No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

S7700 and S9700 V200R011C10

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Traffic Distribution Commands

Traffic Distribution Commands

NOTE:

The device supports the traffic distribution function, which resolves traffic into small pieces of information that can be processed by hosts. The information may be related to communication between customers, but Huawei will not collect or save user communication information independently. This function involves analyzing the communications information of terminal customers. Before enabling the function, ensure that it is performed within the boundaries permitted by applicable laws and regulations. Effective measures must be taken to ensure that information is securely protected.

Command Support

Commands provided in this section and all the parameters in the commands are supported by all switch models by default, unless otherwise specified. For details, see specific commands.

display out-interface

Function

The display out-interface command displays the outbound interface and instant statistics of the packets that contain the specified quintuple information.

NOTE:

X series cards do not support this command.

Format

display out-interface sip source-ip-address dip destination-ip-address [ sport source-port dport destination-port [ protocol { protocol-number | gre | icmp | igmp | ip | ipinip | ospf | tcp | udp } ] ]

Parameters

Parameter

Description

Value

sip source-ip-address

Specifies the source IP address.

The value is in dotted decimal notation.

dip destination-ip-address

Specifies the destination IP address.

The value is in dotted decimal notation.

sport source-port

Specifies the source port number.

The value is an integer that ranges from 0 to 65535.

dport destination-port

Specifies the destination port number.

The value is an integer that ranges from 0 to 65535.

protocol { protocol-number | gre | icmp | igmp | ip | ipinip | ospf | tcp | udp }

Specifies the protocol number or type.
  • protocol-number specifies the protocol number.

  • The protocol type can be GRE, ICMP, IGMP, IP, IPINIP, OSPF, TCP, or UDP.

The value of protocol-number is an integer that ranges from 1 to 255.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

If packets with no specified quintuple information carried pass through interfaces, no information is displayed on the device.

If packets with the specified quintuple information carried pass through interfaces, the information about the outbound interface and statistics on packets is displayed on the device.

NOTE:
After the collect forward-path command configures the device to collect inbound and outbound interfaces and traffic information about packets with 5-tuple information, there is no information in the display out-interface command output. The display out-interface command displays inbound and outbound interfaces and traffic information about packets with 5-tuple information only when the collect forward-path command is not used or the collect forward-path command configuration is canceled.

Example

# Check the outbound interface of and statistics on the packets with the source IP address being 10.0.1.1 and the destination IP address being 10.1.1.2.
<HUAWEI> display out-interface sip 10.0.1.1 dip 10.1.1.2
Out interface   : GigabitEthernet1/0/1
Passed packets  : 74
Passed bytes    : 7844
Discard packets : 0
Discard bytes   : 0 
Table 16-84  Description of the display out-interface command output

Item

Description

Out Interface

Outbound interface through which packets are forwarded.

Passed packets

Number of forwarded packets.

Passed bytes

Total bytes of forwarded packets.

Discard packets

Number of discarded packets.

Discard bytes

Total bytes of discarded packets.

ecmp load-balance diffluence

Function

The ecmp load-balance diffluence command configures ECMP-based distribution of packets with the same source address and destination address.

The undo ecmp load-balance diffluence command cancels ECMP-based distribution of packets with the same source address and destination address.

By default, ECMP-based distribution of packets with the same source address and destination address is not configured.

NOTE:

The X series cards do not support this command.

Format

ecmp load-balance diffluence

undo ecmp load-balance diffluence

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Scenario

In addition to analyzing the unidirectional traffic of the two communication parties, a packet analysis device needs to analyze traffic between the two communication parties so that the traffic information can be fully analyzed. In this case, the packets of the two communication parties need to be distributed to the same traffic distribution server. The traffic distribution device is required to support the algorithm based on the same source and destination in the specific forwarding procedure. Identical source and destination indicates that bidirectional data packets of a network connection must be sent out from the same outbound interface. To configure ECMP-based traffic distribution, run the ecmp load-balance diffluence command to configure distribution of packets with the same source address and destination address.

Precautions

Eth-Trunk-based distribution and ECMP-based distribution of packets with the same source address and destination address cannot be simultaneously configured. The ecmp load-balance diffluence command cannot be executed together with the load-balance diffluence command; otherwise, the system displays an error message.

The ecmp load-balance diffluence command can be configured without a license. ECMP-based distribution of packets with the same source address and destination address does not take effect if two communication parties send packets through an X series card and a non-X series card, respectively. In this case, the packets are load balanced between two outbound interfaces.

Example

# Configure ECMP-based distribution of packets with the same source addresses and destination addresses.

<HUAWEI> system-view
[HUAWEI] ecmp load-balance diffluence

ip forwarding mac-unvaried

Function

The ip forwarding mac-unvaried command disables the device from replacing the source and destination MAC addresses of IP packets.

The undo ip forwarding mac-unvaried command restores the default configuration.

By default, the device replaces the source MAC address of an IP packet with the system MAC address of the forwarding device and replaces the destination MAC address of the packet with the system MAC address of the next-hop device.

