uni-mng patch-delete info
Total: 7                                                                        
--------------------------------------------------------------------------------
AS Name                         Result          Time                            
--------------------------------------------------------------------------------
e-10005(1-1)                    successful      2014-09-04  15:51:05 DST        
t-10021(1-s)                    failed          2014-09-04  15:51:05            
m-10018(x-1)                    deleting        2014-09-04  15:51:05            
p-10017(2-2)                    expired         2014-09-04  15:51:05            
6-10016(2-1)                    successful      2014-09-04  15:51:05            
7-10015(2-2)                    successful      2014-09-04  15:51:05            
2-10011(2-1)                    --              --                              
--------------------------------------------------------------------------------
Table 3-126  Description of the display uni-mng patch-delete info command output

Item

Description

Total

Number of ASs.

AS Name

Name of an AS.

Result

Result of the operation of deleting patches:
  • successful: Patches are deleted successfully.
  • failed: Patches fail to be deleted.
  • deleting: Patches are being deleted.
  • expired: Deleting patches expires. After the operation of deleting patches is delivered, if no operation result is received within 2 minutes, the Result field displays expired.
  • --: No records of the deletion operation are available.

Time

Time for the last operation.

Related Topics

display uni-mng port-group

Function

The display uni-mng port-group command displays information about port groups.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng port-group [ name group-name | verbose ]

Parameters

Parameter Description Value
name group-name

Specifies the name of a port group.

The value must be an existing a port group name.

verbose

Displays detailed information about a port group.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng port-group command to check information about created port groups.

Example

# Display brief information about all port groups.

<HUAWEI> display uni-mng port-group

-------------------------------------------------------------------------------
 Number               Port-group Name                  Port-group Type
-------------------------------------------------------------------------------
 1                    group1                           Connect to user
 2                    ap_group1                        Connect to ap
-------------------------------------------------------------------------------
Table 3-127  Description of the display uni-mng port-group command output

Item

Description

Number

Sequence number.

Port-group Name

Port group name.

Port-group Type

Port group type:
  • Connect to user: port connected to a terminal user

  • Connect to ap: port connected to an AP

# Display detailed information about all port groups.

<HUAWEI> display uni-mng port-group verbose

-------------------------------------------------------------------------------
Port-group name             : ap
Port-group type             : connect to AP
Interface list              :
 AS name as1 interface Eth-trunk 5 GigabitEthernet 0/0/2
Network-basic profile       : --
-------------------------------------------------------------------------------
Port-group name             : group_2
Port-group type             : connect to user
Interface list              :
 AS name as1 interface Eth-trunk 4 GigabitEthernet 0/0/10
Network-basic profile       : --
Network-enhanced profile    : --
User-access profile         : --
-------------------------------------------------------------------------------
Table 3-128  Description of the display uni-mng port-group verbose command output

Item

Description

Port-group name

Port group name.

Port-group type

Port group type:
  • Connect to user: port connected to a terminal user

  • Connect to ap: port connected to an AP

Interface list

List of member ports added to a port group.

Network-basic profile

Name of the network basic profile bound to the port group. When no network basic profile is bound to the port group, this field displays --.

Network-enhanced profile

Name of the network enhanced profile bound to the port group. When no network enhanced profile is bound to the port group, this field displays --.

User-access profile

Name of the user access profile bound to the port group. When no user access profile is bound to the port group, this field displays --.

display uni-mng profile

Function

The display uni-mng profile command displays service profile information.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng profile [ { as-admin | network-basic | network-enhanced | user-access } [ name profile-name ] ]

Parameters

Parameter Description Value
as-admin

Displays information about AS administrator profiles.

-

network-basic

Displays information about network basic profiles.

-

network-enhanced

Displays information about network enhanced profiles.

-

user-access

Displays information about user access profiles.

-

name profile-name

Specifies the name of a service profile.

If this parameter is specified, you can check information about services configured in a specified profile.

The profile must have an existing profile name.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng profile command to check information about created service profiles.

Example

# Display brief information about all service profiles.

<HUAWEI> display uni-mng profile

AS-admin profile:
-------------------------------------------------------------------------------
 Number                          Profile Name
-------------------------------------------------------------------------------
 1                               hehe
 2                               profile_1
-------------------------------------------------------------------------------

Network-basic profile:
-------------------------------------------------------------------------------
 Number                          Profile Name
-------------------------------------------------------------------------------
 1                               b_pro
 2                               p
-------------------------------------------------------------------------------

Network-enhanced profile:
-------------------------------------------------------------------------------
 Number                          Profile Name
-------------------------------------------------------------------------------
 1                               enp
-------------------------------------------------------------------------------

User-access profile:
-------------------------------------------------------------------------------
 Number                          Profile Name
-------------------------------------------------------------------------------
 1                               u_pro
-------------------------------------------------------------------------------
Table 3-129  Description of the display uni-mng profile command output

Item

Description

Number

Sequence number.

Profile Name

Name of each profile type.

AS-admin profile

AS administrator profile created using the as-admin-profile name command.

Network-basic profile

Network basic profile created using the network-basic-profile name command.

Network-enhanced profile

Network enhanced profile created using the network-enhanced-profile name command.

User-access profile

User access profile created using the user-access-profile name command.

# Display information about the service profile with a specified name.

<HUAWEI> display uni-mng profile network-basic name basic

-------------------------------------------------------------------------------
Profile name: basic
 User-vlan                  : 110
 Voice-vlan                 : 114
 Pass-vlan                  : 1 112 to 113
-------------------------------------------------------------------------------
Table 3-130  Description of the display uni-mng profile network-basic name command output

Item

Description

Profile Name

Name of a service profile.

User-vlan

Default VLAN configured in a service profile.

To configure a default VLAN, run the user-vlan command. By default, VLAN 1 is a default VLAN.

Voice-vlan

Voice VLAN configured in a service profile.

To configure a voice VLAN, run the voice-vlan command. If no voice VLAN is configured, this field displays --.

Pass-vlan

Allowed VLAN configured in a service profile.

To configure an allowed VLAN, run the pass-vlan command. By default, only VLAN 1 is allowed.

display uni-mng profile as

Function

The display uni-mng profile as command displays the configuration generated after an AS is bound to service profiles.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng profile as name as-name [ interface interface-type interface-number ]

Parameters

Parameter Description Value
name as-name

Specifies the name of an AS.

The value must have an existing AS name.

interface interface-type interface-number
Displays the configuration of a specified interface:
  • interface-type specifies the interface type. The interface type can be Eth-Trunk interface.
  • interface-number specifies the interface number.

If this parameter is not specified, the configurations of all the service interfaces on an AS are displayed.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng profile as command to check the configuration generated after an AS is bound to service profiles.

Example

# Display the configuration generated on an AS.

<HUAWEI> display uni-mng profile as name as1
                                                                                                                                    
Global                                                                                                                              
-------------------------------------------------------------------------------                                                     
Centralized forward mode: disable                                                                                                   
-------------------------------------------------------------------------------                                                     
Portal url-encode: disable                                                                                                          
-------------------------------------------------------------------------------
AS-group name: xy                                                                                                                   
 Username: admin                                                                                                                    
  Privilege-level   : 3                                                                                                             
  Service-type      : terminal ssh  
 Traffic-limit outbound ARP(Kbps)  : 512                                                                                            
 Traffic-limit outbound DHCP(Kbps) : 128                                                                                            
-------------------------------------------------------------------------------                                                     
                                                                                                                                    
Interface GigabitEthernet0/0/1                                                                                                      
-------------------------------------------------------------------------------                                                     
Port-group name: --                                                                                                                 
 User-vlan                        : --                                                                                              
 Voice-vlan                       : --                                                                                              
 Pass-vlan                        : --                                                                                              
                                                                                                                                    
 Priority-trust                   : disable                                                                                         
 User-access-port                 : disable                                                                                         
 DHCP snooping                    : disable                                                                                         
 IP source check                  : disable                                                                                         
 ARP anti-attack check            : disable                                                                                         
 Unicast-suppression(pps)         : --                                                                                              
 Multicast-suppression(pps)       : --                                                                                              
 Broadcast-suppression(pps)       : --                                                                                              
 Rate-limit(Kbps)                 : --                                                                                              
                                                                                                                                    
 Authentication                   : --                                                                                              
 Authentication maximum user-num  : --
 MAC-limit                        : --                                                                                              
 Traffic-limit inbound ARP(Kbps)  : --                                                                                              
 Traffic-limit inbound DHCP(Kbps) : --                                                                                              
-------------------------------------------------------------------------------                                                     
                                                                                                                                    
Interface GigabitEthernet0/0/2                                                                                                      
-------------------------------------------------------------------------------                                                     
Port-group name: --                                                                                                                 
 User-vlan                        : --                                                                                              
 Voice-vlan                       : --                                                                                              
 Pass-vlan                        : --                                                                                              
                                                                                                                                    
 Priority-trust                   : disable                                                                                         
 User-access-port                 : disable                                                                                         
 DHCP snooping                    : disable                                                                                         
 IP source check                  : disable                                                                                         
 ARP anti-attack check            : disable                                                                                         
 Unicast-suppression(pps)         : --                                                                                              
 Multicast-suppression(pps)       : --                                                                                              
 Broadcast-suppression(pps)       : --                                                                                              
 Rate-limit(Kbps)                 : --                                                                                              
                                                                                                                                    
 Authentication                   : --                                                                                              
 Authentication maximum user-num  : --
 MAC-limit                        : --                                                                                              
 Traffic-limit inbound ARP(Kbps)  : --                                                                                              
 Traffic-limit inbound DHCP(Kbps) : --                                                                                              
-------------------------------------------------------------------------------
......
Table 3-131  Description of the display uni-mng profile as command output

Item

Description

Global

Global AS configuration.

Centralized forward mode

Whether centralized forwarding is enabled:
  • disable: Centralized forwarding is disabled, and distributed forwarding is used currently.
  • enable: Centralized forwarding is enabled.

To configure centralized forwarding, run the forward-mode centralized command. By default, distributed forwarding is used.

Portal url-encode

Whether URL encoding is enabled for an AS:
  • disable: URL encoding is disabled for the AS.
  • enable: URL encoding is enabled for the AS.

To disable URL encoding for an AS, run the portal url-encode disable command. By default, URL encoding is enabled for an AS.

AS-group name

Name of the AS group to which an AS belongs.

Username

AS administrator user name. If no AS administrator user name is configured, this field displays --.

AS administrator user name configured in the AS administrator profile bound to an AS group. To configure an AS administrator user name, run the user password command.

Privilege-level

User level.

Service-type

User access type. The value is terminal ssh and cannot be changed.

Traffic-limit outbound ARP(Kbps) Outbound ARP packet rate limit of the uplink fabric port of an AS, in kbit/s.

To set the outbound ARP packet rate limit, run the traffic-limit outbound command.

Traffic-limit outbound DHCP(Kbps) Outbound DHCP packet rate limit of the uplink fabric port of an AS, in kbit/s.

To set the outbound ARP packet rate limit, run the traffic-limit outbound command.

Interface GigabitEthernet0/0/1

Interface GigabitEthernet0/0/2

Interface name.

Port-group name

Name of the port group to which an interface belongs. If an interface is not added to any port group, this field displays -- or disable.

User-vlan

Default VLAN.

To configure a default VLAN, run the user-vlan command.

Voice-vlan

Voice VLAN.

To configure a voice VLAN, run the voice-vlan command.

Pass-vlan

Allowed VLAN.

To configure an allowed VLAN, run the pass-vlan command.

Priority-trust

Whether the priority trust function is enabled:
  • disable: The priority trust function is disabled in a network enhanced profile.
  • enable: The priority trust function is enabled in a network enhanced profile.

User-access-port

Whether the edge port function is enabled:
  • disable: The edge port function is disabled in a network enhanced profile.
  • enable: The edge port function is enabled in a network enhanced profile.

To enable the edge port function, run the user-access-port enable command.

DHCP snooping Whether DHCP snooping is enabled:
  • disable: DHCP snooping is disabled in a network enhanced profile.
  • enable: DHCP snooping is enabled in a network enhanced profile.

To enable DHCP snooping, run the dhcp snooping enable command.

IP source check Whether the IP packet check function is enabled:
  • disable: IP packet check is disabled in a network enhanced profile.
  • enable: IP packet check is enabled in a network enhanced profile.

To enable IP packet check, run the ip source check user-bind enable command.

ARP anti-attack check Whether the dynamic ARP detection function is enabled:
  • disable: The dynamic ARP detection function is disabled in a network enhanced profile.
  • enable: The dynamic ARP detection function is enabled in a network enhanced profile.

To enable the dynamic ARP detection function, run the arp anti-attack check user-bind enable command.

Unicast-suppression(pps)

Rate limit for unknown unicast traffic, in pps.

To set the rate limit for unknown unicast traffic, run the unicast-suppression command.

Multicast-suppression(pps)

Rate limit for multicast traffic, in pps.

To set the rate limit for multicast traffic, run the multicast-suppression command.

Broadcast-suppression(pps)

Rate limit for broadcast traffic, in pps.

To set the rate limit for broadcast traffic, run the broadcast-suppression command.

Rate-limit(Kbps)

Traffic rate limit, in kbit/s.

To set the traffic rate limit, run the rate-limit command.

Authentication

User authentication profile created using the authentication-profile command.

Authentication maximum user-num Maximum number of access users configured in a user access profile.

To set this parameter, run the authentication access-user maximum command.

MAC-limit MAC address learning limit.

To set the MAC address learning limit, run the mac-limit command.

Traffic-limit inbound ARP(Kbps) Inbound ARP packet rate limit of an AS port, in kbit/s.

