No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

S7700 and S9700 V200R011C10

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
VPN compatible command

VPN compatible command

description (IPv6 VPN instance view) (upgrade-compatible command)

Function

The description command sets the description about the current IPv6 VPN instance.

The undo description command deletes the description about the current IPv6 VPN instance.

By default, no description is specified for an IPv6 VPN instance.

Format

description description-information

undo description

Parameters

Parameter Description Value
description-information Describes an IPv6 VPN instance. The value is a string of 1 to 242 case-sensitive characters. Spaces are allowed.

Views

IPv6 VPN instance view

Default Level

2: Configuration level

Usage Guidelines

This command is available to aid upgrade compatibility. It can only be run during the configuration restoration phase of the upgrade.

It is replaced by the description (VPN instance view) command.

display ipv6 prefix-limit statistics (upgrade-compatible command)

Function

The display ipv6 prefix-limit statistics command displays the statistics of the prefix limits of IPv6 VPN instances.

Format

display ipv6 prefix-limit { all-vpn6-instance | vpn6-instance vpn-instance-name } statistics

Parameters

Parameter Description Value
all-vpn6-instance Indicates all IPv6 VPN instances. -
vpn6-instance vpn-instance-name Specifies the name of an IPv6 VPN instance. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display ipv6 prefix-limit statistics command to view the number of times that a protocol re-adds or deletes routes according to the prefix limit of a specified IPv6 VPN instance.

Example

# Display the statistics of the prefix limits of all IPv6 VPN instances.

<HUAWEI> display ipv6 prefix-limit all-vpn6-instance statistics
-------------------------------------------------------------------------------
IPv6 VPN instance name: vrf1
          DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute
DIRECT          0                0            0               0              0 
STATIC          0                0            0               0              0 
OSPFv3         11                3            1               0              5
IS-IS         106                0            1               0              5
RIPng          98                0            1               1              5
BGP             2                0            1               1              5
------------------------------------------------------------------------------
IPv6 VPN instance name: VPN123

          DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute
DIRECT          0                0            0               0              0 
STATIC          0                0            0               0              0 
OSPFv3         11                3            1               0              5
IS-IS         106                0            1               0              5
RIPng          98                0            1               1              5
BGP             2                0            1               1              5
Table 19-14  Description of the display ipv6 prefix-limit statistics command output

Item

Description

DenyAdd

Number of routes that the protocol fails to add to the RIB because of the prefix limit.

TryAddInDelState

Number of routes that the protocol fails to add to the RIB because the RIB is in the process of deleting routes.

NotifyDelAll

Number of times that the RIB notifies the protocol of deleting routes when the prefix limit is decreased.

NotifyDelFinish

Number of times that the protocol notifies the RIB of completion of deleting routes.

NotifyAddRoute

Number of times that the RIB notifies the protocol of re-adding routes.

# Display the statistics of the prefix limit of the IPv6 VPN instance named vrf1.

<HUAWEI> display ipv6 prefix-limit vpn6-instance vrf1 statistics
-------------------------------------------------------------------------------
IPv6 VPN instance name: vrf1
          DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute
DIRECT          0                0            0               0              0
STATIC          0                0            0               0              0
OSPFv3         11                3            1               0              5
IS-IS         106                0            1               0              5
RIPng          98                0            1               1              5
BGP             2                0            1               1              5

display ipv6 vpn-instance (upgrade-compatible command)

Function

The display ipv6 vpn6-instance command displays information about an IPv6 VPN instance.

Format

display ipv6 vpn6-instance [ brief | verbose ] [ vpn6-instance-name ]

Parameters

Parameter Description Value
brief Displays summary information about an IPv6 VPN instance. -
verbose Displays detailed information about the IPv6 VPN instances and their associated interfaces. -
vpn6-instance-name Specifies the name of an IPv6 VPN instance. The name is a string of 1 to 31 case-sensitive characters.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

If a VPN instance is configured, you can check the configuration of the instance by using the display ipv6 vpn6-instance command. You can also use this command to view the VPN instances configured on the local device.

When no parameters are specified, the command displays brief information about all the configured VPN instances.

