ip source check user-bind enable

WLAN AC V200R010C00 Command Reference

About This Document
How to Use Command Lines
- Entering Command Views
- Setting Command Levels
- Editing Command Lines
- Using Command Line Online Help
- Interpreting Command Line Error Messages
- Using the undo Command Line
- Displaying History Commands
- Using Command Line Shortcut Keys
Basic Configurations Commands
- CLI Overview Commands
- First Login Commands
- UI Configuration Commands
- User Login Configuration Commands
- File Management Commands
- Configuring System Startup Commands
- Upgrade Commands
- HTTP Server Commands
Cloud-based Management Configuration Commands
- ac-mode
- cloud-mng controller
- cloud-mng register-center disable
- display ac-mode
- display cloud-mng info
- display cloud-mng register-center status
- display cloud license
- display pnp configuration
- display pnp run-info
- lldp tlv-enable legacy-tlv pnp
- pnp startup-link-aggregation enable
- pnp startup-vlan
- pnp startup-vlan receive enable
- pnp startup-vlan send enable
- pki-load general-certificate
Device Management Commands
- Device Status Checking Commands
- Hardware Configuration Commands
- Energy-saving Configuration Commands
- Fault Management Commands
- Information Center Configuration Commands
- NTP Configuration Commands
- PoE Configuration Commands
Interface Management Commands
- Basic Interface Configuration Commands
- Ethernet Interface Configuration Commands
- Logical Interface Configuration Commands
Network Interconnection Configurations Commands
- MAC Address Table Configuration Commands
  - display loop-detect eth-loop
  - display bridge mac-address
  - display mac-address
  - display mac-address aging-time
  - display mac-address blackhole
  - display mac-address dynamic
  - display mac-address security
  - display mac-address static
  - display mac-address sticky
  - display mac-address summary
  - display mac-address total-number
  - display mac-limit
  - loop-detect eth-loop
  - mac-address
  - mac-address aging-time
  - mac-address learning disable
  - mac-learning priority
  - mac-learning priority allow-flapping
  - mac-limit
  - port bridge enable
  - port-security aging-time
  - port-security enable
  - port-security mac-address sticky
  - port-security max-mac-num
  - port-security protect-action
  - reset loop-detect eth-loop
- Ethernet Link Aggregation Commands
  - display eth-trunk
  - display interface eth-trunk
  - display lacp brief
  - display lacp error packet
  - display lacp statistics eth-trunk
  - display trunk index-map
  - display trunk resource
  - display trunkmembership eth-trunk
  - display trunkfwdtbl eth-trunk
  - eth-trunk
  - interface eth-trunk
  - lacp collector delay
  - lacp preempt delay
  - lacp preempt enable
  - lacp priority
  - lacp priority-command-mode
  - lacp selected
  - lacp system-priority
  - lacp src-mac
  - lacp timeout
  - least active-linknumber
  - load-balance
  - max active-linknumber
  - mode
  - reset lacp error packet statistics
  - reset lacp statistics eth-trunk
  - trunkport
  - trunk member-port-inspect
  - trunk-member trap
- VLAN Configuration Commands
  - access-vlan
  - aggregate-vlan
  - damping time
  - description (VLAN view)
  - description (VLANIF interface view)
  - display interface vlanif
  - display port vlan
  - display sub-vlan
  - display super-vlan
  - display vlan
  - interface vlanif
  - ip pool (VLAN view)
  - management-vlan
  - mtu (VLANIF interface view)
  - name (VLAN view)
  - port
  - port default vlan
  - port hybrid pvid vlan
  - port hybrid tagged vlan
  - port hybrid untagged vlan
  - port link-type
  - port trunk allow-pass vlan
  - port trunk pvid vlan
  - reset vlan statistics
  - shutdown (VLANIF interface view)
  - vlan
  - vlan vlan-name
- STP/RSTP/MSTP Configuration Commands
  - active region-configuration
  - check region-configuration
  - display stp
  - display stp abnormal-interface
  - display stp active
  - display stp bridge
  - display stp error packet
  - display stp global
  - display stp region-configuration
  - display stp tc-bpdu statistics
  - display stp topology-change
  - display stp vlan
  - instance
  - max bandwidth-affected-linknumber
  - region-name
  - reset stp error packet statistics
  - reset stp statistics
  - revision-level
  - stp bpdu-filter
  - stp bpdu-filter default
  - stp bpdu-protection
  - stp bridge-diameter
  - stp compliance
  - stp config-digest-snoop
  - stp converge
  - stp cost
  - stp edged-port
  - stp edged-port default
  - stp enable
  - stp loop-protection
  - stp max-hops
  - stp mcheck
  - stp mode (system view)
  - stp no-agreement-check
  - stp pathcost-standard
  - stp point-to-point
  - stp port priority
  - stp priority
  - stp region-configuration
  - stp root
  - stp root-protection
  - stp tc-protection
  - stp tc-protection interval
  - stp tc-protection threshold
  - stp timer forward-delay
  - stp timer hello
  - stp timer max-age
  - stp timer-factor
  - stp transmit-limit (interface view)
  - stp transmit-limit (system view)
  - vlan-mapping modulo
- IPv4 Configuration Commands
  - ip address
- ARP Configuration Commands
  - arp detect-mode unicast
  - arp detect-times
  - arp expire-time
  - arp static
  - arp topology-change disable
  - arp-ping ip
  - arp-ping mac
  - arp-proxy enable
  - arp-proxy inner-sub-vlan-proxy enable
  - arp-proxy inter-sub-vlan-proxy enable
  - arp send-packet
  - arp-suppress enable
  - display arp
  - display arp dynamic
  - display arp error packet
  - display arp interface
  - display arp ip-conflict track
  - display arp network
  - display arp packet statistics
  - display arp static
  - display arp statistics
  - display arp track
  - display snmp-agent trap feature-name arp all
  - l2-topology detect enable
  - reset arp
  - reset arp packet statistics
  - snmp-agent trap enable feature-name arp
- DHCP Configuration Commands
  - alarm ip-used percentage
  - bootfile
  - conflict auto-recycle interval
  - dhcp anti-attack check duplicate option
  - dhcp client class-id (interface view)
  - dhcp client class-id (system view)
  - dhcp client client-id
  - dhcp client expected-lease
  - dhcp client gateway-detect
  - dhcp client default-route preference
  - dhcp client hostname
  - dhcp client renew
  - dhcp client request option-list exclude
  - dhcp client request option-list
  - dhcp enable
  - dhcp option template
  - dhcp relay gateway-switch enable
  - dhcp relay information enable
  - dhcp relay information strategy
  - dhcp relay release
  - dhcp relay request server-match enable
  - dhcp relay reply forward all enable
  - dhcp relay server-ip
  - dhcp relay server-select
  - dhcp relay trust option82
  - dhcp proxy timeout
  - dhcp set ttl
  - dhcp select global
  - dhcp select interface
  - dhcp server alarm ip-used percentage
  - dhcp select relay
  - dhcp server bootfile
  - dhcp server bootp
  - dhcp server bootp automatic
  - dhcp server conflict auto-recycle interval
  - dhcp server database
  - dhcp server dns-list
  - dhcp server domain-name (interface view)
  - dhcp server excluded-ip-address
  - dhcp server gateway-list
  - dhcp server force insert option
  - dhcp server force response
  - dhcp server group
  - dhcp server ip-range
  - dhcp server lease
  - dhcp server logging
  - dhcp server mask
  - dhcp server nbns-list
  - dhcp server netbios-type
  - dhcp server next-server
  - dhcp server option
  - dhcp server option121
  - dhcp server option184
  - dhcp server ping
  - dhcp server sip-server
  - dhcp server sname
  - dhcp server static-bind
  - dhcp server trust option82
  - dhcp speed-limit auto
  - dhcp-server
  - display dhcp client
  - display dhcp client statistics
  - display dhcp configuration
  - display dhcp option template
  - display dhcp proxy user-table
  - display dhcp relay
  - display dhcp relay statistics
  - display dhcp relay user-table
  - display dhcp server database
  - display dhcp server configuration
  - display dhcp server group
  - display dhcp server statistics
  - display dhcp statistics
  - display ip pool
  - display snmp-agent trap feature-name dhcp all
  - dns-list
  - domain-name
  - excluded-ip-address
  - force insert option
  - gateway (DHCP server group view)
  - gateway-list
  - ip pool (system view)
  - ip relay address cycle
  - ip route dhcp
  - ip address bootp-alloc
  - ip address dhcp-alloc
  - lease
  - lock (IP address pool view)
  - logging (IP address pool view)
  - nbns-list
  - netbios-type
  - network (IP address pool view)
  - next-server
  - option
  - option121
  - option184
  - reset dhcp client statistics
  - reset dhcp proxy user-table
  - reset dhcp relay statistics
  - reset dhcp server statistics
  - dhcp relay detect enable
  - reset dhcp statistics
  - reset ip pool
  - section (IP address pool view)
  - sip-server (IP address pool view)
  - sname
  - snmp-agent trap enable feature-name dhcp
  - static-bind
- DHCPv6 Configuration Commands
  - address prefix
  - capwap-ac (IPv6 address pool view)
  - conflict-address expire-time
  - dhcpv6 client renew
  - dhcpv6 duid
  - dhcpv6 interface-id format
  - dhcpv6 interface-id insert enable
  - dhcpv6 packet-rate
  - dhcpv6 packet-rate drop-alarm enable
  - dhcpv6 packet-rate drop-alarm threshold
  - dhcpv6 pool
  - dhcpv6 relay destination
  - dhcpv6 relay option79 insert enable
  - dhcpv6 relay server-select
  - dhcpv6 remote-id format
  - dhcpv6 remote-id insert enable
  - dhcpv6 remote-id rebuild enable
  - dhcpv6 server (system view)
  - dhcpv6 server (interface view)
  - dhcpv6-server
  - dhcpv6 server database
  - dhcpv6 server group
  - display dhcpv6 duid
  - display dhcpv6 pool
  - display dhcpv6 relay
  - display dhcpv6 relay configuration
  - display dhcpv6 relay statistics
  - display dhcpv6 server
  - display dhcpv6 server group
  - display dhcpv6 statistics
  - dns-domain-name
  - dns-server (IPv6 address pool view)
  - excluded-address
  - information-refresh
  - link-address
  - lock (IPv6 address pool view)
  - logging (IPv6 address pool view)
  - nis-domain-name
  - nisp-domain-name
  - nisp-server
  - nis-server
  - prefix-delegation
  - renew-time-percent rebind-time-percent
  - reset dhcpv6 pool
  - reset dhcpv6 relay statistics
  - reset dhcpv6 server statistics
  - reset dhcpv6 statistics
  - sip-domain-name
  - sip-server (IPv6 address pool view)
  - sntp-server
  - static-bind address
  - static-bind prefix
  - suboption
  - vendor-specific
  - dhcpv6 relay source-interface
- DNS Configuration Commands
  - display dns configuration
  - display dns domain
  - display dns dynamic-host
  - display dns forward table
  - display dns server
  - display dns statistics
  - display dns zone
  - display ip host
  - dns domain
  - dns forward retry-number
  - dns forward retry-timeout
  - dns proxy enable
  - dns resolve
  - dns server
  - dns server source-ip
  - dns-server-select-algorithm
  - dns zone
  - ip host
  - reset dns dynamic-host
  - reset dns forward table
  - reset dns statistics
  - rr a
  - rr aaaa
  - ttl
- mDNS Gateway Configuration Commands
  - display mdns policy
  - display mdns gateway
  - display mdns gateway statistics
  - display mdns group
  - display mdns service
  - mac-address location-type
  - mdns policy enable
  - mdns policy service-provider
  - mdns policy service-type
  - mdns unicast-reply enable
  - mdns gateway enable
  - mdns group
  - mdns probe interval
  - mdns permit service-type
  - mdns source ip
  - mdns whitelist source-ip
  - reset mdns gateway statistics
  - service-vlan
  - user-vlan (mDNS group view)
  - service-type
- NAT Configuration Commands
  - display app-inspect table statistics
  - display app-inspect session table
  - display nat address-group
  - display nat alg
  - display nat dns-map
  - display nat filter-mode
  - display nat log configuration
  - display nat mapping table
  - display nat mapping-mode
  - display nat outbound
  - display nat server
  - display nat session
  - display nat session aging-time
  - display nat static
  - display nat static interface enable
  - display port-mapping
  - nat address-group
  - nat alg
  - nat dns-map
  - nat filter-mode
  - nat log binary-log host
  - nat log session enable
  - nat log session log-interval
  - nat mapping-mode
  - nat outbound
  - nat outbound (Easy-IP)
  - nat server
  - nat session aging-time
  - nat static enable
  - nat static (interface view)
  - nat static (system view)
  - port-mapping
  - reset app-inspect table statistics
  - reset nat session
  - reset session all
- IP Performance Configuration Commands
  - clear ip df
  - discard ra
  - discard rr
  - discard srr
  - discard ts
  - display icmp statistics
  - display ip interface
  - display ip socket
  - display ip socket register-port
  - display ip socket vcpu
  - display ip statistics
  - display network status
  - display rawip statistics
  - display snmp-agent trap feature-name tcp all
  - display tcp statistics
  - display tcp status
  - display udp statistics
  - icmp blackhole unreachable send
  - icmp host-unreachable send (interface view)
  - icmp port-unreachable send
  - icmp receive
  - icmp redirect send
  - icmp ttl-exceeded drop
  - icmp ttl-exceeded send
  - icmp unreachable drop
  - icmp with-options drop
  - icmp-reply fast
  - ip forward-broadcast
  - ip soft-forward enhancement disable
  - ip verify source-address
  - reset ip socket monitor
  - reset ip socket pktsort
  - reset ip statistics
  - reset rawip statistics
  - reset tcp statistics
  - reset udp statistics
  - set priority
  - snmp-agent trap enable feature-name tcp
  - tcp adjust-mss
  - tcp max-mss
  - tcp min-mss
  - tcp timer fin-timeout
  - tcp timer syn-timeout
  - tcp window
- Basic IPv6 Configuration Commands
  - display default-parameter tcp6
  - display icmpv6 statistics