To set the inbound ARP packet rate limit, run the traffic-limit inbound command.

Traffic-limit inbound DHCP(Kbps) Inbound DHCP packet rate limit of an AS port, in kbit/s.

To set the inbound ARP packet rate limit, run the traffic-limit inbound command.

display uni-mng topology configuration

Function

The display uni-mng topology configuration command displays the SVF network topology collection configuration.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng topology configuration

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng topology configuration command to check the SVF network topology collection configuration.

Example

# Display the SVF network topology collection configuration.

<HUAWEI> display uni-mng topology configuration
Explore timer: 10 minutes
Last collection time: 10:03:58 UTC+00:00 2014/09/11
Total time for last collection: 9 ms
Table 3-132  Description of the display uni-mng topology configuration command output

Item

Description

Explore timer

Network topology collection interval.

To set the network topology collection interval, run the topology explore command.

Last collection time

Last time the SVF network topology is collected.

Total time for last collection

Time taken to collect the SVF network topology.

display uni-mng topology information

Function

The display uni-mng topology information command displays SVF network topology information.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng topology information [ by-name ]

Parameters

Parameter Description Value
by-name

Displays SVF network topology information based on the device name.

If this parameter is not specified, SVF network topology information is displayed based on the MAC address.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng topology information command to check SVF network topology information.

Example

# Display SVF network topology information.

<HUAWEI> display uni-mng topology information
The topology information of uni-mng network:
<-->: direct link        <??>: indirect link
T: Trunk ID                 *: independent AS
------------------------------------------------------------------------------
 Local MAC       Hop  Local Port      T  ||  T   Peer Port      Peer MAC
------------------------------------------------------------------------------
 00e0-0987-7890  0    GE6/1/0         11 <-->0   GE0/0/26       00e0-0001-0008*
 00e0-0001-0008  1    GE0/0/2         -- <-->--  GE0/0/0        00e0-0001-0005
------------------------------------------------------------------------------
Total items displayed : 2

# Display SVF network topology information based on the device name.

<HUAWEI> display uni-mng topology information by-name
The topology information of uni-mng network:
<-->: direct link        <??>: indirect link
T: Trunk ID              *: independent AS
----------------------------------------------------------------------------------------------------------------
 Local Dev                        Hop  Local Port      T  ||  T   Peer Port      Peer Dev
----------------------------------------------------------------------------------------------------------------
 100-S1                           0    GE6/1/0         1  <-->0   GE0/0/26       as1*
 as1                              1    GE0/0/2         -- <-->--  GE0/0/0        ap-1
----------------------------------------------------------------------------------------------------------------
Total items displayed : 2

Table 3-133  Description of the display uni-mng topology information command output

Item

Description

Local MAC

MAC address of the local device. If by-name is specified, this field displays Local Dev, indicating the device name.

Hop

Hierarchy of a device on the SVF network:
  • 0: the parent

  • 1: level-1 AS

  • 2: level-2 AS

Local Port

Local physical port.

When two devices are indirectly connected, port information cannot be displayed because ports are not indirectly connected.

T

ID of the Eth-Trunk to which a physical port belongs.

||

Whether two devices are directly connected:
  • <-->: indicates that two devices are directly connected.
  • <??>: indicates that two devices are indirectly connected. For example, two devices are connected through other networks.

Peer Port

Peer physical port.

When two devices are indirectly connected, port information cannot be displayed because ports are not indirectly connected.

Peer MAC

MAC address of the peer device. If by-name is specified, this field displays Peer Dev, indicating the device name.

If * is displayed, the AS is configured in the independent mode.

Local Dev

Local device name.

Peer Dev

Peer device name.

If * is displayed, the AS is configured in the independent mode.

display uni-mng unauthen-user

Function

The display uni-mng unauthen-user command displays information about non-authenticated users on an AS.

NOTE:

This command can be used on the parent or an AS.

Format

display uni-mng unauthen-user [ as name as-name | mac-address mac-address ]

Parameters

Parameter Description Value
as name as-name

Specifies the name of an AS.

NOTE:

This parameter is supported only on the parent.

The value is a string of 1 to 31 case-insensitive characters without spaces.

mac-address mac-address

Specifies the MAC address of an AS.

The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To view information about non-authenticated users on an AS, run the display uni-mng unauthen-user command.

Example

# Display information about non-authenticated users on the AS test1.

<HUAWEI> display uni-mng unauthen-user as name test1
Total: 5                                                                        
--------------------------------------------------------------------------------
MAC Address       VLAN  IP               Interface    AS Name                   
--------------------------------------------------------------------------------
0001-c002-c302    212   1.1.1.1          Ge1/0/1      test1                     
000b-099a-8a3d    212   1.1.1.2          Ge1/0/1      test1                     
0010-0020-0004    212   1.1.1.3          Ge1/0/1      test1                     
0200-0000-0000    212   1.1.1.4          Ge1/0/1      test1                     
4cb1-6c91-52a1    212   1.1.1.5          Ge1/0/1      test1                     
--------------------------------------------------------------------------------
Table 3-134  Description of the display uni-mng unauthen-user command output

Item

Description

Total

Number of non-authenticated users on an AS.

MAC Address

MAC address of a non-authenticated user.

VLAN

VLAN to which a non-authenticated user belongs.

IP

IP address of a non-authenticated user.

Interface

Access interface of a non-authenticated user.

AS Name

Name of an AS.

display uni-mng unauthen-user offline-record

Function

The display uni-mng unauthen-user offline-record command displays offline records of non-authenticated users on an AS.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng unauthen-user offline-record [ as name as-name | mac-address mac-address ]

Parameters

Parameter Description Value
as name as-name

Specifies the name of an AS.

The value is a string of 1 to 31 case-insensitive characters without spaces.

mac-address mac-address

Specifies the MAC address of an AS.

The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To view offline records of non-authenticated users on an AS, run the display uni-mng unauthen-user offline-record command.

Example

# Display offline records of non-authenticated users on the AS test1.

<HUAWEI> display uni-mng unauthen-user offline-record as name test1
Total: 2                                                                        
--------------------------------------------------------------------------------
  AS name               : test1
  User MAC              : 0021-9746-b67c
  User VLAN             : 212
  User access interface : Ge1/0/2
  User IP address       : 192.168.1.1
  User offline time     : 2016/01/21 04:59:43
  User offline reason   : As offline
--------------------------------------------------------------------------------
  AS name               : test1
  User MAC              : 0021-9746-b67d
  User VLAN             : 212
  User access interface : Ge1/0/3
  User IP address       : 192.168.1.2
  User offline time     : 2016/01/21 05:59:43
  User offline reason   : User offline
--------------------------------------------------------------------------------
Table 3-135  Description of the display uni-mng unauthen-user offline-record command output

Item

Description

Total

Number of offline records of non-authenticated users on an AS.

AS name

Name of an AS.

User MAC

MAC address of a non-authenticated user.

User VLAN

VLAN to which a non-authenticated user belongs.

User access interface

Access interface of a non-authenticated user.

User IP address

IP address of a non-authenticated user.

User offline time

Time when a non-authenticated user goes offline.

User offline reason

Reason that a non-authenticated user goes offline.
  • User offline: The user goes offline.
  • AS offline: The AS is offline.

display uni-mng upgrade-info

Function

The display uni-mng upgrade-info command displays AS version upgrade information.

NOTE:

This command can only be executed on a parent switch.

Format

display uni-mng upgrade-info [ as name as-name | verbose ]

Parameters

Parameter Description Value
as name as-name

Specifies the name of an AS.

The value must have an existing AS name.

verbose

Displays detailed version upgrade information.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng upgrade-info command to check AS version upgrade information.

Example

# Display AS version upgrade information.

<HUAWEI> display uni-mng upgrade-info
The total number of AS is : 1
--------------------------------------------------------------------------------
 Name                            Method       Phase       Status      Result
--------------------------------------------------------------------------------
 as1                             --           --          NO-UPGRADE  --
--------------------------------------------------------------------------------
Table 3-136  Description of the display uni-mng upgrade-info command output

Item

Description

Name

Name of an AS.

Method

Upgrade mode of the AS:
  • --: The upgrade task is not started.

  • ver-sync: The AS is automatically upgraded when going online.

  • upgrade: The AS is manually upgraded after going online.

Phase

Upgrade phase:
  • --: The upgrade task is not started.

  • sys-file: The system is determining whether to download the system software or is downloading the system software from the parent.

  • patch-file: The system is determining whether to download the patch file or is downloading the patch file from the parent.

  • waiting: The AS is waiting for activation.

  • activating: The AS is being activated.

  • rebooting: The AS is restarting.

Status

Whether the AS is being upgraded:
  • NO-UPGRADE: The AS is not upgraded.

  • UPGRADING: The AS is being upgraded.

Result

Upgrade result:
  • --: The upgrade task is not started.

  • successful: The upgrade succeeds.

  • failed: The upgrade fails.

# Display detailed AS version upgrade information.

<HUAWEI> display uni-mng upgrade-info verbose
The total number of AS is : 1
----------------------------------------------------------------------------
 AS name                       : as1
 Work status                   : NO-UPGRADE
 Startup system-software       : flash:/s5700-p-li-v200r011c10.cc
 Startup version               : V200R011C10
 Startup patch                 : --
 Next startup system-software  : --
 Next startup patch            : --
 Download system-software      : --
 Download version              : --
 Download patch                : --
 Method                        : --
 Upgrading phase               : --
 Last operation result         : failed
 Error reason                  : The local file server has not been configured.
 Last operation time           : 2016-07-04  15:51:05
----------------------------------------------------------------------------
Table 3-137  Description of the display uni-mng upgrade-info verbose command output

Item

Description

AS name

Name of an AS.

Work status

Whether the AS is being upgraded:
  • NO-UPGRADE: The AS is not upgraded.

  • UPGRADING: The AS is being upgraded.

Startup system-software

Running software software.

Startup version

Current software version.

Startup patch

Running patch file. If this field displays --, no patch file is running.

Next startup system-software

System software that is configured for the next startup. If this field displays --, no system software is configured for the next startup.

Next startup patch

Patch package file that is configured for the next startup. If this field displays --, no patch package file is configured for the next startup.

Download system-software

Downloaded system software. If this field displays --, the upgrade task is not started.

Download version

Downloaded system software version. If this field displays --, the upgrade task is not started.

Download patch

Downloaded patch file. If this field displays --, the upgrade task is not started.

Method

Upgrade mode of the AS:
  • --: The upgrade task is not started.

  • ver-sync: The AS is automatically upgraded when going online.

  • upgrade: The AS is manually upgraded after going online.

Upgrading phase

Upgrade phase:
  • --: The upgrade task is not started.

  • sys-file: The system is determining whether to download the system software or is downloading the system software from the parent.

  • patch-file: The system is determining whether to download the patch file or is downloading the patch file from the parent.

  • waiting: The AS is waiting for activation.

  • activating: The AS is being activated.

  • rebooting: The AS is restarting.

Last operation result

Upgrade result:
  • --: The upgrade task is not started.

  • successful: The upgrade succeeds.

  • failed: The upgrade fails.

Error reason

Upgrade failure reason.

Last operation time

Last time the AS is upgraded.

display uni-mng up-direction fabric-port

Function

The display uni-mng up-direction fabric-port command displays information about AS service ports added to an uplink fabric port.

NOTE:

This command can only be executed on an AS.

Format

display uni-mng up-direction fabric-port

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display uni-mng up-direction fabric-port command to check the current and next startup configurations of AS service ports added to an uplink fabric port.

Example

# Display information about AS service ports added to an uplink fabric port.

<HUAWEI> display uni-mng up-direction fabric-port
Uni-mng up-direction fabric-port configuration:                                 
 Current fabric-port members :                                                  
 GigabitEthernet0/0/1 
 GigabitEthernet0/0/2 
 GigabitEthernet0/0/3 
 GigabitEthernet0/0/4 
 Next fabric-port members    :
 GigabitEthernet0/0/1 
 GigabitEthernet0/0/2 
 GigabitEthernet0/0/3 
 GigabitEthernet0/0/4 
Table 3-138  Description of the display uni-mng up-direction fabric-port command output

Item

Description

Uni-mng up-direction fabric-port configuration

Configuration of an uplink fabric port.

Current fabric-port members

Effective member interfaces of the uplink fabric port.

Next fabric-port members

Effective member interfaces of the uplink fabric port after the device's next startup.

down-direction fabric-port

Function

The down-direction fabric-port command configures the fabric port that connects a level-1 AS to a level-2 AS.

The undo down-direction fabric-port command deletes the fabric port that connects a level-1 AS to a level-2 AS.

By default, no fabric port that connects a level-1 AS to a level-2 AS is configured.

NOTE:

This command can only be executed on a parent switch.

Format

down-direction fabric-port port-id member-group interface eth-trunk trunk-id

undo down-direction fabric-port port-id member-group

Parameters

Parameter Description Value
port-id

Specifies the number of a fabric port.

The value is an integer and must be set according to the device configuration.

member-group interface

Specifies the Eth-Trunk to which a fabric port is bound.

-

eth-trunk trunk-id

Specifies the ID of an Eth-Trunk.

The value is an integer that ranges from 1 to 63.

NOTE:
If an Eth-Trunk has been created and configured on an AS in independent mode, the eth-trunk trunk-id parameter cannot be the same as the existing Eth-Trunk ID of this AS. Otherwise, this command cannot be delivered.

Views

AS view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When a level-1 AS needs to connect to a level-2 AS, you need to configure a fabric port on the level-1 AS to connect to the level-2 AS. A downlink port of a level-1 AS becomes Up only after the parent finishes delivering the configuration. A level-2 AS begins to go online only after the downlink port of the level-1 AS becomes Up.