Example

# View brief information about all the configured IPv6 VPN instances.

<HUAWEI> display ipv6 vpn6-instance
 Total VPN-Instances configured      : 3                                                                                            
 Total IPv4 VPN-Instances configured : 2                                                                                            
 Total IPv6 VPN-Instances configured : 1                                                                                            
                                                                                                                                    
  VPN-Instance Name               RD                    Address-family                                                              
  vpn1                                                                                                                              
  vpna                            100:1                 IPv4                                                                        
  vpna                            100:3                 IPv6                                                                        
  vpnb                            100:2                 IPv4  
Table 19-15  Description of the display ip vpn-instance command output

Item

Description

Total VPN-Instances configured

Total number of VPN instances configured on the local end.

Total IPv4 VPN-Instances configured

Total number of locally configured VPN instances for which IPv4 address families are enabled.

Total IPv6 VPN-Instances configured

Total number of locally configured VPN instances for which IPv6 address families are enabled.

VPN-Instance Name

Name of the VPN instance.

RD

RD of the VPN instance IPv4 address family or IPv6 address family.

Creation Time

Time when an IPv4 or IPv6 address family is enabled for the VPN instance.

Address-family

Address family enabled for the VPN instance. The address family can be:
  • Null, if no address family is enabled.
  • ipv4, if only the IPv4 address family is enabled.
  • ipv6, if only the IPv6 address family is enabled.
<HUAWEI> display ipv6 vpn6-instance brief
 Total VPN-Instances configured      : 3                                                                                            
 Total IPv4 VPN-Instances configured : 2                                                                                            
 Total IPv6 VPN-Instances configured : 1                                                                                            
                                                                                                                                    
  VPN-Instance Name               RD                    Address-family                                                              
  vpn1                                                                                                                              
  vpna                            100:1                 IPv4                                                                        
  vpna                            100:3                 IPv6                                                                        
  vpnb                            100:2                 IPv4  

# View detailed information about all IPv6 VPN instances.

<HUAWEI> display ipv6 vpn-instance verbose
 Total VPN-Instances configured      : 1                                        
 Total IPv4 VPN-Instances configured : 1                                        
 Total IPv6 VPN-Instances configured : 1                                        
                                                                                
 VPN-Instance Name and ID : vpna, 6                                             
  Description : vpna-1                                                          
  Service ID : 12  
  Interfaces : Vlanif10                                             
 Address family ipv4                                                            
  Create date : 2012/12/3 15:36:20 UTC+08:00                                    
  Up time : 6 days, 04 hours, 41 minutes and 57 seconds                         
  Route Distinguisher : 100:1                                                   
  Export VPN Targets :  1:1                                                     
  Import VPN Targets :  1:1                                                     
  Label Policy : label per instance                                             
  Per-Instance Label : 1024                                                     
  IP FRR Route Policy : 20                                                      
  VPN FRR Route Policy : 12 
  Import Route Policy : 10                                                      
  Export Route Policy : 20                                                      
  Tunnel Policy : bindTE                                                        
  Maximum Routes Limit : 2000                                                   
  Threshold Routes Limit : 80%                                                  
  Maximum Prefixes Limit : 1024                                                 
  Threshold Prefixes Limit : 50%                                                
  Install Mode : route-unchanged 
  Log Interval : 10                                                             
 Address family ipv6                                                            
  Create date : 2012/12/3 15:36:20 UTC+08:00                                    
  Up time : 6 days, 04 hours, 41 minutes and 57 seconds                         
  Log Interval : 5                                                              
                                                                                
Table 19-16  Description of the display ip vpn-instance verbose command output

Item

Description

Total VPN-Instances configured

Total number of VPN instances configured on the local end.

Total IPv4 VPN-Instances configured

Total number of locally configured VPN instances for which IPv4 address families are enabled.

Total IPv6 VPN-Instances configured

Total number of locally configured VPN instances for which IPv6 address families are enabled.

VPN-Instance Name and ID

Name and ID of the VPN instance. The ID is assigned by the system, which facilitates indexing.

Description

Description of the VPN instance. This field is displayed in the command output only when the description (VPN instance view) command is used.

Service ID

Service ID of the VPN instance. This item is displayed only after the service-id (VPN instance view) command is run in the VPN instance view.

Interfaces

Interfaces bound to the VPN instance. This field is displayed only after the ip binding vpn-instance command is configured on these interfaces.

Address family ipv4

Information about the IPv4 address family enabled for the VPN instance.

