No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

S1720, S2700, S5700, and S6720 V200R011C10

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
VPN compatible command

VPN compatible command

display ipv6 prefix-limit statistics (upgrade-compatible command)

Function

The display ipv6 prefix-limit statistics command displays the statistics of the prefix limits of IPv6 VPN instances.

Format

display ipv6 prefix-limit { all-vpn6-instance | vpn6-instance vpn-instance-name } statistics

Parameters

Parameter Description Value
all-vpn6-instance Indicates all IPv6 VPN instances. -
vpn6-instance vpn-instance-name Specifies the name of an IPv6 VPN instance. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display ipv6 prefix-limit statistics command to view the number of times that a protocol re-adds or deletes routes according to the prefix limit of a specified IPv6 VPN instance.

Example

# Display the statistics of the prefix limits of all IPv6 VPN instances.

<HUAWEI> display ipv6 prefix-limit all-vpn6-instance statistics
-------------------------------------------------------------------------------
IPv6 VPN instance name: vrf1
          DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute
DIRECT          0                0            0               0              0 
STATIC          0                0            0               0              0 
OSPFv3         11                3            1               0              5
IS-IS         106                0            1               0              5
RIPng          98                0            1               1              5
BGP             2                0            1               1              5
------------------------------------------------------------------------------
IPv6 VPN instance name: VPN123

          DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute
DIRECT          0                0            0               0              0 
STATIC          0                0            0               0              0 
OSPFv3         11                3            1               0              5
IS-IS         106                0            1               0              5
RIPng          98                0            1               1              5
BGP             2                0            1               1              5
Table 19-3  Description of the display ipv6 prefix-limit statistics command output

Item

Description

DenyAdd

Number of routes that the protocol fails to add to the RIB because of the prefix limit.

TryAddInDelState

Number of routes that the protocol fails to add to the RIB because the RIB is in the process of deleting routes.

NotifyDelAll

Number of times that the RIB notifies the protocol of deleting routes when the prefix limit is decreased.

NotifyDelFinish

Number of times that the protocol notifies the RIB of completion of deleting routes.

NotifyAddRoute

Number of times that the RIB notifies the protocol of re-adding routes.

# Display the statistics of the prefix limit of the IPv6 VPN instance named vrf1.

<HUAWEI> display ipv6 prefix-limit vpn6-instance vrf1 statistics
-------------------------------------------------------------------------------
IPv6 VPN instance name: vrf1
          DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute
DIRECT          0                0            0               0              0
STATIC          0                0            0               0              0
OSPFv3         11                3            1               0              5
IS-IS         106                0            1               0              5
RIPng          98                0            1               1              5
BGP             2                0            1               1              5

display ipv6 vpn-instance (upgrade-compatible command)

Function

The display ipv6 vpn6-instance command displays information about an IPv6 VPN instance.

Format

display ipv6 vpn6-instance [ brief | verbose ] [ vpn6-instance-name ]

Parameters

Parameter Description Value
brief Displays summary information about an IPv6 VPN instance. -
verbose Displays detailed information about the IPv6 VPN instances and their associated interfaces. -
vpn6-instance-name Specifies the name of an IPv6 VPN instance. The name is a string of 1 to 31 case-sensitive characters.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

If a VPN instance is configured, you can check the configuration of the instance by using the display ipv6 vpn6-instance command. You can also use this command to view the VPN instances configured on the local device.

When no parameters are specified, the command displays brief information about all the configured VPN instances.

Example

# View brief information about all the configured IPv6 VPN instances.

<HUAWEI> display ipv6 vpn6-instance
 Total VPN-Instances configured      : 3                                                                                            
 Total IPv4 VPN-Instances configured : 2                                                                                            
 Total IPv6 VPN-Instances configured : 1                                                                                            
                                                                                                                                    
  VPN-Instance Name               RD                    Address-family                                                              
  vpn1                                                                                                                              
  vpna                            100:1                 IPv4                                                                        
  vpna                            100:3                 IPv6                                                                        
  vpnb                            100:2                 IPv4  
Table 19-4  Description of the display ip vpn-instance command output

Item

Description

Total VPN-Instances configured

Total number of VPN instances configured on the local end.

Total IPv4 VPN-Instances configured

Total number of locally configured VPN instances for which IPv4 address families are enabled.

Total IPv6 VPN-Instances configured

Total number of locally configured VPN instances for which IPv6 address families are enabled.

VPN-Instance Name

Name of the VPN instance.

RD

RD of the VPN instance IPv4 address family or IPv6 address family.

Creation Time

Time when an IPv4 or IPv6 address family is enabled for the VPN instance.