Follow-up Procedure

Run the port eth-trunk trunk-id trunkmember interface interface-type interface-number1 [ to interface-number2 ] command to add member ports to the bound Eth-Trunk.

Example

# Configure the fabric port that connects a level-1 AS to a level-2 AS.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as name as1
[HUAWEI-um-as-as1] down-direction fabric-port 1 member-group interface eth-trunk 1

down-direction fabric-port connect independent-as

Function

The down-direction fabric-port connect independent-as command enables the independent mode on the fabric port that connects a level-1 AS to a level-2 AS.

The undo down-direction fabric-port command restores the default mode of the fabric port that connects a level-1 AS to a level-2 AS.

By default, the service configuration mode of the fabric port that connects a level-1 AS to a level-2 AS is centralized mode.

NOTE:

This command can only be executed on a parent switch.

Format

down-direction fabric-port port-id connect independent-as

undo down-direction fabric-port port-id connect

Parameters

Parameter Description Value
port-id

Specifies the number of a fabric port.

The value is an integer and must be set according to the device configuration.

Views

AS view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In independent mode, you can log in to an AS to configure this AS using commands. After the independent mode is enabled on the fabric port that connects a level-1 AS to a level-2 AS, the level-2 AS can be configured independently.

Prerequisites

The fabric port used to connect a level-1 AS to a level-2 AS has been created using the down-direction fabric-port port-id member-group interface eth-trunk trunk-id command in the AS view.

Precautions

Before enabling the independent mode, run the independent-as-admin command in the uni-mng view to configure an administrator for AS login. If no administrator is created, you can only log in to an AS through a console port and need to enter the default password admin@huawei.com. The default password has security risks. You are advised to change the login password.

If service configurations have been delivered in centralized mode to a level-1 AS port before this port is changed to the independent mode, this port cannot be configured as a fabric port that connects to a level-2 AS. To do so, restore the level-1 AS to the centralized mode and cancel the service configurations of this port on the parent.

Example

# Enable the independent mode on the fabric port that connects a level-1 AS to a level-2 AS.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as name as1
[HUAWEI-um-as-as1] down-direction fabric-port 1 member-group interface eth-trunk 1
[HUAWEI-um-as-as1] down-direction fabric-port 1 connect independent-as

forward-mode centralized

Function

The forward-mode centralized command sets the forwarding mode of an SVF system to centralized forwarding.

The undo forward-mode command restores the default forwarding mode of an SVF system.

By default, the forwarding mode of an SVF system is distributed forwarding.

NOTE:

This command can only be executed on a parent switch.

Format

forward-mode centralized

undo forward-mode

Parameters

None

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

An SVF system uses the distributed forwarding mode by default. You can change the forwarding mode to centralized mode.
  • In centralized forwarding mode, traffic forwarded by the local AS and forwarded between ASs is sent to the parent for forwarding.

  • In distributed forwarding mode, an AS directly forwards local traffic and the parent forwards traffic between ASs.

Precautions
  • After changing the SVF forwarding mode, you must run the commit as { name as-name | all } command to commit the configuration so that the device can deliver it to ASs.

  • In centralized forwarding mode, ports of the ASs connected to the same fabric port of the parent are isolated and so cannot communicate at Layer 2, and need to have proxy ARP in the corresponding VLAN configured using the arp-proxy inner-sub-vlan-proxy enable command to communicate at Layer 3.

  • After an AS goes offline, downlink ports of the AS are automatically shut down. As a result, traffic of the AS attached network will be interrupted.

Example

# Set the SVF forwarding mode to centralized forwarding.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] forward-mode centralized
Related Topics

independent-as-admin

Function

The independent-as-admin command creates an administrator for AS login in independent mode.

The undo independent-as-admin command deletes the administrator for AS login in independent mode.

By default, no administrator is created for AS login in independent mode.

NOTE:

This command can only be executed on a parent switch.

Format

independent-as-admin user user-name password password

undo independent-as-admin user

Parameters

Parameter Description Value
user-name

Specifies a user name.

The value is a string of 1 to 64 case-insensitive characters. It cannot contain spaces, asterisk, double quotation mark and question mark.

password

Specifies the password.

The value is a string of case-sensitive characters without spaces. A password in plain text is a string of 8 to 128 characters. A password in cipher text is a string of 48 to 188 characters and cannot be generated using the irreversible algorithm. The password is displayed in cipher text in the configuration file regardless of whether the password is input in plain or cipher text. The newly configured password cannot be the default password admin@huawei.com of local users.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If the AS service configuration mode is set to independent mode, you need to use this command to configure the administrator account used to log in to ASs. After the configuration is complete, the user name and password used for login are automatically configured on the AS. The following configuration is generated on the AS:

#
aaa
 local-user user-name password irreversible-cipher password
 local-user user-name privilege level 3
 local-user user-name service-type terminal ssh
#

After an AS user name and password are configured, you need to enter the correct user name and password when logging in to an AS through the console port. When you log in to an AS from the parent using the attach as name as-name command, you can log in to the AS without entering the user name or password.

Precautions

The user name and password configured using this command take effect after the configuration is generated on ASs. It takes about 5 minutes for the configuration to take effect after you run the command. Do not log in to an AS within this period; otherwise, the configuration may take effect after a longer period of time.

Example

# Create an AS administrator user name and password in independent mode.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] independent-as-admin user test password Pwd@123456

interface fabric-port

Function

The interface fabric-port command creates a fabric port and displays the fabric port view.

The undo interface fabric-port command deletes a fabric port.

By default, no fabric port exists in the system.

NOTE:

This command can only be executed on a parent switch.

Format

interface fabric-port port-id

undo interface fabric-port port-id

Parameters

Parameter Description Value
port-id

Specifies the number of a fabric port.

  • When the S12700 functions as a parent switch, the value ranges from 0 to 255.
  • When the S9300X functions as a parent switch, the value ranges from 0 to 255.
  • When the S9700 functions as a parent switch, the value ranges from 0 to 63.
  • When the S7700 functions as a parent switch, the value ranges from 0 to 255 when it uses SRUE or SRUH or ranges from 0 to 63 when it uses other cards.
  • When the S9300 functions as a parent switch, the value ranges from 0 to 255 when it uses SRUE, SRUH or SRUK or ranges from 0 to 63 when it uses other cards.
  • When the S9300E functions as a parent switch, the value ranges from 0 to 63.
  • When the S5720HI, S6720EI and S6720S-EI function as parent switches, the value ranges from 0 to 63.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

To set up an SVF system, create fabric ports on the parent switches to allow ASs to connect to the parent switches.

Example

# Create a fabric port and enter the fabric port view.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] interface fabric-port 1

ip source check user-bind enable (network enhanced profile view)

Function

The ip source check user-bind enable command configures IP packet checking in a network enhanced profile.

The undo ip source check user-bind enable command cancels IP packet checking in a network enhanced profile.

By default, IP packet checking is not configured in a network enhanced profile.

NOTE:

This command can only be executed on a parent switch.

Format

ip source check user-bind enable

undo ip source check user-bind enable

Parameters

None

Views

Network enhanced profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After creating a network enhanced profile, you can configure IP packet checking in the profile. After the profile is bound to the port of an AS, IP packet checking is automatically enabled on the port. The following configuration is generated on the AS port:
#
 ip source check user-bind enable
 ip source check user-bind alarm enable
#

When attackers steal authorized users' IP addresses or MAC addresses to send packets to access or attack networks, authorized users cannot obtain stable and secure network services. After configuring IP packet checking on a device, the device checks received IP packets against the binding table to prevent such attacks.

Prerequisites

DHCP snooping has been enabled in the network enhanced profile using the dhcp snooping enable command.

Precautions

When an AS is an S2750EI, S5700-10P-LI, or S5700-10P-PWR-LI and works in Layer 3 hardware forwarding mode, the ip source check user-bind enable command does not take effect on the AS. Because an AS performs only Layer 2 forwarding in an SVF system, you are advised to run the undo assign forward-mode command to cancel the Layer 3 hardware forwarding mode and then connect the AS to the SVF system.

Example

# Configure IP packet checking in a network enhanced profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-enhanced-profile name profile_1
[HUAWEI-um-net-enhanced-profile_1] dhcp snooping enable
[HUAWEI-um-net-enhanced-profile_1] ip source check user-bind enable

mac-limit (user access profile view)

Function

The mac-limit command configures MAC address learning limiting in a user access profile.

The undo mac-limit command cancels MAC address learning limiting in a user access profile.

By default, MAC address learning limiting is not configured in a user access profile.

NOTE:

This command can only be executed on a parent switch.

Format

mac-limit maximum max-num

undo mac-limit

Parameters

Parameter Description Value
maximum max-num

Specifies the maximum number of MAC addresses that can be learned on an interface.

The value is an integer that ranges from 0 to 4096. The value 0 indicates that the maximum number of MAC addresses that can be learned is not limited.

Views

User access profile view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating a user access profile, you can configure MAC address learning limiting in the profile. When the profile is bound an AS port, MAC address learning limiting is automatically configured on the port. The following configuration is generated on the AS port:
#
 mac-limit maximum max-num
#

To control the number of access users and protect the MAC address table against attacks, you can limit the maximum number of MAC addresses that can be learned on an interface.

Precautions

The mac-limit and authentication commands are mutually exclusive and cannot be configured together in a user access profile.

Example

# Configure MAC address learning limiting in a user access profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] user-access-profile name profile_1
[HUAWEI-um-user-access-profile_1] mac-limit maximum 1024

multicast-suppression (network enhanced profile view)

Function

The multicast-suppression command configures multicast traffic suppression in a network enhanced profile.

The undo multicast-suppression command cancels multicast traffic suppression in a network enhanced profile.

By default, multicast traffic suppression is not configured in a network enhanced profile.

NOTE:

This command can only be executed on a parent switch.

Format

multicast-suppression packets packets-per-second

undo multicast-suppression

Parameters

Parameter Description Value
packets packets-per-second

Specifies the packet rate of an interface.

The value is an integer that ranges from 0 to 14881000, in packets per second (PPS).

If the configured packet rate on the parent switch is larger than the maximum value on the AS port, the maximum value takes effect on the AS port.

Views

Network enhanced profile view

Default Level

3: Management level

Usage Guidelines

After creating a network enhanced profile, you can configure multicast traffic suppression in the profile. After the profile is bound to an AS port, multicast traffic suppression is automatically configured on the port. The following configuration is generated on the AS port:
#
 multicast-suppression packets packets-per-second
#

To prevent broadcast storms, you can run the multicast-suppression command to configure the maximum number of multicast packets that can pass through a port. When the multicast traffic rate reaches the maximum value, the system discards excess multicast packets to control the traffic volume within a proper range.

Example

# Configure multicast traffic suppression in a network enhanced profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-enhanced-profile name profile_1
[HUAWEI-um-net-enhanced-profile_1] multicast-suppression packets 148810

network-basic-profile name

Function

The network-basic-profile name command creates a network basic profile.

The undo network-basic-profile name command deletes a network basic profile.

By default, no network basic profile is created.

NOTE:

This command can only be executed on a parent switch.

Format

network-basic-profile name profile-name

undo network-basic-profile name profile-name

Parameters

Parameter Description Value
profile-name

Specifies the name of a network basic profile.

The value is a string of 1 to 31 case-sensitive characters without spaces. The value can contain letters, digits, and underscores (_).

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can configure basic user services in a network basic profile, including the default VLAN, allowed VLAN, and voice VLAN of a port.

Precautions

You can create a maximum of 256 network basic profiles in a version earlier than V200R011C10.

You can create a maximum of 512 network basic profiles in V200R011C10 and later versions.

Example

# Create a network basic profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-basic-profile name profile_1

network-basic-profile (port group view)

Function

The network-basic-profile command binds a network basic profile to a port group.

The undo network-basic-profile command unbinds a network basic profile from a port group.

By default, no network basic profile is bound to a port group.

NOTE:

This command can only be executed on a parent switch.

Format

network-basic-profile profile-name

undo network-basic-profile

Parameters

Parameter Description Value
profile-name

Specifies the name of a network basic profile.

The value must have an existing network basic profile name.

Views

Port group view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can bind a network basic profile to a port group to deliver the configurations in the profile to all the member ports in the port group.

Prerequisites

The network basic profile has been created.

Precautions

A port group can be bound to only one network basic profile.

Example

# Bind a network basic profile to a port group.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-basic-profile name profile_1
[HUAWEI-um-net-basic-profile_1] quit
[HUAWEI-um] port-group name group_1
[HUAWEI-um-portgroup-group_1] network-basic-profile profile_1

network-enhanced-profile name

Function

The network-enhanced-profile name command creates a network enhanced profile.

The undo network-enhanced-profile name command deletes a network enhanced profile.

By default, no network enhanced profile is created.

NOTE:

This command can only be executed on a parent switch.

Format

network-enhanced-profile name profile-name

undo network-enhanced-profile name profile-name

Parameters

Parameter Description Value
profile-name

Specifies the name of a network enhanced profile.

The value is a string of 1 to 31 case-sensitive characters without spaces. The value can contain letters, digits, and underscores (_).

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can configure value-added services in a network enhanced profile, such as network security and QoS.

Precautions

  • You can create a maximum of 16 network enhanced profiles.

  • A network enhanced profile can be bound to only an AS port group but not an AP port group.

Example

# Create a network enhanced profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-enhanced-profile name profile_1

network-enhanced-profile (port group view)

Function

The network-enhanced-profile command binds a network enhanced profile to a port group.

The undo network-enhanced-profile command unbinds a network enhanced profile from a port group.

By default, no network enhanced profile is bound to a port group.