Address family ipv6

Information about the IPv6 address family enabled for the VPN instance.

Create date

Time when the VPN instance is created.

Up time

Period during which the VPN instance maintains in the Up state.

Route Distinguisher

RD of the VPN instance IPv4 address family or IPv6 address family

Export VPN Targets

Route Target list in the outbound direction. To set the VPN target, run the vpn-target command.

Import VPN Targets

Route Target list in the inbound direction. To set the VPN target, run the vpn-target command.

Label Policy

Label policy:
  • label per instance: indicates that the same label is allocated to routes of a VPN instance. This field is displayed in the command output only when the apply-label per-instance command is run in the VPN instance view.

  • label per route: indicates that each route of a VPN instance is assigned a label. Label allocation for routes of a VPN instance is implemented in this mode.

Per-Instance Label

Label value used when all VPN routes of the VPN instance address family share one label. This field is displayed only after the apply-label per-instance command is run in the VPN instance address family view.

IP FRR Route Policy

IP FRR route policy used for the address family. This item is displayed only after the ip frr command is run in the VPN instance IPv4 address family view.

VPN FRR Route Policy

VPN FRR route policy used for the address family. This item is displayed only after the vpn frr command is run in the VPN instance IPv4 address family view.

Import Route Policy

Import Route-Policy applied to the VPN instance. This field is displayed only after the import route-policy command is run in the VPN instance address family view.

Export Route Policy

Export Route-Policy applied to the VPN instance. This field is displayed only after the export route-policy command is run in the VPN instance address family view.

Tunnel Policy

Tunnel policy applied to the VPN instance. This field is displayed only after the tnl-policy command is run in the VPN instance address family view.

Maximum Routes Limit

Maximum number of routes supported by the current address family. This field is displayed only after the routing-table limit command is run in the VPN instance address family view.

Threshold Routes Limit

Percentage of the maximum number of routes specified for the current address family. When the maximum number of routes reaches the percentage threshold, an alarm is generated.This field is displayed only after the routing-table limit command is run in the VPN instance address family view.

Maximum Prefixes Limit

Maximum number of prefixes supported by the current address family of the VPN instanceThis field is displayed only after the prefix limit command is run in the VPN instance address family view.

Threshold Prefixes Limit

Percentage of the maximum number of prefixes specified for the current address family of the VPN instance. When the maximum number of prefixes reaches the percentage threshold, an alarm is generated.This field is displayed only after the prefix limit command is run in the VPN instance address family view.

Install Mode

Method of processing routes. The prefix limit command can be used to specify the route processing method when the threshold is lowered due to the number of route prefixes exceeding the upper threshold.
  • If route-unchanged is configured, routes in the routing information base (RIB) table remain unchanged.
  • If route-unchanged is not configured, all routes in the RIB table are deleted and the routes are re-installed in the RIB table.

Log Interval

Interval for displaying log messages when the number of VPN instance routes exceeds the maximum value. The default interval is 5 seconds. The value can be set by the command limit-log-interval.

display ipv6 vpn6-instance import-vt (upgrade-compatible command)

Function

The display ipv6 vpn6-instance import-vt command displays all IPv6 VPN instances with the specified import vpn-target attribute.

Format

display ipv6 vpn6-instance import-vt ivt-value

Parameters

Parameter Description Value
ivt-value Specifies the value of the import VPN-target attribute. The forms of IPv6 VPN targets are as follows:
  • 2-byte AS number: 4-byte user-defined number, for example, 1:3. The AS number ranges from 0 to 65535. The user-defined number ranges from 0 to 4294967295. The AS number and the user-defined number cannot both be 0. That is, a VPN target cannot be 0:0.

  • Integral 4-byte AS number:2-byte user-defined number, for example, 65537:3. An AS number ranges from 65536 to 4294967295. A user-defined number ranges from 0 to 65535. The AS number and user-defined number cannot be both 0s. That is, a VPN target cannot be 0:0.

  • 4-byte AS number in dotted notation:2-byte user-defined number, for example, 0.0:3 or 0.1:0. A 4-byte AS number in dotted notation is in the format of x.y, where x and y are integers that range from 0 to 65535 and from 0 to 65535, respectively. A user-defined number ranges from 0 to 65535. The AS number and user-defined number cannot be both 0s. That is, a VPN target cannot be 0.0:0.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

This command is available to aid upgrade compatibility. It can only be run during the configuration restoration phase of the upgrade.