  - display ipv6 address-policy
  - display ipv6 attack-source overlapping-fragment
  - display ipv6 interface
  - display ipv6 interface tunnel
  - display ipv6 neighbors
  - display ipv6 pathmtu
  - display ipv6 socket
  - display ipv6 socket vcpu
  - display ipv6 statistics
  - display rawip ipv6 statistics
  - display tcp ipv6 authentication-statistics
  - display tcp ipv6 statistics
  - display tcp ipv6 status
  - display this ipv6 interface
  - display udp ipv6 statistics
  - ipv6
  - ipv6 address
  - ipv6 address anycast
  - ipv6 address auto global
  - ipv6 address auto link-local
  - ipv6 address eui-64
  - ipv6 address link-local
  - ipv6 address-policy
  - ipv6 enable (interface view)
  - ipv6 icmp redirect send
  - ipv6 icmp-error
  - ipv6 icmp port-unreachable send
  - ipv6 icmp hop-limit-exceeded send
  - ipv6 icmp receive
  - ipv6 icmp send
  - ipv6 icmp too-big-rate-limit
  - ipv6 mtu
  - ipv6 nd autoconfig managed-address-flag
  - ipv6 nd autoconfig other-flag
  - ipv6 nd dad attempts
  - ipv6 nd hop-limit
  - ipv6 nd learning strict
  - ipv6 nd neighbor-limit
  - ipv6 nd ns retrans-timer
  - ipv6 nd nud reachable-time
  - ipv6 nd ra
  - ipv6 nd ra halt
  - ipv6 nd ra hop-limit
  - ipv6 nd ra preference
  - ipv6 nd ra prefix
  - ipv6 nd ra route-information
  - ipv6 nd ra router-lifetime
  - ipv6 nd stale-timeout
  - ipv6 neighbor
  - ipv6 pathmtu
  - ipv6 pathmtu age
  - reset ipv6 address-policy
  - reset ipv6 attack-source overlapping-fragment
  - reset ipv6 neighbors
  - reset ipv6 pathmtu
  - reset ipv6 socket pktsort
  - reset ipv6 statistics
  - reset rawip ipv6 statistics
  - reset tcp ipv6 authentication-statistics
  - reset tcp ipv6 statistics
  - reset udp ipv6 statistics
  - tcp ipv6 max-mss
  - tcp ipv6 min-mss
  - tcp ipv6 timer fin-timeout
  - tcp ipv6 timer syn-timeout
  - tcp ipv6 window
- IPv6 DNS Configuration Commands
  - dns proxy ipv6 enable
  - display dns ipv6 dynamic-host
  - display dns ipv6 forward table
  - display ipv6 host
  - dns server ipv6
  - dns server ipv6 source-ip
  - ipv6 host
  - reset dns ipv6 dynamic-host
  - reset dns ipv6 forward table
- IPv6 over IPv4 Tunnel Configuration Commands
  - destination
  - interface tunnel
  - source
  - tunnel-protocol
- IPv4 over IPv6 Tunnel Configuration Commands
  - display interface tunnel
  - tunnel ipv4-ipv6 encapsulation-limit
  - tunnel ipv4-ipv6 flow-label
  - tunnel ipv4-ipv6 hop-limit
  - tunnel ipv4-ipv6 traffic-class
- IP Routing Basic Configuration Commands
  - display fib
  - display fib interface
  - display fib ip-prefix
  - display fib longer
  - display fib next-hop
  - display fib statistics
  - display ip routing-table
  - display ip routing-table limit
  - display ip routing-table protocol
  - display ip routing-table statistics
  - display ip routing-table time-range
  - display ipv6 fib
  - display ipv6 fib statistics
  - display ipv6 routing-table
  - display ipv6 routing-table limit
  - display ipv6 routing-table protocol
  - display ipv6 routing-table statistics
  - display ipv6 routing-table time-range
  - display rm bfd-session
  - display rm interface
  - display rm ipv6 interface
  - display router id
  - display route resource
  - ip prefix-limit
  - ip prefix-limit log-interval
  - ip route prefix-priority-scheduler
  - ipv6 fib-loadbalance-type hash-based
  - ipv6 prefix-limit
  - ipv6 prefix-limit log-interval
  - ipv6 route prefix-priority-scheduler
  - reset ip routing-table statistics protocol
  - reset ipv6 routing-table statistics protocol
  - router id
- Static Route Configuration Commands
  - ip route-static
  - ip route-static default-preference
  - ip route-static selection-rule relay-depth
  - ip route-static track bfd-session admindown invalid
  - ipv6 route-static
  - ipv6 route-static default-preference
- RIP Configuration Commands
  - bfd all-interfaces enable(RIP)
  - bfd all-interfaces (RIP)
  - checkzero (RIP)
  - default-cost (RIP)
  - default-route originate
  - description (RIP)
  - display default-parameter rip
  - display rip
  - display rip bfd session
  - display rip database
  - display rip graceful-restart
  - display rip interface
  - display rip neighbor
  - display rip neighbor last-nbr-down
  - display rip route
  - display rip statistics interface
  - filter-policy export (RIP)
  - filter-policy import (RIP)
  - graceful-restart (RIP)
  - host-route
  - import-route (RIP)
  - maximum load-balancing (RIP)
  - network (RIP)
  - peer (RIP)
  - preference (RIP)
  - reset rip configuration
  - reset rip statistics
  - rip
  - rip authentication-mode
  - rip bfd
  - rip bfd block
  - rip bfd enable
  - rip bfd static
  - rip input
  - rip metricin
  - rip metricout
  - rip mib-binding
  - rip output
  - rip pkt-transmit
  - rip poison-reverse
  - rip replay-protect
  - rip split-horizon
  - rip summary-address
  - rip valid-ttl-hops
  - rip version
  - silent-interface (RIP)
  - summary (RIP)
  - timers rip
  - verify-source (RIP)
  - version (RIP)
- RIPng Configuration Commands
  - checkzero (RIPng)
  - default-cost (RIPng)
  - description (RIPng)
  - display default-parameter ripng
  - display ripng
  - display ripng database
  - display ripng interface
  - display ripng neighbor
  - display ripng neighbor last-nbr-down
  - display ripng route
  - display ripng statistics interface
  - filter-policy export (RIPng)
  - filter-policy import (RIPng)
  - import-route (RIPng)
  - maximum load-balancing (RIPng)
  - preference (RIPng)
  - reset ripng statistics
  - ripng
  - ripng default-route
  - ripng enable
  - ripng input
  - ripng metricin
  - ripng metricout
  - ripng output
  - ripng pkt-transmit
  - ripng poison-reverse
  - ripng split-horizon
  - ripng summary-address
  - timers ripng
- OSPF Configuration Commands
  - abr-summary (OSPF Area)
  - area (OSPF)
  - asbr-summary
  - authentication-mode (OSPF area)
  - bandwidth-reference (OSPF)
  - bfd all-interfaces (OSPF)
  - default (OSPF)
  - default-cost (OSPF Area)
  - default-route-advertise (OSPF)
  - description (OSPF)
  - description (OSPF Area)
  - display default-parameter ospf
  - display gtsm statistics
  - display ospf abr-asbr
  - display ospf asbr-summary
  - display ospf bfd session
  - display ospf brief
  - display ospf cumulative
  - display ospf error
  - display ospf global-statistics
  - display ospf graceful-restart
  - display ospf interface
  - display ospf lsdb
  - display ospf mesh-group
  - display ospf nexthop
  - display ospf peer
  - display ospf request-queue
  - display ospf retrans-queue
  - display ospf routing
  - display ospf spf-statistics
  - display ospf statistics updated-lsa
  - display ospf vlink
  - display snmp-agent trap feature-name ospf all
  - enable log
  - filter export (OSPF Area)
  - filter import (OSPF Area)
  - filter-lsa-out peer
  - filter-policy export (OSPF)
  - filter-policy import (OSPF)
  - flooding-control
  - graceful-restart (OSPF)
  - graceful-restart helper-role (OSPF)
  - gtsm default-action
  - gtsm log drop-packet
  - import-route (OSPF)
  - lsa-arrival-interval
  - lsa-originate-interval
  - lsdb-overflow-limit
  - maximum load-balancing (OSPF)
  - maximum-routes
  - mesh-group enable
  - network (OSPF Area)
  - nexthop (OSPF)
  - nssa (OSPF Area)
  - opaque-capability enable
  - ospf
  - ospf authentication-mode
  - ospf bfd
  - ospf bfd block
  - ospf cost
  - ospf dr-priority
  - ospf enable
  - ospf filter-lsa-out
  - ospf maxage-lsa auto-protect disable
  - ospf mib-binding
  - ospf mtu-enable
  - ospf network-type
  - ospf p2mp-mask-ignore
  - ospf router-id auto-recover disable
  - ospf smart-discover
  - ospf suppress-flapping peer
  - ospf suppress-flapping peer disable
  - ospf suppress-flapping peer hold-down
  - ospf suppress-flapping peer hold-max-cost disable
  - ospf timer dead
  - ospf timer hello
  - ospf timer poll
  - ospf timer retransmit
  - ospf trans-delay
  - ospf valid-ttl-hops
  - peer (OSPF)
  - preference (OSPF)
  - prefix-priority (OSPF)
  - reset gtsm statistics
  - reset ospf
  - reset ospf counters
  - reset ospf process
  - reset ospf redistribution
  - retransmission-limit
  - rfc1583 compatible
  - sham-hello enable (OSPF)
  - silent-interface (OSPF)
  - snmp-agent trap enable feature-name ospf
  - spf-schedule-interval
  - stub (OSPF Area)
  - stub-router (OSPF)
  - suppress-flapping peer disable (OSPF)
  - vlink-peer (OSPF Area)
- OSPFv3 Configuration Commands
  - abr-summary (OSPFv3 Area View)
  - area (OSPFv3)
  - asbr-summary (OSPFv3)
  - authentication-mode (OSPFv3)
  - bandwidth-reference (OSPFv3)
  - default (OSPFv3)
  - default-cost (OSPFv3 Area View)
  - default-route-advertise (OSPFv3)
  - description (OSPFv3 Area View)
  - description (OSPFv3)
  - display default-parameter ospfv3
  - display ospfv3
  - display ospfv3 abr-summary-list
  - display ospfv3 area
  - display ospfv3 asbr-summary
  - display ospfv3 black-box neighbor-down
  - display ospfv3 error
  - display ospfv3 graceful-restart-information
  - display ospfv3 interface
  - display ospfv3 lsdb
  - display ospfv3 next-hop
  - display ospfv3 path
  - display ospfv3 peer
  - display ospfv3 request-list
  - display ospfv3 retrans-list
  - display ospfv3 routing
  - display ospfv3 topology
  - display ospfv3 vlink
  - display snmp-agent trap feature-name ospfv3 all
  - filter export (OSPFv3 Area View)
  - filter import (OSPFv3)
  - filter-policy export (OSPFv3)
  - filter-policy import (OSPFv3)
  - helper-role (OSPFv3)
  - import-route (OSPFv3)
  - lsa-arrival-interval (OSPFv3)
  - lsa-forwarding-address
  - lsa-originate-interval (OSPFv3)
  - maximum load-balancing (OSPFv3)
  - nexthop (OSPFv3)
  - nssa (OSPFv3 Area View)
  - ospfv3
  - ospfv3 area
  - ospfv3 authentication-mode
  - ospfv3 cost
  - ospfv3 dr-priority
  - ospfv3 mib-binding
  - ospfv3 mtu-ignore
  - ospfv3 network-type
  - ospfv3 peer router-id
  - ospfv3 router-id auto-recover disable
  - ospfv3 suppress-flapping peer
  - ospfv3 suppress-flapping peer disable
  - ospfv3 suppress-flapping peer hold-down
  - ospfv3 suppress-flapping peer hold-max-cost disable
  - ospfv3 timer dead
  - ospfv3 timer hello
  - ospfv3 timer poll
  - ospfv3 timer retransmit
  - ospfv3 trans-delay
  - ospfv3 valid-ttl-hops
  - suppress-flapping peer disable (OSPFv3)
  - preference (OSPFv3)
  - reset ospfv3
  - reset ospfv3 suppress-flapping peer
  - router-id (OSPFv3)
  - sham-hello enable (OSPFv3)
  - silent-interface (OSPFv3)
  - snmp-agent trap enable feature-name ospfv3
  - spf timers
  - spf-schedule-interval (OSPFv3)
  - stub (OSPFv3 Area View)
  - stub-router (OSPFv3)
  - vlink-peer (OSPFv3 Area View)
- IPv4 IS-IS Configuration Commands
  - adjacency-strict-check enable
  - area-authentication-mode
  - attached-bit advertise
  - attached-bit avoid-learning
  - auto-cost enable
  - bandwidth-reference (IS-IS)
  - bfd all-interfaces (IS-IS)
  - bfd all-interfaces enable
  - circuit-cost
  - circuit default-tag
  - cost-style
  - default-route-advertise (IS-IS)
  - description (IS-IS)
  - display default-parameter isis
  - display isis cost interface
  - display isis bfd interface
  - display isis bfd session
  - display isis brief
  - display isis debug-switches
  - display isis error
  - display isis graceful-restart status
  - display isis interface
  - display isis last-peer-change
  - display isis lsdb
  - display isis mesh-group
  - display isis name-table
  - display isis peer
  - display isis purge packet
  - display isis route
  - display isis spf-log
  - display isis spf-tree
  - display isis statistics
  - display snmp-agent trap feature-name isis all
  - display snmp-agent trap feature-name isis-std all
  - domain-authentication-mode
  - filter-policy export (IS-IS)
  - filter-policy import (IS-IS)
  - flash-flood
  - graceful-restart (IS-IS)
  - graceful-restart no-impact-holdtime
  - graceful-restart interval
  - graceful-restart suppress-sa
  - graceful-restart t2-interval
  - import-route (IS-IS)
  - import-route isis level-1 into level-2
  - import-route isis level-2 into level-1
  - isis
  - isis authentication-mode
  - isis bfd
  - isis bfd block
  - isis bfd enable
  - isis bfd static
  - isis circuit-level
  - isis circuit-type
  - isis cost
  - isis delay-peer
  - isis dis-name
  - isis dis-priority
  - isis enable
  - isis lsp seq-overflow auto-recover disable
  - isis mesh-group
  - isis padding-hello
  - isis peer-ip-ignore
  - isis ppp-negotiation
  - isis ppp-osicp-check
  - isis purge-lsp auto-protect disable
  - isis silent
  - isis small-hello
  - isis suppress-flapping peer
  - isis suppress-flapping peer disable
  - isis suppress-flapping peer hold-down
  - isis suppress-flapping peer hold-max-cost disable
  - isis suppress-reachability
  - isis system-id auto-recover disable
  - isis tag-value
  - isis timer csnp
  - isis timer hello
  - isis timer holding-multiplier
  - isis timer lsp-retransmit
  - isis timer lsp-throttle
  - is-level
  - is-name
  - is-name map
  - log-peer-change
  - lsp-fragments-extend
  - lsp-length
  - maximum load-balancing (IS-IS)
  - network-entity
  - nexthop (IS-IS)
  - optional-checksum enable
  - preference (IS-IS)
  - prefix-priority (IS-IS)
  - purge-originator-identification enable
  - reset isis all
  - reset isis peer
  - set-overload
  - snmp-agent trap enable feature-name isis
  - snmp-agent trap enable feature-name isis-std
  - spf-priority
  - spf-slice-size
  - summary (IS-IS)
  - suppress-flapping peer disable (IS-IS)
  - timer lsp-generation
  - timer lsp-max-age
  - timer lsp-refresh
  - timer spf
  - virtual-system
- IPv6 IS-IS Configuration Commands
  - ipv6 auto-cost enable
  - ipv6 bandwidth-reference
  - ipv6 circuit-cost
  - ipv6 circuit default-tag
  - ipv6 default-route-advertise
  - ipv6 enable(IS-IS)
  - ipv6 filter-policy export
  - ipv6 filter-policy import