NOTE:

This command can only be executed on a parent switch.

Format

network-enhanced-profile profile-name

undo network-enhanced-profile

Parameters

Parameter Description Value
profile-name

Specifies the name of a network enhanced profile.

The value must have an existing network enhanced profile name.

Views

Port group view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can bind a network enhanced profile to a port group to deliver the configurations in the profile to all the member ports in the port group.

Prerequisites

The network enhanced profile has been created.

Precautions

  • A network enhanced profile can be bound to only an AS port group but not an AP port group.

  • A port group can be bound to only one network enhanced profile.

Example

# Bind a network enhanced profile to a port group.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-enhanced-profile name profile_1
[HUAWEI-um-net-enhanced-profile_1] quit
[HUAWEI-um] port-group name group_1
[HUAWEI-um-portgroup-group_1] network-enhanced-profile profile_1

pass-vlan (network basic profile view)

Function

The pass-vlan command configures allowed VLANs in a network basic profile.

The undo pass-vlan command deletes allowed VLANs in a network basic profile.

By default, no allowed VLANs are configured in a network basic profile, and downlink ports of an AS allow packets from VLAN 1 to pass through.

NOTE:

This command can only be executed on a parent switch.

Format

pass-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

undo pass-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

Parameters

Parameter Description Value
vlan-id1 [ to vlan-id2 ]

Specifies IDs of VLANs from which packets are allowed to pass through.

The value is an integer that ranges from 1 to 4094.

The value cannot be the ID of an SVF management VLAN, a stack management VLAN, an ERPS control VLAN, an RRPP control VLAN, an SEP control VLAN, or a super VLAN.

Views

Network basic profile view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating a network basic profile, you can configure allowed VLANs in the profile. After the profile is bound to an AS port, the port allows packets from these VLANs to pass through. The following configuration is generated on the AS port:
#
 port link-type hybrid
 port hybrid tagged vlan vlan-id1 to vlan-id2
#

Precautions

  • The default VLAN, allowed VLANs, and voice VLAN in a network basic profile must be different.

  • You can configure a maximum of 32 allowed VLANs in a network basic profile.

Example

# Configured allowed VLANs in a network basic profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-basic-profile name profile_1
[HUAWEI-um-net-basic-profile_1] pass-vlan 10 to 12

patch delete as

Function

The patch delete as command deletes patches on a specified online AS.

NOTE:

This command can only be executed on a parent switch.

Format

patch delete as { all | name patch-name | name-include string }

Parameters

Parameter

Description

Value

name patch-name Specifies the name of an AS. The value is a string of 1 to 31 case-insensitive characters without spaces.
name-include string Specifies the string contained in an AS name. The value is a string of 1 to 31 case-insensitive characters without spaces.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If you find errors in the patches loaded to an AS, run this command to delete the patches to prevent system operation failures.

If non-incremental patches need to be loaded to an AS, you need to run the patch delete as command to delete the existing patches on the AS first. Otherwise, non-incremental patches will fail to be loaded.

Precautions

If the patch file to be loaded to an AS type has been specified using the as type command, patches on this AS type cannot be deleted.

Example

# Delete the patches on as1.
<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] patch delete as name as1
Warning: This command will start to delete the patch of AS. Continue?[Y/N]:y
Info: This operation will take several seconds, please wait...

port connect independent-as

Function

The port connect independent-as command enables the independent mode on the fabric port that connects the parent to a level-1 AS.

The undo port connect command restores the default mode of the fabric port that connects the parent to a level-1 AS.

By default, the service configuration mode of the fabric port that connects the parent to a level-1 AS is centralized mode.

NOTE:

This command can only be executed on a parent switch.

Format

port connect independent-as

undo port connect

Parameters

None

Views

Fabric port view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In independent mode, you can log in to an AS to configure this AS using commands. After the independent mode is enabled on the fabric port that connects the parent to a level-1 AS, the level-1 AS can be configured independently.

Precautions

  • Before enabling the independent mode, run the independent-as-admin command in the uni-mng view to configure an administrator for AS login.

  • If the AS connected to a fabric port is online, running the undo port connect command on the fabric port for mode switching will cause the AS to automatically restart and register with the parent again.

  • During mode switching on a fabric port, the parent and AS exchange packets for multiple times. In this process, if faults occur, for example, link or device faults, mode switching may fail. An error message will be displayed on the parent, indicating that mode switching fails. Additionally, the AS may restart and then registers with the parent again. In this situation, run commands on the fabric port again to change the mode after the AS has registered with the parent.

  • When the service configuration mode of an AS is independent mode, configuring the following commands on the Eth-Trunk bound to or on the member port of a fabric port connected to the AS may cause this AS to go offline.

    Table 3-139  Commands that may cause an AS to go offline

    No.

    Command

    1

    loopback internal

    2

    traffic-policy

    3

    traffic-filter

    4

    speed

    5

    negotiation

    6

    port media-type

    7

    port split

    8

    training disable

    9

    wavelength-channel

    10

    undo port hybrid tagged vlan

    11

    undo port trunk allow-pass vlan

    12

    storm-control action

    13

    mac-address flapping action

    14

    port-security protect-action

    15

    port-security enable

  • If the Eth-Trunk bound to a fabric port has other configurations in addition to the following configurations, you need to manually delete the other configurations before running the undo port connect command on this fabric port for mode switching. Otherwise, an error message will be displayed to indicate that mode switching fails.

    Table 3-140  Commands that do no need to be manually deleted in an Eth-Trunk

    No.

    Command

    1

    port link-type hybrid

    2

    port hybrid tagged vlan

    3

    undo port hybrid vlan

    4

    stp root-protection

    5

    stp edged-port disable

    6

    loop-detection disable

    7

    mode lacp

    8

    mad relay

    9

    trust 8021p

    10

    authentication-profile

    11

    authentication control-point

Example

# Enable the independent mode on the fabric port that connects the parent to a level-1 AS.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] interface fabric-port 1
[HUAWEI-um-fabric-port-1] port connect independent-as
Related Topics

port connect-type indirect

Function

The port connect-type indirect command configures the indirect connection mode for a fabric port.

The undo port connect-type command restores the default connection mode for a fabric port.

The default connection mode of a fabric port is direct connection.

NOTE:

This command can only be executed on a parent switch.

Format

port connect-type indirect

undo port connect-type

Parameters

None

Views

Fabric port view

Default Level

3: Management level

Usage Guidelines

When the parent connects to an AS across a network, you need to run the port connect-type indirect command to configure the indirect connection mode for the fabric port that connects the parent to the AS.

Prerequisites

No Eth-Trunk is bound to the fabric port.

Follow-up Procedure

Run the port member-group interface command to bind an Eth-Trunk to the fabric port.

Example

# Configure the indirect connection mode for a fabric port.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] interface fabric-port 1
[HUAWEI-um-fabric-port-1] port connect-type indirect
Related Topics

port-group name

Function

The port-group name command creates an AS port group.

The port-group connect-ap name command creates an AP port group.

The undo port-group name command deletes an AS port group.

The undo port-group connect-ap name command deletes an AP port group.

By default, no AS port group is created.

NOTE:

This command can only be executed on a parent switch.

Format

port-group name group-name

port-group connect-ap name group-name

undo port-group name group-name

undo port-group connect-ap name group-name

Parameters

Parameter Description Value
group-name

Specifies the name of a port group.

The value is a string of 1 to 31 case-sensitive characters without spaces. The value can contain letters, digits, and underscores (_).

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

A port group is a set of AS ports. The purpose of a port group is to facilitate batch configuration of AS ports.

Port groups are classified into AS port groups and AP port groups.
  • Ports in an AS port group are used to connect an AS to a user terminal. An AS port group can be bound to three types of service profiles (network basic profile, network enhanced profile, and user access profile), but only one profile of the same type can be bound.

  • Ports in an AP port group are used to connect an AS to an AP. To connect an AP to an AS, you need to add the port that connects the AS to the AP to an AP port group. An AP port group can be bound to only a network basic profile, and only the pass-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> command configured in the profile takes effect.

Follow-up Procedure

Run the as name as-name or as name-include string interface all command to add AS ports to a port group.

Precautions

  • You can create a maximum of 256 AS port groups in a version earlier than V200R011C10.

    You can create a maximum of 512 AS port groups in V200R011C10 and later versions.

  • You can create a maximum of 1 AP port groups.

Example

# Create a port group.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] port-group name group_1

port eth-trunk trunkmember

Function

The port eth-trunk trunkmember command adds member ports to the Eth-Trunk.

The undo port eth-trunk trunkmember command deletes member ports from an Eth-Trunk.

By default, no member ports are added to the Eth-Trunk.

NOTE:

This command can only be executed on a parent switch.

Format

port eth-trunk trunk-id trunkmember interface interface-type interface-number1 [ to interface-number2 ]

undo port eth-trunk trunk-id trunkmember interface interface-type interface-number1 [ to interface-number2 ]

Parameters

Parameter Description Value
trunk-id

Specifies the ID of an Eth-Trunk.

The value is an integer and the minimum value is 1. The maximum value varies according to the switch model. For a specific switch model, the maximum value is the same as that described in interface eth-trunk.

interface interface-type interface-number1 [ to interface-number2 ]
Specifies the type and number of the interface added to an Eth-Trunk:
  • interface-type specifies the interface type.
  • interface-number1 specifies the first interface number.
  • interface-number2 specifies the last interface number.

-

Views

AS view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After a downlink fabric port of a level-1 AS is configured using the down-direction fabric-port port-id member-group interface eth-trunk trunk-id command, you need to add member ports to the Eth-Trunk to which the fabric port is bound.

When an Eth-Trunk has been created for an AS using the uni eth-trunk command, you can run the port eth-trunk trunkmember command to add member ports to this Eth-Trunk.

Precautions

AS uplink ports can be used to connect to the parent or level-1 AS or set up a stack and be configured as downlink fabric ports to connect to other ASs.

On the S6720EI and S6720S-EI, 40GE ports and 10GE ports split from 40GE ports cannot be configured as downlink fabric ports.

Example

# Add member ports to the Eth-Trunk to which a fabric port is bound.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as name as1
[HUAWEI-um-as-as1] down-direction fabric-port 1 member-group interface eth-trunk 1
[HUAWEI-um-as-as1] port eth-trunk 1 trunkmember interface gigabitethernet 0/0/16

# Add member ports to the Eth-Trunk configured on the specified AS.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as name as1
[HUAWEI-um-as-as1] uni eth-trunk 40
[HUAWEI-um-as-as1] port eth-trunk 40 trunkmember interface GigabitEthernet 0/0/10

port member-group interface

Function

The port member-group interface command binds a fabric port to an Eth-Trunk.

The undo port member-group command unbinds a fabric port from an Eth-Trunk.

By default, no fabric port is bound to an Eth-Trunk.

NOTE:

This command can only be executed on a parent switch.

Format

port member-group interface eth-trunk trunk-id

undo port member-group

Parameters

Parameter Description Value
eth-trunk trunk-id

Specifies the ID of the Eth-Trunk to which a fabric port is bound.

The value is an integer that ranges from 0 to 127.

Views

Fabric port view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating a fabric port using the interface fabric-port port-id command, bind the fabric port to an Eth-Trunk.

Follow-up Procedure

Run the eth-trunk trunk-id command in the interface view to add interfaces to the bound Eth-Trunk.

Precautions

  • A created Eth-Trunk cannot be bound to a fabric port. When a fabric port is bound to an Eth-Trunk, the system creates the Eth-Trunk.

  • You can run the interface eth-trunk command to enter the view of the Eth-Trunk to which a fabric port is bound and configure services. Currently, the following commands can be executed in the view of the Eth-Trunk to which a fabric port is bound: authentication open ucl-policy enable, mac-address multiport, quit, and all display commands.
  • If physical member interfaces have been added to the Eth-Trunk bound to a fabric port, the undo port member-group command cannot be used to unbind the fabric port from the Eth-Trunk.
  • Running the undo port member-group command will delete the configuration in the Eth-Trunk interface view and delete the Eth-Trunk.

  • When a fabric port is bound to an Eth-Trunk, the system creates the Eth-Trunk and performs some service configurations on the Eth-Trunk, for example, the stp root-protection and mad relay command configurations.

Example

# Bind a fabric port to an Eth-Trunk.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] interface fabric-port 1
[HUAWEI-um-fabric-port-1] port member-group interface eth-trunk 11

portal url-encode disable

Function

The portal url-encode disable command disables the URL encoding function of ASs.

The undo portal url-encode disable command enables the URL encoding function of ASs.

By default, the URL encoding function of AS is enabled.

NOTE:

This command can only be executed on a parent switch.

Format

portal url-encode disable

undo portal url-encode disable

Parameters

None

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To improve web application security, data from untrustworthy sources must be encoded before being sent to clients. URL encoding is most commonly used in web applications. After URL encoding is enabled for ASs, special characters in redirected URLs are converted to secure formats, preventing clients from mistaking them for syntax signs or instructions and unexpectedly modifying the original syntax. In this way, cross-site scripting attacks and injection attacks are prevented. By default, URL encoding is enabled in ASs. This function can be disabled using the portal url-encode disable command.

Precautions

If the system software is upgraded from a version earlier than V200R009C00SPC500 to V200R009C00SPC500 or a later version, the switch automatically runs the portal url-encode disable command to disable URL encoding and decoding.

Example

# Disable URL encoding.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] portal url-encode disable

rate-limit (network enhanced profile view)

Function

The rate-limit command configures traffic rate limiting in a network enhanced profile.

The undo rate-limit command cancels traffic rate limiting in a network enhanced profile.

By default, traffic rate limiting is not configured in a network enhanced profile.

NOTE:

This command can only be executed on a parent switch.