After the upgrade, this command is no longer supported, and it is replaced by the display ip vpn-instance import-vt command.

ipv6 binding vpn6-instance (upgrade-compatible command)

Function

The ipv6 binding vpn6-instance command binds the current interface to an IPv6 VPN instance.

The undo ipv6 binding vpn6-instance command unbinds the current interface from an IPv6 VPN instance.

By default, an interface is a public network interface and is not bound to any IPv6 VPN instance.

Format

ipv6 binding vpn6-instance vpn6-instance-name

undo ipv6 binding vpn6-instance vpn6-instance-name

Parameters

Parameter Description Value
vpn6-instance-name Specifies the name of an IPv6 VPN instance. The name is a string of 1 to 31 case-sensitive characters.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

After an IPv6 VPN instance is created, the device interfaces belonging to the IPv6 VPN instance need to be bound to the instance; otherwise, the interfaces are public network interfaces.

After an interface is bound to an IPv6 VPN instance or an interface is unbound from an IPv6 VPN instance, the Layer 3 features such as the IPv6 address and IPv6 routing protocol configured on this interface are deleted.

ipv6 vpn6-instance (upgrade-compatible command)

Function

The ipv6 vpn6-instance command creates an IPv6 VPN instance and displays the IPv6 VPN instance view.

The undo ipv6 vpn6-instance command deletes a specified IPv6 VPN instance.

By default, no IPv6 VPN instance exists.

Format

ipv6 vpn6-instance vpn6-instance-name

undo ipv6 vpn6-instance vpn6-instance-name

Parameters

Parameter Description Value
vpn6-instance-name Specifies the name of an IPv6 VPN instance. The name is a string of 1 to 31 case-sensitive characters without any spaces.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

After this command is run, an IPv6 VPN instance is created and the IPv6 VPN instance view is displayed..

mpls l2vpn l2vpn-name (upgrade-compatible command)

Function

The mpls l2vpn l2vpn-name command creates a L2VPN instance in the Kompella mode.

Format

mpls l2vpn l2vpn-name encapsulation { atm-aal5-sdu | hdlc | ppp | fr | ip-interworking | atm-trans-cell | ip-layer2 } [ control-word | no-control-word ]

Parameters

Parameter Description Value
l2vpn-name Specifies a L2VPN instance name. The value must be an existing VPN instance name.
encapsulation { atm-aal5-sdu | hdlc | ppp | fr | ip-interworking | atm-trans-cell | ip-layer2 } Indicates the encapsulation type of the L2VPN instance.
  • ATM PWE3 protocol standards:
    • atm-aal5-sdu: One PW carries the AAL5 SDUs of one PVC.
    • atm-trans-cell: ATM cells are transmitted over PWE3 VCs.
  • Other encapsulation types:
    • fr: FR provides protocol standards for the data link layer and physical layer.
    • hdlc: HDLC is bit-oriented link layer protocol.
    • ip-interworking: This encapsulation type is used for interworking between Huawei devices.
    • ip-layer2: This encapsulation type is used for interworking between Huawei devices and non-Huawei devices.
    • ppp: PPP is a link layer protocol that specifies how to encapsulate and transmit network layer packets over P2P links.
-
control-word | no-control-word Enables or disables the control word. By default, the control word is disabled. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

This command is available to aid upgrade compatibility. It can only be run during the configuration restoration phase of the upgrade.

mpls l2vpn traffic-statistics capability enable (upgrade-compatible command)

Function

The mpls l2vpn traffic-statistics capability enable command enables VLL traffic statistics.

The undo mpls l2vpn traffic-statistics capability command disables VLL traffic statistics.

By default, VLL traffic statistics function is disabled..

Format

mpls l2vpn traffic-statistics capability enable

undo mpls l2vpn traffic-statistics capability

Parameters

None.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The traffic statistics function takes effect only on the VLLs created after you run the mpls l2vpn traffic-statistics capability enable or mpls l2vpn traffic-statistics enable command.

After you run the mpls l2vpn traffic-statistics capability enable command to enable VLL traffic statistics, you can run the display traffic-statistics l2vpn interface command to view the traffic statistics result.