  - ipv6 import-route
  - ipv6 import-route isis level-1 into level-2
  - ipv6 import-route isis level-2 into level-1
  - ipv6 maximum load-balancing
  - ipv6 preference
  - ipv6 prefix-priority (IS-IS)
  - ipv6 spf-priority
  - ipv6 summary
  - isis ipv6 cost
  - isis ipv6 enable
  - isis ipv6 suppress-reachability
  - isis ipv6 tag-value
- BGP Configuration Commands
  - active-route-advertise
  - aggregate (BGP)
  - as-notation plain
  - as-path-limit
  - bestroute as-path-ignore
  - bestroute igp-metric-ignore
  - bestroute med-confederation (BGP)
  - bestroute med-none-as-maximum
  - bestroute routerid-prior-clusterlist
  - bgp
  - check-first-as
  - compare-different-as-med
  - confederation id
  - confederation nonstandard
  - confederation peer-as
  - dampening
  - default ipv4-unicast
  - default local-preference
  - default med
  - default-route imported
  - deterministic-med (BGP)
  - display bgp bfd session
  - display bgp error
  - display bgp error discard
  - display bgp group
  - display bgp ipv6 routing-table
  - display bgp ipv6 routing-table statistics
  - display bgp multicast group
  - display bgp multicast network
  - display bgp multicast paths
  - display bgp multicast peer
  - display bgp multicast routing-table
  - display bgp multicast routing-table as-path-filter
  - display bgp multicast routing-table cidr
  - display bgp multicast routing-table community
  - display bgp multicast routing-table community-filter
  - display bgp multicast routing-table dampened
  - display bgp multicast routing-table dampening parameter
  - display bgp multicast routing-table different-origin-as
  - display bgp multicast routing-table flap-info
  - display bgp multicast routing-table peer
  - display bgp multicast routing-table regular-expression
  - display bgp multicast routing-table statistics
  - display bgp multicast update-peer-group
  - display bgp network
  - display bgp paths
  - display bgp peer
  - display bgp peer orf ip-prefix
  - display bgp resource
  - display bgp routing-table
  - display bgp routing-table dampened
  - display bgp routing-table dampening parameter
  - display bgp routing-table flap-info
  - display bgp routing-table statistics
  - display bgp update-peer-group
  - display default-parameter bgp
  - display mbgp routing-table
  - display mbgp routing-table statistics
  - display snmp-agent trap feature-name bgp all
  - ebgp-interface-sensitive
  - ext-community-change enable
  - filter-policy export (BGP)
  - filter-policy import (BGP)
  - graceful-restart (BGP)
  - graceful-restart peer-reset
  - graceful-restart timer restart
  - graceful-restart timer wait-for-rib
  - group
  - import-route (BGP)
  - ipv4-family
  - ipv6-family
  - load-balancing as-path-ignore
  - maximum load-balancing (BGP)
  - network (BGP)
  - nexthop recursive-lookup (BGP)
  - nexthop recursive-lookup delay
  - nexthop recursive-lookup non-critical-event delay
  - out-delay
  - peer advertise-community
  - peer advertise-ext-community
  - peer allow-as-loop
  - peer as-number
  - peer as-path-filter
  - peer bfd
  - peer bfd block
  - peer bfd enable
  - peer capability-advertise
  - peer capability-advertise orf
  - peer connect-interface
  - peer connected-check-ignore
  - peer default-route-advertise
  - peer description (BGP)
  - peer discard-ext-community (BGP)
  - peer ebgp-max-hop
  - peer enable (BGP)
  - peer fake-as
  - peer filter-policy
  - peer group
  - peer ignore
  - peer ip-prefix
  - peer keychain (BGP)
  - peer keep-all-routes
  - peer listen-only
  - peer log-change
  - peer next-hop-invariable
  - peer next-hop-local
  - peer out-delay
  - peer password
  - peer path-mtu auto-discovery
  - peer preferred-value
  - peer public-as-only
  - peer reflect-client
  - peer route-limit
  - peer route-policy
  - peer route-update-interval
  - peer timer
  - peer timer connect-retry
  - peer tracking
  - peer valid-ttl-hops
  - preference (BGP)
  - reflect between-clients
  - reflect change-path-attribute
  - reflector cluster-id
  - refresh bgp
  - refresh bgp multicast
  - refresh bgp multicast external
  - refresh bgp multicast internal
  - reset bgp
  - reset bgp dampening
  - reset bgp flap-info
  - reset bgp flapping-count
  - reset bgp multicast
  - reset bgp multicast dampening
  - reset bgp multicast external
  - reset bgp multicast flap-info
  - reset bgp multicast internal
  - router-id (BGP)
  - route-select delay
  - routing-table rib-only
  - routing-table limit threshold-alarm
  - shutdown (BGP)
  - slow-peer detection
  - snmp-agent trap enable feature-name bgp
  - summary automatic
  - supernet unicast advertise
  - timer (BGP)
  - timer connect-retry
  - undo synchronization (BGP)
- Routing Policy Configuration Commands
  - apply as-path
  - apply comm-filter delete
  - apply community
  - apply cost
  - apply cost-type
  - apply dampening
  - apply ip-address next-hop (Route-Policy view)
  - apply ip-precedence
  - apply ipv6 next-hop
  - apply isis
  - apply local-preference
  - apply origin
  - apply ospf
  - apply preference
  - apply preferred-value
  - apply tag
  - description (Route-Policy view)
  - display ip as-path-filter
  - display ip community-filter
  - display ip ip-prefix
  - display ip ipv6-prefix
  - display route-policy
  - if-match acl (Route-Policy view)
  - if-match as-path-filter
  - if-match community-filter
  - if-match cost
  - if-match interface
  - if-match ip
  - if-match ip-prefix
  - if-match ipv6
  - if-match preference
  - if-match route-type
  - if-match tag
  - ip as-path-filter
  - ip community-filter
  - ip ip-prefix
  - ip ipv6-prefix
  - reset ip ip-prefix
  - reset ip ipv6-prefix
  - reset route-policy counters
  - route-policy
  - route-policy-change notify-delay
- IGMP Configuration Commands
  - display default-parameter igmp
  - display igmp control-message counters
  - display igmp explicit-tracking
  - display igmp group
  - display igmp group ssm-mapping
  - display igmp group static
  - display igmp interface
  - display igmp invalid-packet
  - display igmp routing-table
  - display igmp ssm-mapping
  - igmp
  - igmp enable
  - igmp global limit
  - igmp group-policy
  - igmp ip-source-policy
  - igmp lastmember-queryinterval
  - igmp limit
  - igmp max-response-time
  - igmp on-demand
  - igmp prompt-leave
  - igmp query ip-source-policy
  - igmp require-router-alert
  - igmp robust-count
  - igmp send-router-alert
  - igmp ssm-mapping enable
  - igmp static-group
  - igmp timer other-querier-present
  - igmp timer query
  - igmp version
  - lastmember-queryinterval (IGMP)
  - limit (IGMP)
  - max-response-time (IGMP)
  - prompt-leave (IGMP)
  - require-router-alert (IGMP)
  - reset igmp control-message counters
  - reset igmp explicit-tracking
  - reset igmp group
  - reset igmp group ssm-mapping
  - robust-count (IGMP)
  - send-router-alert (IGMP)
  - ssm-mapping (IGMP)
  - timer other-querier-present (IGMP)
  - timer query (IGMP)
  - version (IGMP)
- PIM (IPv4) Configuration Commands
  - auto-rp listening enable
  - bsm semantic fragmentation (IPv4)
  - bsr-policy (IPv4)
  - c-bsr (IPv4)
  - c-bsr admin-scope
  - c-bsr global
  - c-bsr group
  - c-bsr hash-length (IPv4)
  - c-bsr holdtime (IPv4)
  - c-bsr interval (IPv4)
  - c-bsr priority (IPv4)
  - c-rp (IPv4)
  - c-rp advertisement-interval (IPv4)
  - c-rp holdtime (IPv4)
  - c-rp priority (IPv4)
  - crp-policy (IPv4)
  - display default-parameter pim-dm
  - display default-parameter pim-sm
  - display default-parameter pim-ssm
  - display pim bfd session
  - display pim bsr-info
  - display pim claimed-route
  - display pim control-message counters
  - display pim grafts
  - display pim interface
  - display pim invalid-packet
  - display pim neighbor
  - display pim routing-table
  - display pim rp-info
  - hello-option dr-priority (IPv4)
  - hello-option holdtime (IPv4)
  - hello-option lan-delay (IPv4)
  - hello-option neighbor-tracking (IPv4)
  - hello-option override-interval (IPv4)
  - holdtime assert (IPv4)
  - holdtime join-prune (IPv4)
  - join-prune max-packet-length (IPv4)
  - join-prune periodic-messages queue-size (IPv4)
  - join-prune triggered-message-cache disable (IPv4)
  - neighbor-check (IPv4)
  - pim
  - pim bfd
  - pim bfd enable
  - pim bsr-boundary
  - pim dm
  - pim hello-option dr-priority
  - pim hello-option holdtime
  - pim hello-option lan-delay
  - pim hello-option neighbor-tracking
  - pim hello-option override-interval
  - pim holdtime assert
  - pim holdtime join-prune
  - pim join-policy
  - pim neighbor-policy
  - pim require-genid
  - pim silent
  - pim sm
  - pim state-refresh-capable
  - pim timer dr-switch-delay
  - pim timer graft-retry
  - pim timer hello
  - pim timer join-prune
  - pim triggered-hello-delay
  - probe-interval (IPv4)
  - register-header-checksum
  - register-policy (IPv4)
  - register-source
  - register-suppression-timeout (IPv4)
  - reset pim control-message counters
  - reset pim routing-table
  - source-lifetime (IPv4)
  - source-policy (IPv4)
  - spt-switch-threshold (IPv4)
  - ssm-policy (IPv4)
  - state-refresh-interval (IPv4)
  - state-refresh-rate-limit (IPv4)
  - state-refresh-ttl (IPv4)
  - static-rp (IPv4)
  - timer hello (IPv4)
  - timer join-prune (IPv4)
  - timer spt-switch (IPv4)
- Multicast Route Management (IPv4) Commands
  - display default-parameter mrm
  - display migp routing-table
  - display migp routing-table statistics
  - display mrt routing-table
  - display mrt routing-table statistics
  - display mtrace statistics
  - display multicast boundary
  - display multicast forwarding-table
  - display multicast routing-table
  - display multicast routing-table static
  - display multicast rpf-info
  - ip rpf-route-static
  - mtrace
  - mtrace query-policy
  - multicast boundary
  - multicast forwarding-table downstream-limit
  - multicast forwarding-table route-limit
  - multicast invalid-packet
  - multicast load-splitting
  - multicast load-splitting weight
  - multicast load-splitting-timer
  - multicast longest-match
  - multicast routing-enable
  - ping multicast
  - reset mtrace statistics
  - reset multicast forwarding-table
  - reset multicast routing-table
- IGMP Snooping Configuration Commands
  - display igmp-snooping
  - display igmp-snooping configuration
  - display igmp-snooping port-info
  - display igmp-snooping querier
  - display igmp-snooping router-port
  - display igmp-snooping statistics
  - display l2-multicast forwarding-mode
  - display l2-multicast forwarding-table
  - igmp-snooping enable (system view)
  - igmp-snooping enable (VLAN view)
  - igmp-snooping group-limit
  - igmp-snooping group-policy (interface view)
  - igmp-snooping group-policy (VLAN view)
  - igmp-snooping lastmember-queryinterval
  - igmp-snooping learning
  - igmp-snooping max-response-time
  - igmp-snooping prompt-leave
  - igmp-snooping proxy
  - igmp-snooping proxy-uplink-port
  - igmp-snooping querier enable
  - igmp-snooping query-interval
  - igmp-snooping report-suppress (VLAN view)
  - igmp-snooping require-router-alert
  - igmp-snooping robust-count
  - igmp-snooping router-aging-time
  - igmp-snooping router-learning (interface view)
  - igmp-snooping router-learning (VLAN view)
  - igmp-snooping send-query enable
  - igmp-snooping send-query source-address
  - igmp-snooping send-router-alert
  - igmp-snooping ssm-mapping
  - igmp-snooping ssm-mapping enable
  - igmp-snooping ssm-policy
  - igmp-snooping static-group suppress-dynamic-join
  - igmp-snooping static-router-port
  - igmp-snooping suppress-time
  - igmp-snooping version
  - l2-multicast forwarding-mode
  - l2-multicast router-port-discard
  - l2-multicast static-group
  - multicast drop-unknown
  - reset igmp-snooping group
  - reset igmp-snooping statistics
- MLD Snooping Configuration Commands
  - display l2-multicast forwarding-mode
  - display mld-snooping
  - display mld-snooping configuration
  - display mld-snooping forwarding-table
  - display mld-snooping port-info
  - display mld-snooping router-port
  - display mld-snooping statistics
  - l2-multicast forwarding-mode
  - l2-multicast router-port-discard
  - mld-snooping enable
  - mld-snooping group-policy (interface view)
  - mld-snooping group-policy (VLAN view)
  - mld-snooping last-listener-query-interval
  - mld-snooping learning
  - mld-snooping max-response-time
  - mld-snooping prompt-leave
  - mld-snooping proxy
  - mld-snooping querier enable
  - mld-snooping query-interval
  - mld-snooping report-suppress
  - mld-snooping require-router-alert
  - mld-snooping robust-count
  - mld-snooping router-aging-time
  - mld-snooping router-learning
  - mld-snooping send-query enable
  - mld-snooping send-query source-address
  - mld-snooping send-router-alert
  - mld-snooping static-group
  - mld-snooping static-router-port
  - mld-snooping suppression-time
  - mld-snooping table limit
  - mld-snooping version
  - multicast drop-unknown
  - reset mld-snooping group
  - reset mld-snooping statistics
- Multicast VLAN Configuration Commands
  - display multicast static-flow
  - display multicast-vlan
  - display user-vlan
  - multicast flow-trigger enable
  - multicast static-flow
  - multicast-vlan enable
  - multicast-vlan user-vlan
- Layer 2 Multicast CAC Configuration Commands
  - display igmp-snooping global-cac
  - igmp-snooping group-bandwidth (system view)
  - igmp-snooping max-bandwidth (system view)
  - igmp-snooping max-user (system view)
WLAN Service Configuration Commands
- ac sysnetid
- active-dull-client enable
- advertise-ap-name enable
- agile-antenna-polarization
- antenna-gain
- ap auth-mode
- ap blacklist
- ap data-collection enable
- ap data-collection interval
- ap modify
- ap whitelist
- ap-confirm
- ap-id
- ap-mac
- assignment
- association-timeout
- auto-off service
- beacon-2g-rate
- beacon-5g-rate