Format

rate-limit cir-value

undo rate-limit

Parameters

Parameter Description Value
cir-value

Specifies the committed information rate (CIR), which is the allowed rate at which traffic can pass through.

The value is an integer that ranges from 64 to 1000000, in kbit/s.

The packet rate range of an interface depends on the interface bandwidth:
  • Ethernet interface: 64 to 100000
  • GE interface: 64 to 1000000
If the configured packet rate is larger than the maximum value, the maximum value takes effect.

Views

Network enhanced profile view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating a network enhanced profile, you can configure traffic rate limiting in the profile. After the profile is bound to an AS port, traffic rate limiting is automatically configured on the port. The following configuration is generated on the AS port:
#
 qos lr inbound cir cir-value cbs 125*cir-value
#

If user traffic is not limited, continuous burst data from numerous users can make the network congested. You can configure traffic rate limiting in inbound direction on an interface to limit traffic entering from the interface within a specified range.

Precautions

When an AS is an S2750EI, S5700-10P-LI, or S5700-10P-PWR-LI switch and works in Layer 3 hardware forwarding mode, the rate-limit cir-value command does not take effect on the AS. Because an AS performs only Layer 2 forwarding in an SVF system, you are advised to run the undo assign forward-mode command to cancel the Layer 3 hardware forwarding mode and then connect the AS to the SVF system.

Example

# Configure traffic rate limiting in a network enhanced profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-enhanced-profile name profile_1
[HUAWEI-um-net-enhanced-profile_1] rate-limit 100000

reboot uni-mng

Function

The reboot uni-mng command restarts an SVF system.

NOTE:

This command can only be executed on a parent switch.

Format

reboot uni-mng

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When upgrading or troubleshooting an SVF system, you can restart the SVF system, including the parent and all ASs.

Precautions

  • This command can be used only after the SVF function is enabled.

  • The next startup software version of the AS must be V200R011C10 or later, and the next startup software version of the parent cannot be earlier than that of the AS.

  • Before running this command to restart an SVF system, you must save the configuration of the parent. If an AS is configured in independent mode, you also need to save the configuration of the AS.

Example

# Restart an SVF system.

<HUAWEI> reboot uni-mng

reset uni-mng as-discover packet statistics

Function

The reset uni-mng as-discover packet statistics command clears AS Discovery packet statistics on a fabric port.

NOTE:

This command can be used on the parent or an AS. After running this command, you can clear AS Discovery packet statistics on a fabric port of the local device.

Format

reset uni-mng as-discover packet statistics interface fabric-port port-id

Parameters

Parameter Description Value
interface fabric-port port-id

Specifies the number of a fabric port.

The value is an integer that ranges from 0 to 63 on an AS and the value range on the parent varies depending on the switch model:
  • S12700: 0 to 255
  • S7712 (SRUE/SRUH)/S7706 (SRUE/SRUH): 0 to 255
  • S9312 (SRUE/SRUH)/S9310/S9306(SRUE/SRUH)/S9310X: 0 to 255
  • Other switch models: 0 to 63

Views

User view

Default Level

3: Management level

Usage Guidelines

Before collecting statistics about AS Discovery packets on a fabric port, clear the existing statistics.

Example

# Clear AS Discovery packet statistics on a fabric port.

<HUAWEI> reset uni-mng as-discover packet statistics interface fabric-port 1

shutdown interface

Function

The shutdown interface command disables an AS port.

The undo shutdown interface command enables an AS port.

By default, an interface is enabled.

NOTE:

This command can only be executed on a parent switch.

Format

shutdown interface interface-type interface-number

undo shutdown interface interface-type interface-number

Parameters

Parameter Description Value
interface-type interface-number
Specifies the interface type and number.
  • interface-type specifies the interface type. The interface type cannot be an Eth-Trunk interface.
  • interface-number specifies the interface number.

-

Views

AS view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the shutdown interface command to disable an AS port.

Precautions

Running this command can disable only an AS downlink port but not an AS uplink port. If an uplink port has been configured as a downlink fabric port, this port can be disabled.

If the version of an AS is inconsistent with that of the parent, the shutdown interface and undo shutdown interface commands do not take effect on the ports of this AS.

If an AS is configured in the independent mode, the shutdown interface and undo shutdown interface commands do not take effect on the ports of this AS.

Example

# Disable an AS port.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as name as1
[HUAWEI-um-as-as1] shutdown interface gigabitethernet 0/0/1

slot

Function

The slot command pre-configures a stack ID or changes the pre-configured device model.

The undo slot command deletes the pre-configured stack ID or changes the pre-configured device model.

By default, the pre-configured stack ID is 0.

NOTE:

This command can only be executed on a parent switch.

Format

slot slot-id1 replace-model model-name

undo slot slot-id1 replace-model

slot slot-id2 [ to slot-id3 ] [ replace-model model-name ]

undo slot slot-id2 [ to slot-id3 ] [ replace-model ]

Parameters

Parameter Description Value
slot-id1

Specifies the pre-configured stack ID.

The value is 0.

slot-id2 [ to slot-id3 ]

Specifies the pre-configured stack ID.

slot-id3 must be larger than slot-id2.

The value is an integer that ranging from 1 to 4.

replace-model model-name

Specifies the device model of which the stack ID needs to be pre-configured.

The value range depends on the device configuration.

Views

AS view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When an AS is a stack of multiple member switches, the system pre-configures only stack ID 0 by default. You can only pre-configure services for the member switch with stack ID 0. Before pre-configuring services for another member switch, pre-configure a stack ID for the member switch.

The pre-configured stack ID does not affect the actual stack ID. For example, the pre-configured stack ID is 0 (default value), but the actual stack IDs are 0 and 2. The actual stack IDs remain 0 and 2 except that no services are configured on the device with stack ID 2.

An AS can be a stack of the same device series but different device models. If the stack contains different device models, you need to specify the replace-model parameter to change the device model that is different from the other device models in the stack to the actual access device model. If you do not specify the device model of a specified member, by default, the device model of this member is consistent with the pre-configured AS type.

Precautions

If the AS does not support stacking, the slot slot-id command configuration takes effect on the parent only when slot 0 is configured as the stack ID.

Changing the device models of online devices in a stack is not allowed.

Example

# Pre-configure a stack ID.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as name as1
[HUAWEI-um-as-as1] slot 1 to 4

# Change the device model of the switch with stack ID 2 in the AS as1 to S5720-28X-SI-AC.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as name as1
[HUAWEI-um-as-as1] slot 2 replace-model S5720-28X-SI-AC

snmp-agent trap enable feature-name asmngtrap

Function

snmp-agent trap enable feature-name asmngtrap command enables the trap function for the ASMNGTRAP module.

undo snmp-agent trap enable feature-name asmngtrap command disables the trap function for the ASMNGTRAP module.

By default, the trap function is enabled for the ASMNGTRAP module.

NOTE:

This command can only be executed on a parent switch.

Format

snmp-agent trap enable feature-name asmngtrap [ trap-name trap-name ]

undo snmp-agent trap enable feature-name asmngtrap [ trap-name trap-name ]

Parameters

Parameter

Description

Value

trap-name

Enables or disables the trap function for a specified event.

  • hwasaddofflinenotify: the trap for the event that an AS is added offline.
  • hwasboardadd: the trap for the event that an AS slot is added.
  • hwasboarddelete: the trap for the event that an AS slot is deleted.
  • hwasboardplugin: the trap for the event that a new member joins an AS stack system.
  • hwasboardplugout: the trap for the event that a member leaves an AS stack system.
  • hwascomboporttypechange: the trap for the event that the AS interface type changes.
  • hwasdelofflinenotify: the trap for the event that an AS is deleted offline.
  • hwasfaultnotify: the trap for the event that an AS goes offline.
  • hwasfullnotify: the trap for the event that the number of ASs reaches the maximum value.
  • hwasinblacklist: the trap for the event that an AS is in the blacklist.
  • hwasmodelnotmatchnotify: the trap for the event that the actual AS model does not match the configured one.
  • hwasnameconflictnotify: the trap for the event that the AS name conflicts.
  • hwasnormalnotify: the trap for the event that an AS goes online.
  • hwasonlinefailnotify: the trap for the event that an AS fails to go online.
  • hwasportstatechangetodownnotify: the trap for the event that an AS port goes Down.
  • hwasportstatechangetoupnotify: the trap for the event that an AS port goes Up.
  • hwasslotidinvalidnotify: the trap for the event that an AS slot ID is invalid.
  • hwasslotmodelnotmatchnotify: the trap for the event that the model of a new device in the AS stack system differs from the configured model.
  • hwassysmacswitchcfgerrnotify: the trap for the event that the MAC address switching mode of the AS stack system is not set to non-switching.
  • hwasunconfirmed: the trap for the event that an AS fails authentication.
  • hwasversionnotmatchnotify: the trap for the event that the AS version does not match.
  • hwunimngmodelnotmatchnotify: the trap for the event that an AS has a different SVF enabling status than the parent.
  • hwasslotonlinefailnotify: the trap for the event that some member switches in a stack fail to go online when this stack is an AS.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When the trap function is enabled, the device generates traps during running and sends traps to the NMS through SNMP. When the trap function is not enabled, the device does not generate traps and the SNMP module does not send traps to the NMS.

You can specify trap-name to enable the trap function for one or more events.

Example

# Enable the hwasaddofflinenotify trap of the ASMNGTRAP module.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name asmngtrap trap-name hwasaddofflinenotify

snmp-agent trap enable feature-name unimbrtrap

Function

snmp-agent trap enable feature-name unimbrtrap command enables the trap function for the UNIMBRTRAP module.

undo snmp-agent trap enable feature-name unimbrtrap command disables the trap function for the UNIMBRTRAP module.

By default, the trap function is enabled for the UNIMBRTRAP module.

NOTE:

This command can only be executed on a parent switch.

Format

snmp-agent trap enable feature-name unimbrtrap [ trap-name { hwasboardfail | hwasboardfailresume | hwasboardinvalid | hwasboardinvalidresume | hwasbrdtempalarm | hwasbrdtempresume | hwascommunicateerror | hwascommunicateresume | hwascpuutilizationresume | hwascpuutilizationrising | hwasfaninsert | hwasfaninvalid | hwasfaninvalidresume | hwasfanremove | hwasmadconflictdetect | hwasmadconflictresume | hwasmemutilizationresume | hwasmemutilizationrising | hwasopticalinvalid | hwasopticalinvalidresum | hwaspowerinsert | hwaspowerinvalid | hwaspowerinvalidresum | hwaspowerremove | hwunimbrasdiscoverattack | hwunimbrconnecterror | hwunimbrfabricportmemberdelete | hwunimbrillegalfabricconfig | hwunimbrlinkstatechange | hwunimbrasserviceabnormal } ]

undo snmp-agent trap enable feature-name unimbrtrap [ trap-name { hwasboardfail | hwasboardfailresume | hwasboardinvalid | hwasboardinvalidresume | hwasbrdtempalarm | hwasbrdtempresume | hwascommunicateerror | hwascommunicateresume | hwascpuutilizationresume | hwascpuutilizationrising | hwasfaninsert | hwasfaninvalid | hwasfaninvalidresume | hwasfanremove | hwasmadconflictdetect | hwasmadconflictresume | hwasmemutilizationresume | hwasmemutilizationrising | hwasopticalinvalid | hwasopticalinvalidresum | hwaspowerinsert | hwaspowerinvalid | hwaspowerinvalidresum | hwaspowerremove | hwunimbrasdiscoverattack | hwunimbrconnecterror | hwunimbrfabricportmemberdelete | hwunimbrillegalfabricconfig | hwunimbrlinkstatechange | hwunimbrasserviceabnormal } ]

Parameters

Parameter

Description

Value

trap-name

Enables or disables the trap function for the specified event.

-

hwasboardfail

Enables the trap function when an AS becomes unavailable partially.

-

hwasboardfailresume

Enables the trap function when an AS becomes available.

-

hwasboardinvalid

Enables the trap function when an AS is invalid.

-

hwasboardinvalidresume

Enables the trap function when an AS is valid.

-

hwasbrdtempalarm

Enables the trap function when the AS temperature is out of the normal range.

-

hwasbrdtempresume

Enables the trap function when the AS temperature restores to the normal range.

-

hwascommunicateerror

Enables the trap function when a communication fault occurs.

-

hwascommunicateresume

Enables the trap function when a communication fault is rectified.

-

hwascpuutilizationresume

Enables the trap function when the AS CPU usage falls below the threshold.

-

hwascpuutilizationrising

Enables the trap function when the AS CPU usage exceeds the threshold.

-

hwasfaninsert

Enables the trap function when an AS fan module is installed.

-

hwasfaninvalid

Enables the trap function when an AS fan module becomes unavailable completely.

-

hwasfaninvalidresume

Enables the trap function when an AS fan module becomes available.

-

hwasfanremove

Enables the trap function when an AS fan module is removed.

-

hwasmadconflictdetect

Enables the trap function when a MAD conflict is detected.

-

hwasmadconflictresume

Enables the trap function when a MAD conflict is resolved.

-

hwasmemutilizationresume

Enables the trap function when the AS memory usage restores to the normal range.

-

hwasmemutilizationrising

Enables the trap function when the AS memory usage exceeds the threshold.

-

hwasopticalinvalid

Enables the trap function when the AS optical module is invalid.

-

hwasopticalinvalidresum

Enables the trap function when the AS optical module is valid.

-

hwaspowerinsert

Enables the trap function when an AS power module is installed.

-

hwaspowerinvalid

Enables the trap function when an AS power module is invalid.

-

hwaspowerinvalidresum

Enables the trap function when an AS power module is valid.