Format

ip forwarding mac-unvaried

undo ip forwarding mac-unvaried

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In Layer 3 forwarding service, network devices replace the source and destination MAC addresses of IP packets. However, in the traffic distribution service, the network devices should forward packets to the traffic analysis server with minimum modification, to ensure accuracy of traffic analysis. The ip forwarding mac-unvaried command disables the network devices from replacing the source and destination MAC addresses of IP packets.

Precautions

To execute the ip forwarding mac-unvaried command, a license is required. If no license is available, you can configure the command on the device, but the command does not take effect.

Example

# Disable the device from replacing the source and destination MAC addresses of IP packets during Layer 3 forwarding.

<HUAWEI> system-view
[HUAWEI] ip forwarding mac-unvaried

ip forward-mode dstmac-independent (system view)

Function

The ip forward-mode dstmac-independent command configures a batch of VLANIF interfaces to ignore MAC address check for IP packets.

The undo ip forward-mode dstmac-independent command restores the default configuration.

By default, the device compares the destination MAC address of the IP packet to be forwarded against the device's system MAC address. If they are the same, the device forwards the packet. Otherwise, the device discards the packet.

Format

ip forward-mode dstmac-independent interface vlanif { vlan-id1 [ to vlan-id2 ] } &<1-10>

undo ip forward-mode dstmac-independent interface vlanif { vlan-id1 [ to vlan-id2 ] } &<1-10>

Parameters

Parameter Description Value
interface vlanif

Specifies a VLANIF interface.

-

vlan-id1 [ to vlan-id2 ]
Specifies the VLAN IDs corresponding to the VLANIF interfaces:
  • vlan-id1 indicates the start VLAN ID.

  • vlan-id2 indicates the end VLAN ID.

    vlan-id2 must be greater than or equivalent to vlan-id1. The vlan-id2 and vlan-id1 parameters determine a VLAN range.

  • If you do not specify to vlan-id2, only one VLAN ID is specified.

NOTE:

The values of vlan-id1 and vlan-id2 must be existing VLAN IDs on the device.

Set the value according to the device configuration.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After ECMP-based traffic distribution is enabled, the traffic distribution switch checks the destination MAC addresses of the packets received from the upstream traffic distribution device. When the switch finds that the destination MAC addresses are not its own system MAC address, the switch discards the packets. After the ip forward-mode dstmac-independent command is executed, the traffic distribution switch searches the routing table for the destination IP addresses of the IP packets and forwards the IP packets according to routes.

Precautions

After the command is executed, the configuration information is recorded in the VLANIF interface view, but not in the system view.

The ip forward-mode dstmac-independent command can take effect only after the traffic distribution license is loaded to the device.

Example

# Configure VLANIF 100 to 200 to ignore MAC address check for IP packets during Layer 3 forwarding.

<HUAWEI> system-view
[HUAWEI] ip forward-mode dstmac-independent interface vlanif 100 to 200

ip forward-mode dstmac-independent (VLANIF interface view)

Function

The ip forward-mode dstmac-independent command configures a VLANIF interface to ignore MAC address check for IP packets.

The undo ip forward-mode dstmac-independent command restores the default configuration.

By default, the device compares the destination MAC address of the IP packet to be forwarded against the device's system MAC address. If they are the same, the device forwards the packet. Otherwise, the device discards the packet.

Format

ip forward-mode dstmac-independent

undo ip forward-mode dstmac-independent

Parameters

None

Views

VLANIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After ECMP-based traffic distribution is configured, the traffic distribution switch forwards the packets from the upstream traffic distribution device at Layer 3. In traffic distribution service, the network devices should forward packets to the traffic analysis server with minimum modification, to ensure accuracy of traffic analysis. When the destination MAC addresses of the packets from the upstream device is not the system MAC address of the switch, the switch discards the packets. After the ip forward-mode dstmac-independent command is executed, the traffic distribution switch searches the routing table for the destination IP addresses of the IP packets and forwards the IP packets according to routes.

Precautions

To execute the p forward-mode dstmac-independent command, a license is required. If no license is available, you can configure the command on the device, but the command does not take effect.

Example

# Configure VLANIF 100 to ignore MAC address check for IP packets during Layer 3 forwarding.

<HUAWEI> system-view
[HUAWEI] interface Vlanif 100
[HUAWEI-Vlanif100] ip forward-mode dstmac-independent

load-balance diffluence

Function

The load-balance diffluence command configures Eth-Trunk-based distribution of packets with the same source address and destination address.

The undo load-balance command cancels Eth-Trunk-based distribution of packets with the same source address and destination address.

By default, Eth-Trunk-based distribution of packets with the same source address and destination address is not configured.