- beacon-interval
- beamforming enable
- capwap control-link-priority
- capwap dtls control-link encrypt
- capwap dtls data-link encrypt
- capwap dtls psk
- capwap dtls psk-mandatory-match enable
- capwap echo
- capwap ipv6 enable
- capwap message-integrity psk
- capwap message-integrity check disable
- capwap sensitive-info psk
- capwap source interface
- capwap source ip-address
- channel
- channel-switch announcement disable
- channel-switch mode
- copy-from
- country-code
- coverage distance
- deny-broadcast-probe enable
- destination (soft GRE profile view)
- dhcp centralized-control enable
- dhcp option82 insert enable
- dhcp option82 format (vap profile view)
- display ac global configuration
- display ap
- display ap blacklist
- display ap config-info
- display ap configurable channel
- display ap global configuration
- display ap offline-record
- display ap online-fail-record
- display ap sta-signal strength
- display ap statistics
- display ap unauthorized record
- display ap whitelist
- display ap-group
- display capwap configuration
- display radio
- display radio-2g-profile
- display radio-5g-profile
- display references radio-2g-profile
- display references radio-5g-profile
- display references regulatory-domain-profile
- display references softgre-profile
- display references ssid-profile
- display references vap-profile
- display references vlan pool
- display regulatory-domain-profile
- display resource occupancy message
- display softgre-profile
- display softgre-tunnel-status
- display ssid-profile
- display sta-offline-delay configuration
- display station
- display station assoc-info ap-offline-record
- display station online-fail-record
- display station offline-record
- display station online-track
- display station statistics
- display vap
- display vap create-fail-record
- display vap-profile
- display vlan pool
- display vap-service-backup auth-server-down
- display wlan config-errors
- dot11a basic-rate
- dot11a supported-rate
- dot11bg basic-rate
- dot11bg supported-rate
- dtim-interval
- eirp
- forward-mode
- fragmentation-threshold
- frequency
- guard-interval-mode
- ht a-mpdu disable
- ht a-mpdu max-length-exponent
- keepalive (soft GRE profile view)
- keep-service enable (VAP profile view)
- learn-client-address conflict-uncheck
- legacy-station disable
- max-sta-number (SSID profile view)
- mdns centralized-control enable
- multicast-rate
- mu-mimo disable
- mu-mimo optimize enable
- permit-vlan vlan-id
- probe-response-retry
- qbss-load enable
- radio
- radio disable
- radio-2g-profile (WLAN view)
- radio-2g-profile
- radio-5g-profile (WLAN view)
- radio-5g-profile
- radio-type (2G radio profile view)
- radio-type (5G radio profile view)
- reach-max-sta
- regulatory-domain-profile (WLAN view)
- regulatory-domain-profile
- report-sta-assoc enable
- reset ap offline-record
- reset ap online-fail-record
- reset ap unauthorized record
- reset channel switch-record
- reset station assoc-info ap-offline-record
- reset station offline-record
- reset station online-fail-record
- reset station statistics
- rf-ping
- rts-cts-mode
- rts-cts-threshold
- service-mode disable
- service-vlan (VAP profile view)
- short-preamble disable
- single-txchain enable
- snmp-agent trap enable feature-name wlan
- softgre-profile (WLAN view)
- ssid
- ssid-hide enable
- ssid-profile (WLAN view)
- ssid-profile (VAP profile view)
- sta-network-detect disable
- sta-offline-delay aging-time
- sta-offline-delay enable
- sta-offline-delay full-sta-reject enable
- sta-offline-delay max-number
- type (VAP profile view)
- u-apsd enable
- undo ap
- untagged vlan (soft GRE profile view)
- utmost-power
- vap-profile (WLAN view)
- vap-profile
- vap-service-backup auth-server-down
- vht a-mpdu max-length-exponent
- vht a-msdu enable
- vht a-msdu max-frame-num
- vht mcs-map
- vlan pool
- vlan (VLAN pool view)
- wlan
AP Management Configuration Commands
- access-user syslog-restrain enable
- access-user syslog-restrain period
- ac-list (AP view)
- ac-list (AP provisioning view)
- ac-list ipv6(AP view)
- ac-list ipv6 (AP provisioning view)
- address-mode (AP view)
- address-mode (AP provisioning view)
- alarm-restriction disable
- alarm-restriction period
- ap lldp enable
- ap manufacturer-config
- ap update ftp-server
- ap update ftp-server max-connect-number
- ap update load
- ap update mode
- ap update multi-load
- ap update multi-reset
- ap update reset
- ap update sftp-server
- ap update sftp-server max-connect-number
- ap update update-filename
- ap update schedule-task
- ap username
- ap-group
- ap-group (AP provisioning view)
- ap-group (AP view)
- ap-mode
- ap-name
- ap-name (AP provisioning view)
- ap-name (AP view)
- ap password policy
- ap-patch update load
- ap-patch update multi-load
- ap-patch update update-filename
- ap-ping
- ap-regroup
- ap-rename
- ap-reset
- ap-system-profile (WLAN view)
- ap-system-profile (AP group view and AP view)
- broadcast-suppression auto-detect (AP system profile view)
- capwap dtls data-link encrypt (AP system profile view)
- channel-load-mode indoor
- clear configuration this
- commit (AP provisioning view)
- console disable
- coordinate
- cpu-usage threshold
- crc-alarm enable
- description (AP wired port profile view)
- dai enable (AP wired port profile view)
- dhcp client option12
- display ap around-ssid-list
- display ap asyn-message err-info
- display ap coordinate
- display ap elabel
- display ap lldp neighbor
- display ap led
- display ap neighbor
- display ap optical-info
- display ap performance statistics
- display ap provision
- display ap port
- display ap power-workmode
- display ap run-info
- display ap service-config acl
- display ap traffic statistics wireless
- display ap uncontrol all
- display ap update configuration
- display ap update schedule-task
- display ap update status
- display ap username
- display ap version
- display ap wired-port
- display ap-system-profile
- display ap-type
- display channel switch-record
- display distribute-ap
- display mac-address ap-all
- display mac-address { ap-id | ap-name }
- display port-link-profile
- display provision-ap parameter-list
- display references ap-system-profile
- display references port-link-profile
- display references wired-port-profile
- display wired-port-profile
- eapol-response dest-address transform-condition
- eapol-response dest-address transform-to
- eapol-start dest-address transform-condition
- eapol-start dest-address transform-to
- eth-trunk (AP wired port profile view)
- forward-mode (AP wired port profile view)
- high-temperature threshold
- ipsg enable (AP wired port profile view)
- ip-address (AP view)
- ip-address (AP provisioning view)
- igmp-snooping enable (AP wired port profile view)
- ipv6-address (AP view)
- ipv6-address (AP provisioning view)
- keep-service enable
- keep-service enable allow new-access
- learn-client-address enable (AP wired port profile view)
- led blink-time
- led off
- lldp admin-status
- lldp dot3-tlv power (AP wired port link profile view)
- lldp enable
- lldp message-transmission delay (AP system profile view)
- lldp message-transmission hold-multiplier (AP system profile view)
- lldp message-transmission interval (AP system profile view)
- lldp report enable
- lldp report-interval
- lldp restart-delay
- lldp tlv-enable (AP wired port link profile view)
- lldp tlv-enable legacy-tlv four-pair-power (AP wired port link profile view)
- log-record-level
- log-server
- low-temperature threshold
- management-vlan
- memory-usage threshold
- mld-snooping enable (AP wired port profile view)
- mode (AP wired port profile view)
- mtu
- multicast-suppression auto-detect (AP system profile view)
- password alert before-expire (AP password policy view)
- password alert original (AP password policy view)
- password expire (AP password policy view)
- password history record number (AP password policy view)
- poe af-inrush enable (AP system profile view)
- poe disable (AP wired port link profile view)
- poe force-power (AP wired port link profile view)
- poe high-inrush enable (AP system profile view)
- poe legacy enable (AP wired port link profile view)
- poe max-power (AP system profile view)
- poe power-reserved (AP system profile view)
- poe power-threshold (AP system profile view)
- poe power-off time-range (AP wired port link profile view)
- poe priority (AP wired port link profile view)
- port-link-profile (WLAN view)
- port-link-profile (AP wired port profile view)
- port-security enable (AP wired port profile view)
- port-security mac-address sticky (AP wired port profile view)
- port-security max-mac-num (AP wired port profile view)
- port-security protect-action (AP wired port profile view)
- provision-ap
- report-disassoc-request disable
- report-sta-info enable
- reset mac-address
- reset statistics
- sample-time
- sftp server disable
- shutdown (AP wired port link profile view)
- ssh client first-time enable (AP system profile view)
- sta-ipv6-service enable
- stelnet server disable
- stp auto-shutdown enable (AP wired port profile view)
- stp auto-shutdown recovery-time (AP wired port profile view)
- stp enable (AP wired port profile view)
- telnet enable
- temporary-management disable (AP system profile view)
- temporary-management enable (VAP profile view)
- temporary-management psk
- traffic-filter (AP wired port profile view)
- traffic-remark (AP wired port profile view)
- traffic-optimize (AP wired port profile view)
- traffic-optimize broadcast-suppression disable (AP system profile view)
- traffic-optimize broadcast-suppression rate-threshold (AP system profile view)
- traffic-optimize tcp adjust-mss
- unicast-suppression auto-detect (AP system profile view)
- usb enable (AP system profile view)
- user-interface vty acl
- user-interface vty idle-timeout
- user-interface vty screen-length
- user-isolate (AP wired port profile view)
- vlan pvid (AP wired port profile view)
- vlan (AP wired port profile view)
- wifi-light
- wired-port-profile (WLAN view)
- wired-port-profile (AP group view and view)
WLAN Radio Resource Management Configuration Commands
- amc-policy
- air-scan-profile
- air-scan-profile (radio profile view)
- band-steer balance gap-threshold
- band-steer balance start-threshold
- band-steer client-band-expire
- band-steer deny-threshold
- band-steer disable
- band-steer snr-threshold
- btm-fail-times
- calibrate auto-channel-select disable
- calibrate auto-txpower-select disable
- calibrate enable { auto | manual | schedule time }
- calibrate error-rate-check
- calibrate error-rate-threshold
- calibrate tpc threshold
- calibrate flexible-radio
- calibrate flexible-radio disable
- calibrate flexible-radio manual-recognize
- calibrate max-tx-power
- calibrate min-tx-power
- calibrate manual startup
- calibrate noise-floor-threshold
- calibrate policy
- calibrate sensitivity
- calibrate virtual-group-size
- cca-threshold
- channel-utilization gap-threshold
- channel-utilization start-threshold
- dca-channel bandwidth
- dca-channel channel-set
- deauth-fail-times
- deny-threshold
- dfs recover-delay
- dfs smart-selection disable
- display air-scan-profile
- display flexible-radio status
- display flexible-radio switch-record
- display references air-scan-profile
- display references rrm-profile
- display rrm-profile
- display sta-load-balance static-group
- display sta-load-balance fairness
- display station neighbor
- display station neighbor all
- display station steer-history
- display station steer-info
- display station steer-statistics
- display station unsteerable
- display wlan calibrate channel-set
- display wlan calibrate statistics
- dynamic-edca enable
- dynamic-edca threshold
- high-density amc-optimize enable
- interference adjacent-channel threshold
- interference co-channel threshold
- interference detect-enable
- interference station threshold
- member (static load balancing group view)
- mode (static load balancing group view)
- power auto-adjust enable
- reset ap traffic statistics wireless
- reset station steer-history
- reset station steer-statistics
- reset flexible-radio switch-record
- reset wlan calibrate statistics
- rrm-profile (WLAN view)
- rrm-profile (radio profile view)
- rssi-diff-gap
- rssi-threshold
- scan-channel-set
- scan-disable
- scan-enhancement
- scan-interval
- scan-period
- smart-antenna { enable | disable }
- smart-antenna throughput-triggered-training
- smart-antenna training-interval
- smart-antenna training-mpdu-number
- smart-antenna valid-per-scope
- smart-roam advanced-scan disable
- smart-roam disable
- smart-roam quick-kickoff back-off-time
- smart-roam quick-kickoff-snr check-interval
- smart-roam quick-kickoff-snr p-n criteria
- smart-roam quick-kickoff-threshold
- smart-roam quick-kickoff-threshold { check-snr | check-rate }
- smart-roam quick-kickoff-threshold disable
- smart-roam roam-threshold { check-snr | check-rate }
- smart-roam roam-threshold { snr | rate }
- smart-roam snr-margin
- smart-roam unable-roam-client expire-time
- sta-load-balance dynamic btm-fail-times
- sta-load-balance dynamic deauth-fail-times
- sta-load-balance dynamic deny-threshold
- sta-load-balance dynamic disable
- sta-load-balance dynamic sta-number gap-threshold
- sta-load-balance dynamic sta-number start-threshold
- sta-load-balance dynamic channel-utilization gap-threshold
- sta-load-balance dynamic channel-utilization start-threshold
- sta-load-balance dynamic probe-report interval
- sta-load-balance dynamic rssi-diff-gap
- sta-load-balance dynamic rssi-threshold
- sta-load-balance dynamic steer-restrict auth-threshold
- sta-load-balance dynamic steer-restrict probe-threshold
- sta-load-balance dynamic steer-restrict restrict-time
- sta-load-balance mode
- sta-load-balance static-group
- sta-number gap-threshold
- sta-number start-threshold