Example

# Enable L2VPN traffic statistics.

<HUAWEI>system-view
[HUAWEI] mpls l2vpn traffic-statistics capability enable
Info: The modification can only take effect for newly created VC.

System Response

None.

snmp-agent trap enable feature-name l3vpn (upgrade-compatible command)

Function

The snmp-agent trap enable feature-name l3vpn command enables the trap function for the L3VPN module.

The undo snmp-agent trap enable feature-name l3vpn command disables the trap function for the L3VPN module.

By default, the trap function for the L3VPN module is disabled.

Format

snmp-agent trap enable feature-name l3vpn trap-name l3vpn_mib_trap_mid_exceed

undo snmp-agent trap enable feature-name l3vpn trap-name l3vpn_mib_trap_mid_exceed

Parameters

Parameter Description Value
trap-name Enables the traps of L3VPN events of specified types. -
l3vpn_mib_trap_mid_exceed Enables the trap of the event indicating that the number of private route prefixes exceeds the middle threshold. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. It uses a central computer (a network management station) that runs network management software to manage network elements. The management agent on the network element automatically reports traps to the network management station. After that, the network administrator immediately takes measures to resolve the problem.

The snmp-agent trap enable feature-name l3vpn command enables the trap function for L3VPN modules.

Example

# Enable the trap of the event indicating that the number of private route prefixes exceeds the middle threshold in the system view.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name l3vpn trap-name l3vpn_mib_trap_mid_exceed

snmp-agent trap enable ccc (upgrade-compatible command)

Function

The snmp-agent trap enable ccc command enables the device to send the CCC L2VPN trap message and allows you to configure the parameters for the trap message or notification.

The undo snmp-agent trap enable ccc command prohibits the device from sending the CCC L2VPN trap message.

By default, the CCC L2VPN trap message cannot be sent.

Format

snmp-agent trap enable ccc [ delete | state-change ]

undo snmp-agent trap enable ccc [ delete | state-change ]

Parameters

Parameter Description Value
delete Configures the type of the CCC L2VPN trap message as "delete". It can trigger the trap messages when the VC is deleted in the CCC L2VPN. -
state-change Configures the type of the CCC L2VPN trap message as "state-change". It can trigger the trap messages of the VC status change in the CCC L2VPN. -

Views

System view

Default Level

3: Management level

Usage Guidelines

In the CCC L2VPN, the types of trap messages, such as delete and state-change, can be sent.

In the case that the CCC L2VPN is configured and the snmp-agent trap enable ccc command is run, if the CCC is deleted or the CCC status changes, trap messages are triggered.

In the case of running the snmp-agent trap enable ccc command, if delete, or state-change is not used, all types of trap messages are triggered.

Example

# Permit the device to send CCC L2VPN trap messages. The type of trap messages is delete, and the trap messages are triggered only when the VC is deleted.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable ccc delete

# Permit the device to send CCC L2VPN trap messages. The type of the trap messages is state-change, and the trap messages are triggered only when the VC status changes.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable ccc state-change

# Permit the device to send CCC L2VPN trap messages. All types of VC trap messages are triggered.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable ccc

snmp-agent trap enable kompella (upgrade-compatible command)

Function

The snmp-agent trap enable kompella command enables the device to send the Kompella L2VPN trap message and allows you to configure the parameters for the trap message or notification.

The undo snmp-agent trap enable kompella command prohibits the device from sending the Kompella L2VPN trap message.

By default, the Kompella L2VPN trap message cannot be sent.

Format

snmp-agent trap enable kompella [ switch | delete | state-change ] *

undo snmp-agent trap enable kompella [ switch | delete | state-change ] *

Parameters

Parameter Description Value
switch Configures the type of the Kompella L2VPN trap message as switch. It can trigger trap messages of primary/secondary VC switchover in Kompella mode. -
delete Configures the type of the Kompella L2VPN trap message as delete. It can trigger the trap messages when the VC in Kompella mode is deleted. -
state-change Configures the type of the Kompella L2VPN trap message as state-change. It can trigger the trap messages of the VC state change in Kompella mode. -

Views

System view

Default Level

3: Management level

Usage Guidelines

In Kompella mode, the types of trap messages, such as switch, delete, and state-change, can be sent.

In the case that the Kompella L2VPN is configured and the snmp-agent trap enable kompella command is run, if the VC is deleted or the VC status changes, trap messages are triggered.