Address-family

Address family enabled for the VPN instance. The address family can be:
  • Null, if no address family is enabled.
  • ipv4, if only the IPv4 address family is enabled.
  • ipv6, if only the IPv6 address family is enabled.
<HUAWEI> display ipv6 vpn6-instance brief
 Total VPN-Instances configured      : 3                                                                                            
 Total IPv4 VPN-Instances configured : 2                                                                                            
 Total IPv6 VPN-Instances configured : 1                                                                                            
                                                                                                                                    
  VPN-Instance Name               RD                    Address-family                                                              
  vpn1                                                                                                                              
  vpna                            100:1                 IPv4                                                                        
  vpna                            100:3                 IPv6                                                                        
  vpnb                            100:2                 IPv4  

# View detailed information about all IPv6 VPN instances.

<HUAWEI> display ipv6 vpn-instance verbose
 Total VPN-Instances configured      : 1                                        
 Total IPv4 VPN-Instances configured : 1                                        
 Total IPv6 VPN-Instances configured : 1                                        
                                                                                
 VPN-Instance Name and ID : vpna, 6                                             
  Description : vpna-1                                                          
  Service ID : 12  
  Interfaces : Vlanif10                                             
 Address family ipv4                                                            
  Create date : 2012/12/3 15:36:20 UTC+08:00                                    
  Up time : 6 days, 04 hours, 41 minutes and 57 seconds                         
  Route Distinguisher : 100:1                                                   
  Export VPN Targets :  1:1                                                     
  Import VPN Targets :  1:1                                                     
  Label Policy : label per instance                                             
  Per-Instance Label : 1024                                                     
  IP FRR Route Policy : 20                                                      
  VPN FRR Route Policy : 12 
  Import Route Policy : 10                                                      
  Export Route Policy : 20                                                      
  Tunnel Policy : bindTE                                                        
  Maximum Routes Limit : 2000                                                   
  Threshold Routes Limit : 80%                                                  
  Maximum Prefixes Limit : 1024                                                 
  Threshold Prefixes Limit : 50%                                                
  Install Mode : route-unchanged 
  Log Interval : 10                                                             
 Address family ipv6                                                            
  Create date : 2012/12/3 15:36:20 UTC+08:00                                    
  Up time : 6 days, 04 hours, 41 minutes and 57 seconds                         
  Log Interval : 5                                                              
                                                                                
Table 19-5  Description of the display ip vpn-instance verbose command output

Item

Description

Total VPN-Instances configured

Total number of VPN instances configured on the local end.

Total IPv4 VPN-Instances configured

Total number of locally configured VPN instances for which IPv4 address families are enabled.

Total IPv6 VPN-Instances configured

Total number of locally configured VPN instances for which IPv6 address families are enabled.

VPN-Instance Name and ID

Name and ID of the VPN instance. The ID is assigned by the system, which facilitates indexing.

Description

Description of the VPN instance. This field is displayed in the command output only when the description (VPN instance view) command is used.

Service ID

Service ID of the VPN instance. This item is displayed only after the service-id (VPN instance view) command is run in the VPN instance view.

Interfaces

Interfaces bound to the VPN instance. This field is displayed only after the ip binding vpn-instance command is configured on these interfaces.

Address family ipv4

Information about the IPv4 address family enabled for the VPN instance.

Address family ipv6

Information about the IPv6 address family enabled for the VPN instance.

Create date

Time when the VPN instance is created.

Up time

Period during which the VPN instance maintains in the Up state.

Route Distinguisher

RD of the VPN instance IPv4 address family or IPv6 address family

Export VPN Targets

Route Target list in the outbound direction. To set the VPN target, run the vpn-target command.

Import VPN Targets

Route Target list in the inbound direction. To set the VPN target, run the vpn-target command.

Label Policy

Label policy:
  • label per instance: indicates that the same label is allocated to routes of a VPN instance. This field is displayed in the command output only when the apply-label per-instance command is run in the VPN instance view.

  • label per route: indicates that each route of a VPN instance is assigned a label. Label allocation for routes of a VPN instance is implemented in this mode.

Per-Instance Label

Label value used when all VPN routes of the VPN instance address family share one label. This field is displayed only after the apply-label per-instance command is run in the VPN instance address family view.

IP FRR Route Policy

IP FRR route policy used for the address family. This item is displayed only after the ip frr command is run in the VPN instance IPv4 address family view.

VPN FRR Route Policy

VPN FRR route policy used for the address family. This item is displayed only after the vpn frr command is run in the VPN instance IPv4 address family view.

Import Route Policy

Import Route-Policy applied to the VPN instance. This field is displayed only after the import route-policy command is run in the VPN instance address family view.