Format

load-balance diffluence

undo load-balance

Parameters

None

Views

Eth-Trunk interface view

Default Level

2: Configuration level

Usage Guidelines

Scenario

In addition to analyzing the unidirectional traffic of the two communication parties, a packet analysis device needs to analyze traffic between the two communication parties so that the traffic information can be fully analyzed. In this case, the packets of the two communication parties need to be distributed to the same traffic distribution server. The traffic distribution device is required to support the algorithm based on the same source and destination in the specific forwarding procedure. Identical source and destination indicates that bidirectional data packets of a network connection must be sent out from the same outbound interface. To configure Eth-Trunk-based traffic distribution, run the load-balance diffluence command to configure distribution of packets with the same source address and destination address.

Precautions

Eth-Trunk-based distribution and ECMP-based distribution of packets with the same source address and destination address cannot be simultaneously configured. The load-balance diffluence command cannot be executed together with the ecmp load-balance diffluence command; otherwise, the system displays an error message.

The load-balance diffluence and unknown-unicast load-balance enhanced lbid commands cannot be used simultaneously.

Example

# Configure Eth-Trunk-based distribution of packets with the same source addresses and destination addresses.

<HUAWEI> system-view
[HUAWEI] interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1] load-balance diffluence

set ttl unvaried

Function

The set ttl unvaried command configures the device to retain the original TTL value of packets after the packets are forwarded at Layer 3.

The undo set ttl unvaried command cancels the configuration of retaining the original TTL value of packets after the packets are forwarded at Layer 3.

By default, the original TTL value of packets changes after the packets are forwarded at Layer 3.

NOTE:

Only the B series cards, FC series cards, E series cards (except EH1D2X48SEC0 card and ET1D2X48SEC0 card), and S series cards support this command.

Format

set ttl unvaried

undo set ttl unvaried

Parameters

None

Views

GE interface view, XGE interface view, port group view, 40GE interface view, 100GE interface view

Default Level

2: Configuration level

Usage Guidelines

After distributed packets are forwarded at Layer 3, the TTL value of the packets is decreased by 1. The contents of the packets are changed. To ensure the same contents of packets before and after traffic distribution, you need to run the set ttl unvaried command on the inbound interface to retain the original TTL value after packets are forwarded at Layer 3.

Example

# Configure the device to retain the original TTL value of packets after the packets are forwarded at Layer 3.

<HUAWEI> system-view
[HUAWEI] interface gigabitEthernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] set ttl unvaried

single-fiber enable

Function

The single-fiber enable command enables the single-fiber communication function on an optical interface.

The undo single-fiber enable command disables the single-fiber communication function on an optical interface.

By default, the single-fiber communication function is disabled on an interface.

Format

single-fiber enable

undo single-fiber enable

Parameters

None

Views

GE interface view, XGE interface view, port group view, 40GE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

During network management and maintenance, the administrator may need to send traffic from users to a specified server for analysis and processing. If a server can receive and send packets, there is a possibility that the server forwards user traffic to other devices, causing a security risk. The unidirectional single-fiber communication function can address this issue. A single fiber means that two optical modules are connected by only one fiber, and unidirectional communication means that packets can be sent in only one direction. With this function, a switch can only send but cannot receive packets, and an analysis server can only receive but cannot send packets. The data security on the analysis server is ensured.

Prerequisites

Before you run the single-fiber enable command, ensure that the interface works in non-auto negotiation mode. You can run the undo negotiation auto command to configure the interface to work in the non-auto negotiation mode.

XGE and 40GE interfaces work in non-auto negotiation mode by default. Therefore, you can run the single-fiber enable command directly.

Precautions

An optical interface does not support this function after it connects to a cable.

On the S7700, only the E series cards (excluding EE cards), ES0D0X12SA00 card and SC cards in the S series, and FC cards in the F series support unidirectional single-fiber communication. A license is required.On the S9700, only the E series cards (excluding EE cards and EH1D2S24CEA0), EH1D2X12SSA0 card and SC cards in the S series, and FC cards in the F series support unidirectional single-fiber communication. A license is required.

The remote interface also works in non-auto negotiation mode and the rate of the peer interface is the same as the rate of the local interface.

NOTE:

The single-fiber enable command and the Configuring Internal Loopback Detection and MAC SWAP loopback test function cannot be configured on the same interface.

A GE optical interface supports the single-fiber enable command only when it works at a rate of 1000 Mbit/s.

An XGE optical interface supports the single-fiber enable command only when it has no module installed or has a GE or an XGE optical module installed.

A 40GE optical interface supports the single-fiber enable command only when it has no optical module installed or has a 40GE optical module installed.

On an interface with the single-fiber enable command configured, the command is deleted by the system in the following situations:
  • The GE optical interface has an FE optical module installed.
  • The GE optical interface does not work at a rate of 1000 Mbit/s.
  • The XGE interface is connected to a cable or has a GE optical module installed.
  • The 40GE interface is connected to a cable.

Example

# Enable GigabitEthernet1/0/1 to send packets through a single fiber.
<HUAWEI> system-view
[HUAWEI] interface GigabitEthernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo negotiation auto
[HUAWEI-GigabitEthernet1/0/1] single-fiber enable
Related Topics
Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178288

Views: 25708

Downloads: 109

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next