In the case of running the snmp-agent trap enable kompella command, if switch, delete, or state-change is not used, all types of trap messages are triggered.

Example

# Permit the device to send Kompella L2VPN trap messages. The type of the trap messages is switch, which only triggers the trap messages that are generated for primary/secondary VC switchover.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable kompella switch

# Permit the device to send Kompella L2VPN trap messages. The type of the trap messages is delete, which only triggers the trap messages that are generated when the VC is deleted.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable kompella delete

# Permit the device to send Kompella L2VPN trap messages. The type of the trap messages is state-change, which only triggers the trap messages that are generated when the VC status changes.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable kompella state-change

# Permit the device to send Kompella L2VPN trap messages. All types of VC trap messages are triggered.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable kompella

snmp-agent trap enable l3vpn (upgrade-compatible command)

Function

The snmp-agent trap enable l3vpn command enables the device to send the L3VPN trap message.

The undo snmp-agent trap enable l3vpn command prohibits the device from sending the L3VPN trap message.

By default, the L3VPN trap message cannot be sent.

Format

snmp-agent trap enable l3vpn

undo snmp-agent trap enable l3vpn

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

None

Example

# Permit the device to send the L3VPN trap message.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable l3vpn 

snmp-agent trap enable pw (upgrade-compatible command)

Function

The snmp-agent trap enable pw command enables the device to send the PWE3 trap message and allows you to configure the parameters for the trap message or notification message.

The undo snmp-agent trap enable pw command prohibits the device from sending the PWE3 trap message.

By default, the PWE3 trap message cannot be sent.

Format

snmp-agent trap enable pw [ switch | delete | state-change ] *

undo snmp-agent trap enable pw [ switch | delete | state-change ] *

Parameters

Parameter Description Value
switch Configures the type of the PWE3 trap message as "switch". It can trigger trap messages of primary/secondary PW switchover in PWE3 mode. -
delete Configures the type of the PWE3 trap message as "delete". It can trigger the trap messages used for deleting the PW in PWE3 mode. -
state-change Configures the type of the PWE3 trap message as "state-change". It can trigger the trap messages of the PW state change in PWE3 mode. -

Views

System view

Default Level

3: Management level

Usage Guidelines

PWE3 can send such types of trap messages as switch, delete, and state-change.

In the case that the PWE3 feature is configured and the snmp-agent trap enable pw command is run, if the PW is deleted or the PW state changes, trap messages are triggered.

In the case of running the snmp-agent trap enable pw command, if switch, delete, or state-change is not used, all types of trap messages are triggered.

Example

# Permit the device to send PWE3 trap messages. The type of the PWE3 trap messages is switch, which only triggers the trap messages that are generated when the primary PW and the secondary PW are mutually switched.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable pw switch

# Permit the device to send PWE3 trap messages. The type of the PWE3 trap messages is delete, which only triggers the trap messages that are generated when the PW is deleted.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable pw delete

# Permit the device to send PWE3 trap messages. The type of the PWE3 trap messages is state-change, which only triggers the trap messages that are generated when the PW state changes.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable pw state-change

# Permit the device to send PWE3 trap messages. All types of PW trap messages are triggered.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable pw

snmp-agent trap enable svc (upgrade-compatible command)

Function

The snmp-agent trap enable svc command enables the device to send the SVC L2VPN trap message and allows you to configure the parameters for the trap message or notification.

The undo snmp-agent trap enable svc command prohibits the device from sending the SVC L2VPN trap message.

By default, the SVC L2VPN trap message cannot be sent.

Format

snmp-agent trap enable svc [ delete | state-change ]

undo snmp-agent trap enable svc [ delete | state-change ]

Parameters

Parameter Description Value
delete Configures the type of the SVC L2VPN trap message as "delete". It can trigger the trap messages when the VC in SVC mode is deleted. -
state-change Configures the type of the SVC L2VPN trap message as "state-change". It can trigger the trap messages of the VC state change in SVC mode. -

Views

System view

Default Level

3: Management level

Usage Guidelines

In SVC mode, the trap messages with the type of delete and state-change can be sent.

In the case that the SVC L2VPN is configured and the snmp-agent trap enable svc command is run, if the VC is deleted or the VC status changes, trap messages are triggered.

In the case of running the snmp-agent trap enable svc command, if delete or state-change is not used, all types of trap messages are triggered.