-

hwaspowerremove

Enables the trap function when an AS power module is removed.

-

hwunimbrasdiscoverattack

Enables the trap function when an AS discovers attacks.

-

hwunimbrconnecterror

Enables the trap function when cable connection of a fabric port is incorrect.

-

hwunimbrfabricportmemberdelete

Enables the trap function when a member port of a fabric port is removed.

-

hwunimbrillegalfabricconfig

Enables the trap function when the fabric port configuration is invalid.

-

hwunimbrlinkstatechange

Enables the trap function when the connection status changes.

-

hwunimbrasserviceabnormal

Enables the trap function when services on an AS become abnormal.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When the trap function is enabled, the device generates traps during running and sends traps to the NMS through SNMP. When the trap function is not enabled, the device does not generate traps and the SNMP module does not send traps to the NMS.

You can specify trap-name to enable the trap function for one or more events.

Example

# Enable the hwasboardfail trap of the UNIMBRTRAP module.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name unimbrtrap trap-name hwasboardfail

snmp-agent trap enable feature-name uni-topomng

Function

snmp-agent trap enable feature-name uni-topomng command enables the trap function for the UNI-TOPOMNG module.

undo snmp-agent trap enable feature-name uni-topomng command disables the trap function for the UNI-TOPOMNG module.

By default, the trap function is enabled for the UNI-TOPOMNG module.

NOTE:

This command can only be executed on a parent switch.

Format

snmp-agent trap enable feature-name uni-topomng [ trap-name { hwtopomnglinkabnormal | hwtopomnglinknormal } ]

undo snmp-agent trap enable feature-name uni-topomng [ trap-name { hwtopomnglinkabnormal | hwtopomnglinknormal } ]

Parameters

Parameter

Description

Value

trap-name

Enables or disables the trap function for the specified event.

-

hwtopomnglinkabnormal

Enables the trap function when a connection fault occurs.

-

hwtopomnglinknormal

Enables the trap function when the connection status becomes normal.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When the trap function is enabled, the device generates traps during running and sends traps to the NMS through SNMP. When the trap function is not enabled, the device does not generate traps and the SNMP module does not send traps to the NMS.

You can specify trap-name to enable the trap function for one or more events.

Example

# Enable the hwtopomnglinkabnormal trap of the UNI-TOPOMNG module.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name uni-topomng trap-name hwtopomnglinkabnormal

snmp-agent trap enable feature-name uni-tplm

Function

snmp-agent trap enable feature-name uni-tplm command enables the trap function for the UNI-TPLM module.

undo snmp-agent trap enable feature-name uni-tplm command disables the trap function for the UNI-TPLM module.

By default, the trap function is enabled for the UNI-TPLM module.

NOTE:

This command can only be executed on a parent switch.

Format

snmp-agent trap enable feature-name uni-tplm [ trap-name { hwtplmcmdexecutefailednotify | hwtplmcmdexecutesuccessfulnotify | hwtplmdirectcmdrecoverfail } ]

undo snmp-agent trap enable feature-name uni-tplm [ trap-name { hwtplmcmdexecutefailednotify | hwtplmcmdexecutesuccessfulnotify | hwtplmdirectcmdrecoverfail } ]

Parameters

Parameter

Description

Value

trap-name

Enables or disables the trap function for the specified event.

-

hwtplmcmdexecutefailednotify

Enables the trap function when the command fails to be executed on the AS.

-

hwtplmcmdexecutesuccessfulnotify

Enables the trap function when the command is executed successfully on the AS.

-

hwtplmdirectcmdrecoverfail

Enables the trap function when configurations of the commands directly configured on the parent for the AS fail to be restored.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When the trap function is enabled, the device generates traps during running and sends traps to the NMS through SNMP. When the trap function is not enabled, the device does not generate traps and the SNMP module does not send traps to the NMS.

You can specify trap-name to enable the trap function for one or more events.

Example

# Enable the hwtplmcmdexecutefailednotify trap of the UNI-TPLM module.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name uni-tplm trap-name hwtplmcmdexecutefailednotify

snmp-agent trap enable feature-name uni-vermng

Function

snmp-agent trap enable feature-name uni-vermng command enables the trap function for the UNI-VERMNG module.

undo snmp-agent trap enable feature-name uni-vermng command disables the trap function for the UNI-VERMNG module.

By default, the trap function is enabled for the UNI-VERMNG module.

NOTE:

This command can only be executed on a parent switch.

Format

snmp-agent trap enable feature-name uni-vermng [ trap-name hwvermngupgradefail ]

undo snmp-agent trap enable feature-name uni-vermng [ trap-name hwvermngupgradefail ]

Parameters

Parameter

Description

Value

trap-name

Enables or disables the trap function for the specified event.

-

hwvermngupgradefail

Enables the trap function when an AS fails to be upgraded.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When the trap function is enabled, the device generates traps during running and sends traps to the NMS through SNMP. When the trap function is not enabled, the device does not generate traps and the SNMP module does not send traps to the NMS.

You can specify trap-name to enable the trap function for one or more events.

Example

# Enable the hwvermngupgradefail trap of the UNI-VERMNG module.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name uni-vermng trap-name hwvermngupgradefail

traffic-limit inbound (user access profile view)

Function

The traffic-limit inbound command configures the rate limit for incoming ARP and DHCP packets on an AS port.

The undo traffic-limit inbound command restores the default rate limit for incoming ARP and DHCP packets on an AS port.

By default, the forwarding rate of incoming ARP and DHCP packets on an AS port is not limited.

NOTE:

This command can only be executed on a parent switch.

Format

traffic-limit inbound { arp | dhcp } cir cir-value

undo traffic-limit inbound { arp | dhcp }

Parameters

Parameter Description Value
arp Specifies the ARP packet. -
dhcp Specifies the DHCP packet. -
cir cir-value Specifies the committed information rate (CIR), which is the allowed average rate of traffic that can pass through. The value is an integer that ranges from 8 to 128, in kbit/s.

Views

User access profile view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After a user access profile is created, you can configure the rate limit for incoming ARP and DHCP packets on an AS port. After the user access profile is bound to the AS port, the following configuration is generated on the AS port:
#
 traffic-limit inbound acl 4999 cir cir-value pir pir-value cbs cbs-value pbs pbs-value
 traffic-statistic inbound acl 4999
 traffic-limit inbound acl 3999 cir cir-value pir pir-value cbs cbs-value pbs pbs-value
 traffic-statistic inbound acl 3999
#

Precautions

  • This command and the authentication command cannot be both run in the user access profile view.

  • Do not run the traffic-limit inbound dhcp and dhcp snooping enable (network enhanced profile view) commands simultaneously on the same port; otherwise, the traffic-limit inbound dhcp command does not take effect. On an AS of the S2720EI, S2750EI, S5700LI, S5700S-LI, S5720S-LI, S5720LI, S5720SI, S5720S-SI, S5710-X-LI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-SI, or S600-E model, running the dhcp snooping enable (network enhanced profile view) command on any port may cause the traffic-limit inbound dhcp command unable to take effect on all ports. You are advised to shut down the attacked port after detecting DoS attacks.

  • Do not run the traffic-limit inbound arp and arp anti-attack check user-bind enable (network enhanced profile view) commands simultaneously on the same port. Otherwise, the traffic-limit inbound arp command may not take effect. On an AS of the S2720EI, S2750EI, S5700LI, S5700S-LI, S5720S-LI, S5720LI, S5720SI, S5720S-SI, S5710-X-LI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-SI, or S600-E model, running the arp anti-attack check user-bind enable (network enhanced profile view) command on any port may cause the traffic-limit inbound arp command unable to take effect on all ports. You are advised to shut down the attacked port after detecting DoS attacks.

Example

# Set the rate limit for incoming ARP packets to 64 on an AS port.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] user-access-profile name profile_1
[HUAWEI-um-user-access-profile_1] traffic-limit inbound arp cir 64

traffic-limit outbound (AS administrator profile view)

Function

The traffic-limit outbound command configures the rate limit for outgoing ARP and DHCP packets on an AS uplink fabric port.

The undo traffic-limit outbound command restores the default rate limit for outgoing ARP and DHCP packets on an AS uplink fabric port.

By default, the rate limits for outgoing ARP packets and DHCP packets are 32 kbit/s and 128 kbit/s respectively on an AS uplink fabric port.

NOTE:

This command can only be executed on a parent switch.

Format

traffic-limit outbound { arp | dhcp } cir cir-value

undo traffic-limit outbound { arp | dhcp }

Parameters

Parameter Description Value
arp Specifies the ARP packet. -
dhcp Specifies the DHCP packet. -
cir cir-value Specifies the committed information rate (CIR), which is the allowed average rate of traffic that can pass through. The value is an integer that ranges from 8 to 512, in kbit/s.

Views

AS administrator profile view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After an AS administrator profile is created, you can configure the rate limit for outgoing ARP and DHCP packets on an AS uplink fabric port. After the AS goes online, the following configuration is generated in the AS Eth-Trunk 0 view and system view, regardless of whether the AS administrator profile is bound to the AS:

#
acl number 3999
 rule 5 permit udp destination-port eq bootps
#
acl number 4998
 rule 5 permit vlan-id management-vlan
acl number 4999
 rule 5 permit l2-protocol arp destination-mac ffff-ffff-ffff
 rule 10 permit l2-protocol arp 
#
interface Eth-Trunk0
 traffic-filter outbound acl 4998 
 traffic-statistic outbound acl 3999
 traffic-limit outbound acl 3999 cir cir-value pir pir-value cbs cbs-value pbs pbs-value
 traffic-statistic outbound acl 4999
 traffic-limit outbound acl 4999 cir cir-value pir pir-value cbs cbs-value pbs pbs-value
#

Example

# Set the rate limit for outgoing ARP packets to 64 on an uplink fabric port.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as-admin-profile name profile_1
[HUAWEI-um-as-admin-profile_1] traffic-limit outbound arp cir 64
Related Topics

topology explore

Function

The topology explore command triggers SVF network topology collection immediately.

The topology explore interval command sets the interval for collecting SVF network topology information.

The undo topology explore interval command restores the default interval for collecting SVF network topology information.

By default, the interval for collecting SVF network topology information is 10 minutes.

NOTE:

This command can only be executed on a parent switch.

Format

topology explore [ interval interval ]

undo topology explore interval

Parameters

Parameter Description Value
interval

Specifies the interval for collecting SVF network topology information.

The value is an integer that ranges from 0 to 1440, in minutes.

The value 0 indicates that SVF network topology information is not automatically collected.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

You can adjust the interval for collecting SVF network topology information based on SVF network stability. When the network topology is stable, you can increase the interval or disable periodic topology information collection. When the network topology is unstable, you can shorten the interval.

You can also run the topology explore command to trigger SVF network topology collection immediately.

Example

# Set the SVF network topology collection interval to 30 minutes.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] topology explore interval 30
Related Topics

undo uni-mng enable

Function

The undo uni-mng enable command changes an AS from the client mode to the standalone mode.

NOTE:

This command can only be executed on an AS. After this command is executed, the AS restarts.

Format

undo uni-mng enable

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

You can run the undo uni-mng enable command to change an AS from the client mode to the standalone mode.

Example

# Change an AS from the client mode to the standalone mode.

<HUAWEI> undo uni-mng enable

uni eth-trunk

Function

The uni eth-trunk command creates an Eth-Trunk interface for an AS.

The undo uni eth-trunk command deletes an Eth-Trunk interface of an AS.

By default, no Eth-Trunk interface is created on an AS.

NOTE:

This command can only be executed on the parent.

Format

uni eth-trunk trunk-id [ mode lacp ]

undo uni eth-trunk trunk-id [ mode lacp ]

Parameters

Parameter

Description

Value

trunk-id

Specifies the ID of an Eth-Trunk interface.

The value is an integer and the minimum value is 1. The maximum value varies according to the switch model. For a specific switch model, the maximum value is the same as that described in interface eth-trunk.

mode lacp

Sets the working mode of an Eth-Trunk interface to LACP mode.

If this parameter is not specified, the working mode of an Eth-Trunk interface is manual mode.

-

Views

AS view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When an AP with two network interfaces connects to an SVF system through an AS or to improve access user bandwidth and reliability, you can create an Eth-Trunk interface for this AS.

Precautions

  • An Eth-Trunk interface can be created for an AS only when this AS is in centralized mode.
  • When an AS works in independent mode and its Eth-Trunk interface needs to be deleted, you need to run the undo uni eth-trunk trunk-id command in the AS view of the parent and log in to this AS to delete this Eth-Trunk interface.
  • To delete an Eth-Trunk interface, ensure that it does not contain member interfaces.
  • The Eth-Trunk interface of an AS and Eth-Trunk interfaces bound to fabric ports share the Eth-Trunk interface specifications.
  • An Eth-Trunk interface contains a maximum of eight member interfaces.
  • An Eth-Trunk interface cannot be created across ASs.

Follow-up Procedure

Run the port eth-trunk trunkmember command to add member interfaces to the Eth-Trunk interface.

Example

# Create Eth-Trunk 2 in LACP mode for the AS test.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as name test
[HUAWEI-um-as-test] uni eth-trunk 2 mode lacp

uni-mng

Function

The uni-mng command enables SVF or displays the uni-mng view.

The undo uni-mng command disables SVF.

By default, SVF is disabled.

NOTE:

This command can only be executed on a parent switch.

Format

uni-mng

undo uni-mng

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When SVF is disabled, the uni-mng command enables SVF and displays the uni-mng view. When SVF has been enabled, this command displays the uni-mng view.

Prerequisites

  • A source interface used to set up a CAPWAP link has been specified using the capwap source interface vlanif vlan-id command.