- steer-restrict auth-threshold
- steer-restrict probe-threshold
- steer-restrict restrict-time
- uac channel-utilization threshold
- uac enable
- uac client-number threshold
- uac client-snr threshold
- uac reach-access-threshold
WLAN Spectrum Analysis Configuration Commands
- display spectrum-analysis server-reporter
- display wlan non-wifi-device
- display wlan non-wifi-device history
- spectrum-analysis enable
- spectrum-analysis non-wifi-device aging-time
- spectrum-analysis server
- spectrum-analysis source
- spectrum-report
- reset wlan non-wifi-device
- reset wlan non-wifi-device history
WLAN Roaming Commands
- beacon disable
- capwap dtls inter-controller control-link encrypt
- capwap dtls inter-controller data-link encrypt
- capwap dtls inter-controller psk
- capwap inter-controller sensitive-info psk
- cts delay
- cts disable
- display mobility-client all
- display mobility-server
- display mobility-group
- display station roam-track
- display station roam-statistics
- dot11r enable
- home-agent
- layer3-roam disable
- member (mobility group view)
- mobility-group
- mobility-server
- sfn-roam enable
- sfn-roam report-interval
- sfn-roam roam-check better-times
- sfn-roam roam-check check-interval
- sfn-roam roam-check gap-rssi
- sfn-roam roam-check high-threshold
- sfn-roam roam-check low-threshold
- sfn-roam roam-check rssi-accumulate
- sfn-roam roam-check sta-holding times
- vlan-mobility-group
- inter-ac roam disable
WLAN Location Configuration Commands
- aeroscout compound-time
- aeroscout mu-enable
- aeroscout server
- aeroscout tag-enable
- ble low-power-threshold
- ble monitoring-list
- ble report
- ble source
- ble-profile (AP group view and AP view)
- ble-profile (WLAN view)
- broadcaster enable
- broadcasting-content
- broadcasting-content (AP group view)
- broadcasting-content (AP view)
- broadcasting-interval
- display ble-profile
- display location-profile
- display references ble-profile
- display wlan ble global configuration
- display wlan ble monitoring-list
- display wlan ble site-info
- display wlan location config-info aeroscout
- display wlan location device-info tag
- display wlan location global configuration
- display wlan location statistics aeroscout
- ekahau server
- ekahau tag-enable
- location source
- location-profile
- location-profile (WLAN view)
- private mu protocol-version
- private mu-enable
- private report-frequency
- private report-protocol
- private server
- report enable
- report-mode
- report-to-server
- reset wlan ble site-info
- reset wlan location device-info tag
- sniffer enable
- source (location profile view)
- source (BLE profile view)
- tx-power (BLE profile view)
WLAN Security Configuration Commands
- anti-attack flood blacklist enable
- anti-attack flood disable
- anti-attack flood sta-rate-threshold
- arp anti-attack check user-bind enable
- brute-force-detect interval
- brute-force-detect quiet-time
- brute-force-detect threshold
- contain
- contain-mode
- device report-interval
- dhcp trust port
- display ap radio-environment
- display references wids-whitelist-profile
- display references wids-profile
- display references wids-spoof-profile
- display wids-whitelist-profile
- display wids-profile
- display wids-spoof-profile
- display references security-profile
- display references sta-blacklist-profile
- display references sta-whitelist-profile
- display security-profile
- display sta-blacklist-profile
- display station dynamic-blacklist
- display sta-whitelist-profile
- display wlan ids attack-detected
- display wlan ids attack-detected statistics
- display wlan ids attack-history
- display wlan ids contain
- display wlan ids device-detected
- display wlan ids device-detected statistics
- display wlan dynamic-blacklist
- display wlan ids rogue-history
- display wlan ids spoof-ssid fuzzy-match
- display wlan ppsk-user
- display wlan wapi certificate
- dynamic-blacklist aging-time
- dynamic-blacklist enable
- flood-detect interval
- flood-detect quiet-time
- flood-detect threshold
- ip source check user-bind enable
- learn-client-address dhcp-strict
- learn-client-address dhcpv6-strict
- learn-client-address disable (VAP profile view)
- nd trust port
- oui
- permit-ap
- pmf
- ppsk-user
- reset wlan ids attack-detected
- reset wlan ids attack-detected statistics
- reset wlan ids attack-history
- reset wlan ids device-detected
- reset wlan dynamic-blacklist
- reset wlan ids rogue-history
- security dot1x
- security psk
- security wapi
- security wep
- security-profile (wlan view)
- security-profile (VAP profile view)
- spoof-detect quiet-time
- spoof-ssid
- sta-access-mode
- sta-blacklist-profile
- sta-mac
- sta-whitelist-profile
- wapi asu
- wapi bk
- wapi cert-retrans-count
- wapi import certificate
- wapi import private-key
- wapi key-update
- wapi msk
- wapi sa-timeout
- wapi usk
- weak-iv-detect quiet-time
- wep default-key
- wep key
- wids attack detect enable
- wids contain enable
- wids device detect enable
- wids manual-contain
- wids-whitelist-profile (WLAN view)
- wids-whitelist-profile (WIDS profile view)
- wids-profile (WLAN view)
- wids-profile (AP group view and AP view)
- wids-spoof-profile (WLAN view)
- wids-spoof-profile (WIDS profile view)
- work-mode
- wpa ptk-update enable
- wpa ptk-update ptk-update-interval
WDS And Mesh Configuration Commands
- WLAN WDS Configuration Commands
- WLAN Mesh Configuration Commands
- Vehicle-Ground Fast Link Handover Configuration Commands
Hotspot2.0 Configuration Commands
- cellular-network-profile
- cellular-network-profile (Hotspot2.0 profile view)
- connection-capability-profile
- connection-capability-profile (Hotspot2.0 profile view)
- connection-capability
- display cellular-network-profile
- display connection-capability-profile
- display hotspot2-profile
- display nai-realm-profile
- display operating-class-profile
- display operator-domain-profile
- display operator-name-profile
- display references cellular-network-profile
- display references connection-capability-profile
- display references hotspot2-profile
- display references nai-realm-profile
- display references operating-class-profile
- display references operator-domain-profile
- display references operator-name-profile
- display references roaming-consortium-profile
- display references venue-name-profile
- display roaming-consortium-profile
- display venue-name-profile
- domain-name
- hessid
- hotspot2-profile
- hotspot2-profile (VAP profile view)
- ipv4-address-avail
- ipv6-address-avail
- nai-realm-profile
- nai-realm-profile (Hotspot2.0 profile view)
- nai-realm
- network-authen-type
- network-type
- operating-class-indication
- operating-class-profile
- operating-class-profile (Hotspot2.0 profile view)
- operator-domain-profile
- operator-domain-profile (Hotspot2.0 profile view)
- operator-friendly-name
- operator-name-profile
- operator-name-profile (Hotspot2.0 profile view)
- p2p-cross-connect disable
- plmn-id
- roaming-consortium-oi
- roaming-consortium-profile
- roaming-consortium-profile (Hotspot2.0 profile view)
- venue-name-profile
- venue-name-profile (Hotspot2.0 profile view)
- venue-name
- venue-type
IoT AP Configuration Commands
- card connect-type
- config-agent permit ip-address
- display ap card
- display ap-card statistics
- display ap-card all
- display iot-profile
- display references iot-profile
- card
- iot-profile (WLAN view)
- iot-profile (IoT card interface view)
- management-server
- reset ap-card statistics
- share-key
- type (IoT profile view)
- wired-port-profile (IoT card interface view)
WLAN Traffic Optimization Commands
- broadcast-suppression auto-detect
- display wlan igmp-snooping vap-cac
- igmp-snooping group-bandwidth (AP system profile view)
- igmp-snooping max-bandwidth (traffic profile view)
- igmp-snooping max-user (traffic profile view)
- igmp-snooping enable (traffic profile view)
- igmp-snooping report-suppress (Traffic profile view)
- mld-snooping enable (traffic profile view)
- multicast-suppression auto-detect
- service-guarantee
- traffic-optimize arp-proxy enable
- traffic-optimize bcmc deny all
- traffic-optimize bcmc unicast-send
- traffic-optimize bcmc unicast-send mismatch-action drop
- traffic-optimize broadcast-suppression
- traffic-optimize multicast-suppression
- traffic-optimize multicast-unicast enable
- traffic-optimize multicast-unicast dynamic-adaptive disable
- traffic-optimize nd-proxy enable
- traffic-optimize sta-bridge-forward disable
- traffic-optimize tcp adjust-mss
- traffic-optimize unicast-suppression
- unicast-suppression auto-detect
Centralized License Control Commands
- license centralized enable
- license server
- license client source
- display license centralized configuration
- display license resource usage detail
Highway WLAN Coverage Commands
- display highway ap-statistics
- display highway ap-topology
- display highway sta-statistics
- display highway topology-detail link-state
- end
- highway bssid-base
- highway enable
- highway-profile (WLAN view)
- highway-profile (AP group view)
- middle
- radio-2g-positive
- radio-2g-reverse
- radio-5g-positive
- radio-5g-reverse
- reset highway ap-statistics
- reset highway sta-statistics
- start
- station min-speed
- undo ap (highway WLAN coverage)
VPN Configuration Commands
- GRE Configuration Commands
- IPSec Configuration Commands
Reliability Commands
- HSB Configuration Commands
- Dual-link Backup and N+1 Backup Configuration Commands
- Wireless Configuration Synchronization Commands
- BFD Configuration Commands
- EFM Configuration Commands
- VRRP Configuration Commands
Navi AC Commands
- display navi-ac connect-record
- display navi-ac run-status
- display navi-ac station
- display navi-ac vap create-fail-record
- display navi-ac vap
- local-ac ac-id
- navi-ac
- navi-ac ac-id
- navi-ac enable
- reset navi-ac connect-record
- type service-navi
- vap-profile (local AC view)
WAN Authentication Escape Configuration Commands
- ap-id (branch AP group view)
- authentication-scheme (branch AP group view)
- branch-group
- branch-group (AP view)
- display ap authentication-file status
- display ap branch-group
- display branch-group
- display branch-group-user
- load-authentication-file
- local-eap-server authentication certificate ca
- local-eap-server authentication certificate local
- local-eap-server authentication eap-phase-one enable
- local-eap-server authentication eap-method
- local-eap-server authentication private-key
- local-user (branch AP group view)
Security Commands
- AAA Configuration Commands
  - aaa
  - aaa-author session-timeout invalid-value enable
  - aaa abnormal-offline-record
  - aaa offline-record
  - aaa online-fail-record
  - aaa-authen-bypass
  - aaa-author-bypass
  - aaa-author-cmd-bypass
  - aaa-quiet administrator except-list
  - accounting interim-fail
  - accounting realtime
  - accounting start-fail
  - accounting-mode
  - accounting-scheme (AAA domain view)
  - accounting-scheme (authentication profile view)
  - accounting-scheme (AAA view)
  - admin-user privilege level
  - authentication-mode (authentication scheme view)
  - authentication-scheme (AAA domain view)
  - authentication-scheme (authentication profile view)
  - authentication-scheme (AAA view)
  - authentication { roam-accounting | update-info-accounting | update-ip-accounting } * enable
  - authentication roam-accounting update-session-mode
  - authorization-cmd
  - authorization-info check-fail policy
  - authorization-mode
  - authorization-modify mode
  - authorization-scheme (AAA domain view)
  - authorization-scheme (authentication profile view)
  - authorization-scheme (AAA view)
  - cmd recording-scheme
  - cut access-user
  - display aaa
  - display aaa configuration
  - display aaa statistics access-type-authenreq
  - display aaa statistics offline-reason
  - display aaa-quiet administrator except-list
  - display access-user (All views)
  - display accounting-scheme
  - display authentication-scheme
  - display authorization-scheme
  - display domain
  - display local-access-code
  - display local-user
  - display local-user expire-time
  - display local-aaa-user password policy
  - display recording-scheme
  - display remote-user authen-fail
  - display service-scheme
  - display local-eap-server configuration
  - dns (service scheme view)
  - domain (AAA view)
  - domain (system view)
  - domain-location
  - domain-name-delimiter
  - domainname-parse-direction
  - idle-cut (service scheme view)
  - local-aaa-user wrong-password
  - local-access-code
  - local-aaa-user password policy access-user
  - local-aaa-user password policy administrator
  - local-user (AAA view)
  - local-user change-password
  - local-user device-type
  - local-user expire-date
  - local-user password
  - local-user service-type
  - local-user time-range
  - outbound recording-scheme
  - password alert before-expire
  - password alert original
  - password expire
  - password history record number
  - permit-domain
  - recording-mode hwtacacs
  - recording-scheme
  - redirect-acl
  - remote-aaa-user authen-fail
  - remote-user authen-fail unblock
  - reset aaa
  - reset aaa statistics access-type-authenreq
  - reset aaa statistics offline-reason
  - reset access-user statistics
  - reset local-user password history record
  - security-name enable
  - security-name-delimiter
  - service-scheme (aaa domain view)
  - service-scheme (AAA view)
  - state (AAA domain view)
  - statistic enable (AAA domain view)
  - statistic enable (authentication profile view)
  - system recording-scheme
  - user-group (AAA domain view)
  - user-password complexity-check
- RADIUS Configuration Commands
  - called-station-id mac-format
  - called-station-id wlan-user-format
  - calling-station-id mac-format
  - display radius-attribute
  - display radius-attribute check
  - display radius-attribute disable