Example

# Permit the device to send SVC L2VPN trap messages. The type of the trap messages is delete, which only triggers the trap messages that are generated when the VC is deleted.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable svc delete

# Permit the device to send SVC L2VPN trap messages. The type of the trap messages is state-change, which only triggers the trap messages that are generated when the VC status changes.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable svc state-change

# Permit the device to send SVC L2VPN trap messages. All types of VC trap messages are triggered.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable svc

snmp-agent trap enable vpls (upgrade-compatible command)

Function

The snmp-agent trap enable vpls command enables the device to send the VPLS trap message. In VPLS mode, when the status of the VC or VSI changes, it triggers trap messages.

The undo snmp-agent trap enable vpls command prohibits the device from sending the VPLS trap message.

By default, the VPLS trap message cannot be sent.

Format

snmp-agent trap enable vpls

undo snmp-agent trap enable vpls

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

None

Example

# Permit the device to send the VPLS trap message. Therefore, the status change of VCs and VSIs can trigger trap messages.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable vpls

split-horizon disable (upgrade-compatible command)

Function

The split-horizon disable command configures all PWs of a BGP AD VSI as spoke PWs to disable split horizon of the PWs.

Format

split-horizon disable

Parameters

None

Views

VSI-BGPAD view

Default Level

2: Configuration level

Usage Guidelines

If a BGP AD VPLS needs to be deployed on a network with a star or tree topology (on which one PE that serves as a server or an authorization device is configured as the hub PE, and other PEs are configured as spoke PEs), all PWs of the VSI on the hub PE must be configured as spoke PWs to disable split horizon of the PWs.

After the split-horizon disable command is run, all PWs of the specified VSI become spoke PWs. Split horizon does not function on spoke PWs. This means that packets sent from Spoke PWs can be forwarded to other PWs.

Example

# Create a BGP AD VSI named company1 and disable split horizon of the PWs.

<HUAWEI> system-view
[HUAWEI] vsi company1
[HUAWEI-vsi-company1] bgp-ad
[HUAWEI-vsi-company1-bgpad] vpls-id 65535:1
[HUAWEI-vsi-company1-bgpad] split-horizon disable

traffic-statistics nexthop remote-site enable (Kompella) (upgrade-compatible command)

Function

The traffic-statistics nexthop remote-site enable command enables the statistics about the public traffic on a specified Kompella VPLS PW.

The undo traffic-statistics nexthop remote-site enable command disables the statistics about the public traffic on a specified Kompella VPLS PW.

By default, the statistics of the public traffic on the Kompella VPLS PW are disabled.

Format

traffic-statistics nexthop nexthop-address remote-site site-id enable

undo traffic-statistics nexthop nexthop-address remote-site site-id enable

Parameters

Parameter Description Value
nexthop nexthop-address Specifies the nexthop IP address of the PW. -
remote-site site-id Specifies the remote site ID. The value is anl integer that ranges from 0 to 65534.

Views

VSI-BGP view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After the Kompella VPLS network is configured, you can run the traffic-statistics nexthop remote-site enable command to enable statistics about the traffic on the specified PW. You can specify nexthop-address to enable the statistics about the traffic on the corresponding PW.

Prerequisites

The RD of the VSI has been configured using the route-distinguisher route-distinguisher command in the VSI-BGP view.

Example

# Enable the statistics about the public traffic on the specified Kompella VPLS PW.

<HUAWEI> system-view
[HUAWEI] vsi newvsi auto
[HUAWEI-vsi-newvsi] pwsignal bgp
[HUAWEI-vsi-newvsi-bgp] traffic-statistics nexthop 10.22.33.20 remote-site 2 enable

tunnel-policy (PW template view) (upgrade-compatible command)

Function

The tunnel-policy command configures a tunnel policy for a PW template.

By default, no tunnel policy is configured for a PW template.

Format

tunnel-policy policy-name

Parameters

Parameter Description Value
policy-name Specifies the name of a tunnel policy. The value is a string of 1 to 39 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

PW template view

Default Level

3: Management level

Usage Guidelines

This command is available to aid upgrade compatibility. It can only be run during the configuration restoration phase of the upgrade.

After the upgrade, this command is no longer supported, and it is replaced by the tnl-policy (PW template view) command in the PW template view.

sa authentication-hex (upgrade-compatible command)

Function

The sa authentication-hex command sets an authentication in hexadecimal format or cipher text for Security Associations (SAs).