  • The STP working mode must be STP or RSTP. If the current working mode is not STP or RSTP, run the stp mode { rstp | stp } command to set the STP working mode to STP or RSTP before enabling SVF. By default, the STP working mode is MSTP. You can run the display stp command to check the current STP working mode.

  • The default STP/RSTP port path cost algorithm must be used. If the current port path cost algorithm is not the default one, run the undo stp pathcost-standard command to restore the default port path cost algorithm before enabling SVF. The default STP/RSTP port path cost algorithm is IEEE 802.1t (dot1t). You can run the display stp command to check the current port path cost algorithm.

  • The default Eth-Trunk specifications are used. If the current Eth-Trunk specifications are not the default value on S6720EI or S6720S-EI, run the undo assign trunk command to restore the default Eth-Trunk specifications before enabling SVF. You can run the display trunk configuration command to check the default and configured Eth-Trunk specifications.

  • The NAC configuration mode must be the unified mode. If the current mode is not the unified mode, run the authentication unified-mode command to set the NAC configuration mode to unified mode. The default NAC configuration mode is unified mode. You can run the display authentication mode command to check the current NAC configuration mode.

  • Remote authorization is not configured in the system. If remote authorization has been configured, run the undo remote-authorize command to disable remote authorization before enabling SVF. By default, remote authorization is not configured in the system. You can run the display current-configuration command to check whether remote authorization is configured.

Precautions

When SVF is disabled on the parent, the STP priorities of ports change, and STP recalculates the port role and changes the interface status.

After SVF is enabled on a switch used as the parent, the stack timer mac-address switch-delay value changes to 0 (not changing system MAC address) and cannot be changed. After SVF is disabled on this switch, this delay time is still 0, but you can manually change it.

Example

# Enable SVF (default Eth-Trunk specifications and default NAC configuration mode).

<HUAWEI> system-view
[HUAWEI] vlan batch 11
[HUAWEI] interface Vlanif 11
[HUAWEI-Vlanif11] ip address 192.168.11.1 24
[HUAWEI-Vlanif11] quit
[HUAWEI] capwap source interface vlanif 11
[HUAWEI] stp mode stp
[HUAWEI] uni-mng
Warning: This operation will switch to the uni-mng system and disconnect all online ASs. Continue? [Y/N]:y

uni-mng indirect fabric-port

Function

The uni-mng indirect fabric-port command configures a member port for an uplink fabric port that connects an AS to the parent through a network.

The undo uni-mng indirect fabric-port command deletes a member port of an uplink fabric port that connects an AS to the parent through a network.

By default, no member port is configured for an uplink fabric port that connects an AS to the parent through a network.

NOTE:

This command can only be executed on an AS.

Format

uni-mng indirect fabric-port member interface interface-type interface-number

undo uni-mng indirect fabric-port member interface interface-type interface-number

Parameters

Parameter Description Value
member interface interface-type interface-number

Specifies the type and number of member ports of a fabric port.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When an AS connects to the parent through a network, you must run the uni-mng indirect fabric-port command to configure a member port for an uplink fabric port of the AS. You can run this command multiple times to add multiple member ports to the fabric port.

Prerequisites

The uni-mng indirect mng-vlan command has been executed to configure the device to work in client mode and configure a management VLAN.

Precautions

  • Only AS uplink ports or subcard ports can be added to an uplink fabric port. If you have to add AS downlink ports to uplink fabric ports, run the uni-mng up-direction fabric-port member interface interface-type interface-number [ to interface-number ] command.

  • A maximum of eight member ports can be added to a fabric port.

  • Ports used to set up a stack cannot be configured as member ports of a fabric port.

  • The command that configures the stack ID is mutually exclusive with the command that configures a member port for a fabric port:

    • After the stack slot slot-id renumber new-slot-id command is executed in a specified slot, the port in the slot cannot be configured as a member port of a fabric port.

    • After a port in a slot is configured as a member port of a fabric port, the stack ID of the slot cannot be configured using the stack slot slot-id renumber new-slot-id command.

  • You need to configure a member port of a fabric port according to the network configuration. A member port needs to be reconfigured if the stack ID changes because the stack changes, for example, the stacking function is disabled, or existing stack IDs conflict after member devices are added to the stack.

Example

# Configure member ports for an uplink fabric port that connects an AS to the parent through a network.

<HUAWEI> uni-mng indirect fabric-port member interface gigabitethernet 0/0/27
<HUAWEI> uni-mng indirect fabric-port member interface gigabitethernet 0/0/28

uni-mng indirect mng-vlan

Function

The uni-mng indirect mng-vlan command configures a device to work in client mode and configures a management VLAN.

NOTE:

This command can only be executed on an AS.

Format

uni-mng indirect mng-vlan vlan-id

Parameters

Parameter Description Value
vlan-id

Specifies a management VLAN. The VLAN must be consistent with the management VLAN configured on a parent.

The value is an integer that ranges from 2 to 4094. The VLAN cannot be the reserved VLAN (VLAN 4093) of a stack.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When an AS connects to the parent through a network, you must run the uni-mng indirect mng-vlan command to configure the AS to work in client mode and configures a management VLAN.

Precautions

  • The VCMP role switching command is mutually exclusive with the command that configures a device to work in client mode. If the current device is not a silent switch in a VCMP domain, the device cannot be configured to work in client mode. You must run the vcmp role silent command in the system view to set the VCMP role of the device to silent. After a device is configured to work in client mode, the VCMP role switching command cannot be executed. That is, the device cannot change from the silent role to another role.

  • After running the uni-mng indirect mng-vlan vlan-id command on the device in standalone mode, you must delete the configuration file of the device and restart the device to make the configuration take effect.

  • If the device has been configured to work in client mode but has not gone online, you can run the uni-mng indirect mng-vlan vlan-id command multiple times to change the management VLAN, and the configuration takes effect immediately.

  • If the device has been configured to work in client mode and has gone online, the uni-mng indirect mng-vlan vlan-id command cannot be executed.

  • When an AS is an S5700-10P-LI, S5700-10P-PWR-LI-AC, or S2750EI and Layer 3 hardware forwarding for IPv4 packets has been enabled using the assign forward-mode ipv4-hardware command in the system view, the management VLAN cannot be configured. To solve this problem, start the AS in standalone mode and run the undo assign forward-mode command in the system view to disable Layer 3 hardware forwarding for IPv4 packets.

  • On the S5720SI, S5720S-SI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S600-E, the electrical port stack configuration on the front panel is mutually exclusive with the client mode configuration. If electrical ports on the front panel have been configured as stack physical member ports, no management VLAN cannot be configured. If a management VLAN has been configured, electrical ports on the front panel cannot be configured as stack physical member ports.

  • If an AS is configured in the independent mode, its management VLAN cannot be configured using this command.

Example

# Configure the device to work in client mode and configure a management VLAN 100.

<HUAWEI> uni-mng indirect mng-vlan 100

uni-mng up-direction fabric-port

Function

The uni-mng up-direction fabric-port command configures AS service ports as an uplink fabric port's members.

The undo uni-mng up-direction fabric-port command cancels the configuration.

By default, AS service ports are not configured as members of uplink fabric ports.

NOTE:

This command can only be executed on an AS.

Format

uni-mng up-direction fabric-port member interface interface-type interface-number [ to interface-number ]

undo uni-mng up-direction fabric-port member interface interface-type interface-number [ to interface-number ]

undo uni-mng up-direction fabric-port member all

Parameters

Parameter Description Value
member interface interface-type interface-number

Specifies the type and number of an AS service port to be configured as a member of an uplink fabric port.

-

all

Specifies all AS service ports.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To configure AS service ports as an uplink fabric port's members, run the uni-mng up-direction fabric-port command.

Precautions

  • A maximum of eight interfaces can be configured as a fabric port's members on an AS.

  • Stack ports cannot be configured as members of fabric ports. Similarly, fabric member ports cannot be configured as stack ports.

  • After the uni-mng up-direction fabric-port command is run on an AS, you must restart the AS to make the configuration take effect. If the AS is a stack, you need to restart all stack members. If a configuration conflicting with this command exists on the parent, the AS may fail to go online.

  • The command for configuring a stack ID and the command for configuring a fabric member port are mutually exclusive. Specifically:

    • If you have run the stack slot slot-id renumber new-slot-id command in a slot, you are not allowed to configure the service port of this slot as a member of an uplink fabric port.

    • If you have configured a service port of a slot as a member of an uplink fabric port, you are not allowed to run the stack slot slot-id renumber new-slot-id command to configure a stack ID in this slot.

  • When configuring a service port as a member of a fabric port, pay attention to the stacking configuration. A member port needs to be reconfigured if stack IDs change because the stack changes, for example, the stacking function is disabled, or existing stack IDs conflict after member switches are added to the stack.

Example

# Configure an AS service port as a member of an uplink fabric port.

<HUAWEI> uni-mng up-direction fabric-port member interface gigabitethernet 0/0/3
Warning: After a service port on an AS is configured as an uplink port, the AS needs to be restarted to make the configuration take effect.
 If the parent has a configuration conflict with the AS, the AS may fail to go online. Continue? [Y/N]:y

unicast-suppression (network enhanced profile view)

Function

The unicast-suppression command configures unknown unicast traffic suppression in a network enhanced profile.

The undo unicast-suppression command cancels unknown unicast traffic suppression in a network enhanced profile.

By default, unknown unicast traffic suppression is not configured in a network enhanced profile.

NOTE:

This command can only be executed on a parent switch.

Format

unicast-suppression packets packets-per-second

undo unicast-suppression

Parameters

Parameter Description Value
packets packets-per-second

Specifies the packet rate of an interface.

The value is an integer that ranges from 0 to 14881000, in packets per second (PPS).

If the configured packet rate on the parent switch is larger than the maximum value on the AS port, the maximum value takes effect on the AS port.

Views

Network enhanced profile view

Default Level

3: Management level

Usage Guidelines

After creating a network enhanced profile, you can configure unknown unicast traffic suppression in the profile. After the profile is bound to an AS port, unknown unicast traffic suppression is automatically configured on the port. The following configuration is generated on the AS port:
#
 unicast-suppression packets packets-per-second
#

To prevent broadcast storms, you can run the unicast-suppression command to configure the maximum number of unknown unicast packets that can pass through a port. When the unknown unicast traffic rate reaches the rate limit, the system discards excess unknown unicast packets to control the traffic volume within a proper range.

Example

# Configure unknown unicast traffic suppression in a network enhanced profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-enhanced-profile name profile_1
[HUAWEI-um-net-enhanced-profile_1] unicast-suppression packets 148810

upgrade as

Function

The upgrade as name command upgrades an AS with a specified name.

The upgrade as name-include command upgrades ASs of which the name contains a specified string.

The upgrade as type command upgrades ASs of a specified type.

The upgrade as all command upgrades all ASs.

undo upgrade as command rolls back ASs to the previous version.

NOTE:

This command can only be executed on a parent switch.

Format

upgrade as name as-name [ reload [ in time ] ]

upgrade as name-include string [ reload [ in time ] ]

upgrade as type as-type [ reload [ in time ] ]

upgrade as all [ reload [ in time ] ]

undo upgrade as { all | name as-name | name-include string | type as-type }

Parameters

Parameter Description Value
as-name

Upgrades an AS with a specified name.

The value must have an existing AS name.

string

Upgrades all the ASs of which the name contains a specified string.

The value is a string of 1 to 31 case-insensitive characters without spaces.

as-type

Upgrades ASs of a specified type.

The value is an enumerated type. You can enter a question mark (?) and select a value from the displayed value range.

reload

Configures an AS to restart after upgrade files are downloaded.

-

in time

Specifies the AS restart time.

If reload is specified but time is not specified, an AS restarts immediately after loading files. If time is specified, the AS restarts at the specified time.

The value is a string of characters in the HH:MM format, where HH:MM indicates the hour and minute. HH ranges from 0 to 23, and MM ranges from 0 to 59.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the upgrade as command to upgrade online ASs. You can upgrade one AS, ASs of a specified type, or all ASs.

After performing upgrade configuration on an AS, the patch and system software files for the next startup will be the specified ones. You can run the undo upgrade as command to cancel the configuration as long as the AS is not restarted. After this command is executed, the patch and system software files for the next startup are consistent with the currently running ones. If the patch has taken effect after upgrade configuration is performed, the patch cannot be rolled back to the previous version.

Precautions

  • The patch and system software files used to upgrade ASs are specified in the as type command.

  • The system software file name or patch file name specified using the as type command cannot be the same as the current or next startup system software file or patch file of an AS. Otherwise, the AS cannot be upgraded using the upgrade as command.
  • When you upgrade an AS using the upgrade as command without specifying reload:
    • If you specify patch patch but not system-software system-software in the as type command, the patch file is activated online immediately.
    • If you specify both patch patch and system-software system-software in the as type command and the specified system software file version is the version running on the AS, the patch file is activated online immediately.
    • If you specify both patchpatch and system-softwaresystem-software in the as type command and the specified system software file version is earlier or later than the version running on the AS, the specified system software file and patch file will be set as next startup files.

Example

# Perform an in-service upgrade on an AS of the S5700-P-LI type.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] upgrade as type s5700-p-li reload
Related Topics

upgrade { local-ftp-server | local-sftp-server }

Function

The upgrade { local-ftp-server | local-sftp-server } command configures a local file server.

The undo upgrade { local-ftp-server | local-sftp-server } command deletes a local file server.

By default, no local file server is configured.

NOTE:

This command can only be executed on a parent switch.

Format

upgrade { local-ftp-server | local-sftp-server } username username password password

undo upgrade { local-ftp-server | local-sftp-server }

Parameters

Parameter Description Value
local-ftp-server

Specifies the file server type as FTP server.