  - display radius-attribute translate
  - display radius-server accounting-stop-packet
  - display radius-server authorization configuration
  - display radius-server configuration
  - display radius-server dead-interval dead-count detect-cycle
  - display radius-server item
  - display radius-server max-unresponsive-interval
  - display radius-server session-manage configuration
  - display snmp-agent trap feature-name radius all
  - radius-attribute check
  - radius-attribute disable
  - radius-attribute nas-ip
  - radius-attribute nas-ipv6
  - radius-attribute nas-ip (system view)
  - radius-attribute nas-ipv6 (system view)
  - radius-attribute service-type with-authenonly-reauthen
  - radius-attribute set
  - radius-attribute translate
  - radius-server (aaa domain view)
  - radius-server (authentication profile view)
  - radius-server accounting
  - radius-server accounting-stop-packet resend
  - radius-server algorithm
  - radius-server attribute message-authenticator access-request
  - radius-server attribute translate
  - radius-server authentication
  - radius-server authorization
  - radius-server authorization attribute-decode-sameastemplate
  - radius-server authorization attribute-encode-sameastemplate
  - radius-server authorization calling-station-id decode-mac-format
  - radius-server authorization match-type
  - radius-server dead-detect-condition by-server-ip
  - radius-server dead-interval dead-count detect-cycle
  - radius-server detect-server interval
  - radius-server detect-server timeout
  - radius-server detect-server up-server interval
  - radius-server format-attribute
  - radius-server hw-ap-info-format include-ap-ip
  - radius-server hw-dhcp-option-format
  - radius-server max-unresponsive-interval
  - radius-server nas-identifier-format
  - radius-server nas-port-format
  - radius-server nas-port-id-format
  - radius-server retransmit timeout dead-time
  - radius-server session-manage
  - radius-server shared-key (RADIUS server template view)
  - radius-server shared-key (system view)
  - radius-server source ip-address
  - radius-server support chargeable-user-identity
  - radius-server template
  - radius-server testuser
  - radius-server traffic-unit
  - radius-server user-name domain-included
  - reset radius-server accounting-stop-packet
  - snmp-agent trap enable feature-name radius
  - test-aaa
- HWTACACS Configuration Commands
  - display hwtacacs-server accounting-stop-packet
  - display hwtacacs-server template
  - display hwtacacs-server template verbose
  - hwtacacs enable
  - hwtacacs-server
  - hwtacacs-server (authentication profile view)
  - hwtacacs-server accounting
  - hwtacacs-server accounting-stop-packet resend
  - hwtacacs-server authentication
  - hwtacacs-server authorization
  - hwtacacs-server shared-key
  - hwtacacs-server source-ip
  - hwtacacs-server source-ip (system view)
  - hwtacacs-server template
  - hwtacacs-server timer quiet
  - hwtacacs-server timer response-timeout
  - hwtacacs-server traffic-unit
  - hwtacacs-server user-name domain-included
  - hwtacacs-user change-password hwtacacs-server
  - reset hwtacacs-server accounting-stop-packet
  - reset hwtacacs-server statistics
- LDAP Configuration Commands
  - display ldap-server configuration
  - display ldap-server template
  - ldap-server authentication
  - ldap-server authentication base-dn
  - ldap-server authentication manager
  - ldap-server authentication manager-anonymous enable
  - ldap-server authentication manager-password
  - ldap-server authentication manager-with-base-dn enable
  - ldap-server authorization bind-user enable
  - ldap-server group-filter
  - ldap-server server-type
  - ldap-server ssl version
  - ldap-server template
  - ldap-server user-filter
  - ldap-server (aaa domain view)
  - ldap-server (authentication profile view)
- AD Configuration Commands
  - ad-server authentication
  - ad-server authentication base-dn
  - ad-server authentication host-name
  - ad-server authentication ldap-port
  - ad-server authentication manager
  - ad-server authentication manager-anonymous enable
  - ad-server authentication manager-with-base-dn enable
  - ad-server authorization bind-user enable
  - ad-server group-filter
  - ad-server template
  - ad-server user-filter
  - ad-server (aaa domain view)
  - ad-server (authentication profile view)
  - display ad-server template
- Local EAP Configuration Commands
  - display eap-server-template
  - eap-server-template name
  - local-eap-server authentication certificate
  - local-eap-server authentication eap-server-template
  - local-eap-server authentication eap-phase-one enable
  - local-eap-server authentication method
  - local-eap-server authentication private-key
  - local-eap-server configuration reload
- NAC Configuration Commands
  - access-domain
  - acl-id (user group view)
  - authentication event action authorize
  - authentication event authen-server-up action re-authen
  - authentication event client-no-response action authorize
  - authentication event portal-server-down action authorize
  - authentication event portal-server-up action re-authen
  - authentication no-ip-check
  - authentication ip-address in-accounting-start
  - authentication ip-conflict-check enable
  - authentication wlan-max-user
  - authentication roam pre-authen mac-authen enable
  - authentication single-access
  - authentication speed-limit auto
  - authentication user-alarm percentage
  - authentication-profile (VAP profile view)
  - authentication-profile (system view)
  - authentication portal-ip-trigger
  - authentication termination-action reauthenticate
  - authorize
  - device-type
  - device-profile
  - device-sensor dhcp option
  - display access-user
  - display access-user-num
  - display access-user roam-table
  - display authentication-profile configuration
  - display authentication user-alarm configuration
  - display device-profile
  - display dot1x
  - display dot1x-access-profile configuration
  - display dot1x quiet-user
  - display free-rule-template configuration
  - display mac-access-profile configuration
  - display mac-authen
  - display mac-authen quiet-user
  - display portal
  - display portal local-server connect
  - display portal local-server
  - display portal local-server page-information
  - display portal local-server wechat-authen user
  - display portal user-logout
  - display portal-access-profile configuration
  - display portal quiet-user
  - display portal url-encode configuration
  - display server-detect state
  - display snmp-agent trap feature-name mid_eapol all
  - display snmp-agent trap feature-name mid_web all
  - display url-template
  - display user-group
  - display web-auth-server configuration
  - display webmng configuration
  - dot1x abnormal-track cache-record-num
  - dot1x authentication-method
  - dot1x eap-notify-packet
  - dot1x quiet-period
  - dot1x quiet-times
  - dot1x reauthenticate mac-address
  - dot1x reauthenticate
  - dot1x retry
  - dot1x timer
  - dot1x timer tx-period
  - dot1x timer quiet-period
  - dot1x-access-profile (authentication profile view)
  - dot1x-access-profile (system view)
  - enable (terminal type identification profile view)
  - free-rule
  - free-rule-template (authentication profile view)
  - free-rule-template (system view)
  - http parse user-agent enable
  - http get-method enable
  - http-method post
  - if-match
  - rule (terminal type identification profile view)
  - mac-access-profile (authentication profile view)
  - mac-access-profile (system view)
  - mac-authen authentication-method
  - mac-authen quiet-times
  - mac-authen reauthenticate mac-address
  - mac-authen reauthenticate
  - mac-authen timer quiet-period
  - mac-authen timer reauthenticate-period
  - mac-authen username
  - parameter
  - polling-time
  - port (Portal server profile view)
  - portal auth-network
  - portal captive-adaptive enable
  - portal captive-bypass enable
  - portal https-redirect enable
  - portal http-proxy-redirect enable
  - portal local-server access-code
  - portal local-server ad-image load
  - portal local-server anonymous
  - portal local-server authentication-method
  - portal local-server background-color
  - portal local-server background-image load
  - portal local-server enable
  - portal local-server ip
  - portal local-server keep-alive
  - portal local-server load
  - portal local-server logo load
  - portal local-server max-user
  - portal local-server
  - portal local-server page-text load
  - portal local-server policy-text load
  - portal local-server pre-auth-suppression
  - portal local-server redirect-url enable
  - portal local-server timer pre-auth time
  - portal local-server timer session-timeout
  - portal local-server url
  - portal local-server syslog-limit enable
  - portal local-server syslog-limit period
  - portal local-server default-language
  - portal local-server wechat
  - portal local-server wechat-authen
  - portal logout different-server enable
  - portal logout resend timeout
  - portal max-user
  - portal quiet-period
  - portal quiet-times
  - portal redirect-http-port
  - portal timer quiet-period
  - portal url-encode enable
  - portal user-alarm percentage
  - portal user-roam-out reply enable
  - portal-access-profile (authentication profile view)
  - portal-access-profile (system view)
  - portal web-authen-server
  - public-account
  - force-push
  - protocol
  - priority
  - remote-access-user manage
  - reset dot1x statistics
  - reset mac-authen statistics
  - server-detect
  - server-ip (Portal server profile view)
  - shared-key (Portal server profile view)
  - shop-id
  - snmp-agent trap enable feature-name mid_eapol
  - snmp-agent trap enable feature-name mid_web
  - source-interface (Portal server template view)
  - source-ip (Portal server profile view)
  - url (URL template view)
  - url (Portal server profile view)
  - url-parameter mac-address format
  - url-parameter
  - url-parameter set
  - url-template name
  - url-template (Portal server profile view)
  - user-group
  - user-isolated
  - user-sync
  - user-vlan
  - web-auth-server listening-port
  - web-auth-server (Portal access profile view)
  - web-auth-server reply-message
  - web-auth-server (system view)
  - web-auth-server source-ip
  - web-auth-server version
  - web-description
  - web-redirection disable (Portal server profile view)
  - wechat-server-ip
- ACL Configuration Commands
  - acl ipv6 name
  - acl ipv6 (system view)
  - acl name
  - acl (system view)
  - description
  - display acl ipv6
  - display acl
  - display acl resource
  - display time-range
  - passthrough-domain
  - rule (advanced ACL view)
  - rule (advanced ACL6 view)
  - rule (basic ACL view)
  - rule (basic ACL6 view)
  - rule (layer 2 ACL view)
  - rule (user ACL view)
  - rule description
  - step
  - time-range
- Local Attack Defense Configuration Commands
  - application-apperceive
  - auto-defend enable
  - auto-defend action
  - auto-defend alarm enable
  - auto-defend alarm threshold
  - auto-defend protocol
  - auto-defend threshold
  - auto-defend trace-type
  - cpu-defend application-apperceive enable
  - cpu-defend-policy
  - cpu-defend policy
  - deny
  - description (attack defense policy view)
  - display auto-defend attack-source
  - display auto-defend configuration
  - display cpu-defend configuration
  - display cpu-defend policy
  - display cpu-defend statistics
  - packet-type
  - packet-type priority
  - rate-limit all-packets
  - reset auto-defend attack-source
  - reset cpu-defend statistics
  - track system-load enable
- Attack Defense Configuration Commands
  - anti-attack abnormal enable
  - anti-attack enable
  - anti-attack fragment enable
  - anti-attack fragment car
  - anti-attack icmp-flood enable
  - anti-attack icmp-flood car
  - anti-attack tcp-syn enable
  - anti-attack tcp-syn car
  - anti-attack udp-flood enable
  - anti-attack urpf
  - display anti-attack statistics
  - reset anti-attack statistics
- Traffic Suppression and Storm Control Configuration Commands
  - broadcast-suppression (interface view)
  - display flow-suppression interface
  - icmp rate-limit
  - icmp rate-limit enable
  - multicast-suppression (interface view)
  - unicast-suppression (interface view)
- ARP Security Configuration Commands
  - arp anti-attack check user-bind alarm enable
  - arp anti-attack check user-bind alarm threshold
  - arp anti-attack check user-bind check-item (interface view)
  - arp anti-attack check user-bind check-item (VLAN view)
  - arp anti-attack check user-bind enable
  - arp anti-attack entry-check enable
  - arp anti-attack gateway-duplicate enable
  - arp anti-attack log-trap-timer
  - arp anti-attack packet-check sender-mac
  - arp anti-attack rate-limit
  - arp anti-attack rate-limit alarm enable
  - arp anti-attack rate-limit alarm threshold
  - arp anti-attack rate-limit enable
  - arp gratuitous-arp send enable
  - arp gratuitous-arp send interval
  - arp learning strict (interface view)
  - arp learning strict (system view)
  - arp speed-limit flood-rate
  - arp speed-limit source-mac
  - arp speed-limit source-ip
  - arp validate
  - arp-fake expire-time
  - arp-limit
  - arp-miss anti-attack rate-limit
  - arp-miss anti-attack rate-limit alarm enable
  - arp-miss anti-attack rate-limit alarm threshold
  - arp-miss anti-attack rate-limit enable
  - arp-miss speed-limit source-ip
  - display arp anti-attack check user-bind interface
  - display arp anti-attack configuration
  - display arp anti-attack gateway-duplicate item
  - display arp flood statistics
  - display arp learning strict
  - display arp packet statistics
  - display arp-limit
  - reset arp anti-attack statistics check user-bind
  - reset arp anti-attack statistics rate-limit
  - reset arp flood statistics