Format

sa authentication-hex { inbound | outbound } { ah | esp } plain hex-plain-key

Parameters

Parameter Description Value
inbound

Specifies SA parameters for incoming packets.

-

outbound

Specifies SA parameters for outgoing packets.

-

ah

Specifies SA parameters for Authentication Header (AH). If the security proposal applied to an SA uses AH, ah must be configured in the sa authentication-hex command.

-

esp

Specifies SA parameters for Encapsulating Security Payload (ESP). If the security proposal applied to an SA uses ESP, esp must be configured in the sa authentication-hex command.

-

plain

Indicates the plain text used for authentication.

-

hex-plain-key

Specifies the plain text key.

The value is in hexadecimal notation.
  • If authentication algorithm Message Digest 5 (MD5) is used, the length of the key is 16 bytes.
  • If authentication algorithm Secure Hash Algorithm-1 (SHA-1) is used, the length of the key is 20 bytes.
  • If authentication algorithm SHA2-256 is used, the length of the key is 32 bytes.
NOTE:

The MD5 and SHA-1 authentication algorithms have security risks; therefore, you are advised to use SHA-256 preferentially.

Views

SA view

Default Level

3: Management level

Usage Guidelines

This command is upgrade compatible and can be executed during configuration recovery. Users cannot manually configure this command.

After the upgrade, this command is no longer supported, and it is replaced by the sa authentication-hex command.

sa encryption-hex (upgrade-compatible command)

Function

The sa encryption-hex command configures an encryption key for manual Security Association (SA) in hexadecimal format.

Format

sa encryption-hex { inbound | outbound } { ah | esp } plain hex-plain-key

Parameters

Parameter Description Value
inbound Specifies SA parameters for incoming packets. -
outbound Specifies SA parameters for outgoing packets. -
ah Specifies SA parameters for Authentication Header (AH). If the security proposal applied to an SA uses AH, ah must be configured in the sa encryption-hex command. -
esp Specifies SA parameters for Encapsulating Security Payload (ESP). If the security proposal applied to an SA uses ESP, esp must be configured in the sa encryption-hex command. -
plain Indicates the plaintext used for authentication. -
hex-plain-key Specifies the plaintext key. The value is in hexadecimal notation.
  • If encryption algorithm Data Encryption Standard (DES) is used, the length of the key is 8 bytes.
  • If encryption algorithm Triple Data Encryption Standard (3DES) is used, the length of the key is 24 bytes.
  • If encryption algorithm Advanced Encryption Standard 128 (AES-128) is used, the length of the key is 16 bytes.
  • If encryption algorithm AES-192 is used, the length of the key is 24 bytes.
  • If encryption algorithm AES-256 is used, the length of the key is 32 bytes.
NOTE:

The DES and 3DES encryption algorithms have security risks; therefore, you are advised to use AES-128, AES-192 or AES-256 preferentially.

Views

SA view

Default Level

3: Management level

Usage Guidelines

This command is upgrade compatible and can be executed during configuration recovery. Users cannot manually configure this command.

After the upgrade, this command is no longer supported, and it is replaced by the sa encryption-hex command.

sa string-key (upgrade-compatible command)

Function

The sa string-key command configures an authentication key in the string format.

Format

sa string-key { inbound | outbound } { ah | esp } plain string-plain-key

Parameters

Parameter Description Value
inbound Specifies SA parameters for incoming packets. -
outbound Specifies SA parameters for outgoing packets. -
ah Specifies SA parameters for Authentication Header (AH). If the security proposal applied to an SA uses AH, ah must be configured in the sa string-key command. -
esp Specifies SA parameters for Encapsulating Security Payload (ESP). If the security proposal applied to an SA uses ESP, esp must be configured in the sa string-key command. -
plain Indicates the plaintext used for authentication. -
string-plain-key Specifies the plaintext key. The value is a string of 1 to 127 case-sensitive characters.

Views

SA view

Default Level

3: Management level

Usage Guidelines

This command is upgrade compatible and can be executed during configuration recovery. Users cannot manually configure this command.

After the upgrade, this command is no longer supported, and it is replaced by the sa string-key command.

Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178288

Views: 28757

Downloads: 109

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next