Export Route Policy

Export Route-Policy applied to the VPN instance. This field is displayed only after the export route-policy command is run in the VPN instance address family view.

Tunnel Policy

Tunnel policy applied to the VPN instance. This field is displayed only after the tnl-policy command is run in the VPN instance address family view.

Maximum Routes Limit

Maximum number of routes supported by the current address family. This field is displayed only after the routing-table limit command is run in the VPN instance address family view.

Threshold Routes Limit

Percentage of the maximum number of routes specified for the current address family. When the maximum number of routes reaches the percentage threshold, an alarm is generated.This field is displayed only after the routing-table limit command is run in the VPN instance address family view.

Maximum Prefixes Limit

Maximum number of prefixes supported by the current address family of the VPN instanceThis field is displayed only after the prefix limit command is run in the VPN instance address family view.

Threshold Prefixes Limit

Percentage of the maximum number of prefixes specified for the current address family of the VPN instance. When the maximum number of prefixes reaches the percentage threshold, an alarm is generated.This field is displayed only after the prefix limit command is run in the VPN instance address family view.

Install Mode

Method of processing routes. The prefix limit command can be used to specify the route processing method when the threshold is lowered due to the number of route prefixes exceeding the upper threshold.
  • If route-unchanged is configured, routes in the routing information base (RIB) table remain unchanged.
  • If route-unchanged is not configured, all routes in the RIB table are deleted and the routes are re-installed in the RIB table.

Log Interval

Interval for displaying log messages when the number of VPN instance routes exceeds the maximum value. The default interval is 5 seconds. The value can be set by the command limit-log-interval.

ipv6 binding vpn6-instance (upgrade-compatible command)

Function

The ipv6 binding vpn6-instance command binds the current interface to an IPv6 VPN instance.

The undo ipv6 binding vpn6-instance command unbinds the current interface from an IPv6 VPN instance.

By default, an interface is a public network interface and is not bound to any IPv6 VPN instance.

Format

ipv6 binding vpn6-instance vpn6-instance-name

undo ipv6 binding vpn6-instance vpn6-instance-name

Parameters

Parameter Description Value
vpn6-instance-name Specifies the name of an IPv6 VPN instance. The name is a string of 1 to 31 case-sensitive characters.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

After an IPv6 VPN instance is created, the device interfaces belonging to the IPv6 VPN instance need to be bound to the instance; otherwise, the interfaces are public network interfaces.

After an interface is bound to an IPv6 VPN instance or an interface is unbound from an IPv6 VPN instance, the Layer 3 features such as the IPv6 address and IPv6 routing protocol configured on this interface are deleted.

ipv6 vpn6-instance (upgrade-compatible command)

Function

The ipv6 vpn6-instance command creates an IPv6 VPN instance and displays the IPv6 VPN instance view.

The undo ipv6 vpn6-instance command deletes a specified IPv6 VPN instance.

By default, no IPv6 VPN instance exists.

Format

ipv6 vpn6-instance vpn6-instance-name

undo ipv6 vpn6-instance vpn6-instance-name

Parameters

Parameter Description Value
vpn6-instance-name Specifies the name of an IPv6 VPN instance. The name is a string of 1 to 31 case-sensitive characters without any spaces.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

After this command is run, an IPv6 VPN instance is created and the IPv6 VPN instance view is displayed..

snmp-agent trap enable feature-name l3vpn (upgrade-compatible command)

Function

The snmp-agent trap enable feature-name l3vpn command enables the trap function for the L3VPN module.

The undo snmp-agent trap enable feature-name l3vpn command disables the trap function for the L3VPN module.

By default, the trap function for the L3VPN module is disabled.

Format

snmp-agent trap enable feature-name l3vpn trap-name l3vpn_mib_trap_mid_exceed

undo snmp-agent trap enable feature-name l3vpn trap-name l3vpn_mib_trap_mid_exceed

Parameters

Parameter Description Value
trap-name Enables the traps of L3VPN events of specified types. -
l3vpn_mib_trap_mid_exceed Enables the trap of the event indicating that the number of private route prefixes exceeds the middle threshold. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. It uses a central computer (a network management station) that runs network management software to manage network elements. The management agent on the network element automatically reports traps to the network management station. After that, the network administrator immediately takes measures to resolve the problem.

The snmp-agent trap enable feature-name l3vpn command enables the trap function for L3VPN modules.

Example

# Enable the trap of the event indicating that the number of private route prefixes exceeds the middle threshold in the system view.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name l3vpn trap-name l3vpn_mib_trap_mid_exceed

snmp-agent trap enable l3vpn (upgrade-compatible command)

Function

The snmp-agent trap enable l3vpn command enables the device to send the L3VPN trap message.