-

local-sftp-server

Specifies the file server type as SFTP server.

-

username username

Specifies the user name for accessing the file server.

The value is a string of 1 to 64 case-insensitive characters. It cannot contain spaces, asterisk, double quotation mark and question mark.

password password

Specifies the password for accessing the file server.

The value is a string of case-sensitive characters without spaces. By default, the value is a string of 8 to 128 characters or 48 to 188 characters. You can enter a password in plain text or cipher text. The password is displayed in cipher text in the configuration file regardless of whether the password is input in plain or cipher text.
  • The password in plain text is a string of 8 to 128 characters.

  • The password in cipher text is a string of 48 to 188 characters. The password in cipher text cannot be generated using the irreversible algorithm.

The newly configured password cannot be the default password admin@huawei.com of local users.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In an AS automatic upgrade or in-service AS batch upgrade, you need to download the version file or patch file from the parent. Before the upgrade, you need to configure the parent as an FTP/SFTP server. The AS then can work as a client to download files from the FTP/SFTP server.

Precautions

  • The files used to upgrade an AS are often saved in the root directory unimng/ of the parent. These files can also be saved on an AS when the AS is upgraded or downgraded to the software version that is consistent with that of the parent.

  • FTP has potential security risks, and so SFTP is recommended. If you want to use FTP, you are advised to configure ACLs to improve security. For details, see Configure the FTP ACL in "File Management" in the S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - Basic Configuration.

  • When the file server is an FTP server, the FTP service is automatically enabled and an FTP user is created on the parent, removing the need to perform the FTP configuration.

  • When the file server type is set to SFTP, the SFTP service is not automatically enabled and no SFTP user is created on the parent. You need to manually pre-configure SFTP on the parent.

  • After the upgrade { local-ftp-server | local-sftp-server } command is executed, the same user name and password configuration is also generated in the AAA view. If you modify the configured local user information (the user password for example) in AAA view, the version management function does not take effect.

  • If information about a user already exists in the AAA view, running this command to create the same user will change the user password in the AAA view to the configured password and change the user level to level 3. Changing the user password is allowed only when the user level of the user running this command is higher or equal to the user level configured in the AAA view. Otherwise, the command does not take effect.

  • Running this command multiple times to create new users will delete previous user information. Previous user information can be deleted only when the user level of the user running this command is higher or equal to the user level configured in the AAA view. Otherwise, the command does not take effect.

  • If a remote authentication server is used for AAA authentication, the user name and password configured using this command must also be configured on the remote authentication server.

Example

# Set the local file server type to FTP server.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] upgrade local-ftp-server username test password Pwd@12345

upload config

Function

The upload config command saves the AS configuration to the flash memory of an AS and uploads the configuration file of the AS to the parent.

NOTE:

This command can only be executed on an AS.

Format

upload config

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In independent mode, after services are configured on an AS using commands, you can run the upload config command to save the service configuration and upload the configuration file to the parent.

Precautions

  • After this command is executed, the AS configuration file uploaded to the parent will be saved to the flash:/unimng/ind-cfg directory or the cfcard:/unimng/ind-cfg directory on some parent switch models. If the file name format is unimng-xxxx-xxxx-xxxx.zip (xxxx-xxxx-xxxx indicates the management MAC address of an AS), and the service configuration mode of this AS is independent mode, it is not allowed to delete this configuration file.
  • After the upload config command command is executed, the AS configuration file may fail to be uploaded to the parent. The possible causes include insufficient storage space on the parent and a fault of the link between the AS and parent.
  • To prevent services from being affected, it is recommended not to delete the configuration file saved on the AS.
  • The AS configuration file saved on the parent can ensure configuration integrity for the AS. For example, after an AS goes online again or is replaced, the AS will compare its saved configuration file with that saved on the parent. If the two files are inconsistent, the configuration file saved on the parent will replace the configuration file saved on the AS and take effect after the AS restarts.

Example

# Save the AS configuration to the flash memory of the AS and upload the configuration file of the AS to the parent.

<HUAWEI> upload config

user-access-port enable (network enhanced profile view)

Function

The user-access-port enable command configures the edge port function in a network enhanced profile.

The undo user-access-port enable command cancels the edge port function in a network enhanced profile.

By default, the edge port function is not configured in a network enhanced profile.

NOTE:

This command can only be executed on a parent switch.

Format

user-access-port enable

undo user-access-port enable

Parameters

None

Views

Network enhanced profile view

Default Level

3: Management level

Usage Guidelines

After creating a network enhanced profile, you can configure the edge port function in the profile. After the profile is bound to an AS port, the port becomes an edge port. The following configuration is generated on the AS port:
#
 stp edged-port enable
#

Ports connected to a Layer 2 STP network do not need to participate in spanning tree calculation. If these ports participate in the calculation, the network topology convergence speed is affected and the status changes of these ports may cause network flapping. After these ports are configured as edge ports, they do not participate in spanning tree calculation. This configuration speeds up network topology convergence and enhances network stability.

Example

# Enable the edge port function in a network enhanced profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-enhanced-profile name profile_1
[HUAWEI-um-net-enhanced-profile_1] user-access-port enable

user-access-profile name

Function

The user-access-profile name command creates a user access profile.

The undo user-access-profile name command deletes a user access profile.

By default, no user access profile is configured.

NOTE:

This command can only be executed on a parent switch.

Format

user-access-profile name profile-name

undo user-access-profile name profile-name

Parameters

Parameter Description Value
profile-name

Specifies the name of a user access profile.

The value is a string of 1 to 31 case-sensitive characters without spaces. The value can contain letters, digits, and underscores (_).

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In a user access profile, you can configure authentication services for user access (for example, the authentication mode), MAC address learning limiting, and the rate limit for incoming ARP and DHCP packets on an AS port.

Precautions

You can create a maximum of 16 user access profiles.

Example

# Create a user access profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] user-access-profile name profile_1

user-access-profile (port group view)

Function

The user-access-profile command binds a user access profile to a port group.

The undo user-access-profile command unbinds a user access profile from a port group.

By default, no user access profile is bound to a port group.

NOTE:

This command can only be executed on a parent switch.

Format

user-access-profile profile-name

undo user-access-profile

Parameters

Parameter Description Value
profile-name

Specifies the name of a user access profile.

The value must have an existing user access profile name.

Views

Port group view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can bind a user access profile to a port group to deliver the configurations in the profile to all the member ports in the port group.

Prerequisites

The user access profile has been created.

Precautions

  • A user access profile can be bound to only an AS port group but not an AP port group.

  • A port group can be bound to only one user access profile.

Example

# Bind a user access profile to a port group.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] user-access-profile name profile_1
[HUAWEI-um-user-access-profile_1] quit
[HUAWEI-um] port-group name group_1
[HUAWEI-um-portgroup-group_1] user-access-profile profile_1

user-vlan (network basic profile view)

Function

The user-vlan command configures the default VLAN in a network basic profile.

The undo user-vlan command deletes the default VLAN in a network basic profile.

By default, no default VLAN is configured in a network basic profile, and downlink ports of an AS use VLAN 1 as the default VLAN.

NOTE:

This command can only be executed on a parent switch.

Format

user-vlan vlan-id

undo user-vlan

Parameters

Parameter Description Value
vlan-id

Specifies a VLAN ID.

The value is an integer that ranges from 1 to 4094.

The value cannot be the ID of an SVF management VLAN, a stack management VLAN, an ERPS control VLAN, an RRPP control VLAN, an SEP control VLAN, or a super VLAN.

Views

Network basic profile view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating a network basic profile, you can configure the default VLAN in the profile. After the profile is bound to an AS port, the default VLAN is automatically configured on the port. The following configuration is generated on the AS port:
#
 port link-type hybrid
 port hybrid pvid vlan vlan-id
 port hybrid tagged vlan 1
 port hybrid untagged vlan vlan-id
#

The user-vlan command can only configure the default VLAN for a port. To enable this port to allow packets of multiple VLANs to pass through, run the pass-vlan command in a network basic profile.

Precautions

The default VLAN, allowed VLANs, and voice VLAN in a network basic profile must be different.

Example

# Configure the default VLAN in a network basic profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-basic-profile name profile_1
[HUAWEI-um-net-basic-profile_1] user-vlan 10

user password (AS administrator profile view)

Function

The user password command configures an AS administrator in an AS administrator profile.

The undo user command deletes an AS administrator in an AS administrator profile.

By default, no AS administrator is configured in an AS administrator profile.

NOTE:

This command can only be executed on a parent switch.

Format

user user-name password password

undo user user-name

Parameters

Parameter Description Value
user-name

Specifies a user name.

The value is a string of 1 to 64 case-insensitive characters. It cannot contain spaces, asterisk, double quotation mark and question mark.

password

Specifies the password.

The value is a string of case-sensitive characters without spaces. By default, the value is a string of 8 to 128 characters or 48 to 188 characters. You can enter a password in plain text or cipher text. The password is displayed in cipher text in the configuration file regardless of whether the password is input in plain or cipher text.
  • The password in plain text is a string of 8 to 128 characters.

  • The password in cipher text is a string of 48 to 188 characters. The password in cipher text cannot be generated using the irreversible algorithm.

The newly configured password cannot be the default password admin@huawei.com of local users.

Views

AS administrator profile view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating an AS administrator profile, you can configure an AS administrator in the profile, including the user name and password. After the profile is bound to an AS, the user name and password for login are automatically configured on the AS. The following configuration is generated on the AS:

#
aaa
 local-user user-name password irreversible-cipher password
 local-user user-name privilege level 3
 local-user user-name service-type terminal ssh
#

After an AS user name and password are configured, you need to enter the correct user name and password when logging in to an AS through the console port. When you log in to an AS from the parent using the attach as name as-name command, you can log in to the AS without entering the user name or password.

Precautions

When no AS user name and password are configured, you need to enter the default password admin@huawei.com when logging in to an AS through the console port.

NOTE:

The default password has security risks. You are advised to change the login password.

Example

# Configure the user name and password for an AS administrator.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] as-admin-profile name profile_1
[HUAWEI-um-as-admin-profile_1] user test password Pwd@123456
Related Topics

voice-vlan (network basic profile view)

Function

The voice-vlan command configures a voice VLAN in a network basic profile.

The undo voice-vlan command deletes the voice VLAN in a network basic profile.

By default, no voice VLAN is configured in a network basic profile.

NOTE:

This command can only be executed on a parent switch.

Format

voice-vlan vlan-id [ include-untagged ]

undo voice-vlan

Parameters

Parameter Description Value
vlan-id

Specifies a VLAN ID.

The value is an integer that ranges from 2 to 4094.

The value cannot be the ID of an SVF management VLAN, a stack management VLAN, an ERPS control VLAN, an RRPP control VLAN, an SEP control VLAN, or a super VLAN.

include-untagged

Adds voice VLAN IDs to untagged packets.

-

Views

Network basic profile view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After creating a network basic profile, you can configure a voice VLAN in the profile. After the profile is bound to an AS port, the voice VLAN is automatically configured on the port. The following configuration is generated on the AS port:
  • The include-untagged parameter is not specified:
    #
     port link-type hybrid
     port hybrid tagged vlan vlan-id
     lldp tlv-enable med-tlv network-policy voice-vlan vlan vlan-id
     lldp compliance cdp txrx
    #
    
  • The include-untagged parameter is specified (S5720EI, S6720EI, and S6720S-EI):
    #
     port link-type hybrid
     port hybrid untagged vlan vlan-id
     voice-vlan vlan-id enable include-untagged include-tag0
     undo lldp tlv-enable med-tlv network-policy
    #
    
  • The include-untagged parameter is specified (except S5720EI, S6720EI, and S6720S-EI):
    #
     port link-type hybrid
     port hybrid untagged vlan vlan-id
     voice-vlan vlan-id enable include-untagged 
     undo lldp tlv-enable med-tlv network-policy
    #

Precautions

The default VLAN, allowed VLANs, and voice VLAN in a network basic profile must be different.

When configuring a voice VLAN on an AS port, ensure that IP phones connected to the AS port support LLDP and have LLDP enabled.

Example

# Configure a voice VLAN in a network basic profile.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] network-basic-profile name profile_1
[HUAWEI-um-net-basic-profile_1] voice-vlan 10

whitelist mac-address

Function

The whitelist mac-address command adds a specified MAC address to the whitelist.

The undo whitelist mac-address command deletes a MAC address from the whitelist.

By default, no MAC address is added to the whitelist. A maximum of 512 MAC addresses can be added to the whitelist.

NOTE:

This command can only be executed on a parent switch.

Format

whitelist mac-address mac-address1 [ to mac-address2 ]

undo whitelist mac-address { mac-address1 [ to mac-address2 ] | all }

Parameters

Parameter Description Value
mac-address1 [ to mac-address2 ]

Specifies MAC addresses to be added to a whitelist.

The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address.

all

Deletes all the MAC addresses in a whitelist.

-

Views

AS authentication view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When an SVF system needs to authenticate an AS, the SVF system allows the AS to connect to if the MAC address of the AS is in the whitelist and disallows the AS to connect to if the MAC address is in the blacklist.

Precautions

  • A MAC address cannot exist in both the whitelist and blacklist.

  • By default, if the MAC address of an AS is neither in the whitelist nor in the blacklist, the AS fails the authentication. You can run the confirm { all | mac-address mac-address } command to allow all ASs or a specified AS to pass the authentication.

Example

# Add the MAC address 0025-9e07-8280 to the whitelist.

<HUAWEI> system-view
[HUAWEI] as-auth
[HUAWEI-as-auth] whitelist mac-address 0025-9e07-8280
Related Topics
Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178165

Views: 62072

Downloads: 1233

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next