  - reset arp packet statistics
- DHCP Snooping Configuration Commands
  - arp dhcp-snooping-detect enable
  - dhcp option82 enable
  - dhcp option82 encapsulation
  - dhcp option82 format
  - dhcp option82 subscriber-id format
  - dhcp option82 vendor-specific format
  - dhcp server detect
  - dhcp snooping alarm dhcp-rate enable
  - dhcp snooping alarm dhcp-rate threshold
  - dhcp snooping alarm enable
  - dhcp snooping alarm threshold
  - dhcp snooping check dhcp-giaddr enable
  - dhcp snooping check dhcp-rate
  - dhcp snooping check dhcp-rate enable
  - dhcp snooping check dhcp-chaddr enable
  - dhcp snooping check dhcp-request enable
  - dhcp snooping disable
  - dhcp snooping enable
  - dhcp snooping enable no-user-binding
  - dhcp snooping max-user-number
  - dhcp snooping trusted
  - dhcp snooping user-alarm percentage
  - dhcp snooping user-bind autosave
  - dhcp snooping user-transfer enable
  - dhcpv6 snooping user-bind detect confirm-client enable
  - dhcpv6 snooping user-bind detect retransmit
  - display dhcp option82 configuration
  - display dhcp snooping
  - display dhcp snooping configuration
  - display dhcp snooping statistics
  - display dhcpv6 snooping statistics
  - display dhcp snooping user-bind
  - display dhcpv6 snooping user-bind
  - reset dhcp snooping statistics
  - reset dhcp snooping user-bind
  - reset dhcpv6 snooping statistics
- ND Snooping Configuration Commands
  - display nd snooping configuration
  - display nd snooping prefix
  - display nd snooping statistics
  - display nd snooping user-bind
  - nd snooping alarm binding-table check enable
  - nd snooping alarm binding-table check threshold
  - nd snooping check enable
  - nd snooping check dad-ns retransmit-rate rate
  - nd snooping check dad-ns retransmit-rate enable
  - nd snooping enable
  - nd snooping enable dhcpv6 only
  - nd snooping max-user-number
  - nd snooping static-prefix
  - nd snooping trusted
  - nd snooping trusted dhcpv6 only
  - nd snooping user-alarm percentage
  - nd snooping wait-time life-time
  - nd user-bind detect
  - nd user-bind detect enable
  - reset nd snooping prefix
  - reset nd snooping statistics
  - reset nd snooping user-bind
- SAVI Configuration Commands
  - savi max dad-delay
  - savi max dad-prepare-delay
  - savi max-binding-table
  - savi enable
- IP Source Guard Configuration Commands
  - display dhcp static user-bind
  - display dhcpv6 static user-bind
  - display ip source check user-bind
  - ip source check user-bind check-item (interface view)
  - ip source check user-bind check-item (VLAN view)
  - ip source check user-bind enable
  - user-bind static
- URPF Configuration Commands
  - ipv6 urpf
  - urpf (interface view)
- PKI Configuration Commands
  - auto-enroll
  - ca id
  - cdp-url
  - certificate-check
  - certificate auto-update enable
  - certificate update expire-time
  - cmp-request authentication-cert
  - cmp-request ca-name
  - cmp-request entity
  - cmp-request message-authentication-code
  - cmp-request origin-authentication-method
  - cmp-request realm
  - cmp-request rsa local-key-pair
  - cmp-request server url
  - cmp-request verification-cert
  - common-name
  - country (PKI entity view)
  - crl auto-update enable
  - crl cache
  - crl http
  - crl scep
  - crl update-period
  - display pki ca-capability
  - display pki cert-req
  - display pki certificate
  - display pki certificate built-in-ca
  - display pki certificate enroll-status
  - display pki certificate filename
  - display pki cmp statistics
  - display pki credential-storage-path
  - display pki crl
  - display pki entity
  - display pki ocsp cache detail
  - display pki ocsp cache statistics
  - display pki ocsp server down-information
  - display pki realm
  - display pki rsa built-in-ca public
  - display pki rsa local-key-pair
  - email
  - enrollment self-signed
  - enrollment-request signature message-digest-method
  - enrollment-url
  - entity
  - fingerprint
  - fqdn
  - ip-address
  - key-usage
  - locality
  - ocsp nonce enable
  - ocsp signature enable
  - ocsp url
  - ocsp-url from-ca
  - organization-unit
  - organization
  - password (PKI realm view)
  - pki built-in-ca match-rsa-key
  - pki cmp certificate-request session
  - pki cmp initial-request session
  - pki cmp keyupdate-request session
  - pki cmp session
  - pki create-certificate
  - pki delete-certificate
  - pki delete-certificate built-in-ca
  - pki delete-crl
  - pki enroll-certificate
  - pki entity
  - pki export-certificate
  - pki export-certificate default
  - pki export built-in-ca rsa-key-pair
  - pki export rsa-key-pair
  - pki file-format
  - pki generate built-in-ca certificate
  - pki get-certificate
  - pki get-crl
  - pki http
  - pki import-certificate
  - pki import-certificate built-in-ca
  - pki import-crl
  - pki import built-in-ca rsa-key-pair
  - pki import rsa-key-pair
  - pki match-rsa-key
  - pki ocsp response cache enable
  - pki ocsp response cache number
  - pki ocsp response cache refresh interval
  - pki realm (system view)
  - pki rsa built-in-ca
  - pki rsa local-key-pair create
  - pki rsa local-key-pair destroy
  - pki set-certificate expire-prewarning
  - pki validate ocsp-server-certificate enable
  - pki validate-certificate
  - reset pki cmp statistics
  - reset pki ocsp response cache
  - reset pki ocsp server down-information
  - rsa local-key-pair
  - source
  - state (PKI entity view)
  - undo pki cmp poll-request session
- SSL Configuration Commands
  - ciphersuite
  - display ssl connection statistics
  - display ssl policy
  - pki-realm
  - prefer-ciphersuite
  - reset ssl connection statistics
  - server-verify enable
  - session
  - ssl policy
  - ssl renegotiation-rate
  - version (Client SSL policy view)
  - version (server SSL policy view)
- HTTPS Configuration Commands
  - http secure-server enable
  - http secure-server ssl-policy
  - http secure-server port
- Keychain Configuration Commands
  - algorithm
  - default send-key-id
  - display keychain
  - keychain
  - key-id
  - key-string
  - receive-time
  - receive-tolerance
  - send-time
  - tcp-algorithm-id
  - tcp-kind
  - time mode
- URL Filtering Configuration Commands
  - add { blacklist | whitelist } (URL filtering profile view)
  - add referer-host
  - default action (URL filtering profile view)
  - defence engine enable
  - defence engine log timeout
  - defence-profile (interface view)
  - defence-profile (system view)
  - defence-profile (user group view)
  - defence-profile (VAP profile view)
  - display references defence-profile
  - display defence-profile
  - description (URL filtering profile view)
  - display profile type url-filter
  - display url-filter statistics
  - profile type url-filter copy
  - profile type url-filter (attack defense profile view)
  - profile type url-filter name
  - referer-filter whitelist-all enable
  - rename (URL filtering profile view)
  - reset url-filter statistics
  - url-filter anti-bypass enable
  - url-filter high-performance mode enable
  - url-filter https-filter consistency-check enable
- IAE Advanced Configuration Commands
  - display engine information
  - display engine session statistics
  - display engine session table
  - display engine statistics
  - display fragment-reassemble configuration
  - display fragment-reassemble session table
  - display fragment-reassemble statistics
  - display profile
  - display stream-reassemble configuration
  - decoding uri-cache
  - engine configuration commit
  - engine enhanced-detection
  - engine http status-code
  - engine log enable
  - engine pass-through enable
  - fragment-reassemble enable
  - fragment-reassemble overflow-mode
  - fragment-reassemble user-configure
  - reset engine session statistics
  - reset engine session table
  - reset engine statistics
  - reset fragment-reassemble statistics
  - stream-reassemble enable
  - stream-reassemble enhanced-mode
  - stream-reassemble overflow-mode
  - stream-reassemble overlap-mode
  - stream-reassemble session-cache
  - stream-reassemble session-timeout
  - stream-reassemble tcp-option check
  - stream-reassemble timestamp check
  - stream-reassemble user-configure defense-check
- Updating Signature Databases Configuration Commands
  - display update configuration
  - display update host source
  - display update information all-sdb
  - display update status
  - display version (engine or signature database)
  - update abort
  - update apply
  - update confirm
  - update download-server aging-time
  - update force apply
  - update force local
  - update force online
  - update force restore sdb-default
  - update force rollback
  - update host source
  - update local
  - update online
  - update online-mode
  - update proxy
  - update proxy enable
  - update restore sdb-default
  - update rollback
  - update schedule
  - update schedule enable
  - update schedule retry-download interval
  - update schedule retry-load interval
  - update server
- Intrusion Prevention Configuration Commands
  - action (IPS signature filter view)
  - action (user-defined IPS signature view)
  - application (IPS signature filter view)
  - assoc-check enable
  - category (IPS signature filter view)
  - check (user-defined signature rule view)
  - cnc domain-filter enable
  - cnc domain-filter exception domain-name
  - collect-attack-evidence enable (intrusion prevention profile view)
  - condition (user-defined signature rule view)
  - condition associated (user-defined signature rule view)
  - condition move (user-defined signature rule view)
  - condition value (user-defined signature rule view)
  - context-awareness enable
  - description (intrusion prevention profile view)
  - description (user-defined IPS signature view)
  - destination-ip (user-defined signature rule view)
  - destination-port (user-defined signature rule view)
  - display cnc domain-filter domain statistics
  - display cnc domain-filter exception
  - display cnc domain-filter statistics
  - display cnc information
  - display context-awareness information statistics
  - display context-awareness statistics
  - display ips signature-id rule
  - display ips signature-state
  - display ips statistics
  - display ips-signature
  - display ips signature-action
  - display ips-signature cve-id
  - display ips-signature statistics
  - display ips-signature vendor-id
  - display profile type ips
  - dns domain check
  - dns domain length check
  - dns malformed-packet check
  - dns request-type check
  - dns session request-times check
  - exception ips-signature-id
  - http multi-host check
  - http ssh-over-http check
  - http x-forwarded-for check
  - http x-forwarded-for whitelist
  - http x-online-host blacklist
  - http x-online-host check
  - ips associated pre-defined
  - ips collect-attack-evidence max-session-number
  - ips log based-on-session
  - ips log extend enable
  - ips log merge enable
  - ips signature-action
  - ips signature-id
  - ips signature-state
  - name (user-defined IPS signature view)
  - os (IPS signature filter view)
  - profile type ips (attack defense profile view)
  - profile type ips copy
  - profile type ips name
  - protocol (IPS signature filter view)
  - protocol (user-defined IPS signature view)
  - rename (intrusion prevention profile view)
  - rename (IPS signature filter view)
  - rename (user-defined signature rule view)
  - reset cnc domain-filter statistics
  - reset context-awareness information statistics
  - reset context-awareness statistics
  - reset ips statistics
  - reset ips-signature statistics
  - rule name (user-defined IPS signature view)
  - scope (user-defined signature rule view)
  - severity (IPS signature filter view)
  - severity (user-defined IPS signature view)
  - signature-set move
  - signature-set name
  - source-ip (user-defined signature rule view)
  - source-port (user-defined signature rule view)
  - target (IPS signature filter view)
  - target (user-defined IPS signature view)
- Antivirus Configuration Commands
  - av extract hash enable
  - av log merge enable
  - collect-attack-evidence enable (antivirus profile view)
  - description (antivirus profile view)
  - display av statistics
  - display av-signature
  - display profile type av
  - exception application
  - exception av-signature-id
  - ftp-detect
  - http-detect
  - imap-detect
  - nfs-detect
  - pop3-detect
  - profile type av copy
  - profile type av (attack defense profile view)
  - profile type av name
  - rename (antivirus profile view)
  - reset av statistics
  - smb-detect
  - smtp-detect
- Global IAE Configuration Commands
  - display file-frame information
  - display file-frame statistics
  - file-frame breakpoint-resume-blocking protocol
  - file-frame decompress depth
  - file-frame decompress depth action
  - file-frame decompress size
  - file-frame decompress size action
  - reset file-frame statistics
- Traffic Isolation Between the Service and Management planes Configuration Commands
  - display mgmt interface
  - mgmt isolate disable
QoS Commands
- MQC Configuration Commands
- Priority Mapping Commands
- Traffic Policing and Traffic Shaping Commands
- Congestion Avoidance and Congestion Management Commands
- ACL-based Simplified Traffic Policy Commands
- WLAN QoS Configuration Commands
- SAC Configuration Commands
Network Management and Monitoring Commands
- SNMP Configuration Commands
- RMON Configuration Commands
- Mirroring Configuration Commands
- Performance Management Commands
- Ping and Tracert Configuration Commands
- LLDP Configuration Commands
- Packet Capture Configuration Command
  - capture-packet
- Service Diagnosis Configuration Commands
- NetStream Configuration Commands
- Managing WLAN Access Site Information Commands
- Third-Party Data Collection Configuration Commands
- WMI Commands