The undo snmp-agent trap enable l3vpn command prohibits the device from sending the L3VPN trap message.

By default, the L3VPN trap message cannot be sent.

Format

snmp-agent trap enable l3vpn

undo snmp-agent trap enable l3vpn

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

None

Example

# Permit the device to send the L3VPN trap message.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable l3vpn 

sa authentication-hex (upgrade-compatible command)

Function

The sa authentication-hex command sets an authentication in hexadecimal format or cipher text for Security Associations (SAs).

Format

sa authentication-hex { inbound | outbound } { ah | esp } plain hex-plain-key

Parameters

Parameter Description Value
inbound

Specifies SA parameters for incoming packets.

-

outbound

Specifies SA parameters for outgoing packets.

-

ah

Specifies SA parameters for Authentication Header (AH). If the security proposal applied to an SA uses AH, ah must be configured in the sa authentication-hex command.

-

esp

Specifies SA parameters for Encapsulating Security Payload (ESP). If the security proposal applied to an SA uses ESP, esp must be configured in the sa authentication-hex command.

-

plain

Indicates the plain text used for authentication.

-

hex-plain-key

Specifies the plain text key.

The value is in hexadecimal notation.
  • If authentication algorithm Message Digest 5 (MD5) is used, the length of the key is 16 bytes.
  • If authentication algorithm Secure Hash Algorithm-1 (SHA-1) is used, the length of the key is 20 bytes.
  • If authentication algorithm SHA2-256 is used, the length of the key is 32 bytes.
NOTE:

The MD5 and SHA-1 authentication algorithms have security risks; therefore, you are advised to use SHA-256 preferentially.

Views

SA view

Default Level

3: Management level

Usage Guidelines

This command is upgrade compatible and can be executed during configuration recovery. Users cannot manually configure this command.

After the upgrade, this command is no longer supported, and it is replaced by the sa authentication-hex command.

sa encryption-hex (upgrade-compatible command)

Function

The sa encryption-hex command configures an encryption key for manual Security Association (SA) in hexadecimal format.

Format

sa encryption-hex { inbound | outbound } { ah | esp } plain hex-plain-key

Parameters

Parameter Description Value
inbound Specifies SA parameters for incoming packets. -
outbound Specifies SA parameters for outgoing packets. -
ah Specifies SA parameters for Authentication Header (AH). If the security proposal applied to an SA uses AH, ah must be configured in the sa encryption-hex command. -
esp Specifies SA parameters for Encapsulating Security Payload (ESP). If the security proposal applied to an SA uses ESP, esp must be configured in the sa encryption-hex command. -
plain Indicates the plaintext used for authentication. -
hex-plain-key Specifies the plaintext key. The value is in hexadecimal notation.
  • If encryption algorithm Data Encryption Standard (DES) is used, the length of the key is 8 bytes.
  • If encryption algorithm Triple Data Encryption Standard (3DES) is used, the length of the key is 24 bytes.
  • If encryption algorithm Advanced Encryption Standard 128 (AES-128) is used, the length of the key is 16 bytes.
  • If encryption algorithm AES-192 is used, the length of the key is 24 bytes.
  • If encryption algorithm AES-256 is used, the length of the key is 32 bytes.
NOTE:

The DES and 3DES encryption algorithms have security risks; therefore, you are advised to use AES-128, AES-192 or AES-256 preferentially.

Views

SA view

Default Level

3: Management level

Usage Guidelines

This command is upgrade compatible and can be executed during configuration recovery. Users cannot manually configure this command.

After the upgrade, this command is no longer supported, and it is replaced by the sa encryption-hex command.

sa string-key (upgrade-compatible command)

Function

The sa string-key command configures an authentication key in the string format.

Format

sa string-key { inbound | outbound } { ah | esp } plain string-plain-key

Parameters

Parameter Description Value
inbound Specifies SA parameters for incoming packets. -
outbound Specifies SA parameters for outgoing packets. -
ah Specifies SA parameters for Authentication Header (AH). If the security proposal applied to an SA uses AH, ah must be configured in the sa string-key command. -
esp Specifies SA parameters for Encapsulating Security Payload (ESP). If the security proposal applied to an SA uses ESP, esp must be configured in the sa string-key command. -
plain Indicates the plaintext used for authentication. -
string-plain-key Specifies the plaintext key. The value is a string of 1 to 127 case-sensitive characters.

Views

SA view

Default Level

3: Management level

Usage Guidelines

This command is upgrade compatible and can be executed during configuration recovery. Users cannot manually configure this command.

After the upgrade, this command is no longer supported, and it is replaced by the sa string-key command.

Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000178165

Views: 42638

Downloads: 1107

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next