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

ip source check user-bind enable

Function

The ip source check user-bind enable command enables IP packet check.

The undo ip source check user-bind enable command disables IP packet check.

By default, IP packet check is disabled.

Format

ip source check user-bind enable

undo ip source check user-bind enable

Parameters

None

Views

GE interface view, XGE interface view, 40GE interface view, port group view, Eth-Trunk interface view, VLAN view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Unauthorized users often send bogus packets with the source IP address and MAC address of authorized users to access or attack the network. Then authorized users cannot access stable and secure networks. To address this problem, you can configure IP packet check.

When IP packet check is enabled, the device checks the IP address, MAC address, VLAN information, and interface information against the binding table. You can run the ip source check user-bind check-item (interface view) or ip source check user-bind check-item (VLAN view) command to specify IP packet check items. Only packets that match the binding entries can be forwarded; otherwise, packets are discarded.

Prerequisites

The IP packet check is based by binding table. So,

The dynamic DHCP snooping binding table has been generated for DHCP users.
The static binding table has been configured manually for users using static IP addresses.

Precautions

The ip source check user-bind enable command and the aggregate-vlan command cannot be used simultaneously.

Example

# Enable IP packet check on GE0/0/1.

<AC6605> system-view

[AC6605] interface gigabitethernet 0/0/1

[AC6605-GigabitEthernet0/0/1] ip source check user-bind enable

Related Topics

dhcp snooping enable

user-bind static

ip source check user-bind check-item (interface view)

ip source check user-bind check-item (VLAN view)

Translation

简体中文

Download

Updated: 2021-02-27

Document ID: EDOC1100064351

Downloads: 595

Average rating:

This Document Applies to these Products